Examples with RequestHeaders - com.b2international.snowowl.core.events.util.RequestHeaders

Example 1 with RequestHeaders

use of com.b2international.snowowl.core.events.util.RequestHeaders in project snow-owl by b2ihealthcare.

the class AuthorizedRequest method execute.

@Override
public R execute(ServiceProvider context) {
    final RequestHeaders requestHeaders = context.service(RequestHeaders.class);
    final String authorizationToken = requestHeaders.header(AUTHORIZATION_HEADER);
    final IdentityProvider identityProvider = context.service(IdentityProvider.class);
    final Collection<Request<?, ?>> requests = getNestedRequests();
    final User user;
    // if there is no authentication configured
    if (IdentityProvider.NOOP == identityProvider) {
        // allow execution as SYSTEM user
        user = User.SYSTEM;
    } else if (Strings.isNullOrEmpty(authorizationToken)) {
        // allow login requests in
        if (requests.stream().allMatch(req -> req.getClass().isAnnotationPresent(Unprotected.class))) {
            user = User.SYSTEM;
        } else {
            // if there is authentication configured, but no authorization token found prevent execution and throw UnauthorizedException
            if (PlatformUtil.isDevVersion()) {
                Request<?, ?> request = Iterables.getFirst(requests, null);
                System.err.println(request);
            }
            throw new UnauthorizedException("Missing authorization token");
        }
    } else {
        // verify authorization header value
        user = context.service(AuthorizationHeaderVerifier.class).auth(authorizationToken);
        if (user == null) {
            throw new UnauthorizedException("Incorrect authorization token");
        }
    }
    ServiceProvider userContext = context.inject().bind(User.class, user).bind(IEventBus.class, new AuthorizedEventBus(context.service(IEventBus.class), requestHeaders.headers())).build();
    if (!User.SYSTEM.equals(user) && !user.isAdministrator()) {
        // authorize user whether it is permitted to execute the request(s) or not
        requests.stream().filter(AccessControl.class::isInstance).map(AccessControl.class::cast).flatMap(ac -> {
            List<Permission> permissions = ac.getPermissions(userContext, next());
            if (permissions.isEmpty()) {
                context.log().warn("No permissions required to execute request '{}'.", MonitoredRequest.toJson(context, next(), Map.of()));
            }
            return permissions.stream();
        }).forEach(permissionRequirement -> {
            if (!user.hasPermission(permissionRequirement)) {
                throw new ForbiddenException("Operation not permitted. '%s' permission is required. User has '%s'.", permissionRequirement.getPermission(), user.getPermissions());
            }
        });
    }
    return next(userContext);
}

Also used : ForbiddenException(com.b2international.commons.exceptions.ForbiddenException) IdentityProvider(com.b2international.snowowl.core.identity.IdentityProvider) RequestHeaders(com.b2international.snowowl.core.events.util.RequestHeaders) Iterables(com.google.common.collect.Iterables) UnauthorizedException(com.b2international.commons.exceptions.UnauthorizedException) Collection(java.util.Collection) Request(com.b2international.snowowl.core.events.Request) IEventBus(com.b2international.snowowl.eventbus.IEventBus) Strings(com.google.common.base.Strings) List(java.util.List) AuthorizationHeaderVerifier(com.b2international.snowowl.core.identity.AuthorizationHeaderVerifier) PlatformUtil(com.b2international.snowowl.core.util.PlatformUtil) Map(java.util.Map) ServiceProvider(com.b2international.snowowl.core.ServiceProvider) DelegatingRequest(com.b2international.snowowl.core.events.DelegatingRequest) Permission(com.b2international.snowowl.core.identity.Permission) User(com.b2international.snowowl.core.identity.User) MonitoredRequest(com.b2international.snowowl.core.monitoring.MonitoredRequest) ForbiddenException(com.b2international.commons.exceptions.ForbiddenException) User(com.b2international.snowowl.core.identity.User) AuthorizationHeaderVerifier(com.b2international.snowowl.core.identity.AuthorizationHeaderVerifier) Request(com.b2international.snowowl.core.events.Request) DelegatingRequest(com.b2international.snowowl.core.events.DelegatingRequest) MonitoredRequest(com.b2international.snowowl.core.monitoring.MonitoredRequest) IdentityProvider(com.b2international.snowowl.core.identity.IdentityProvider) ServiceProvider(com.b2international.snowowl.core.ServiceProvider) UnauthorizedException(com.b2international.commons.exceptions.UnauthorizedException) List(java.util.List) RequestHeaders(com.b2international.snowowl.core.events.util.RequestHeaders) IEventBus(com.b2international.snowowl.eventbus.IEventBus)

