View Javadoc

1   /*
2    * $Id: SecurityFilterMessageProcessor.java 20094 2010-11-05 20:14:34Z aperepel $
3    * --------------------------------------------------------------------------------------
4    * Copyright (c) MuleSoft, Inc.  All rights reserved.  http://www.mulesoft.com
5    *
6    * The software in this package is published under the terms of the CPAL v1.0
7    * license, a copy of which has been included with this distribution in the
8    * LICENSE.txt file.
9    */
10  
11  package org.mule.processor;
12  
13  import org.mule.api.MuleEvent;
14  import org.mule.api.MuleException;
15  import org.mule.api.endpoint.ImmutableEndpoint;
16  import org.mule.api.security.EndpointSecurityFilter;
17  import org.mule.api.security.SecurityException;
18  import org.mule.config.ExceptionHelper;
19  import org.mule.context.notification.SecurityNotification;
20  import org.mule.endpoint.EndpointAware;
21  import org.mule.message.DefaultExceptionPayload;
22  import org.mule.transport.AbstractConnector;
23  
24  /**
25   * Filters the flow using the {@link EndpointSecurityFilter} configured on
26   * the endpoint. If unauthorised the flow is stopped and therefore the
27   * message is not send or dispatched by the transport. When unauthorised the request
28   * message is returned as the response.
29   */
30  public class SecurityFilterMessageProcessor extends AbstractInterceptingMessageProcessor implements EndpointAware
31  {
32      private EndpointSecurityFilter filter;
33  
34      /**
35       * For IoC only
36       * @deprecated Use SecurityFilterMessageProcessor(EndpointSecurityFilter filter) instead
37       */
38      public SecurityFilterMessageProcessor()
39      {
40          super();
41      }
42  
43      public SecurityFilterMessageProcessor(EndpointSecurityFilter filter)
44      {
45          this.filter = filter;
46      }
47  
48      public EndpointSecurityFilter getFilter()
49      {
50          return filter;
51      }
52  
53      public MuleEvent process(MuleEvent event) throws MuleException
54      {
55          if (filter != null)
56          {
57              try
58              {
59                  filter.authenticate(event);
60              }
61              catch (SecurityException e)
62              {
63                  e = (SecurityException) ExceptionHelper.sanitizeIfNeeded(e);
64                  logger.warn("Outbound Request was made but was not authenticated: " + e.getMessage(), e);
65  
66                  AbstractConnector connector = (AbstractConnector) event.getEndpoint().getConnector();
67                  connector.fireNotification(new SecurityNotification(e,
68                                                                      SecurityNotification.SECURITY_AUTHENTICATION_FAILED));
69  
70                  event.getFlowConstruct().getExceptionListener().handleException(e, event);
71  
72                  event.getMessage().setPayload(e.getLocalizedMessage());
73                  event.getMessage().setExceptionPayload(new DefaultExceptionPayload(e));
74                  return event;
75              }
76          }
77          return processNext(event);
78      }
79  
80      public void setFilter(EndpointSecurityFilter filter)
81      {
82          this.filter = filter;
83      }
84  
85      public void setEndpoint(ImmutableEndpoint ep)
86      {
87          filter.setEndpoint(ep);
88      }
89  }