Example 1 with PowerAuthEncryption
use of io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuthEncryption in project powerauth-restful-integration by lime-company.
the class PowerAuthAnnotationInterceptor method preHandle.
@Override
public boolean preHandle(@NonNull HttpServletRequest request, @NonNull HttpServletResponse response, @NonNull Object handler) {
// requests before the actual requests.
if (handler instanceof HandlerMethod) {
final HandlerMethod handlerMethod = (HandlerMethod) handler;
// Obtain annotations
PowerAuth powerAuthSignatureAnnotation = handlerMethod.getMethodAnnotation(PowerAuth.class);
PowerAuthToken powerAuthTokenAnnotation = handlerMethod.getMethodAnnotation(PowerAuthToken.class);
PowerAuthEncryption powerAuthEncryptionAnnotation = handlerMethod.getMethodAnnotation(PowerAuthEncryption.class);
// Check that either signature or token annotation is active
if (powerAuthSignatureAnnotation != null && powerAuthTokenAnnotation != null) {
logger.warn("You cannot use both @PowerAuth and @PowerAuthToken on same handler method. We are removing both.");
powerAuthSignatureAnnotation = null;
powerAuthTokenAnnotation = null;
}
// sign-then-encrypt sequence in case both authorization and encryption are used.
if (powerAuthEncryptionAnnotation != null) {
final Type requestType = resolveGenericParameterTypeForEcies(handlerMethod);
try {
encryptionProvider.decryptRequest(request, requestType, powerAuthEncryptionAnnotation.scope());
// Encryption object is saved in HTTP servlet request by encryption provider, so that it is available for Spring
} catch (PowerAuthEncryptionException ex) {
logger.warn("Decryption failed, error: {}", ex.getMessage());
logger.debug("Error details", ex);
}
}
// Resolve @PowerAuth annotation
if (powerAuthSignatureAnnotation != null) {
try {
final String resourceId = expandResourceId(powerAuthSignatureAnnotation.resourceId(), request, handlerMethod);
final String header = request.getHeader(PowerAuthSignatureHttpHeader.HEADER_NAME);
final List<PowerAuthSignatureTypes> signatureTypes = Arrays.asList(powerAuthSignatureAnnotation.signatureType());
final PowerAuthApiAuthentication authentication = authenticationProvider.validateRequestSignatureWithActivationDetails(request, resourceId, header, signatureTypes);
request.setAttribute(PowerAuthRequestObjects.AUTHENTICATION_OBJECT, authentication);
} catch (PowerAuthAuthenticationException ex) {
logger.warn("Invalid request signature, authentication object was removed");
request.setAttribute(PowerAuthRequestObjects.AUTHENTICATION_OBJECT, null);
}
}
// Resolve @PowerAuthToken annotation
if (powerAuthTokenAnnotation != null) {
try {
final String header = request.getHeader(PowerAuthTokenHttpHeader.HEADER_NAME);
final List<PowerAuthSignatureTypes> signatureTypes = Arrays.asList(powerAuthTokenAnnotation.signatureType());
final PowerAuthApiAuthentication authentication = authenticationProvider.validateTokenWithActivationDetails(header, signatureTypes);
request.setAttribute(PowerAuthRequestObjects.AUTHENTICATION_OBJECT, authentication);
} catch (PowerAuthAuthenticationException ex) {
logger.warn("Invalid token, authentication object was removed");
request.setAttribute(PowerAuthRequestObjects.AUTHENTICATION_OBJECT, null);
}
}
}
return true;
}
Also used :
Type(java.lang.reflect.Type)
PowerAuth(io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuth)
PowerAuthToken(io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuthToken)
PowerAuthEncryptionException(io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthEncryptionException)
PowerAuthEncryption(io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuthEncryption)
PowerAuthAuthenticationException(io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException)
PowerAuthSignatureTypes(io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes)
PowerAuthApiAuthentication(io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthApiAuthentication)
HandlerMethod(org.springframework.web.method.HandlerMethod)
Example 2 with PowerAuthEncryption
use of io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuthEncryption in project powerauth-restful-integration by lime-company.
the class PowerAuthEncryptionArgumentResolver method resolveArgument.
@Override
public Object resolveArgument(@NonNull MethodParameter parameter, ModelAndViewContainer mavContainer, @NonNull NativeWebRequest webRequest, WebDataBinderFactory binderFactory) {
final HttpServletRequest request = (HttpServletRequest) webRequest.getNativeRequest();
final PowerAuthEciesEncryption eciesObject = (PowerAuthEciesEncryption) request.getAttribute(PowerAuthRequestObjects.ENCRYPTION_OBJECT);
// Decrypted object is inserted into parameter annotated by @EncryptedRequestBody annotation
if (parameter.hasParameterAnnotation(EncryptedRequestBody.class) && eciesObject != null && eciesObject.getDecryptedRequest() != null) {
final Type requestType = parameter.getGenericParameterType();
if (requestType.equals(byte[].class)) {
return eciesObject.getDecryptedRequest();
} else {
try {
// Object is deserialized from JSON based on request type
final TypeFactory typeFactory = objectMapper.getTypeFactory();
final JavaType requestJavaType = typeFactory.constructType(requestType);
return objectMapper.readValue(eciesObject.getDecryptedRequest(), requestJavaType);
} catch (IOException ex) {
logger.warn("Invalid request, error: {}", ex.getMessage());
logger.debug("Error details", ex);
return null;
}
}
}
// Ecies encryption object is inserted into parameter which is of type PowerAuthEciesEncryption
if (eciesObject != null && EciesEncryptionContext.class.isAssignableFrom(parameter.getParameterType())) {
// Set ECIES scope in case it is specified by the @PowerAuthEncryption annotation
PowerAuthEncryption powerAuthEncryption = parameter.getMethodAnnotation(PowerAuthEncryption.class);
if (powerAuthEncryption != null) {
EciesEncryptionContext eciesContext = eciesObject.getContext();
boolean validScope = validateEciesScope(eciesContext);
if (validScope) {
return eciesContext;
}
}
}
return null;
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
PowerAuthEciesEncryption(io.getlime.security.powerauth.rest.api.spring.encryption.PowerAuthEciesEncryption)
Type(java.lang.reflect.Type)
JavaType(com.fasterxml.jackson.databind.JavaType)
JavaType(com.fasterxml.jackson.databind.JavaType)
PowerAuthEncryption(io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuthEncryption)
IOException(java.io.IOException)
TypeFactory(com.fasterxml.jackson.databind.type.TypeFactory)
EciesEncryptionContext(io.getlime.security.powerauth.rest.api.spring.encryption.EciesEncryptionContext)
Aggregations
PowerAuthEncryption (io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuthEncryption)2
Type (java.lang.reflect.Type)2
JavaType (com.fasterxml.jackson.databind.JavaType)1
TypeFactory (com.fasterxml.jackson.databind.type.TypeFactory)1
PowerAuthSignatureTypes (io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes)1
PowerAuth (io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuth)1
PowerAuthToken (io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuthToken)1
PowerAuthApiAuthentication (io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthApiAuthentication)1
EciesEncryptionContext (io.getlime.security.powerauth.rest.api.spring.encryption.EciesEncryptionContext)1
PowerAuthEciesEncryption (io.getlime.security.powerauth.rest.api.spring.encryption.PowerAuthEciesEncryption)1
PowerAuthAuthenticationException (io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException)1
PowerAuthEncryptionException (io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthEncryptionException)1
IOException (java.io.IOException)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HandlerMethod (org.springframework.web.method.HandlerMethod)1
