use of javax.ws.rs.core.SecurityContext in project tomee by apache.
the class JAXRSUtils method createContextValue.
public static <T> T createContextValue(Message m, Type genericType, Class<T> clazz) {
Message contextMessage = getContextMessage(m);
Object o = null;
if (UriInfo.class.isAssignableFrom(clazz)) {
o = createUriInfo(contextMessage);
} else if (HttpHeaders.class.isAssignableFrom(clazz) || ProtocolHeaders.class.isAssignableFrom(clazz)) {
o = createHttpHeaders(contextMessage, clazz);
} else if (SecurityContext.class.isAssignableFrom(clazz)) {
SecurityContext customContext = contextMessage.get(SecurityContext.class);
o = customContext == null ? new SecurityContextImpl(contextMessage) : customContext;
} else if (MessageContext.class.isAssignableFrom(clazz)) {
o = new MessageContextImpl(m);
} else if (ResourceInfo.class.isAssignableFrom(clazz)) {
o = new ResourceInfoImpl(contextMessage);
} else if (ResourceContext.class.isAssignableFrom(clazz)) {
OperationResourceInfo operationResourceInfo = contextMessage.getExchange().get(OperationResourceInfo.class);
if (operationResourceInfo != null) {
o = new ResourceContextImpl(contextMessage, operationResourceInfo);
}
} else if (Request.class.isAssignableFrom(clazz)) {
o = new RequestImpl(contextMessage);
} else if (Providers.class.isAssignableFrom(clazz)) {
o = new ProvidersImpl(contextMessage);
} else if (ContextResolver.class.isAssignableFrom(clazz)) {
o = createContextResolver(genericType, contextMessage);
} else if (Configuration.class.isAssignableFrom(clazz)) {
o = ProviderFactory.getInstance(contextMessage).getConfiguration(contextMessage);
} else if (Application.class.isAssignableFrom(clazz)) {
ProviderInfo<?> providerInfo = (ProviderInfo<?>) contextMessage.getExchange().getEndpoint().get(Application.class.getName());
o = providerInfo == null ? null : providerInfo.getProvider();
} else if (contextMessage != null) {
ContextProvider<?> provider = ProviderFactory.getInstance(contextMessage).createContextProvider(clazz, contextMessage);
if (provider != null) {
o = provider.createContext(contextMessage);
}
}
if (o == null && contextMessage != null && !MessageUtils.isRequestor(contextMessage)) {
o = HttpUtils.createServletResourceValue(contextMessage, clazz);
}
return clazz.cast(o);
}
use of javax.ws.rs.core.SecurityContext in project tomee by apache.
the class AppComposerContextInjectionTest method jaxrs.
@Test
public void jaxrs() throws NamingException {
assertNotNull(provider);
assertNull(provider.find(SecurityContext.class));
final SecurityContext securityContext = new SecurityContext() {
@Override
public Principal getUserPrincipal() {
return null;
}
@Override
public boolean isUserInRole(final String s) {
return "foo".equals(s);
}
@Override
public boolean isSecure() {
return false;
}
@Override
public String getAuthenticationScheme() {
return null;
}
};
provider.register(SecurityContext.class, securityContext);
assertNotNull(provider.find(SecurityContext.class));
assertTrue(SecurityContext.class.cast(ThreadLocalContextManager.findThreadLocal(SecurityContext.class)).isUserInRole("foo"));
assertFalse(SecurityContext.class.cast(ThreadLocalContextManager.findThreadLocal(SecurityContext.class)).isUserInRole("bar"));
}
use of javax.ws.rs.core.SecurityContext in project tomee by apache.
the class Contexts method bind.
/**
* Using a set ensures we don't set the thread local twice or more,
* there may be super classes with injection points of identical types
*
* Also allows us to get context references from other sources such as interceptors
*
* @param exchange Exchange
* @param types Collection
*/
public static void bind(final Exchange exchange, final Collection<Class<?>> types) {
// used in lazy mode by RESTResourceFinder if cdi beans uses @Context, === initThreadLocal
EXCHANGE.set(exchange);
CdiAppContextsService.pushRequestReleasable(CleanUpThreadLocal.INSTANCE);
for (final Class<?> type : types) {
if (Request.class.equals(type)) {
final Request binding = JAXRSUtils.createContextValue(exchange.getInMessage(), null, Request.class);
ThreadLocalContextManager.REQUEST.set(binding);
} else if (UriInfo.class.equals(type)) {
final UriInfo binding = JAXRSUtils.createContextValue(exchange.getInMessage(), null, UriInfo.class);
ThreadLocalContextManager.URI_INFO.set(binding);
} else if (HttpHeaders.class.equals(type)) {
final HttpHeaders binding = JAXRSUtils.createContextValue(exchange.getInMessage(), null, HttpHeaders.class);
ThreadLocalContextManager.HTTP_HEADERS.set(binding);
} else if (SecurityContext.class.equals(type)) {
final SecurityContext binding = JAXRSUtils.createContextValue(exchange.getInMessage(), null, SecurityContext.class);
ThreadLocalContextManager.SECURITY_CONTEXT.set(binding);
} else if (ContextResolver.class.equals(type)) {
final ContextResolver<?> binding = JAXRSUtils.createContextValue(exchange.getInMessage(), type, ContextResolver.class);
ThreadLocalContextManager.CONTEXT_RESOLVER.set(binding);
} else if (Providers.class.equals(type)) {
