Search in sources :

Example 26 with SecurityContext

use of javax.ws.rs.core.SecurityContext in project tomee by apache.

the class JAXRSUtils method createContextValue.

public static <T> T createContextValue(Message m, Type genericType, Class<T> clazz) {
    Message contextMessage = getContextMessage(m);
    Object o = null;
    if (UriInfo.class.isAssignableFrom(clazz)) {
        o = createUriInfo(contextMessage);
    } else if (HttpHeaders.class.isAssignableFrom(clazz) || ProtocolHeaders.class.isAssignableFrom(clazz)) {
        o = createHttpHeaders(contextMessage, clazz);
    } else if (SecurityContext.class.isAssignableFrom(clazz)) {
        SecurityContext customContext = contextMessage.get(SecurityContext.class);
        o = customContext == null ? new SecurityContextImpl(contextMessage) : customContext;
    } else if (MessageContext.class.isAssignableFrom(clazz)) {
        o = new MessageContextImpl(m);
    } else if (ResourceInfo.class.isAssignableFrom(clazz)) {
        o = new ResourceInfoImpl(contextMessage);
    } else if (ResourceContext.class.isAssignableFrom(clazz)) {
        OperationResourceInfo operationResourceInfo = contextMessage.getExchange().get(OperationResourceInfo.class);
        if (operationResourceInfo != null) {
            o = new ResourceContextImpl(contextMessage, operationResourceInfo);
        }
    } else if (Request.class.isAssignableFrom(clazz)) {
        o = new RequestImpl(contextMessage);
    } else if (Providers.class.isAssignableFrom(clazz)) {
        o = new ProvidersImpl(contextMessage);
    } else if (ContextResolver.class.isAssignableFrom(clazz)) {
        o = createContextResolver(genericType, contextMessage);
    } else if (Configuration.class.isAssignableFrom(clazz)) {
        o = ProviderFactory.getInstance(contextMessage).getConfiguration(contextMessage);
    } else if (Application.class.isAssignableFrom(clazz)) {
        ProviderInfo<?> providerInfo = (ProviderInfo<?>) contextMessage.getExchange().getEndpoint().get(Application.class.getName());
        o = providerInfo == null ? null : providerInfo.getProvider();
    } else if (contextMessage != null) {
        ContextProvider<?> provider = ProviderFactory.getInstance(contextMessage).createContextProvider(clazz, contextMessage);
        if (provider != null) {
            o = provider.createContext(contextMessage);
        }
    }
    if (o == null && contextMessage != null && !MessageUtils.isRequestor(contextMessage)) {
        o = HttpUtils.createServletResourceValue(contextMessage, clazz);
    }
    return clazz.cast(o);
}
Also used : SecurityContextImpl(org.apache.cxf.jaxrs.impl.SecurityContextImpl) ResourceContext(javax.ws.rs.container.ResourceContext) Message(org.apache.cxf.message.Message) Configuration(javax.ws.rs.core.Configuration) ResourceInfoImpl(org.apache.cxf.jaxrs.impl.ResourceInfoImpl) ContextProvider(org.apache.cxf.jaxrs.ext.ContextProvider) Providers(javax.ws.rs.ext.Providers) ProvidersImpl(org.apache.cxf.jaxrs.impl.ProvidersImpl) ProviderInfo(org.apache.cxf.jaxrs.model.ProviderInfo) SecurityContext(javax.ws.rs.core.SecurityContext) OperationResourceInfo(org.apache.cxf.jaxrs.model.OperationResourceInfo) MessageContext(org.apache.cxf.jaxrs.ext.MessageContext) ResourceContextImpl(org.apache.cxf.jaxrs.impl.ResourceContextImpl) RequestImpl(org.apache.cxf.jaxrs.impl.RequestImpl) MessageContextImpl(org.apache.cxf.jaxrs.ext.MessageContextImpl)

Example 27 with SecurityContext

use of javax.ws.rs.core.SecurityContext in project tomee by apache.

the class AppComposerContextInjectionTest method jaxrs.

