use of io.hops.hopsworks.api.filter.util.HopsworksSecurityContext in project hopsworks by logicalclocks.
the class AuthFilter method postJWTFilter.
@Override
public void postJWTFilter(ContainerRequestContext requestContext, DecodedJWT jwt) throws IOException {
String scheme = requestContext.getUriInfo().getRequestUri().getScheme();
String[] roles = jwtController.getRolesClaim(jwt);
Subject subject = new Subject(jwt.getSubject(), new ArrayList<>(Arrays.asList(roles)));
requestContext.setSecurityContext(new HopsworksSecurityContext(subject, scheme));
}
use of io.hops.hopsworks.api.filter.util.HopsworksSecurityContext in project hopsworks by logicalclocks.
the class ApiKeyFilter method filter.
@Override
public void filter(ContainerRequestContext requestContext) {
String authorizationHeader = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
JsonResponse jsonResponse = new RESTApiJsonResponse();
if (authorizationHeader == null) {
LOGGER.log(Level.FINEST, "Authorization header not set.");
jsonResponse.setErrorCode(RESTCodes.SecurityErrorCode.EJB_ACCESS_LOCAL.getCode());
jsonResponse.setErrorMsg("Authorization header not set.");
requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).header(HttpHeaders.WWW_AUTHENTICATE, WWW_AUTHENTICATE_VALUE).entity(jsonResponse).build());
return;
}
if (authorizationHeader.startsWith(BEARER)) {
LOGGER.log(Level.FINEST, "{0} token found, leaving Api key interceptor", BEARER);
if (getJWTAnnotation() == null) {
jsonResponse.setErrorCode(RESTCodes.SecurityErrorCode.EJB_ACCESS_LOCAL.getCode());
jsonResponse.setErrorMsg("Authorization method not supported.");
requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).header(HttpHeaders.WWW_AUTHENTICATE, WWW_AUTHENTICATE_VALUE).entity(jsonResponse).build());
}
return;
}
if (!authorizationHeader.startsWith(API_KEY)) {
LOGGER.log(Level.FINEST, "Invalid Api key. AuthorizationHeader : {0}", authorizationHeader);
jsonResponse.setErrorCode(RESTCodes.SecurityErrorCode.EJB_ACCESS_LOCAL.getCode());
jsonResponse.setErrorMsg("Invalidated Api key.");
requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).header(HttpHeaders.WWW_AUTHENTICATE, WWW_AUTHENTICATE_VALUE).entity(jsonResponse).build());
return;
}
String key = authorizationHeader.substring(API_KEY.length()).trim();
try {
ApiKey apiKey = apiKeyController.getApiKey(key);
Users user = apiKey.getUser();
List<String> roles = usersController.getUserRoles(user);
Set<ApiScope> scopes = apiKeyController.getScopes(apiKey);
checkRole(roles);
checkScope(scopes);
Subject subject = new Subject(user.getUsername(), roles);
String scheme = requestContext.getUriInfo().getRequestUri().getScheme();
requestContext.setSecurityContext(new HopsworksSecurityContext(subject, scheme));
} catch (ApiKeyException e) {
LOGGER.log(Level.FINEST, "Api key Verification Exception: {0}", e.getMessage());
e.buildJsonResponse(jsonResponse, settings.getHopsworksRESTLogLevel());
requestContext.abortWith(Response.status(e.getErrorCode().getRespStatus().getStatusCode()).header(HttpHeaders.WWW_AUTHENTICATE, WWW_AUTHENTICATE_VALUE).entity(jsonResponse).build());
}
}
Aggregations