Search in sources :

Example 1 with CachingAuthenticator

use of io.dropwizard.auth.CachingAuthenticator in project triplea by triplea-game.

the class AuthenticationConfiguration method enableAuthentication.

/**
 * Enables configuration via OAuth token. Endpoints annotated with @RolesAllowed will be activated
 * and will require a user to have been a given role during per-request authentication.
 */
public static <UserT extends Principal> void enableAuthentication(final Environment environment, final MetricRegistry metrics, final Authenticator<String, UserT> authenticator, final Authorizer<UserT> authorizer, final Class<UserT> principalClass) {
    environment.jersey().register(new AuthDynamicFeature(new OAuthCredentialAuthFilter.Builder<UserT>().setAuthenticator(new CachingAuthenticator<>(metrics, authenticator, Caffeine.newBuilder().expireAfterAccess(Duration.ofMinutes(10)).maximumSize(10000))).setAuthorizer(authorizer).setPrefix(AuthenticationHeaders.KEY_BEARER_PREFIX).buildAuthFilter()));
    environment.jersey().register(new AuthValueFactoryProvider.Binder<>(principalClass));
    environment.jersey().register(new RolesAllowedDynamicFeature());
}
Also used : CachingAuthenticator(io.dropwizard.auth.CachingAuthenticator) AuthValueFactoryProvider(io.dropwizard.auth.AuthValueFactoryProvider) AuthDynamicFeature(io.dropwizard.auth.AuthDynamicFeature) RolesAllowedDynamicFeature(org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature)

Example 2 with CachingAuthenticator

use of io.dropwizard.auth.CachingAuthenticator in project pay-publicapi by alphagov.

the class PublicApi method run.

@Override
public void run(PublicApiConfig configuration, Environment environment) {
    initialiseSSLSocketFactory();
    final Injector injector = Guice.createInjector(new PublicApiModule(configuration, environment));
    environment.healthChecks().register("ping", new Ping());
    environment.jersey().register(injector.getInstance(HealthCheckResource.class));
    environment.jersey().register(injector.getInstance(PaymentsResource.class));
    environment.jersey().register(injector.getInstance(AgreementsApiResource.class));
    environment.jersey().register(injector.getInstance(PaymentRefundsResource.class));
    environment.jersey().register(injector.getInstance(RequestDeniedResource.class));
    environment.jersey().register(injector.getInstance(SearchRefundsResource.class));
    environment.jersey().register(injector.getInstance(TransactionsResource.class));
    environment.jersey().register(injector.getInstance(TelephonePaymentNotificationResource.class));
    environment.jersey().register(new InjectingValidationFeature(injector));
    environment.jersey().register(injector.getInstance(SecuritytxtResource.class));
    environment.jersey().register(injector.getInstance(AuthorisationResource.class));
    environment.jersey().register(injector.getInstance(RateLimiterFilter.class));
    environment.jersey().register(injector.getInstance(LoggingMDCRequestFilter.class));
    environment.servlets().addFilter("ClearMdcValuesFilter", injector.getInstance(ClearMdcValuesFilter.class)).addMappingForUrlPatterns(of(REQUEST), true, "/v1/*");
    environment.servlets().addFilter("LoggingFilter", injector.getInstance(LoggingFilter.class)).addMappingForUrlPatterns(of(REQUEST), true, "/v1/*");
    FilterRegistration.Dynamic authorizationValidationFilter = environment.servlets().addFilter("AuthorizationValidationFilter", injector.getInstance(AuthorizationValidationFilter.class));
    authorizationValidationFilter.setInitParameter("excludedUrls", "/v1/auth");
    authorizationValidationFilter.addMappingForUrlPatterns(of(REQUEST), true, "/v1/*");
    /*
           Turn off 'FilteringJacksonJaxbJsonProvider' which overrides dropwizard JacksonMessageBodyProvider.
           Fails on Integration tests if not disabled. 
               - https://github.com/dropwizard/dropwizard/issues/1341
        */
    environment.jersey().property(CommonProperties.FEATURE_AUTO_DISCOVERY_DISABLE, Boolean.TRUE);
    CachingAuthenticator<String, Account> cachingAuthenticator = new CachingAuthenticator<>(environment.metrics(), injector.getInstance(AccountAuthenticator.class), configuration.getAuthenticationCachePolicy());
    environment.jersey().register(new AuthDynamicFeature(new OAuthCredentialAuthFilter.Builder<Account>().setAuthenticator(cachingAuthenticator).setPrefix("Bearer").buildAuthFilter()));
    environment.jersey().register(new AuthValueFactoryProvider.Binder<>(Account.class));
    attachExceptionMappersTo(environment.jersey());
    initialiseMetrics(configuration, environment);
    environment.lifecycle().manage(injector.getInstance(RedisClientManager.class));
}
Also used : Account(uk.gov.pay.api.auth.Account) HealthCheckResource(uk.gov.pay.api.resources.HealthCheckResource) AuthorizationValidationFilter(uk.gov.pay.api.filter.AuthorizationValidationFilter) PaymentsResource(uk.gov.pay.api.resources.PaymentsResource) TransactionsResource(uk.gov.pay.api.ledger.resource.TransactionsResource) InjectingValidationFeature(uk.gov.pay.api.validation.InjectingValidationFeature) AuthValueFactoryProvider(io.dropwizard.auth.AuthValueFactoryProvider) RedisClientManager(uk.gov.pay.api.managed.RedisClientManager) RateLimiterFilter(uk.gov.pay.api.filter.RateLimiterFilter) TelephonePaymentNotificationResource(uk.gov.pay.api.resources.telephone.TelephonePaymentNotificationResource) LoggingMDCRequestFilter(uk.gov.pay.api.filter.LoggingMDCRequestFilter) SearchRefundsResource(uk.gov.pay.api.resources.SearchRefundsResource) Injector(com.google.inject.Injector) AuthorisationResource(uk.gov.pay.api.resources.AuthorisationResource) AuthDynamicFeature(io.dropwizard.auth.AuthDynamicFeature) FilterRegistration(javax.servlet.FilterRegistration) PublicApiModule(uk.gov.pay.api.app.config.PublicApiModule) CachingAuthenticator(io.dropwizard.auth.CachingAuthenticator) AgreementsApiResource(uk.gov.pay.api.agreement.resource.AgreementsApiResource) AccountAuthenticator(uk.gov.pay.api.auth.AccountAuthenticator) OAuthCredentialAuthFilter(io.dropwizard.auth.oauth.OAuthCredentialAuthFilter) RequestDeniedResource(uk.gov.pay.api.resources.RequestDeniedResource) Ping(uk.gov.pay.api.healthcheck.Ping) PaymentRefundsResource(uk.gov.pay.api.resources.PaymentRefundsResource) SecuritytxtResource(uk.gov.pay.api.resources.SecuritytxtResource)

