Search in sources :

Example 1 with FeatureContext

use of javax.ws.rs.core.FeatureContext in project graylog2-server by Graylog2.

the class ShiroSecurityBinding method configure.

@Override
public void configure(ResourceInfo resourceInfo, FeatureContext context) {
    final Class<?> resourceClass = resourceInfo.getResourceClass();
    final Method resourceMethod = resourceInfo.getResourceMethod();
    context.register(ShiroSecurityContextFilter.class);
    if (resourceMethod.isAnnotationPresent(RequiresAuthentication.class) || resourceClass.isAnnotationPresent(RequiresAuthentication.class)) {
        if (resourceMethod.isAnnotationPresent(RequiresGuest.class)) {
            LOG.debug("Resource method {}#{} is marked as unauthenticated, skipping setting filter.");
        } else {
            LOG.debug("Resource method {}#{} requires an authenticated user.", resourceClass.getCanonicalName(), resourceMethod.getName());
            context.register(new ShiroAuthenticationFilter());
        }
    }
    if (resourceMethod.isAnnotationPresent(RequiresPermissions.class) || resourceClass.isAnnotationPresent(RequiresPermissions.class)) {
        RequiresPermissions requiresPermissions = resourceClass.getAnnotation(RequiresPermissions.class);
        if (requiresPermissions == null) {
            requiresPermissions = resourceMethod.getAnnotation(RequiresPermissions.class);
        }
        LOG.debug("Resource method {}#{} requires an authorization checks.", resourceClass.getCanonicalName(), resourceMethod.getName());
        context.register(new ShiroAuthorizationFilter(requiresPermissions));
    }
    // TODO this is the wrong approach, we should have an Environment and proper request wrapping
    context.register((ContainerResponseFilter) (requestContext, responseContext) -> ThreadContext.unbindSubject());
}
Also used : DynamicFeature(javax.ws.rs.container.DynamicFeature) RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions) FeatureContext(javax.ws.rs.core.FeatureContext) Logger(org.slf4j.Logger) ResourceInfo(javax.ws.rs.container.ResourceInfo) ThreadContext(org.apache.shiro.util.ThreadContext) LoggerFactory(org.slf4j.LoggerFactory) RequiresGuest(org.apache.shiro.authz.annotation.RequiresGuest) RequiresAuthentication(org.apache.shiro.authz.annotation.RequiresAuthentication) Method(java.lang.reflect.Method) ContainerResponseFilter(javax.ws.rs.container.ContainerResponseFilter) RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions) RequiresAuthentication(org.apache.shiro.authz.annotation.RequiresAuthentication) Method(java.lang.reflect.Method)

Aggregations

Method (java.lang.reflect.Method)1 ContainerResponseFilter (javax.ws.rs.container.ContainerResponseFilter)1 DynamicFeature (javax.ws.rs.container.DynamicFeature)1 ResourceInfo (javax.ws.rs.container.ResourceInfo)1 FeatureContext (javax.ws.rs.core.FeatureContext)1 RequiresAuthentication (org.apache.shiro.authz.annotation.RequiresAuthentication)1 RequiresGuest (org.apache.shiro.authz.annotation.RequiresGuest)1 RequiresPermissions (org.apache.shiro.authz.annotation.RequiresPermissions)1 ThreadContext (org.apache.shiro.util.ThreadContext)1 Logger (org.slf4j.Logger)1 LoggerFactory (org.slf4j.LoggerFactory)1