use of javax.ws.rs.core.SecurityContext in project crnk-framework by crnk-project.
the class JaxrsParameterProviderTest method onSecurityContextParameterShouldReturnThisInstance.
@Test
public void onSecurityContextParameterShouldReturnThisInstance() throws Exception {
// GIVEN
SecurityContext securityContext = mock(SecurityContext.class);
when(requestContext.getSecurityContext()).thenReturn(securityContext);
// WHEN
Object result = sut.provide(testMethod, 1);
// THEN
verify(requestContext).getSecurityContext();
assertThat(result).isEqualTo(securityContext);
}
use of javax.ws.rs.core.SecurityContext in project traccar by traccar.
the class SecurityRequestFilter method filter.
@Override
public void filter(ContainerRequestContext requestContext) {
if (requestContext.getMethod().equals("OPTIONS")) {
return;
}
SecurityContext securityContext = null;
try {
String authHeader = requestContext.getHeaderString(AUTHORIZATION_HEADER);
if (authHeader != null) {
try {
String[] auth = decodeBasicAuth(authHeader);
User user = Context.getPermissionsManager().login(auth[0], auth[1]);
if (user != null) {
Context.getStatisticsManager().registerRequest(user.getId());
securityContext = new UserSecurityContext(new UserPrincipal(user.getId()));
}
} catch (SQLException e) {
throw new WebApplicationException(e);
}
} else if (request.getSession() != null) {
Long userId = (Long) request.getSession().getAttribute(SessionResource.USER_ID_KEY);
if (userId != null) {
Context.getPermissionsManager().checkUserEnabled(userId);
Context.getStatisticsManager().registerRequest(userId);
securityContext = new UserSecurityContext(new UserPrincipal(userId));
}
}
} catch (SecurityException e) {
Log.warning(e);
}
if (securityContext != null) {
requestContext.setSecurityContext(securityContext);
} else {
Method method = resourceInfo.getResourceMethod();
if (!method.isAnnotationPresent(PermitAll.class)) {
Response.ResponseBuilder responseBuilder = Response.status(Response.Status.UNAUTHORIZED);
if (!XML_HTTP_REQUEST.equals(request.getHeader(X_REQUESTED_WITH))) {
responseBuilder.header(WWW_AUTHENTICATE, BASIC_REALM);
}
throw new WebApplicationException(responseBuilder.build());
}
}
}
use of javax.ws.rs.core.SecurityContext in project ff4j by ff4j.
the class FF4jAuthorizationFilter method filter.
/**
* Apply the filter ozz: check input request, validate or not with user auth
*
* @param containerRequest The request from Tomcat server
*/
@Override
public void filter(ContainerRequestContext containerRequest) throws IOException {
String path = containerRequest.getUriInfo().getPath();
log.debug("Entering authorization filter for <" + path + ">");
// @Denyall anywhere => none shall pass => Error 403
if (isDenyAll())
forbidden();
// THEN @PermitAll anywhere => everybodey pass
if (isPermitAll())
return;
// Check @RoleAllowed against SecurityContext
if (isRolesAllowed()) {
SecurityContext sc = containerRequest.getSecurityContext();
if (sc instanceof FF4jSecurityContext) {
Set<String> expectedRoles = getRoles();
FF4jSecurityContext fsc = (FF4jSecurityContext) sc;
Set<String> permissions = fsc.getUserRoles();
if (permissions != null) {
for (String userPermission : permissions) {
if (expectedRoles.contains(userPermission)) {
return;
}
}
}
log.warn("Request Forbidden : user role are " + permissions + " but target expected=" + expectedRoles);
forbidden();
}
}
return;
}
use of javax.ws.rs.core.SecurityContext in project pravega by pravega.
the class StreamMetadataResourceImpl method getReaderGroup.
@Override
public void getReaderGroup(final String scopeName, final String readerGroupName, final SecurityContext securityContext, final AsyncResponse asyncResponse) {
long traceId = LoggerHelpers.traceEnter(log, "getReaderGroup");
long requestId = requestIdGenerator.nextLong();
try {
restAuthHelper.authenticateAuthorize(getAuthorizationHeader(), authorizationResource.ofReaderGroupInScope(scopeName, readerGroupName), READ);
} catch (AuthException e) {
log.warn(requestId, "Get reader group for {} failed due to authentication failure.", scopeName + "/" + readerGroupName);
asyncResponse.resume(Response.status(Status.fromStatusCode(e.getResponseCode())).build());
LoggerHelpers.traceLeave(log, "getReaderGroup", traceId);
return;
}
ClientFactoryImpl clientFactory = new ClientFactoryImpl(scopeName, this.localController, this.clientConfig);
ReaderGroupManager readerGroupManager = new ReaderGroupManagerImpl(scopeName, this.localController, clientFactory);
ReaderGroupProperty readerGroupProperty = new ReaderGroupProperty();
readerGroupProperty.setScopeName(scopeName);
readerGroupProperty.setReaderGroupName(readerGroupName);
CompletableFuture.supplyAsync(() -> {
ReaderGroup readerGroup = readerGroupManager.getReaderGroup(readerGroupName);
readerGroupProperty.setOnlineReaderIds(new ArrayList<>(readerGroup.getOnlineReaders()));
readerGroupProperty.setStreamList(new ArrayList<>(readerGroup.getStreamNames()));
return Response.status(Status.OK).entity(readerGroupProperty).build();
}, controllerService.getExecutor()).exceptionally(exception -> {
log.warn(requestId, "getReaderGroup for {} failed with exception: ", readerGroupName, exception);
if (exception.getCause() instanceof ReaderGroupNotFoundException) {
return Response.status(Status.NOT_FOUND).build();
} else {
return Response.status(Status.INTERNAL_SERVER_ERROR).build();
}
}).thenAccept(response -> {
asyncResponse.resume(response);
readerGroupManager.close();
clientFactory.close();
LoggerHelpers.traceLeave(log, "getReaderGroup", traceId);
});
}
use of javax.ws.rs.core.SecurityContext in project pravega by pravega.
the class StreamMetadataResourceImpl method listStreams.