Example 3 with CachingAuthenticator

use of io.dropwizard.auth.CachingAuthenticator in project dockstore by dockstore.

the class DockstoreWebserviceApplication method run.

@Override
public void run(DockstoreWebserviceConfiguration configuration, Environment environment) {
    BeanConfig beanConfig = new BeanConfig();
    beanConfig.setSchemes(new String[] { configuration.getExternalConfig().getScheme() });
    String portFragment = configuration.getExternalConfig().getPort() == null ? "" : ":" + configuration.getExternalConfig().getPort();
    beanConfig.setHost(configuration.getExternalConfig().getHostname() + portFragment);
    beanConfig.setBasePath(MoreObjects.firstNonNull(configuration.getExternalConfig().getBasePath(), "/"));
    beanConfig.setResourcePackage("io.dockstore.webservice.resources,io.swagger.api,io.openapi.api");
    beanConfig.setScan(true);
    final DefaultPluginManager languagePluginManager = LanguagePluginManager.getInstance(getFilePluginLocation(configuration));
    describeAvailableLanguagePlugins(languagePluginManager);
    LanguageHandlerFactory.setLanguagePluginManager(languagePluginManager);
    final PublicStateManager publicStateManager = PublicStateManager.getInstance();
    publicStateManager.setConfig(configuration);
    final TRSListener trsListener = new TRSListener();
    publicStateManager.addListener(trsListener);
    environment.jersey().property(CommonProperties.FEATURE_AUTO_DISCOVERY_DISABLE, true);
    environment.jersey().register(new JsonProcessingExceptionMapper(true));
    final TemplateHealthCheck healthCheck = new TemplateHealthCheck(configuration.getTemplate());
    environment.healthChecks().register("template", healthCheck);
    final ElasticSearchHealthCheck elasticSearchHealthCheck = new ElasticSearchHealthCheck(new ToolsExtendedApi());
    environment.healthChecks().register("elasticSearch", elasticSearchHealthCheck);
    environment.lifecycle().manage(new ElasticSearchHelper(configuration.getEsConfiguration()));
    final UserDAO userDAO = new UserDAO(hibernate.getSessionFactory());
    final TokenDAO tokenDAO = new TokenDAO(hibernate.getSessionFactory());
    final DeletedUsernameDAO deletedUsernameDAO = new DeletedUsernameDAO(hibernate.getSessionFactory());
    final ToolDAO toolDAO = new ToolDAO(hibernate.getSessionFactory());
    final FileDAO fileDAO = new FileDAO(hibernate.getSessionFactory());
    final WorkflowDAO workflowDAO = new WorkflowDAO(hibernate.getSessionFactory());
    final TagDAO tagDAO = new TagDAO(hibernate.getSessionFactory());
    final EventDAO eventDAO = new EventDAO(hibernate.getSessionFactory());
    final VersionDAO versionDAO = new VersionDAO(hibernate.getSessionFactory());
    final BioWorkflowDAO bioWorkflowDAO = new BioWorkflowDAO(hibernate.getSessionFactory());
    LOG.info("Cache directory for OkHttp is: " + cache.directory().getAbsolutePath());
    LOG.info("This is our custom logger saying that we're about to load authenticators");
    // setup authentication to allow session access in authenticators, see https://github.com/dropwizard/dropwizard/pull/1361
    SimpleAuthenticator authenticator = new UnitOfWorkAwareProxyFactory(getHibernate()).create(SimpleAuthenticator.class, new Class[] { TokenDAO.class, UserDAO.class }, new Object[] { tokenDAO, userDAO });
    CachingAuthenticator<String, User> cachingAuthenticator = new CachingAuthenticator<>(environment.metrics(), authenticator, configuration.getAuthenticationCachePolicy());
    environment.jersey().register(new AuthDynamicFeature(new OAuthCredentialAuthFilter.Builder<User>().setAuthenticator(cachingAuthenticator).setAuthorizer(new SimpleAuthorizer()).setPrefix("Bearer").setRealm("Dockstore User Authentication").buildAuthFilter()));
    environment.jersey().register(new AuthValueFactoryProvider.Binder<>(User.class));
    environment.jersey().register(RolesAllowedDynamicFeature.class);
    final HttpClient httpClient = new HttpClientBuilder(environment).using(configuration.getHttpClientConfiguration()).build(getName());
    final PermissionsInterface authorizer = PermissionsFactory.createAuthorizer(tokenDAO, configuration);
    final EntryResource entryResource = new EntryResource(tokenDAO, toolDAO, versionDAO, userDAO, configuration);
    environment.jersey().register(entryResource);
    final WorkflowResource workflowResource = new WorkflowResource(httpClient, hibernate.getSessionFactory(), authorizer, entryResource, configuration);
    environment.jersey().register(workflowResource);
    final ServiceResource serviceResource = new ServiceResource(httpClient, hibernate.getSessionFactory(), entryResource, configuration);
    environment.jersey().register(serviceResource);
    // Note workflow resource must be passed to the docker repo resource, as the workflow resource refresh must be called for checker workflows
    final DockerRepoResource dockerRepoResource = new DockerRepoResource(httpClient, hibernate.getSessionFactory(), configuration, workflowResource, entryResource);
    environment.jersey().register(dockerRepoResource);
    environment.jersey().register(new DockerRepoTagResource(toolDAO, tagDAO, eventDAO, versionDAO));
    environment.jersey().register(new TokenResource(tokenDAO, userDAO, deletedUsernameDAO, httpClient, cachingAuthenticator, configuration));
    environment.jersey().register(new UserResource(httpClient, getHibernate().getSessionFactory(), workflowResource, serviceResource, dockerRepoResource, cachingAuthenticator, authorizer, configuration));
    MetadataResourceHelper.init(configuration);
    environment.jersey().register(new UserResourceDockerRegistries(getHibernate().getSessionFactory()));
    environment.jersey().register(new MetadataResource(getHibernate().getSessionFactory(), configuration));
    environment.jersey().register(new HostedToolResource(getHibernate().getSessionFactory(), authorizer, configuration.getLimitConfig()));
    environment.jersey().register(new HostedWorkflowResource(getHibernate().getSessionFactory(), authorizer, configuration.getLimitConfig()));
    environment.jersey().register(new OrganizationResource(getHibernate().getSessionFactory()));
    environment.jersey().register(new LambdaEventResource(getHibernate().getSessionFactory()));
    environment.jersey().register(new NotificationResource(getHibernate().getSessionFactory()));
    environment.jersey().register(new CollectionResource(getHibernate().getSessionFactory()));
    environment.jersey().register(new EventResource(eventDAO, userDAO));
    environment.jersey().register(new ToolTesterResource(configuration));
    environment.jersey().register(new CloudInstanceResource(getHibernate().getSessionFactory()));
    // disable odd extra endpoints showing up
    final SwaggerConfiguration swaggerConfiguration = new SwaggerConfiguration().prettyPrint(true);
    swaggerConfiguration.setIgnoredRoutes(Lists.newArrayList("/application.wadl", "/pprof"));
    BaseOpenApiResource openApiResource = new OpenApiResource().openApiConfiguration(swaggerConfiguration);
    environment.jersey().register(openApiResource);
    final AliasResource aliasResource = new AliasResource(hibernate.getSessionFactory(), workflowResource);
    environment.jersey().register(aliasResource);
    // attach the container dao statically to avoid too much modification of generated code
    ToolsApiServiceImpl.setToolDAO(toolDAO);
    ToolsApiServiceImpl.setWorkflowDAO(workflowDAO);
    ToolsApiServiceImpl.setBioWorkflowDAO(bioWorkflowDAO);
    ToolsApiServiceImpl.setFileDAO(fileDAO);
    ToolsApiServiceImpl.setConfig(configuration);
    ToolsApiServiceImpl.setTrsListener(trsListener);
    ToolsApiExtendedServiceImpl.setStateManager(publicStateManager);
    ToolsApiExtendedServiceImpl.setToolDAO(toolDAO);
    ToolsApiExtendedServiceImpl.setWorkflowDAO(workflowDAO);
    ToolsApiExtendedServiceImpl.setConfig(configuration);
    DOIGeneratorFactory.setConfig(configuration);
    GoogleHelper.setConfig(configuration);
    registerAPIsAndMisc(environment);
    // optional CORS support
    // Enable CORS headers
    // final FilterRegistration.Dynamic cors = environment.servlets().addFilter("CORS", CrossOriginFilter.class);
    final FilterHolder filterHolder = environment.getApplicationContext().addFilter(CrossOriginFilter.class, "/*", EnumSet.of(REQUEST));
    filterHolder.setInitParameter(ACCESS_CONTROL_ALLOW_METHODS_HEADER, "GET,POST,DELETE,PUT,OPTIONS,PATCH");
    filterHolder.setInitParameter(ALLOWED_ORIGINS_PARAM, "*");
    filterHolder.setInitParameter(ALLOWED_METHODS_PARAM, "GET,POST,DELETE,PUT,OPTIONS,PATCH");
    filterHolder.setInitParameter(ALLOWED_HEADERS_PARAM, "Authorization, X-Auth-Username, X-Auth-Password, X-Requested-With,Content-Type,Accept,Origin,Access-Control-Request-Headers,cache-control");
    // Initialize GitHub App Installation Access Token cache
    CacheConfigManager cacheConfigManager = CacheConfigManager.getInstance();
    cacheConfigManager.initCache();
}
Also used : FilterHolder(org.eclipse.jetty.servlet.FilterHolder) TokenResource(io.dockstore.webservice.resources.TokenResource) UnitOfWorkAwareProxyFactory(io.dropwizard.hibernate.UnitOfWorkAwareProxyFactory) AuthValueFactoryProvider(io.dropwizard.auth.AuthValueFactoryProvider) ElasticSearchHelper(io.dockstore.webservice.helpers.ElasticSearchHelper) SwaggerConfiguration(io.swagger.v3.oas.integration.SwaggerConfiguration) ElasticSearchHealthCheck(io.dockstore.webservice.resources.ElasticSearchHealthCheck) FileDAO(io.dockstore.webservice.jdbi.FileDAO) HostedWorkflowResource(io.dockstore.webservice.resources.HostedWorkflowResource) TemplateHealthCheck(io.dockstore.webservice.resources.TemplateHealthCheck) AuthDynamicFeature(io.dropwizard.auth.AuthDynamicFeature) UserResourceDockerRegistries(io.dockstore.webservice.resources.UserResourceDockerRegistries) ToolsExtendedApi(io.dockstore.webservice.resources.proposedGA4GH.ToolsExtendedApi) MetadataResource(io.dockstore.webservice.resources.MetadataResource) WorkflowResource(io.dockstore.webservice.resources.WorkflowResource) HostedWorkflowResource(io.dockstore.webservice.resources.HostedWorkflowResource) DockerRepoTagResource(io.dockstore.webservice.resources.DockerRepoTagResource) UserResource(io.dockstore.webservice.resources.UserResource) PublicStateManager(io.dockstore.webservice.helpers.PublicStateManager) LambdaEventResource(io.dockstore.webservice.resources.LambdaEventResource) EventResource(io.dockstore.webservice.resources.EventResource) OAuthCredentialAuthFilter(io.dropwizard.auth.oauth.OAuthCredentialAuthFilter) TRSListener(io.dockstore.webservice.helpers.statelisteners.TRSListener) WorkflowDAO(io.dockstore.webservice.jdbi.WorkflowDAO) BioWorkflowDAO(io.dockstore.webservice.jdbi.BioWorkflowDAO) NotificationResource(io.dockstore.webservice.resources.NotificationResource) BioWorkflowDAO(io.dockstore.webservice.jdbi.BioWorkflowDAO) PermissionsInterface(io.dockstore.webservice.permissions.PermissionsInterface) CollectionResource(io.dockstore.webservice.resources.CollectionResource) User(io.dockstore.webservice.core.User) OrganizationUser(io.dockstore.webservice.core.OrganizationUser) AliasResource(io.dockstore.webservice.resources.AliasResource) HttpClientBuilder(io.dropwizard.client.HttpClientBuilder) HostedToolResource(io.dockstore.webservice.resources.HostedToolResource) JsonProcessingExceptionMapper(io.dropwizard.jersey.jackson.JsonProcessingExceptionMapper) UserDAO(io.dockstore.webservice.jdbi.UserDAO) DockerRepoResource(io.dockstore.webservice.resources.DockerRepoResource) CacheConfigManager(io.dockstore.webservice.helpers.CacheConfigManager) EventDAO(io.dockstore.webservice.jdbi.EventDAO) EntryResource(io.dockstore.webservice.resources.EntryResource) ServiceResource(io.dockstore.webservice.resources.ServiceResource) BeanConfig(io.swagger.jaxrs.config.BeanConfig) VersionDAO(io.dockstore.webservice.jdbi.VersionDAO) TagDAO(io.dockstore.webservice.jdbi.TagDAO) CachingAuthenticator(io.dropwizard.auth.CachingAuthenticator) LambdaEventResource(io.dockstore.webservice.resources.LambdaEventResource) DeletedUsernameDAO(io.dockstore.webservice.jdbi.DeletedUsernameDAO) DefaultPluginManager(org.pf4j.DefaultPluginManager) CloudInstanceResource(io.dockstore.webservice.resources.CloudInstanceResource) ToolTesterResource(io.dockstore.webservice.resources.ToolTesterResource) BaseOpenApiResource(io.swagger.v3.jaxrs2.integration.resources.BaseOpenApiResource) OpenApiResource(io.swagger.v3.jaxrs2.integration.resources.OpenApiResource) BaseOpenApiResource(io.swagger.v3.jaxrs2.integration.resources.BaseOpenApiResource) OrganizationResource(io.dockstore.webservice.resources.OrganizationResource) TokenDAO(io.dockstore.webservice.jdbi.TokenDAO) HttpClient(org.apache.http.client.HttpClient) OkHttpClient(okhttp3.OkHttpClient) ToolDAO(io.dockstore.webservice.jdbi.ToolDAO)