Example 2 with RequestHeaders

use of com.b2international.snowowl.core.events.util.RequestHeaders in project snow-owl by b2ihealthcare.

the class ApiRequestHandler method handle.

@Override
public final void handle(IMessage message) {
    try {
        final Request<ServiceProvider, ?> req = message.body(Request.class, classLoader);
        final ResponseHeaders responseHeaders = new ResponseHeaders();
        final ServiceProvider executionContext = context.inject().bind(RequestHeaders.class, new RequestHeaders(message.headers())).bind(ResponseHeaders.class, responseHeaders).build();
        // monitor each request execution
        final Object body = new MonitoredRequest<>(// authorize each request execution
        new AuthorizedRequest<>(// rate limit all requests
        new RateLimitingRequest<>(// actual request
        req))).execute(executionContext);
        if (body == null) {
            LoggerFactory.getLogger(ApiRequestHandler.class).error("No response was returned from request: " + req.getClass());
        }
        message.reply(body, responseHeaders.headers());
    } catch (WrappedException e) {
        message.fail(e.getCause());
    } catch (ApiException e) {
        message.fail(e);
    } catch (Throwable e) {
        LoggerFactory.getLogger(ApiRequestHandler.class).error("Unexpected error when executing request:", e);
        message.fail(e);
    }
}

Also used : WrappedException(org.eclipse.emf.common.util.WrappedException) AuthorizedRequest(com.b2international.snowowl.core.authorization.AuthorizedRequest) ServiceProvider(com.b2international.snowowl.core.ServiceProvider) ResponseHeaders(com.b2international.snowowl.core.events.util.ResponseHeaders) RequestHeaders(com.b2international.snowowl.core.events.util.RequestHeaders) ApiException(com.b2international.commons.exceptions.ApiException)

Aggregations

ServiceProvider (com.b2international.snowowl.core.ServiceProvider)2 RequestHeaders (com.b2international.snowowl.core.events.util.RequestHeaders)2 ApiException (com.b2international.commons.exceptions.ApiException)1 ForbiddenException (com.b2international.commons.exceptions.ForbiddenException)1 UnauthorizedException (com.b2international.commons.exceptions.UnauthorizedException)1 AuthorizedRequest (com.b2international.snowowl.core.authorization.AuthorizedRequest)1 DelegatingRequest (com.b2international.snowowl.core.events.DelegatingRequest)1 Request (com.b2international.snowowl.core.events.Request)1 ResponseHeaders (com.b2international.snowowl.core.events.util.ResponseHeaders)1 AuthorizationHeaderVerifier (com.b2international.snowowl.core.identity.AuthorizationHeaderVerifier)1 IdentityProvider (com.b2international.snowowl.core.identity.IdentityProvider)1 Permission (com.b2international.snowowl.core.identity.Permission)1 User (com.b2international.snowowl.core.identity.User)1 MonitoredRequest (com.b2international.snowowl.core.monitoring.MonitoredRequest)1 PlatformUtil (com.b2international.snowowl.core.util.PlatformUtil)1 IEventBus (com.b2international.snowowl.eventbus.IEventBus)1 Strings (com.google.common.base.Strings)1 Iterables (com.google.common.collect.Iterables)1 Collection (java.util.Collection)1 List (java.util.List)1