use of javax.ws.rs.core.SecurityContext in project streamline by hortonworks.
the class NamespaceCatalogResourceTest method testChangeMappingOfStreamingEngineViaSetServicesToClusterInNamespace.
@Test
public void testChangeMappingOfStreamingEngineViaSetServicesToClusterInNamespace() throws Exception {
Long testNamespaceId = 1L;
Namespace testNamespace = createTestNamespace(testNamespaceId, TEST_STREAMING_ENGINE, TEST_TIME_SERIES_DB);
Collection<NamespaceServiceClusterMap> existingMappings = createTestMappingsForExisting(testNamespaceId);
setupExpectationForSimulatingTopologyIsRunning(testNamespaceId, testNamespace, existingMappings);
List<NamespaceServiceClusterMap> mappingsToApply = existingMappings.stream().filter(m -> !m.getServiceName().equals(TEST_STREAMING_ENGINE)).collect(toList());
// change the mapping of streaming engine to cluster id 2
mappingsToApply.add(new NamespaceServiceClusterMap(testNamespaceId, TEST_STREAMING_ENGINE, 2L));
try {
namespaceCatalogResource.setServicesToClusterInNamespace(testNamespaceId, mappingsToApply, securityContext);
Assert.fail("Should throw BadRequestException");
} catch (BadRequestException e) {
// passed
}
new Verifications() {
{
// request fails before removing existing mappings
environmentService.removeServiceClusterMapping(testNamespaceId, anyString, anyLong);
times = 0;
}
};
}
use of javax.ws.rs.core.SecurityContext in project divide by HiddenStage.
the class ResponseFilter method filter.
@Override
public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException {
SecurityContext context = requestContext.getSecurityContext();
if (context != null && context instanceof UserContext) {
UserContext userContext = (UserContext) context;
Credentials user = userContext.getUser();
if (user != null && user.getAuthToken() != null) {
responseContext.getHeaders().add("Authorization", user.getAuthToken());
}
}
}
use of javax.ws.rs.core.SecurityContext in project dropwizard by dropwizard.
the class AuthFilter method authenticate.
/**
* Authenticates a request with user credentials and setup the security context.
*
* @param requestContext the context of the request
* @param credentials the user credentials
* @param scheme the authentication scheme; one of {@code BASIC_AUTH, FORM_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH}.
* See {@link SecurityContext}
* @return {@code true}, if the request is authenticated, otherwise {@code false}
*/
protected boolean authenticate(ContainerRequestContext requestContext, @Nullable C credentials, String scheme) {
try {
if (credentials == null) {
return false;
}
final Optional<P> principal = authenticator.authenticate(credentials);
if (!principal.isPresent()) {
return false;
}
final P prince = principal.get();
final SecurityContext securityContext = requestContext.getSecurityContext();
final boolean secure = securityContext != null && securityContext.isSecure();
requestContext.setSecurityContext(new SecurityContext() {
@Override
public Principal getUserPrincipal() {
return prince;
}
@Override
public boolean isUserInRole(String role) {
return authorizer.authorize(prince, role, requestContext);
}
@Override
public boolean isSecure() {
return secure;
}
@Override
public String getAuthenticationScheme() {
return scheme;
}
});
return true;
} catch (AuthenticationException e) {
logger.warn("Error authenticating credentials", e);
throw new InternalServerErrorException();
}
}
use of javax.ws.rs.core.SecurityContext in project indy by Commonjava.
the class PathMappedResource method get.
@ApiOperation("Get specified path.")
@ApiResponse(code = 200, message = "Operation finished.")
@GET
@Path(CONCRETE_CONTENT_PATH)
public Response get(@PathParam("packageType") final String packageType, @ApiParam(allowableValues = "hosted,group,remote", required = true) @PathParam("type") final String type, @ApiParam(required = true) @PathParam("name") final String name, @PathParam("path") final String path, @Context final HttpServletRequest request, @Context final SecurityContext securityContext) {
try {
InputStream inputStream = controller.get(packageType, type, name, path);
Response.ResponseBuilder builder = Response.ok((StreamingOutput) outputStream -> IOUtils.copy(inputStream, outputStream));
return builder.header(ApplicationHeader.content_type.key(), mimeTyper.getContentType(path)).build();
} catch (Exception e) {
logger.warn("Get pathmap content failed, message: " + e.getMessage(), e);
if (e.getMessage() != null && e.getMessage().contains("not exist")) {
return Response.status(Response.Status.NOT_FOUND).build();
}
responseHelper.throwError(e);
}
return null;
}
use of javax.ws.rs.core.SecurityContext in project tomee by apache.
the class MPJWTSecurityAnnotationsInterceptor method filter.
@Override
public void filter(final ContainerRequestContext requestContext) throws IOException {
if (permitAll.contains(resourceInfo.getResourceMethod())) {
return;
}
if (denyAll.contains(resourceInfo.getResourceMethod())) {
forbidden(requestContext);
return;
}
final Set<String> roles = rolesAllowed.get(resourceInfo.getResourceMethod());
if (roles != null && !roles.isEmpty()) {
final SecurityContext securityContext = requestContext.getSecurityContext();
boolean hasAtLeasOneValidRole = false;
for (String role : roles) {
if (securityContext.isUserInRole(role)) {
hasAtLeasOneValidRole = true;
break;
}
}
if (!hasAtLeasOneValidRole) {
forbidden(requestContext);
}
}
}
Aggregations