Update SessionContextInterceptor to handle external principals

Part of: https://pagure.io/dogtagpki/issue/1359
author: Fraser Tweedale <ftweedal@redhat.com> 2016-11-29 18:39:45 +1000
committer: Fraser Tweedale <ftweedal@redhat.com> 2017-03-16 17:46:18 +1000
commit: ef84ef36be06944a7f6338ed022f13e066cd5c32 (patch)
tree: 9d3b71707ec434b9b2e6af096b4f1829654d721d /base/server/cms/src
parent: 76f60251f7e1b2f1f9ad1752121c0c5cb1cb5b8b (diff)
1 files changed, 10 insertions, 9 deletions
diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SessionContextInterceptor.java b/base/server/cms/src/org/dogtagpki/server/rest/SessionContextInterceptor.java
index b6461abfd..b3b3c3b8f 100644
--- a/base/server/cms/src/org/dogtagpki/server/rest/SessionContextInterceptor.java
+++ b/base/server/cms/src/org/dogtagpki/server/rest/SessionContextInterceptor.java
@@ -29,9 +29,11 @@ import javax.ws.rs.core.Context;
 import javax.ws.rs.core.SecurityContext;
 import javax.ws.rs.ext.Provider;
 
+import org.apache.catalina.realm.GenericPrincipal;
 import org.jboss.resteasy.core.ResourceMethodInvoker;
 
 import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.authentication.ExternalAuthToken;
 import com.netscape.certsrv.authentication.IAuthToken;
 import com.netscape.certsrv.base.ForbiddenException;
 import com.netscape.certsrv.base.SessionContext;
@@ -80,14 +82,12 @@ public class SessionContextInterceptor implements ContainerRequestFilter {
 
         CMS.debug("SessionContextInterceptor: principal: " + principal.getName());
 
-        // If unrecognized principal, reject request.
-        if (!(principal instanceof PKIPrincipal)) {
-            CMS.debug("SessionContextInterceptor: Invalid user principal.");
-            throw new ForbiddenException("Invalid user principal.");
-        }
+        IAuthToken authToken = null;
 
-        PKIPrincipal pkiPrincipal = (PKIPrincipal) principal;
-        IAuthToken authToken = pkiPrincipal.getAuthToken();
+        if (principal instanceof PKIPrincipal)
+            authToken = ((PKIPrincipal) principal).getAuthToken();
+        else if (principal instanceof GenericPrincipal)
+            authToken = new ExternalAuthToken((GenericPrincipal) principal);
 
         // If missing auth token, reject request.
         if (authToken == null) {
@@ -104,7 +104,8 @@ public class SessionContextInterceptor implements ContainerRequestFilter {
         context.put(SessionContext.LOCALE, locale);
 
         context.put(SessionContext.AUTH_TOKEN, authToken);
-        context.put(SessionContext.USER_ID, pkiPrincipal.getName());
-        context.put(SessionContext.USER, pkiPrincipal.getUser());
+        context.put(SessionContext.USER_ID, principal.getName());
+        if (principal instanceof PKIPrincipal)
+            context.put(SessionContext.USER, ((PKIPrincipal) principal).getUser());
     }
 }
author	Fraser Tweedale <ftweedal@redhat.com>	2016-11-29 18:39:45 +1000
committer	Fraser Tweedale <ftweedal@redhat.com>	2017-03-16 17:46:18 +1000
commit	ef84ef36be06944a7f6338ed022f13e066cd5c32 (patch)
tree	9d3b71707ec434b9b2e6af096b4f1829654d721d /base/server/cms/src
parent	76f60251f7e1b2f1f9ad1752121c0c5cb1cb5b8b (diff)