Example 6 with ResourceInfo
use of javax.ws.rs.container.ResourceInfo in project candlepin by candlepin.
the class VerifyAuthorizationFilterTest method setUp.
@Before
public void setUp() throws NoSuchMethodException, SecurityException {
// Turn logger to INFO level to disable HttpServletRequest logging.
LoggerContext lc = (LoggerContext) LoggerFactory.getILoggerFactory();
Logger logger = lc.getLogger(AbstractAuthorizationFilter.class);
logger.setLevel(Level.INFO);
ResteasyProviderFactory.getInstance().registerProvider(StubInjectorFactoryImpl.class);
StubInjectorFactoryImpl factory = (StubInjectorFactoryImpl) ResteasyProviderFactory.getInstance().getInjectorFactory();
methodInjector = new StubMethodInjector();
factory.setMethodInjector(methodInjector);
ResourceInfo mockInfo = mock(ResourceInfo.class);
Method method = FakeResource.class.getMethod("someMethod", String.class);
when(mockInfo.getResourceMethod()).thenReturn(method);
Class clazz = FakeResource.class;
when(mockInfo.getResourceClass()).thenReturn(clazz);
ResteasyProviderFactory.pushContext(ResourceInfo.class, mockInfo);
ResteasyProviderFactory.pushContext(HttpRequest.class, mockReq);
when(mockRequestContext.getSecurityContext()).thenReturn(mockSecurityContext);
when(mockRequestContext.getUriInfo()).thenReturn(mock(UriInfo.class));
resourceMap.init();
interceptor = new VerifyAuthorizationFilter(i18nProvider, storeFactory, resourceMap);
}
Also used :
ResourceInfo(javax.ws.rs.container.ResourceInfo)
Method(java.lang.reflect.Method)
Logger(ch.qos.logback.classic.Logger)
LoggerContext(ch.qos.logback.classic.LoggerContext)
UriInfo(javax.ws.rs.core.UriInfo)
Before(org.junit.Before)
Example 7 with ResourceInfo
use of javax.ws.rs.container.ResourceInfo in project instrumentation-java by census-instrumentation.
the class JaxrsContainerExtractorTest method testExtraction.
@Test
@SuppressWarnings("unchecked")
public void testExtraction() throws Exception {
UriInfo uriInfo = mock(UriInfo.class);
when(uriInfo.getPath()).thenReturn("mypath");
when(uriInfo.getMatchedURIs()).thenReturn(Collections.singletonList("/resource/{route}"));
when(uriInfo.getRequestUri()).thenReturn(URI.create("https://myhost/resource/1"));
ContainerRequestContext requestContext = mock(ContainerRequestContext.class);
when(requestContext.getHeaderString("host")).thenReturn("myhost");
when(requestContext.getMethod()).thenReturn("GET");
when(requestContext.getUriInfo()).thenReturn(uriInfo);
when(requestContext.getHeaderString("user-agent")).thenReturn("java/1.8");
ResourceInfo info = mock(ResourceInfo.class);
when(info.getResourceClass()).thenReturn((Class) MyResource.class);
when(info.getResourceMethod()).thenReturn(MyResource.class.getMethod("route"));
ExtendedContainerRequest extendedRequest = new ExtendedContainerRequest(requestContext, info);
ContainerResponseContext responseContext = mock(ContainerResponseContext.class);
when(responseContext.getStatus()).thenReturn(200);
JaxrsContainerExtractor extractor = new JaxrsContainerExtractor();
assertEquals("myhost", extractor.getHost(extendedRequest));
assertEquals("GET", extractor.getMethod(extendedRequest));
assertEquals("mypath", extractor.getPath(extendedRequest));
assertEquals("/resource/{route}", extractor.getRoute(extendedRequest));
assertEquals("https://myhost/resource/1", extractor.getUrl(extendedRequest));
assertEquals("java/1.8", extractor.getUserAgent(extendedRequest));
assertEquals(200, extractor.getStatusCode(responseContext));
}
Also used :
ResourceInfo(javax.ws.rs.container.ResourceInfo)
ContainerRequestContext(javax.ws.rs.container.ContainerRequestContext)
ContainerResponseContext(javax.ws.rs.container.ContainerResponseContext)
UriInfo(javax.ws.rs.core.UriInfo)
Test(org.junit.Test)
Example 8 with ResourceInfo
use of javax.ws.rs.container.ResourceInfo in project tomee by apache.
the class Contexts method bind.