final Providers providers = JAXRSUtils.createContextValue(exchange.getInMessage(), null, Providers.class);
ThreadLocalContextManager.PROVIDERS.set(providers);
} else if (ServletRequest.class.equals(type)) {
ServletRequest servletRequest = JAXRSUtils.createContextValue(exchange.getInMessage(), null, ServletRequest.class);
if (servletRequest == null) {
// probably the case with CXF
servletRequest = JAXRSUtils.createContextValue(exchange.getInMessage(), null, HttpServletRequest.class);
}
ThreadLocalContextManager.SERVLET_REQUEST.set(servletRequest);
} else if (HttpServletRequest.class.equals(type)) {
final HttpServletRequest httpServletRequest = JAXRSUtils.createContextValue(exchange.getInMessage(), null, HttpServletRequest.class);
ThreadLocalContextManager.HTTP_SERVLET_REQUEST.set(httpServletRequest);
} else if (HttpServletResponse.class.equals(type)) {
final HttpServletResponse httpServletResponse = JAXRSUtils.createContextValue(exchange.getInMessage(), null, HttpServletResponse.class);
ThreadLocalContextManager.HTTP_SERVLET_RESPONSE.set(httpServletResponse);
} else if (ServletConfig.class.equals(type)) {
final ServletConfig servletConfig = JAXRSUtils.createContextValue(exchange.getInMessage(), null, ServletConfig.class);
ThreadLocalContextManager.SERVLET_CONFIG.set(servletConfig);
} else if (Configuration.class.equals(type)) {
final Configuration config = JAXRSUtils.createContextValue(exchange.getInMessage(), null, Configuration.class);
ThreadLocalContextManager.CONFIGURATION.set(config);
} else if (ResourceInfo.class.equals(type)) {
final ResourceInfo config = JAXRSUtils.createContextValue(exchange.getInMessage(), null, ResourceInfo.class);
ThreadLocalContextManager.RESOURCE_INFO.set(config);
} else if (ResourceContext.class.equals(type)) {
final ResourceContext config = JAXRSUtils.createContextValue(exchange.getInMessage(), null, ResourceContext.class);
ThreadLocalContextManager.RESOURCE_CONTEXT.set(config);
} else if (Application.class.equals(type)) {
final Application config = JAXRSUtils.createContextValue(exchange.getInMessage(), null, Application.class);
ThreadLocalContextManager.APPLICATION.set(config);
} else {
final Message message = exchange.getInMessage();
final ContextProvider<?> provider = ProviderFactory.getInstance(message).createContextProvider(type, message);
if (provider != null) {
final Object value = provider.createContext(message);
Map<String, Object> map = ThreadLocalContextManager.OTHERS.get();
if (map == null) {
map = new HashMap<>();
ThreadLocalContextManager.OTHERS.set(map);
}
map.put(type.getName(), value);
}
}
}
}
use of javax.ws.rs.core.SecurityContext in project graylog2-server by Graylog2.
the class UserContextFactory method provide.
@Override
public UserContext provide() {
final SecurityContext securityContext = containerRequestProvider.get().getSecurityContext();
if (securityContext instanceof ShiroSecurityContext) {
final ShiroSecurityContext context = (ShiroSecurityContext) securityContext;
final Subject subject = context.getSubject();
return new UserContext.Factory(userService).create(subject);
}
throw new IllegalStateException("Failed to create UserContext");
}
use of javax.ws.rs.core.SecurityContext in project graylog2-server by Graylog2.
the class SessionsResource method newSession.
@POST
@ApiOperation(value = "Create a new session", notes = "This request creates a new session for a user or " + "reactivates an existing session: the equivalent of logging in.")
@NoAuditEvent("dispatches audit events in the method body")
public JsonNode newSession(@Context ContainerRequestContext requestContext, @ApiParam(name = "Login request", value = "Credentials. The default " + "implementation requires presence of two properties: 'username' and " + "'password'. However a plugin may customize which kind of credentials " + "are accepted and therefore expect different properties.", required = true) @NotNull JsonNode createRequest) {
final SecurityContext securityContext = requestContext.getSecurityContext();
if (!(securityContext instanceof ShiroSecurityContext)) {
throw new InternalServerErrorException("Unsupported SecurityContext class, this is a bug!");
}
final ShiroSecurityContext shiroSecurityContext = (ShiroSecurityContext) securityContext;
final ActorAwareAuthenticationToken authToken;
try {
authToken = tokenFactory.forRequestBody(createRequest);
} catch (IllegalArgumentException e) {
throw new BadRequestException(e.getMessage());
}
// we treat the BASIC auth username as the sessionid
final String sessionId = shiroSecurityContext.getUsername();
final String host = RestTools.getRemoteAddrFromRequest(grizzlyRequest, trustedSubnets);
try {
Optional<Session> session = sessionCreator.create(sessionId, host, authToken);
if (session.isPresent()) {
return sessionResponseFactory.forSession(session.get());
} else {
throw new NotAuthorizedException("Invalid credentials.", "Basic realm=\"Graylog Server session\"");
}
} catch (AuthenticationServiceUnavailableException e) {
throw new ServiceUnavailableException("Authentication service unavailable");
}
}
Aggregations