Example 1 with ResourceInfo
use of javax.ws.rs.container.ResourceInfo in project brave by openzipkin.
the class TracingContainerFilter method filter.
@Override
public void filter(ContainerRequestContext request) {
if (resourceInfo != null)
request.setProperty(ResourceInfo.class.getName(), resourceInfo);
Span span = handler.handleReceive(extractor, request);
if (resourceInfo != null)
parser.resourceInfo(resourceInfo, span);
request.removeProperty(ResourceInfo.class.getName());
if (shouldPutSpanInScope(resourceInfo)) {
request.setProperty(SpanInScope.class.getName(), tracer.withSpanInScope(span));
} else {
request.setProperty(Span.class.getName(), span);
}
}
Also used :
ResourceInfo(javax.ws.rs.container.ResourceInfo)
SpanInScope(brave.Tracer.SpanInScope)
Span(brave.Span)
Example 2 with ResourceInfo
use of javax.ws.rs.container.ResourceInfo in project ff4j by ff4j.
the class SecurityAuthorizationFilterTest method testRoleNothing.
@Test
public void testRoleNothing() throws IOException {
// Given
FF4jAuthorizationFilter faf = new FF4jAuthorizationFilter();
ContainerRequestContext mockRequest = mock(ContainerRequestContext.class);
UriInfo mockUriInfo = mock(UriInfo.class);
ResourceInfo mockResInfo = new ResourceInfo() {
public Method getResourceMethod() {
return methodNothing;
}
public Class<?> getResourceClass() {
return targetResource;
}
};
faf.setInfo(mockResInfo);
when(mockUriInfo.getPath()).thenReturn("localhost");
when(mockRequest.getSecurityContext()).thenReturn(new FF4jSecurityContext("user", "", Util.set("USER")));
when(mockRequest.getUriInfo()).thenReturn(mockUriInfo);
// When
faf.filter(mockRequest);
// OK
}
Also used :
FF4jAuthorizationFilter(org.ff4j.web.api.security.FF4jAuthorizationFilter)
ResourceInfo(javax.ws.rs.container.ResourceInfo)
FF4jSecurityContext(org.ff4j.web.api.security.FF4jSecurityContext)
ContainerRequestContext(javax.ws.rs.container.ContainerRequestContext)
UriInfo(javax.ws.rs.core.UriInfo)
Test(org.junit.Test)
Example 3 with ResourceInfo
use of javax.ws.rs.container.ResourceInfo in project ff4j by ff4j.
the class SecurityAuthorizationFilterTest method testPermitAll.
@Test
public void testPermitAll() throws IOException {
// Given
FF4jAuthorizationFilter faf = new FF4jAuthorizationFilter();
ContainerRequestContext mockRequest = mock(ContainerRequestContext.class);
UriInfo mockUriInfo = mock(UriInfo.class);
ResourceInfo mockResInfo = mock(ResourceInfo.class);
when(mockResInfo.getResourceMethod()).thenReturn(methodPermit);
faf.setInfo(mockResInfo);
when(mockUriInfo.getPath()).thenReturn("localhost");
when(mockRequest.getSecurityContext()).thenReturn(new FF4jSecurityContext("user", "", Util.set("USER")));
when(mockRequest.getUriInfo()).thenReturn(mockUriInfo);
// When
faf.filter(mockRequest);
// Then expecte 403
}
Also used :
FF4jAuthorizationFilter(org.ff4j.web.api.security.FF4jAuthorizationFilter)
ResourceInfo(javax.ws.rs.container.ResourceInfo)
FF4jSecurityContext(org.ff4j.web.api.security.FF4jSecurityContext)
ContainerRequestContext(javax.ws.rs.container.ContainerRequestContext)
UriInfo(javax.ws.rs.core.UriInfo)
Test(org.junit.Test)
Example 4 with ResourceInfo
use of javax.ws.rs.container.ResourceInfo in project candlepin by candlepin.
the class AuthenticationFilter method filter.
