Example 1 with FeatureContext
use of javax.ws.rs.core.FeatureContext in project graylog2-server by Graylog2.
the class ShiroSecurityBinding method configure.
@Override
public void configure(ResourceInfo resourceInfo, FeatureContext context) {
final Class<?> resourceClass = resourceInfo.getResourceClass();
final Method resourceMethod = resourceInfo.getResourceMethod();
context.register(ShiroSecurityContextFilter.class);
if (resourceMethod.isAnnotationPresent(RequiresAuthentication.class) || resourceClass.isAnnotationPresent(RequiresAuthentication.class)) {
if (resourceMethod.isAnnotationPresent(RequiresGuest.class)) {
LOG.debug("Resource method {}#{} is marked as unauthenticated, skipping setting filter.");
} else {
LOG.debug("Resource method {}#{} requires an authenticated user.", resourceClass.getCanonicalName(), resourceMethod.getName());
context.register(new ShiroAuthenticationFilter());
}
}
if (resourceMethod.isAnnotationPresent(RequiresPermissions.class) || resourceClass.isAnnotationPresent(RequiresPermissions.class)) {
RequiresPermissions requiresPermissions = resourceClass.getAnnotation(RequiresPermissions.class);
if (requiresPermissions == null) {
requiresPermissions = resourceMethod.getAnnotation(RequiresPermissions.class);
}
LOG.debug("Resource method {}#{} requires an authorization checks.", resourceClass.getCanonicalName(), resourceMethod.getName());
context.register(new ShiroAuthorizationFilter(requiresPermissions));
}
// TODO this is the wrong approach, we should have an Environment and proper request wrapping
context.register((ContainerResponseFilter) (requestContext, responseContext) -> ThreadContext.unbindSubject());
}
Also used :
DynamicFeature(javax.ws.rs.container.DynamicFeature)
RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions)
FeatureContext(javax.ws.rs.core.FeatureContext)
Logger(org.slf4j.Logger)
ResourceInfo(javax.ws.rs.container.ResourceInfo)
ThreadContext(org.apache.shiro.util.ThreadContext)
LoggerFactory(org.slf4j.LoggerFactory)
RequiresGuest(org.apache.shiro.authz.annotation.RequiresGuest)
RequiresAuthentication(org.apache.shiro.authz.annotation.RequiresAuthentication)
Method(java.lang.reflect.Method)
ContainerResponseFilter(javax.ws.rs.container.ContainerResponseFilter)
RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions)
RequiresAuthentication(org.apache.shiro.authz.annotation.RequiresAuthentication)
Method(java.lang.reflect.Method)
Aggregations
Method (java.lang.reflect.Method)1
ContainerResponseFilter (javax.ws.rs.container.ContainerResponseFilter)1
DynamicFeature (javax.ws.rs.container.DynamicFeature)1
ResourceInfo (javax.ws.rs.container.ResourceInfo)1
FeatureContext (javax.ws.rs.core.FeatureContext)1
RequiresAuthentication (org.apache.shiro.authz.annotation.RequiresAuthentication)1
RequiresGuest (org.apache.shiro.authz.annotation.RequiresGuest)1
RequiresPermissions (org.apache.shiro.authz.annotation.RequiresPermissions)1
ThreadContext (org.apache.shiro.util.ThreadContext)1
Logger (org.slf4j.Logger)1
LoggerFactory (org.slf4j.LoggerFactory)1
