use of javax.ws.rs.core.SecurityContext in project cxf by apache.
the class AccessTokenValidatorService method checkSecurityContext.
private void checkSecurityContext() {
SecurityContext sc = getMessageContext().getSecurityContext();
if (!sc.isSecure() && blockUnsecureRequests) {
LOG.warning("Unsecure HTTP, Transport Layer Security is recommended");
AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
}
if (sc.getUserPrincipal() == null && blockUnauthorizedRequests) {
// TODO: check client certificates
LOG.warning("Authenticated Principal is not available");
AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
}
}
use of javax.ws.rs.core.SecurityContext in project cxf by apache.
the class TokenIntrospectionService method checkSecurityContext.
private void checkSecurityContext() {
SecurityContext sc = mc.getSecurityContext();
if (!sc.isSecure() && blockUnsecureRequests) {
LOG.warning("Unsecure HTTP, Transport Layer Security is recommended");
ExceptionUtils.toNotAuthorizedException(null, null);
}
if (sc.getUserPrincipal() == null && blockUnauthorizedRequests) {
LOG.warning("Authenticated Principal is not available");
ExceptionUtils.toNotAuthorizedException(null, null);
}
}
use of javax.ws.rs.core.SecurityContext in project coprhd-controller by CoprHD.
the class PasswordServiceTest method testUpdatePassword.
@Test
public void testUpdatePassword() {
PasswordService passwordResource = new PasswordService();
passwordResource.setPropertiesMetadata(_propertiesMetadata);
passwordResource.setAuditLogManager(new DummyAuditLogManager());
PasswordUpdateParam passwordUpdate = getDummyPasswordUpdate("!changeMe3", null);
passwordUpdate.setOldPassword("changeMe");
LocalPasswordHandler ph = getDummyLocalPasswordHandler();
ph.setLocalUsers(createLocalUsers());
ph.setDbClient(new DummyDbClient());
ph.setEncryptionProvider(provider);
passwordResource.setPasswordHandler(ph);
SecurityContext sc = new DummySecurityContext(LOCAL_ROOT);
passwordResource.setSecurityContext(sc);
Response res = passwordResource.updatePassword(null, null, passwordUpdate, false);
int statusCode = res.getStatus();
Assert.assertTrue("updatePassword failed with code " + statusCode + ": " + res.getEntity().toString(), statusCode == Status.OK.getStatusCode());
sc = new DummySecurityContext(LOCAL_PROXYUSER);
passwordResource.setSecurityContext(sc);
res = passwordResource.updatePassword(null, null, passwordUpdate, false);
statusCode = res.getStatus();
Assert.assertTrue("updatePassword failed with code " + statusCode + ": " + res.getEntity().toString(), statusCode == Status.OK.getStatusCode());
}
use of javax.ws.rs.core.SecurityContext in project coprhd-controller by CoprHD.
the class PasswordServiceTest method testUpdateUserPasswordNonExistingUser.
@Test(expected = BadRequestException.class)
public void testUpdateUserPasswordNonExistingUser() {
PasswordService passwordResource = new PasswordService();
passwordResource.setPropertiesMetadata(_propertiesMetadata);
passwordResource.setAuditLogManager(new DummyAuditLogManager());
PasswordResetParam passwordUpdate = getDummyPasswordReset("user123", "!changeme", "");
LocalPasswordHandler ph = getDummyLocalPasswordHandler();
ph.setLocalUsers(createLocalUsers());
passwordResource.setPasswordHandler(ph);
SecurityContext sc = new DummySecurityContext("root");
passwordResource.setSecurityContext(sc);
Response res = passwordResource.updateUserPassword(passwordUpdate, false);
}
use of javax.ws.rs.core.SecurityContext in project coprhd-controller by CoprHD.
the class PasswordServiceTest method testUpdatePasswordNoPrincipal.
@Test(expected = ForbiddenException.class)
public void testUpdatePasswordNoPrincipal() {
PasswordService passwordResource = new PasswordService();
passwordResource.setPropertiesMetadata(_propertiesMetadata);
passwordResource.setAuditLogManager(new DummyAuditLogManager());
PasswordUpdateParam passwordUpdate = getDummyPasswordUpdate("!changeme", null);
LocalPasswordHandler ph = getPasswordHandler();
passwordResource.setPasswordHandler(ph);
SecurityContext sc = new DummySecurityContext("noprincipal");
passwordResource.setSecurityContext(sc);
Response res = passwordResource.updatePassword(null, null, passwordUpdate, false);
res.getStatus();
}
Aggregations