Search in sources :

Example 1 with HopsworksSecurityContext

use of io.hops.hopsworks.api.filter.util.HopsworksSecurityContext in project hopsworks by logicalclocks.

the class AuthFilter method postJWTFilter.

@Override
public void postJWTFilter(ContainerRequestContext requestContext, DecodedJWT jwt) throws IOException {
    String scheme = requestContext.getUriInfo().getRequestUri().getScheme();
    String[] roles = jwtController.getRolesClaim(jwt);
    Subject subject = new Subject(jwt.getSubject(), new ArrayList<>(Arrays.asList(roles)));
    requestContext.setSecurityContext(new HopsworksSecurityContext(subject, scheme));
}
Also used : Subject(io.hops.hopsworks.api.filter.util.Subject) HopsworksSecurityContext(io.hops.hopsworks.api.filter.util.HopsworksSecurityContext)

Example 2 with HopsworksSecurityContext

use of io.hops.hopsworks.api.filter.util.HopsworksSecurityContext in project hopsworks by logicalclocks.

the class ApiKeyFilter method filter.

@Override
public void filter(ContainerRequestContext requestContext) {
    String authorizationHeader = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
    JsonResponse jsonResponse = new RESTApiJsonResponse();
    if (authorizationHeader == null) {
        LOGGER.log(Level.FINEST, "Authorization header not set.");
        jsonResponse.setErrorCode(RESTCodes.SecurityErrorCode.EJB_ACCESS_LOCAL.getCode());
        jsonResponse.setErrorMsg("Authorization header not set.");
        requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).header(HttpHeaders.WWW_AUTHENTICATE, WWW_AUTHENTICATE_VALUE).entity(jsonResponse).build());
        return;
    }
    if (authorizationHeader.startsWith(BEARER)) {
        LOGGER.log(Level.FINEST, "{0} token found, leaving Api key interceptor", BEARER);
        if (getJWTAnnotation() == null) {
            jsonResponse.setErrorCode(RESTCodes.SecurityErrorCode.EJB_ACCESS_LOCAL.getCode());
            jsonResponse.setErrorMsg("Authorization method not supported.");
            requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).header(HttpHeaders.WWW_AUTHENTICATE, WWW_AUTHENTICATE_VALUE).entity(jsonResponse).build());
        }
        return;
    }
    if (!authorizationHeader.startsWith(API_KEY)) {
        LOGGER.log(Level.FINEST, "Invalid Api key. AuthorizationHeader : {0}", authorizationHeader);
        jsonResponse.setErrorCode(RESTCodes.SecurityErrorCode.EJB_ACCESS_LOCAL.getCode());
        jsonResponse.setErrorMsg("Invalidated Api key.");
        requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).header(HttpHeaders.WWW_AUTHENTICATE, WWW_AUTHENTICATE_VALUE).entity(jsonResponse).build());
        return;
    }
    String key = authorizationHeader.substring(API_KEY.length()).trim();
    try {
        ApiKey apiKey = apiKeyController.getApiKey(key);
        Users user = apiKey.getUser();
        List<String> roles = usersController.getUserRoles(user);
        Set<ApiScope> scopes = apiKeyController.getScopes(apiKey);
        checkRole(roles);
        checkScope(scopes);
        Subject subject = new Subject(user.getUsername(), roles);
        String scheme = requestContext.getUriInfo().getRequestUri().getScheme();
        requestContext.setSecurityContext(new HopsworksSecurityContext(subject, scheme));
    } catch (ApiKeyException e) {
        LOGGER.log(Level.FINEST, "Api key Verification Exception: {0}", e.getMessage());
        e.buildJsonResponse(jsonResponse, settings.getHopsworksRESTLogLevel());
        requestContext.abortWith(Response.status(e.getErrorCode().getRespStatus().getStatusCode()).header(HttpHeaders.WWW_AUTHENTICATE, WWW_AUTHENTICATE_VALUE).entity(jsonResponse).build());
    }
}
Also used : ApiKeyException(io.hops.hopsworks.exceptions.ApiKeyException) ApiKey(io.hops.hopsworks.persistence.entity.user.security.apiKey.ApiKey) RESTApiJsonResponse(io.hops.hopsworks.api.util.RESTApiJsonResponse) ApiScope(io.hops.hopsworks.persistence.entity.user.security.apiKey.ApiScope) Users(io.hops.hopsworks.persistence.entity.user.Users) RESTApiJsonResponse(io.hops.hopsworks.api.util.RESTApiJsonResponse) JsonResponse(io.hops.hopsworks.restutils.JsonResponse) Subject(io.hops.hopsworks.api.filter.util.Subject) HopsworksSecurityContext(io.hops.hopsworks.api.filter.util.HopsworksSecurityContext)

Aggregations

HopsworksSecurityContext (io.hops.hopsworks.api.filter.util.HopsworksSecurityContext)2 Subject (io.hops.hopsworks.api.filter.util.Subject)2 RESTApiJsonResponse (io.hops.hopsworks.api.util.RESTApiJsonResponse)1 ApiKeyException (io.hops.hopsworks.exceptions.ApiKeyException)1 Users (io.hops.hopsworks.persistence.entity.user.Users)1 ApiKey (io.hops.hopsworks.persistence.entity.user.security.apiKey.ApiKey)1 ApiScope (io.hops.hopsworks.persistence.entity.user.security.apiKey.ApiScope)1 JsonResponse (io.hops.hopsworks.restutils.JsonResponse)1