View Javadoc
1   /*
2    * Copyright (c) MuleSoft, Inc.  All rights reserved.  http://www.mulesoft.com
3    * The software in this package is published under the terms of the CPAL v1.0
4    * license, a copy of which has been included with this distribution in the
5    * LICENSE.txt file.
6    */
7   package org.mule.processor;
8   
9   import org.mule.api.MuleEvent;
10  import org.mule.api.MuleException;
11  import org.mule.api.endpoint.ImmutableEndpoint;
12  import org.mule.api.security.SecurityException;
13  import org.mule.api.security.SecurityFilter;
14  import org.mule.config.ExceptionHelper;
15  import org.mule.context.notification.SecurityNotification;
16  import org.mule.endpoint.EndpointAware;
17  import org.mule.message.DefaultExceptionPayload;
18  import org.mule.transport.AbstractConnector;
19  
20  /**
21   * Filters the flow using the specified {@link SecurityFilter}. 
22   * If unauthorised the flow is stopped and therefore the
23   * message is not send or dispatched by the transport. When unauthorised the request
24   * message is returned as the response.
25   */
26  public class SecurityFilterMessageProcessor extends AbstractInterceptingMessageProcessor implements EndpointAware
27  {
28      private SecurityFilter filter;
29  
30      /**
31       * For IoC only
32       * @deprecated Use SecurityFilterMessageProcessor(SecurityFilter filter) instead
33       */
34      public SecurityFilterMessageProcessor()
35      {
36          super();
37      }
38  
39      public SecurityFilterMessageProcessor(SecurityFilter filter)
40      {
41          this.filter = filter;
42      }
43  
44      public SecurityFilter getFilter()
45      {
46          return filter;
47      }
48  
49      public MuleEvent process(MuleEvent event) throws MuleException
50      {
51          if (filter != null)
52          {
53              try
54              {
55                  filter.doFilter(event);
56              }
57              catch (SecurityException e)
58              {
59                  e = (SecurityException) ExceptionHelper.sanitizeIfNeeded(e);
60                  logger.warn("Outbound Request was made but was not authenticated: " + e.getMessage(), e);
61  
62                  AbstractConnector connector = (AbstractConnector) event.getEndpoint().getConnector();
63                  connector.fireNotification(new SecurityNotification(e,
64                                                                      SecurityNotification.SECURITY_AUTHENTICATION_FAILED));
65  
66                  event.getFlowConstruct().getExceptionListener().handleException(e, event);
67  
68                  event.getMessage().setPayload(e.getLocalizedMessage());
69                  event.getMessage().setExceptionPayload(new DefaultExceptionPayload(e));
70                  return event;
71              }
72          }
73          return processNext(event);
74      }
75  
76      public void setFilter(SecurityFilter filter)
77      {
78          this.filter = filter;
79      }
80  
81      public void setEndpoint(ImmutableEndpoint ep)
82      {
83          if (filter instanceof EndpointAware)
84          {
85              ((EndpointAware) filter).setEndpoint(ep);
86          }
87      }
88  }