CheckProxyAuthorizationAction.java

/*
 * See LICENSE for licensing and NOTICE for copyright.
 */

/*
 * See LICENSE for licensing and NOTICE for copyright.
 */

package net.shibboleth.idp.cas.flow;

import javax.annotation.Nonnull;

import net.shibboleth.idp.cas.protocol.ProtocolError;
import net.shibboleth.idp.cas.protocol.TicketValidationRequest;
import net.shibboleth.idp.cas.protocol.TicketValidationResponse;
import net.shibboleth.idp.cas.service.ServiceContext;
import net.shibboleth.idp.profile.AbstractProfileAction;
import net.shibboleth.idp.profile.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/**
 * Checks the current {@link ServiceContext} to determine whether the service is authorized to proxy.
 * Raises {@link Events#Failure failure}</li> if not authorized.
 *
 * @author Marvin S. Addison
 */
public class CheckProxyAuthorizationAction
    extends AbstractProfileAction<TicketValidationRequest, TicketValidationResponse> {

    /** Class logger. */
    private final Logger log = LoggerFactory.getLogger(CheckProxyAuthorizationAction.class);

    @Nonnull
    @Override
    protected Event doExecute(
            final @Nonnull RequestContext springRequestContext,
            final @Nonnull ProfileRequestContext profileRequestContext) {

        final ServiceContext serviceContext = profileRequestContext.getSubcontext(ServiceContext.class);
        if (serviceContext == null) {
            log.info("ServiceContext not found in profile request context.");
            return ProtocolError.IllegalState.event(this);
        }
        if (!serviceContext.getService().isAuthorizedToProxy()) {
            log.info("{} is not authorized to proxy", serviceContext.getService().getName());
            return Events.Failure.event(this);
        }
        return ActionSupport.buildProceedEvent(this);
    }
}