use of javax.ws.rs.core.FeatureContext in project graylog2-server by Graylog2.
the class ShiroSecurityBinding method configure.
@Override
public void configure(ResourceInfo resourceInfo, FeatureContext context) {
final Class<?> resourceClass = resourceInfo.getResourceClass();
final Method resourceMethod = resourceInfo.getResourceMethod();
context.register(ShiroSecurityContextFilter.class);
if (resourceMethod.isAnnotationPresent(RequiresAuthentication.class) || resourceClass.isAnnotationPresent(RequiresAuthentication.class)) {
if (resourceMethod.isAnnotationPresent(RequiresGuest.class)) {
LOG.debug("Resource method {}#{} is marked as unauthenticated, skipping setting filter.");
} else {
LOG.debug("Resource method {}#{} requires an authenticated user.", resourceClass.getCanonicalName(), resourceMethod.getName());
context.register(new ShiroAuthenticationFilter());
}
}
if (resourceMethod.isAnnotationPresent(RequiresPermissions.class) || resourceClass.isAnnotationPresent(RequiresPermissions.class)) {
RequiresPermissions requiresPermissions = resourceClass.getAnnotation(RequiresPermissions.class);
if (requiresPermissions == null) {
requiresPermissions = resourceMethod.getAnnotation(RequiresPermissions.class);
}
LOG.debug("Resource method {}#{} requires an authorization checks.", resourceClass.getCanonicalName(), resourceMethod.getName());
context.register(new ShiroAuthorizationFilter(requiresPermissions));
}
// TODO this is the wrong approach, we should have an Environment and proper request wrapping
context.register((ContainerResponseFilter) (requestContext, responseContext) -> ThreadContext.unbindSubject());
}
Aggregations