Example 1 with CurrentUser
use of com.peterphi.std.guice.common.auth.iface.CurrentUser in project stdlib by petergeneric.
the class AuthConstraintInterceptorModule method configure.
@Override
protected void configure() {
// Use interceptor that checks CurrentUser and calls AccessRefuser to deny access
final MethodInterceptor interceptor = new AuthConstraintMethodInterceptor(getProvider(CurrentUser.class), config, calls, granted, denied, authenticatedDenied);
// Collect all REST service interfaces we implement
Set<Class<?>> restIfaces = RestResourceRegistry.getResources().stream().map(RestResource::getResourceClass).collect(Collectors.toSet());
Matcher<Method> matcher = new WebMethodMatcher(restIfaces);
bindInterceptor(Matchers.any(), matcher, interceptor);
}
Also used :
MethodInterceptor(org.aopalliance.intercept.MethodInterceptor)
CurrentUser(com.peterphi.std.guice.common.auth.iface.CurrentUser)
Method(java.lang.reflect.Method)
Example 2 with CurrentUser
use of com.peterphi.std.guice.common.auth.iface.CurrentUser in project stdlib by petergeneric.
the class WebappAuthenticationModule method getCurrentUser.
@Provides
@SessionScoped
public CurrentUser getCurrentUser(Injector injector, HttpServletRequest request) {
for (String providerName : providerNames) {
final Provider<CurrentUser> provider = injector.getProvider(Key.get(CurrentUser.class, Names.named(providerName)));
final CurrentUser user = provider.get();
if (user != null) {
// Store the user info for logging
if (user.getUsername() != null) {
MDC.put(TracingConstants.MDC_USER_ID, user.getUsername());
}
return user;
}
}
throw new IllegalArgumentException("No provider could determine a user for HTTP request!");
}
Also used :
CurrentUser(com.peterphi.std.guice.common.auth.iface.CurrentUser)
SessionScoped(com.peterphi.std.guice.web.rest.scoping.SessionScoped)
Provides(com.google.inject.Provides)
Example 3 with CurrentUser
use of com.peterphi.std.guice.common.auth.iface.CurrentUser in project stdlib by petergeneric.
the class AuthConstraintMethodInterceptor method invoke.
@Override
public Object invoke(final MethodInvocation invocation) throws Throwable {
// Never handle calls to base methods (like hashCode, toString, etc.)
if (invocation.getMethod().getDeclaringClass().equals(Object.class))
return invocation.proceed();
if (log.isTraceEnabled())
log.trace("Check authn for: " + invocation.getMethod());
// Skip auth if we're not inside a Servlet call and we are only to enforce auth constraints on service calls
if (onlyServletRequest && HttpCallContext.peek() == null) {
if (log.isTraceEnabled())
log.trace("Skip authn, should only run on servlet requests and this is not a servlet request");
return invocation.proceed();
}
calls.mark();
final AuthConstraint constraint = readConstraint(invocation);
final CurrentUser user = userProvider.get();
if (user == null)
throw new IllegalArgumentException("Provider for CurrentUser returned null! Cannot apply AuthConstraint to method " + invocation.getMethod());
// Acquire the auth scope (for constraint override)
final AuthScope scope = getScope(constraint);
// Test the user
if (passes(scope, constraint, user)) {
granted.mark();
return invocation.proceed();
} else {
if (!user.isAnonymous())
authenticatedDenied.mark();
denied.mark();
// Throw an exception to refuse access
throw user.getAccessRefuser().refuse(scope, constraint, user);
}
}
Also used :
CurrentUser(com.peterphi.std.guice.common.auth.iface.CurrentUser)
AuthConstraint(com.peterphi.std.guice.common.auth.annotations.AuthConstraint)
AuthScope(com.peterphi.std.guice.common.auth.AuthScope)
Aggregations
CurrentUser (com.peterphi.std.guice.common.auth.iface.CurrentUser)3
Provides (com.google.inject.Provides)1
AuthScope (com.peterphi.std.guice.common.auth.AuthScope)1
AuthConstraint (com.peterphi.std.guice.common.auth.annotations.AuthConstraint)1
SessionScoped (com.peterphi.std.guice.web.rest.scoping.SessionScoped)1
Method (java.lang.reflect.Method)1
MethodInterceptor (org.aopalliance.intercept.MethodInterceptor)1