/**
* Using a set ensures we don't set the thread local twice or more,
* there may be super classes with injection points of identical types
*
* Also allows us to get context references from other sources such as interceptors
*
* @param exchange Exchange
* @param types Collection
*/
public static void bind(final Exchange exchange, final Collection<Class<?>> types) {
// used in lazy mode by RESTResourceFinder if cdi beans uses @Context, === initThreadLocal
EXCHANGE.set(exchange);
CdiAppContextsService.pushRequestReleasable(CleanUpThreadLocal.INSTANCE);
for (final Class<?> type : types) {
if (Request.class.equals(type)) {
final Request binding = JAXRSUtils.createContextValue(exchange.getInMessage(), null, Request.class);
ThreadLocalContextManager.REQUEST.set(binding);
} else if (UriInfo.class.equals(type)) {
final UriInfo binding = JAXRSUtils.createContextValue(exchange.getInMessage(), null, UriInfo.class);
ThreadLocalContextManager.URI_INFO.set(binding);
} else if (HttpHeaders.class.equals(type)) {
final HttpHeaders binding = JAXRSUtils.createContextValue(exchange.getInMessage(), null, HttpHeaders.class);
ThreadLocalContextManager.HTTP_HEADERS.set(binding);
} else if (SecurityContext.class.equals(type)) {
final SecurityContext binding = JAXRSUtils.createContextValue(exchange.getInMessage(), null, SecurityContext.class);
ThreadLocalContextManager.SECURITY_CONTEXT.set(binding);
} else if (ContextResolver.class.equals(type)) {
final ContextResolver<?> binding = JAXRSUtils.createContextValue(exchange.getInMessage(), type, ContextResolver.class);
ThreadLocalContextManager.CONTEXT_RESOLVER.set(binding);
} else if (Providers.class.equals(type)) {
final Providers providers = JAXRSUtils.createContextValue(exchange.getInMessage(), null, Providers.class);
ThreadLocalContextManager.PROVIDERS.set(providers);
} else if (ServletRequest.class.equals(type)) {
ServletRequest servletRequest = JAXRSUtils.createContextValue(exchange.getInMessage(), null, ServletRequest.class);
if (servletRequest == null) {
// probably the case with CXF
servletRequest = JAXRSUtils.createContextValue(exchange.getInMessage(), null, HttpServletRequest.class);
}
ThreadLocalContextManager.SERVLET_REQUEST.set(servletRequest);
} else if (HttpServletRequest.class.equals(type)) {
final HttpServletRequest httpServletRequest = JAXRSUtils.createContextValue(exchange.getInMessage(), null, HttpServletRequest.class);
ThreadLocalContextManager.HTTP_SERVLET_REQUEST.set(httpServletRequest);
} else if (HttpServletResponse.class.equals(type)) {
final HttpServletResponse httpServletResponse = JAXRSUtils.createContextValue(exchange.getInMessage(), null, HttpServletResponse.class);
ThreadLocalContextManager.HTTP_SERVLET_RESPONSE.set(httpServletResponse);
} else if (ServletConfig.class.equals(type)) {
final ServletConfig servletConfig = JAXRSUtils.createContextValue(exchange.getInMessage(), null, ServletConfig.class);
ThreadLocalContextManager.SERVLET_CONFIG.set(servletConfig);
} else if (Configuration.class.equals(type)) {
final Configuration config = JAXRSUtils.createContextValue(exchange.getInMessage(), null, Configuration.class);
ThreadLocalContextManager.CONFIGURATION.set(config);
} else if (ResourceInfo.class.equals(type)) {
final ResourceInfo config = JAXRSUtils.createContextValue(exchange.getInMessage(), null, ResourceInfo.class);
ThreadLocalContextManager.RESOURCE_INFO.set(config);
} else if (ResourceContext.class.equals(type)) {
final ResourceContext config = JAXRSUtils.createContextValue(exchange.getInMessage(), null, ResourceContext.class);
ThreadLocalContextManager.RESOURCE_CONTEXT.set(config);
} else if (Application.class.equals(type)) {
final Application config = JAXRSUtils.createContextValue(exchange.getInMessage(), null, Application.class);
ThreadLocalContextManager.APPLICATION.set(config);
} else {
final Message message = exchange.getInMessage();
final ContextProvider<?> provider = ProviderFactory.getInstance(message).createContextProvider(type, message);
if (provider != null) {
final Object value = provider.createContext(message);
Map<String, Object> map = ThreadLocalContextManager.OTHERS.get();
if (map == null) {
map = new HashMap<>();
ThreadLocalContextManager.OTHERS.set(map);
}
map.put(type.getName(), value);
}
}
}
}
Also used :
HttpHeaders(javax.ws.rs.core.HttpHeaders)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletRequest(javax.servlet.ServletRequest)
OperationResourceInfo(org.apache.cxf.jaxrs.model.OperationResourceInfo)
ResourceInfo(javax.ws.rs.container.ResourceInfo)
ClassResourceInfo(org.apache.cxf.jaxrs.model.ClassResourceInfo)
ResourceContext(javax.ws.rs.container.ResourceContext)
Configuration(javax.ws.rs.core.Configuration)
Message(org.apache.cxf.message.Message)
HashMap(java.util.HashMap)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletRequest(javax.servlet.ServletRequest)
Request(javax.ws.rs.core.Request)
ServletConfig(javax.servlet.ServletConfig)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ContextProvider(org.apache.cxf.jaxrs.ext.ContextProvider)
Providers(javax.ws.rs.ext.Providers)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
SecurityContext(javax.ws.rs.core.SecurityContext)
Application(javax.ws.rs.core.Application)
HashMap(java.util.HashMap)
Map(java.util.Map)
UriInfo(javax.ws.rs.core.UriInfo)
Example 9 with ResourceInfo
use of javax.ws.rs.container.ResourceInfo in project graylog2-server by Graylog2.
the class ShiroSecurityBinding method configure.
