Examples with ResourceInfo javax.ws.rs.container.ResourceInfo used on opensource projects

Search in sources :

Example 11 with ResourceInfo

use of javax.ws.rs.container.ResourceInfo in project candlepin by candlepin.

the class VerifyAuthorizationFilter method runFilter.

@Override
public void runFilter(ContainerRequestContext requestContext) {
    HttpRequest request = ResteasyProviderFactory.getContextData(HttpRequest.class);
    Principal principal = (Principal) requestContext.getSecurityContext().getUserPrincipal();
    ResourceInfo resourceInfo = ResteasyProviderFactory.getContextData(ResourceInfo.class);
    Method method = resourceInfo.getResourceMethod();
    if (log.isDebugEnabled()) {
        log.debug("Authorization check for {} mapping to {}.{}", requestContext.getUriInfo().getPath(), method.getDeclaringClass().getName(), method.getName());
    }
    Map<Verify, Object> argMap = getArguments(request, method);
    // Couldn't find a match in Resteasy for method
    if (argMap.isEmpty()) {
        /* It would also be possible to get here if a super-admin only method
             * were inadvertently being filtered through this filter.  Normally the
             * AuthorizationFeature takes care of sending methods without any @Verify
             * annotations through the SuperAdminAuthorizationFilter */
        throw new IseException("Could not get parameters for " + method);
    }
    Access defaultAccess = getDefaultAccess(method);
    if (!hasAccess(argMap, principal, defaultAccess)) {
        denyAccess(principal, method);
    }
}
Also used : HttpRequest(org.jboss.resteasy.spi.HttpRequest) ResourceInfo(javax.ws.rs.container.ResourceInfo) IseException(org.candlepin.common.exceptions.IseException) Access(org.candlepin.auth.Access) Method(java.lang.reflect.Method) Verify(org.candlepin.auth.Verify) Principal(org.candlepin.auth.Principal)

Example 12 with ResourceInfo

use of javax.ws.rs.container.ResourceInfo in project ff4j by ff4j.

the class SecurityAuthorizationFilterTest method testDenyAll.

@Test(expected = WebApplicationException.class)
public void testDenyAll() throws IOException {
    // Given
    FF4jAuthorizationFilter faf = new FF4jAuthorizationFilter();
    ContainerRequestContext mockRequest = mock(ContainerRequestContext.class);
    UriInfo mockUriInfo = mock(UriInfo.class);
    ResourceInfo mockResInfo = mock(ResourceInfo.class);
    when(mockResInfo.getResourceMethod()).thenReturn(methodDeny);
    faf.setInfo(mockResInfo);
    when(mockUriInfo.getPath()).thenReturn("localhost");
    when(mockRequest.getSecurityContext()).thenReturn(new FF4jSecurityContext("user", "", Util.set("USER")));
    when(mockRequest.getUriInfo()).thenReturn(mockUriInfo);
    // When
    faf.filter(mockRequest);
// Then expecte 403
}
Also used : FF4jAuthorizationFilter(org.ff4j.web.api.security.FF4jAuthorizationFilter) ResourceInfo(javax.ws.rs.container.ResourceInfo) FF4jSecurityContext(org.ff4j.web.api.security.FF4jSecurityContext) ContainerRequestContext(javax.ws.rs.container.ContainerRequestContext) UriInfo(javax.ws.rs.core.UriInfo) Test(org.junit.Test)

Example 13 with ResourceInfo

use of javax.ws.rs.container.ResourceInfo in project ff4j by ff4j.

the class SecurityAuthorizationFilterTest method testRoleAllowedInvalid.

@Test(expected = WebApplicationException.class)
public void testRoleAllowedInvalid() throws IOException {
    // Given
    FF4jAuthorizationFilter faf = new FF4jAuthorizationFilter();
    ContainerRequestContext mockRequest = mock(ContainerRequestContext.class);
    UriInfo mockUriInfo = mock(UriInfo.class);
    ResourceInfo mockResInfo = new ResourceInfo() {

        public Method getResourceMethod() {
            return methodRole;
        }

        public Class<?> getResourceClass() {
            return targetResource;
        }
    };
    faf.setInfo(mockResInfo);
    when(mockUriInfo.getPath()).thenReturn("localhost");
    when(mockRequest.getSecurityContext()).thenReturn(new FF4jSecurityContext("user", "", Util.set("OTHER")));
    when(mockRequest.getUriInfo()).thenReturn(mockUriInfo);
    // When
    faf.filter(mockRequest);
// Then expecte 403
}
Also used : FF4jAuthorizationFilter(org.ff4j.web.api.security.FF4jAuthorizationFilter) ResourceInfo(javax.ws.rs.container.ResourceInfo) FF4jSecurityContext(org.ff4j.web.api.security.FF4jSecurityContext) ContainerRequestContext(javax.ws.rs.container.ContainerRequestContext) UriInfo(javax.ws.rs.core.UriInfo) Test(org.junit.Test)

Example 14 with ResourceInfo

use of javax.ws.rs.container.ResourceInfo in project ff4j by ff4j.

the class SecurityAuthorizationFilterTest method testRoleAllowed.

@Test
public void testRoleAllowed() throws IOException {
    // Given
    FF4jAuthorizationFilter faf = new FF4jAuthorizationFilter();
    ContainerRequestContext mockRequest = mock(ContainerRequestContext.class);
    UriInfo mockUriInfo = mock(UriInfo.class);
    ResourceInfo mockResInfo = new ResourceInfo() {

        public Method getResourceMethod() {
            return methodRole;
        }

        public Class<?> getResourceClass() {
            return targetResource;
        }
    };
    faf.setInfo(mockResInfo);
    when(mockUriInfo.getPath()).thenReturn("localhost");
    when(mockRequest.getSecurityContext()).thenReturn(new FF4jSecurityContext("user", "", Util.set("USER")));
    when(mockRequest.getUriInfo()).thenReturn(mockUriInfo);
    // When
    faf.filter(mockRequest);
// Then expecte 403
}
Also used : FF4jAuthorizationFilter(org.ff4j.web.api.security.FF4jAuthorizationFilter) ResourceInfo(javax.ws.rs.container.ResourceInfo) FF4jSecurityContext(org.ff4j.web.api.security.FF4jSecurityContext) ContainerRequestContext(javax.ws.rs.container.ContainerRequestContext) UriInfo(javax.ws.rs.core.UriInfo) Test(org.junit.Test)

Aggregations

ResourceInfo (javax.ws.rs.container.ResourceInfo)14 UriInfo (javax.ws.rs.core.UriInfo)8 Method (java.lang.reflect.Method)6 ContainerRequestContext (javax.ws.rs.container.ContainerRequestContext)6 Test (org.junit.Test)6 FF4jAuthorizationFilter (org.ff4j.web.api.security.FF4jAuthorizationFilter)5 FF4jSecurityContext (org.ff4j.web.api.security.FF4jSecurityContext)5 Principal (org.candlepin.auth.Principal)4 SecurityContext (javax.ws.rs.core.SecurityContext)2 Span (brave.Span)1 SpanInScope (brave.Tracer.SpanInScope)1 Logger (ch.qos.logback.classic.Logger)1 LoggerContext (ch.qos.logback.classic.LoggerContext)1 ApiListingResource (io.swagger.jaxrs.listing.ApiListingResource)1 HashMap (java.util.HashMap)1 Map (java.util.Map)1 ServletConfig (javax.servlet.ServletConfig)1 ServletRequest (javax.servlet.ServletRequest)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial