Search in sources :

Example 1 with SecurityContext

use of jakarta.ws.rs.core.SecurityContext in project jaxrs-api by eclipse-ee4j.

the class RequestFilter method getSecurityContext.

public void getSecurityContext() {
    SecurityContext secCtx = requestContext.getSecurityContext();
    Principal principal = secCtx.getUserPrincipal();
    if (assertTrue(principal == null, "principal is not null"))
        return;
    abortWithEntity("NULL");
}
Also used : SecurityContext(jakarta.ws.rs.core.SecurityContext) Principal(java.security.Principal)

Example 2 with SecurityContext

use of jakarta.ws.rs.core.SecurityContext in project jaxrs-api by eclipse-ee4j.

the class ResponseFilter method setSecurityContext.

public void setSecurityContext() {
    SecurityContext ctx = new SecurityContextImpl();
    try {
        requestContext.setSecurityContext(ctx);
        setEntity(NOEXCEPTION);
    } catch (IllegalStateException e) {
        setEntity(ISEXCEPTION);
    }
}
Also used : SecurityContextImpl(ee.jakarta.tck.ws.rs.common.impl.SecurityContextImpl) SecurityContext(jakarta.ws.rs.core.SecurityContext)

Example 3 with SecurityContext

use of jakarta.ws.rs.core.SecurityContext in project jaxrs-api by eclipse-ee4j.

the class RequestFilter method filter.

@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
    SecurityContext security = requestContext.getSecurityContext();
    String msg = "security.getUserPrincipal() is null";
    if (security.getUserPrincipal() != null)
        msg = security.getUserPrincipal().getName();
    Response response = Response.ok(msg).build();
    requestContext.abortWith(response);
}
Also used : Response(jakarta.ws.rs.core.Response) SecurityContext(jakarta.ws.rs.core.SecurityContext)

Example 4 with SecurityContext

use of jakarta.ws.rs.core.SecurityContext in project minijax by minijax.

the class MinijaxApplication method checkSecurity.

private void checkSecurity(final MinijaxRequestContext context) {
    final Annotation a = context.getResourceMethod().getSecurityAnnotation();
    if (a == null) {
        return;
    }
    final Class<?> c = a.annotationType();
    if (c == PermitAll.class) {
        return;
    }
    if (c == DenyAll.class) {
        throw new ForbiddenException();
    }
    if (c == RolesAllowed.class) {
        final SecurityContext security = context.getSecurityContext();
        if (security == null || security.getUserPrincipal() == null) {
            throw new NotAuthorizedException(Response.status(Status.UNAUTHORIZED).build());
        }
        boolean found = false;
        for (final String role : ((RolesAllowed) a).value()) {
            if (security.isUserInRole(role)) {
                found = true;
                break;
            }
        }
        if (!found) {
            throw new ForbiddenException();
        }
    }
}
Also used : ForbiddenException(jakarta.ws.rs.ForbiddenException) RolesAllowed(jakarta.annotation.security.RolesAllowed) SecurityContext(jakarta.ws.rs.core.SecurityContext) NotAuthorizedException(jakarta.ws.rs.NotAuthorizedException) Annotation(java.lang.annotation.Annotation)

Example 5 with SecurityContext

use of jakarta.ws.rs.core.SecurityContext in project resteasy by resteasy.

the class EJBConstraintChecker method checkInternal.

private boolean checkInternal(Method method) {
    // From now on we can use this class since it's there. I (Stef Epardaud) don't think we need to
    // remove the reference here and use reflection.
    RolesAllowed rolesAllowed = method.getAnnotation(RolesAllowed.class);
    if (rolesAllowed == null) {
        return true;
    }
    SecurityContext context = ResteasyContext.getContextData(SecurityContext.class);
    for (String role : rolesAllowed.value()) {
        if (context.isUserInRole(role)) {
            return true;
        }
    }
    return false;
}
Also used : RolesAllowed(jakarta.annotation.security.RolesAllowed) SecurityContext(jakarta.ws.rs.core.SecurityContext)

Aggregations

SecurityContext (jakarta.ws.rs.core.SecurityContext)15 RolesAllowed (jakarta.annotation.security.RolesAllowed)3 Principal (java.security.Principal)3 SecurityContextImpl (ee.jakarta.tck.ws.rs.common.impl.SecurityContextImpl)2 ThreadLocalResteasyProviderFactory (org.jboss.resteasy.core.ThreadLocalResteasyProviderFactory)2 ResteasyProviderFactory (org.jboss.resteasy.spi.ResteasyProviderFactory)2 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)1 ForbiddenException (jakarta.ws.rs.ForbiddenException)1 NotAuthorizedException (jakarta.ws.rs.NotAuthorizedException)1 Cookie (jakarta.ws.rs.core.Cookie)1 HttpHeaders (jakarta.ws.rs.core.HttpHeaders)1 Response (jakarta.ws.rs.core.Response)1 Annotation (java.lang.annotation.Annotation)1 Method (java.lang.reflect.Method)1 ModelRef (org.openscoring.service.ModelRef)1