use of javax.ws.rs.core.SecurityContext in project graylog2-server by Graylog2.
the class RestTools method getUserIdFromRequest.
@Nullable
public static String getUserIdFromRequest(ContainerRequestContext requestContext) {
final SecurityContext securityContext = requestContext.getSecurityContext();
if (!(securityContext instanceof ShiroSecurityContext)) {
return null;
}
final ShiroSecurityContext shiroSecurityContext = (ShiroSecurityContext) securityContext;
final Principal userPrincipal = shiroSecurityContext.getUserPrincipal();
if (!(userPrincipal instanceof ShiroPrincipal)) {
return null;
}
final ShiroPrincipal shiroPrincipal = (ShiroPrincipal) userPrincipal;
return shiroPrincipal.getName();
}
use of javax.ws.rs.core.SecurityContext in project graylog2-server by Graylog2.
the class ShiroSecurityContextFilter method filter.
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
final boolean secure = requestContext.getSecurityContext().isSecure();
final MultivaluedMap<String, String> headers = requestContext.getHeaders();
final Request grizzlyRequest = grizzlyRequestProvider.get();
final String host = RestTools.getRemoteAddrFromRequest(grizzlyRequest, trustedProxies);
final String authHeader = headers.getFirst(HttpHeaders.AUTHORIZATION);
final SecurityContext securityContext;
if (authHeader != null && authHeader.startsWith("Basic")) {
final String base64UserPass = authHeader.substring(authHeader.indexOf(' ') + 1);
final String userPass = decodeBase64(base64UserPass);
final String[] split = userPass.split(":", 2);
if (split.length != 2) {
throw new BadRequestException("Invalid credentials in Authorization header");
}
securityContext = createSecurityContext(split[0], split[1], secure, SecurityContext.BASIC_AUTH, host, grizzlyRequest.getRemoteAddr(), headers);
} else {
securityContext = createSecurityContext(null, null, secure, null, host, grizzlyRequest.getRemoteAddr(), headers);
}
requestContext.setSecurityContext(securityContext);
}
Aggregations