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
log.debug("Authentication check for {}", requestContext.getUriInfo().getPath());
HttpRequest httpRequest = ResteasyProviderFactory.getContextData(HttpRequest.class);
ResourceInfo resourceInfo = ResteasyProviderFactory.getContextData(ResourceInfo.class);
Method method = resourceInfo.getResourceMethod();
SecurityHole hole = method.getAnnotation(SecurityHole.class);
Principal principal = null;
if (hole != null && hole.anon()) {
principal = new NoAuthPrincipal();
} else if (resourceInfo.getResourceClass().equals(ApiListingResource.class)) {
log.debug("Swagger API request made; no principal required.");
principal = new NoAuthPrincipal();
} else {
for (AuthProvider provider : providers) {
principal = provider.getPrincipal(httpRequest);
if (principal != null) {
log.debug("Establishing principal with {}", provider.getClass().getName());
break;
}
}
}
/* At this point, there is no provider that has given a valid principal,
* so we use the NoAuthPrincipal here if it is allowed. */
if (principal == null) {
if (hole != null && hole.noAuth()) {
log.debug("No auth allowed for resource; setting NoAuth principal");
principal = new NoAuthPrincipal();
} else if (!config.getBoolean(ConfigProperties.AUTH_OVER_HTTP) && !request.isSecure()) {
throw new BadRequestException("Please use SSL when accessing protected resources");
} else {
throw new NotAuthorizedException("Invalid credentials.");
}
}
SecurityContext securityContext = new CandlepinSecurityContext(principal);
requestContext.setSecurityContext(securityContext);
// Push the principal into the context for the PrincipalProvider to access directly
ResteasyProviderFactory.pushContext(Principal.class, principal);
}
Also used :
HttpRequest(org.jboss.resteasy.spi.HttpRequest)
ResourceInfo(javax.ws.rs.container.ResourceInfo)
SecurityHole(org.candlepin.common.auth.SecurityHole)
NoAuthPrincipal(org.candlepin.auth.NoAuthPrincipal)
ApiListingResource(io.swagger.jaxrs.listing.ApiListingResource)
SecurityContext(javax.ws.rs.core.SecurityContext)
BadRequestException(org.candlepin.common.exceptions.BadRequestException)
AuthProvider(org.candlepin.auth.AuthProvider)
Method(java.lang.reflect.Method)
NotAuthorizedException(org.candlepin.common.exceptions.NotAuthorizedException)
Principal(org.candlepin.auth.Principal)
NoAuthPrincipal(org.candlepin.auth.NoAuthPrincipal)
Example 5 with ResourceInfo
use of javax.ws.rs.container.ResourceInfo in project candlepin by candlepin.
the class ConsumerCheckInFilter method filter.
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
ResourceInfo resourceInfo = ResteasyProviderFactory.getContextData(ResourceInfo.class);
Method method = resourceInfo.getResourceMethod();
Principal principal = ResteasyProviderFactory.getContextData(Principal.class);
if (principal instanceof ConsumerPrincipal && method.getAnnotation(UpdateConsumerCheckIn.class) != null) {
ConsumerPrincipal p = (ConsumerPrincipal) principal;
consumerCurator.updateLastCheckin(p.getConsumer());
}
}
Also used :
ResourceInfo(javax.ws.rs.container.ResourceInfo)
ConsumerPrincipal(org.candlepin.auth.ConsumerPrincipal)
Method(java.lang.reflect.Method)
ConsumerPrincipal(org.candlepin.auth.ConsumerPrincipal)
Principal(org.candlepin.auth.Principal)
Aggregations
ResourceInfo (javax.ws.rs.container.ResourceInfo)14
UriInfo (javax.ws.rs.core.UriInfo)8
Method (java.lang.reflect.Method)6
ContainerRequestContext (javax.ws.rs.container.ContainerRequestContext)6
Test (org.junit.Test)6
FF4jAuthorizationFilter (org.ff4j.web.api.security.FF4jAuthorizationFilter)5
FF4jSecurityContext (org.ff4j.web.api.security.FF4jSecurityContext)5
Principal (org.candlepin.auth.Principal)4
SecurityContext (javax.ws.rs.core.SecurityContext)2
Span (brave.Span)1
SpanInScope (brave.Tracer.SpanInScope)1
Logger (ch.qos.logback.classic.Logger)1
LoggerContext (ch.qos.logback.classic.LoggerContext)1
ApiListingResource (io.swagger.jaxrs.listing.ApiListingResource)1
HashMap (java.util.HashMap)1
Map (java.util.Map)1
ServletConfig (javax.servlet.ServletConfig)1
ServletRequest (javax.servlet.ServletRequest)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
