View Javadoc

1   /*
2    * $Id: SecurityFilterMessageProcessor.java 19213 2010-08-26 12:55:48Z dfeist $
3    * --------------------------------------------------------------------------------------
4    * Copyright (c) MuleSoft, Inc.  All rights reserved.  http://www.mulesoft.com
5    *
6    * The software in this package is published under the terms of the CPAL v1.0
7    * license, a copy of which has been included with this distribution in the
8    * LICENSE.txt file.
9    */
10  
11  package org.mule.processor;
12  
13  import org.mule.api.MuleEvent;
14  import org.mule.api.MuleException;
15  import org.mule.api.endpoint.ImmutableEndpoint;
16  import org.mule.api.security.EndpointSecurityFilter;
17  import org.mule.api.security.SecurityException;
18  import org.mule.context.notification.SecurityNotification;
19  import org.mule.endpoint.EndpointAware;
20  import org.mule.message.DefaultExceptionPayload;
21  import org.mule.transport.AbstractConnector;
22  
23  /**
24   * Filters the flow using the {@link EndpointSecurityFilter} configured on
25   * the endpoint. If unauthorised the flow is stopped and therefore the
26   * message is not send or dispatched by the transport. When unauthorised the request
27   * message is returned as the response.
28   */
29  public class SecurityFilterMessageProcessor extends AbstractInterceptingMessageProcessor implements EndpointAware
30  {
31      private EndpointSecurityFilter filter;
32  
33      /**
34       * For IoC only
35       * @deprecated Use SecurityFilterMessageProcessor(EndpointSecurityFilter filter) instead
36       */
37      public SecurityFilterMessageProcessor()
38      {
39          super();
40      }
41  
42      public SecurityFilterMessageProcessor(EndpointSecurityFilter filter)
43      {
44          this.filter = filter;
45      }
46  
47      public EndpointSecurityFilter getFilter()
48      {
49          return filter;
50      }
51  
52      public MuleEvent process(MuleEvent event) throws MuleException
53      {
54          if (filter != null)
55          {
56              try
57              {
58                  filter.authenticate(event);
59              }
60              catch (SecurityException e)
61              {
62                  logger.warn("Outbound Request was made but was not authenticated: " + e.getMessage(), e);
63                  
64                  AbstractConnector connector = (AbstractConnector) event.getEndpoint().getConnector();
65                  connector.fireNotification(new SecurityNotification(e,
66                      SecurityNotification.SECURITY_AUTHENTICATION_FAILED));
67                  
68                  event.getFlowConstruct().getExceptionListener().handleException(e, event);
69                  
70                  event.getMessage().setPayload(e.getLocalizedMessage());
71                  event.getMessage().setExceptionPayload(new DefaultExceptionPayload(e));
72                  return event;
73              }
74          }
75          return processNext(event);
76      }
77  
78      public void setFilter(EndpointSecurityFilter filter)
79      {
80          this.filter = filter;
81      }
82  
83      public void setEndpoint(ImmutableEndpoint ep)
84      {
85          filter.setEndpoint(ep);
86      }
87  }