Aggregations

AuthDynamicFeature (io.dropwizard.auth.AuthDynamicFeature)3 AuthValueFactoryProvider (io.dropwizard.auth.AuthValueFactoryProvider)3 CachingAuthenticator (io.dropwizard.auth.CachingAuthenticator)3 OAuthCredentialAuthFilter (io.dropwizard.auth.oauth.OAuthCredentialAuthFilter)2 Injector (com.google.inject.Injector)1 OrganizationUser (io.dockstore.webservice.core.OrganizationUser)1 User (io.dockstore.webservice.core.User)1 CacheConfigManager (io.dockstore.webservice.helpers.CacheConfigManager)1 ElasticSearchHelper (io.dockstore.webservice.helpers.ElasticSearchHelper)1 PublicStateManager (io.dockstore.webservice.helpers.PublicStateManager)1 TRSListener (io.dockstore.webservice.helpers.statelisteners.TRSListener)1 BioWorkflowDAO (io.dockstore.webservice.jdbi.BioWorkflowDAO)1 DeletedUsernameDAO (io.dockstore.webservice.jdbi.DeletedUsernameDAO)1 EventDAO (io.dockstore.webservice.jdbi.EventDAO)1 FileDAO (io.dockstore.webservice.jdbi.FileDAO)1 TagDAO (io.dockstore.webservice.jdbi.TagDAO)1 TokenDAO (io.dockstore.webservice.jdbi.TokenDAO)1 ToolDAO (io.dockstore.webservice.jdbi.ToolDAO)1 UserDAO (io.dockstore.webservice.jdbi.UserDAO)1 VersionDAO (io.dockstore.webservice.jdbi.VersionDAO)1