@Override
public void configure(ResourceInfo resourceInfo, FeatureContext context) {
final Class<?> resourceClass = resourceInfo.getResourceClass();
final Method resourceMethod = resourceInfo.getResourceMethod();
if (resourceMethod.isAnnotationPresent(RequiresAuthentication.class) || resourceClass.isAnnotationPresent(RequiresAuthentication.class)) {
if (resourceMethod.isAnnotationPresent(RequiresGuest.class)) {
LOG.debug("Resource method {}#{} is marked as unauthenticated, skipping setting filter.");
} else {
LOG.debug("Resource method {}#{} requires an authenticated user.", resourceClass.getCanonicalName(), resourceMethod.getName());
context.register(new ShiroAuthenticationFilter());
}
}
if (resourceMethod.isAnnotationPresent(RequiresPermissions.class) || resourceClass.isAnnotationPresent(RequiresPermissions.class)) {
RequiresPermissions requiresPermissions = resourceClass.getAnnotation(RequiresPermissions.class);
if (requiresPermissions == null) {
requiresPermissions = resourceMethod.getAnnotation(RequiresPermissions.class);
}
LOG.debug("Resource method {}#{} requires an authorization checks.", resourceClass.getCanonicalName(), resourceMethod.getName());
context.register(new ShiroAuthorizationFilter(requiresPermissions));
}
// TODO this is the wrong approach, we should have an Environment and proper request wrapping
context.register((ContainerResponseFilter) (requestContext, responseContext) -> ThreadContext.unbindSubject());
}
Also used :
DynamicFeature(javax.ws.rs.container.DynamicFeature)
RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions)
FeatureContext(javax.ws.rs.core.FeatureContext)
Logger(org.slf4j.Logger)
ResourceInfo(javax.ws.rs.container.ResourceInfo)
ThreadContext(org.apache.shiro.util.ThreadContext)
LoggerFactory(org.slf4j.LoggerFactory)
RequiresGuest(org.apache.shiro.authz.annotation.RequiresGuest)
RequiresAuthentication(org.apache.shiro.authz.annotation.RequiresAuthentication)
Method(java.lang.reflect.Method)
ContainerResponseFilter(javax.ws.rs.container.ContainerResponseFilter)
RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions)
RequiresAuthentication(org.apache.shiro.authz.annotation.RequiresAuthentication)
Method(java.lang.reflect.Method)
Example 10 with ResourceInfo
use of javax.ws.rs.container.ResourceInfo in project candlepin by candlepin.
the class SuperAdminAuthorizationFilter method runFilter.
@Override
public void runFilter(ContainerRequestContext requestContext) {
log.debug("Authorization check for {}", requestContext.getUriInfo().getPath());
Principal principal = (Principal) requestContext.getSecurityContext().getUserPrincipal();
ResourceInfo resourceInfo = ResteasyProviderFactory.getContextData(ResourceInfo.class);
Method method = resourceInfo.getResourceMethod();
if (!principal.hasFullAccess()) {
denyAccess(principal, method);
}
}
Also used :
ResourceInfo(javax.ws.rs.container.ResourceInfo)
Method(java.lang.reflect.Method)
Principal(org.candlepin.auth.Principal)
Aggregations
ResourceInfo (javax.ws.rs.container.ResourceInfo)14
UriInfo (javax.ws.rs.core.UriInfo)8
Method (java.lang.reflect.Method)6
ContainerRequestContext (javax.ws.rs.container.ContainerRequestContext)6
Test (org.junit.Test)6
FF4jAuthorizationFilter (org.ff4j.web.api.security.FF4jAuthorizationFilter)5
FF4jSecurityContext (org.ff4j.web.api.security.FF4jSecurityContext)5
Principal (org.candlepin.auth.Principal)4
SecurityContext (javax.ws.rs.core.SecurityContext)2
Span (brave.Span)1
SpanInScope (brave.Tracer.SpanInScope)1
Logger (ch.qos.logback.classic.Logger)1
LoggerContext (ch.qos.logback.classic.LoggerContext)1
ApiListingResource (io.swagger.jaxrs.listing.ApiListingResource)1
HashMap (java.util.HashMap)1
Map (java.util.Map)1
ServletConfig (javax.servlet.ServletConfig)1
ServletRequest (javax.servlet.ServletRequest)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