/**
* Implementation of listStreams REST API.
*
* @param scopeName The scope name of stream.
* @param securityContext The security for API access.
* @param asyncResponse AsyncResponse provides means for asynchronous server side response processing.
*/
@Override
public void listStreams(final String scopeName, final String filterType, final String filterValue, final SecurityContext securityContext, final AsyncResponse asyncResponse) {
long traceId = LoggerHelpers.traceEnter(log, "listStreams");
long requestId = requestIdGenerator.nextLong();
final Principal principal;
final List<String> authHeader = getAuthorizationHeader();
try {
principal = restAuthHelper.authenticate(authHeader);
restAuthHelper.authorize(authHeader, authorizationResource.ofStreamsInScope(scopeName), principal, READ);
} catch (AuthException e) {
log.warn(requestId, "List streams for {} failed due to authentication failure.", scopeName);
asyncResponse.resume(Response.status(Status.fromStatusCode(e.getResponseCode())).build());
LoggerHelpers.traceLeave(log, "listStreams", traceId);
return;
}
boolean showOnlyInternalStreams = filterType != null && filterType.equals("showInternalStreams");
boolean showStreamsWithTag = filterType != null && filterType.equals("tag");
String tag;
if (showStreamsWithTag && filterValue != null) {
tag = filterValue;
List<Stream> streams = new ArrayList<>();
String finalTag = tag;
localController.listStreamsForTag(scopeName, tag).collectRemaining(streams::add).thenCompose(v -> {
List<CompletableFuture<ImmutablePair<Stream, StreamConfiguration>>> streamConfigFutureList = streams.stream().filter(stream -> {
boolean isAuthorized = false;
try {
isAuthorized = restAuthHelper.isAuthorized(authHeader, authorizationResource.ofStreamInScope(scopeName, stream.getStreamName()), principal, READ);
} catch (AuthException e) {
log.warn(requestId, "List Streams with tag {} for scope {} failed due to authentication failure.", finalTag, scopeName);
// Ignore. This exception occurs under abnormal circumstances and not to determine
// whether the user is authorized. In case it does occur, we assume that the user
// is unauthorized.
}
return isAuthorized;
}).map(stream -> localController.getStreamConfiguration(scopeName, stream.getStreamName()).thenApply(config -> new ImmutablePair<>(stream, config))).collect(Collectors.toList());
return Futures.allOfWithResults(streamConfigFutureList);
}).thenApply(streamConfigPairs -> {
StreamsList responseStreams = new StreamsList();
responseStreams.setStreams(new ArrayList<>());
streamConfigPairs.forEach(pair -> responseStreams.addStreamsItem(ModelHelper.encodeStreamResponse(pair.left.getScope(), pair.left.getStreamName(), pair.right)));
log.info(requestId, "Successfully fetched streams for scope: {} with tag: {}", scopeName, finalTag);
return Response.status(Status.OK).entity(responseStreams).build();
}).exceptionally(exception -> {
if (exception.getCause() instanceof StoreException.DataNotFoundException || exception instanceof StoreException.DataNotFoundException) {
log.warn(requestId, "Scope name: {} not found", scopeName);
return Response.status(Status.NOT_FOUND).build();
} else {
log.warn(requestId, "listStreams for {} with tag {} failed with exception: {}", scopeName, finalTag, exception);
return Response.status(Status.INTERNAL_SERVER_ERROR).build();
}
}).thenApply(asyncResponse::resume).thenAccept(x -> LoggerHelpers.traceLeave(log, "listStreams", traceId));
} else {
controllerService.listStreamsInScope(scopeName, requestId).thenApply(streamsList -> {
StreamsList streams = new StreamsList();
streams.setStreams(new ArrayList<>());
streamsList.forEach((stream, config) -> {
try {
if (restAuthHelper.isAuthorized(authHeader, authorizationResource.ofStreamInScope(scopeName, stream), principal, READ)) {
// otherwise display the regular user created streams.
if (!showOnlyInternalStreams ^ stream.startsWith(INTERNAL_NAME_PREFIX)) {
streams.addStreamsItem(ModelHelper.encodeStreamResponse(scopeName, stream, config));
}
}
} catch (AuthException e) {
log.warn(requestId, "Read internal streams for scope {} failed due to authentication failure.", scopeName);
// Ignore. This exception occurs under abnormal circumstances and not to determine
// whether the user is authorized. In case it does occur, we assume that the user
// is unauthorized.
}
});
log.info(requestId, "Successfully fetched streams for scope: {}", scopeName);
return Response.status(Status.OK).entity(streams).build();
}).exceptionally(exception -> {
if (exception.getCause() instanceof StoreException.DataNotFoundException || exception instanceof StoreException.DataNotFoundException) {
log.warn(requestId, "Scope name: {} not found", scopeName);
return Response.status(Status.NOT_FOUND).build();
} else {
log.warn(requestId, "listStreams for {} failed with exception: {}", scopeName, exception);
return Response.status(Status.INTERNAL_SERVER_ERROR).build();
}
}).thenApply(asyncResponse::resume).thenAccept(x -> LoggerHelpers.traceLeave(log, "listStreams", traceId));
}
}
Aggregations