Reorganized interceptors.

The ACLInterceptor and AuthMethodInterceptor interceptors only run
on the server, so they have been moved from the base package into
the server package.

1 files changed, 0 insertions, 153 deletions

diff --git a/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java b/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java
deleted file mode 100644
index c30740260..000000000
--- a/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java
+++ /dev/null
@@ -1,153 +0,0 @@
-//--- BEGIN COPYRIGHT BLOCK ---
-//This program is free software; you can redistribute it and/or modify
-//it under the terms of the GNU General Public License as published by
-//the Free Software Foundation; version 2 of the License.
-//
-//This program is distributed in the hope that it will be useful,
-//but WITHOUT ANY WARRANTY; without even the implied warranty of
-//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-//GNU General Public License for more details.
-//
-//You should have received a copy of the GNU General Public License along
-//with this program; if not, write to the Free Software Foundation, Inc.,
-//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-//(C) 2012 Red Hat, Inc.
-//All rights reserved.
-//--- END COPYRIGHT BLOCK ---
-package com.netscape.certsrv.acls;
-
-import java.io.IOException;
-import java.lang.reflect.Method;
-import java.net.URL;
-import java.security.Principal;
-import java.util.Properties;
-
-import javax.servlet.ServletContext;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.SecurityContext;
-import javax.ws.rs.ext.Provider;
-
-import org.jboss.resteasy.annotations.interception.Precedence;
-import org.jboss.resteasy.annotations.interception.ServerInterceptor;
-import org.jboss.resteasy.core.ResourceMethod;
-import org.jboss.resteasy.core.ServerResponse;
-import org.jboss.resteasy.spi.Failure;
-import org.jboss.resteasy.spi.HttpRequest;
-import org.jboss.resteasy.spi.interception.PreProcessInterceptor;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthToken;
-import com.netscape.certsrv.authorization.AuthzToken;
-import com.netscape.certsrv.authorization.EAuthzAccessDenied;
-import com.netscape.certsrv.authorization.IAuthzSubsystem;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.ForbiddenException;
-import com.netscape.cmscore.realm.PKIPrincipal;
-
-
-/**
- * @author Endi S. Dewata
- */
-@Provider
-@ServerInterceptor
-@Precedence("SECURITY")
-public class ACLInterceptor implements PreProcessInterceptor {
-
-    Properties authProperties;
-
-    @Context
-    ServletContext servletContext;
-
-    @Context
-    SecurityContext securityContext;
-
-    public synchronized void loadAuthProperties() throws IOException {
-
-        if (authProperties != null) return;
-
-        URL url = servletContext.getResource("/WEB-INF/auth.properties");
-        authProperties = new Properties();
-        authProperties.load(url.openStream());
-    }
-
-    @Override
-    public ServerResponse preProcess(
-            HttpRequest request,
-            ResourceMethod resourceMethod
-        ) throws Failure, ForbiddenException {
-
-        // Get ACL mapping for the method.
-        Method method = resourceMethod.getMethod();
-        ACLMapping aclMapping = method.getAnnotation(ACLMapping.class);
-
-        // If not available, get ACL mapping for the class.
-        if (aclMapping == null) {
-            Class<?> clazz = method.getDeclaringClass();
-            aclMapping = clazz.getAnnotation(ACLMapping.class);
-        }
-
-        // If still not available, it's unprotected, allow request.
-        if (aclMapping == null) return null;
-
-        Principal principal = securityContext.getUserPrincipal();
-
-        // If unauthenticated, reject request.
-        if (principal == null) {
-            throw new ForbiddenException("No user principal provided.");
-        }
-
-        // If unrecognized principal, reject request.
-        if (!(principal instanceof PKIPrincipal)) {
-            throw new ForbiddenException("Invalid user principal");
-        }
-
-        PKIPrincipal pkiPrincipal = (PKIPrincipal)principal;
-        IAuthToken authToken = pkiPrincipal.getAuthToken();
-
-        // If missing auth token, reject request.
-        if (authToken == null) {
-            throw new ForbiddenException("No authorization token present.");
-        }
-
-        try {
-            loadAuthProperties();
-
-            String name = aclMapping.value();
-            String value = authProperties.getProperty(name);
-
-            // If no property defined, allow request.
-            if (value == null) return null;
-
-            String values[] = value.split(",");
-
-            // If invalid mapping, reject request.
-            if (values.length != 2) {
-                throw new ForbiddenException("Invalid ACL mapping.");
-            }
-
-            // Check authorization.
-            IAuthzSubsystem mAuthz = (IAuthzSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTHZ);
-            AuthzToken authzToken = mAuthz.authorize(
-                    "DirAclAuthz",
-                    authToken,
-                    values[0], // resource
-                    values[1]); // operation
-
-            // If not authorized, reject request.
-            if (authzToken == null) {
-                throw new ForbiddenException("No authorization token present.");
-            }
-
-        } catch (EAuthzAccessDenied e) {
-            throw new ForbiddenException(e.toString());
-
-        } catch (IOException|EBaseException e) {
-            e.printStackTrace();
-            throw new Failure(e);
-        }
-
-        // Allow request.
-        return null;
-    }
-}