@Test
public void jaxrs() throws NamingException {
    assertNotNull(provider);
    assertNull(provider.find(SecurityContext.class));
    final SecurityContext securityContext = new SecurityContext() {

        @Override
        public Principal getUserPrincipal() {
            return null;
        }

        @Override
        public boolean isUserInRole(final String s) {
            return "foo".equals(s);
        }

        @Override
        public boolean isSecure() {
            return false;
        }

        @Override
        public String getAuthenticationScheme() {
            return null;
        }
    };
    provider.register(SecurityContext.class, securityContext);
    assertNotNull(provider.find(SecurityContext.class));
    assertTrue(SecurityContext.class.cast(ThreadLocalContextManager.findThreadLocal(SecurityContext.class)).isUserInRole("foo"));
    assertFalse(SecurityContext.class.cast(ThreadLocalContextManager.findThreadLocal(SecurityContext.class)).isUserInRole("bar"));
}
Also used : SecurityContext(javax.ws.rs.core.SecurityContext) Test(org.junit.Test)

Example 28 with SecurityContext

use of javax.ws.rs.core.SecurityContext in project tomee by apache.

the class Contexts method bind.

/**
 * Using a set ensures we don't set the thread local twice or more,
 * there may be super classes with injection points of identical types
 *
 * Also allows us to get context references from other sources such as interceptors
 *
 * @param exchange Exchange
 * @param types    Collection
 */
public static void bind(final Exchange exchange, final Collection<Class<?>> types) {
    // used in lazy mode by RESTResourceFinder if cdi beans uses @Context, === initThreadLocal
    EXCHANGE.set(exchange);
    CdiAppContextsService.pushRequestReleasable(CleanUpThreadLocal.INSTANCE);
    for (final Class<?> type : types) {
        if (Request.class.equals(type)) {
            final Request binding = JAXRSUtils.createContextValue(exchange.getInMessage(), null, Request.class);
            ThreadLocalContextManager.REQUEST.set(binding);
        } else if (UriInfo.class.equals(type)) {
            final UriInfo binding = JAXRSUtils.createContextValue(exchange.getInMessage(), null, UriInfo.class);
            ThreadLocalContextManager.URI_INFO.set(binding);
        } else if (HttpHeaders.class.equals(type)) {
            final HttpHeaders binding = JAXRSUtils.createContextValue(exchange.getInMessage(), null, HttpHeaders.class);
            ThreadLocalContextManager.HTTP_HEADERS.set(binding);
        } else if (SecurityContext.class.equals(type)) {
            final SecurityContext binding = JAXRSUtils.createContextValue(exchange.getInMessage(), null, SecurityContext.class);
            ThreadLocalContextManager.SECURITY_CONTEXT.set(binding);
        } else if (ContextResolver.class.equals(type)) {
            final ContextResolver<?> binding = JAXRSUtils.createContextValue(exchange.getInMessage(), type, ContextResolver.class);
            ThreadLocalContextManager.CONTEXT_RESOLVER.set(binding);
        } else if (Providers.class.equals(type)) {
            final Providers providers = JAXRSUtils.createContextValue(exchange.getInMessage(), null, Providers.class);
            ThreadLocalContextManager.PROVIDERS.set(providers);
        } else if (ServletRequest.class.equals(type)) {
            ServletRequest servletRequest = JAXRSUtils.createContextValue(exchange.getInMessage(), null, ServletRequest.class);
            if (servletRequest == null) {
                // probably the case with CXF
                servletRequest = JAXRSUtils.createContextValue(exchange.getInMessage(), null, HttpServletRequest.class);
            }
            ThreadLocalContextManager.SERVLET_REQUEST.set(servletRequest);
        } else if (HttpServletRequest.class.equals(type)) {
            final HttpServletRequest httpServletRequest = JAXRSUtils.createContextValue(exchange.getInMessage(), null, HttpServletRequest.class);
            ThreadLocalContextManager.HTTP_SERVLET_REQUEST.set(httpServletRequest);
        } else if (HttpServletResponse.class.equals(type)) {
            final HttpServletResponse httpServletResponse = JAXRSUtils.createContextValue(exchange.getInMessage(), null, HttpServletResponse.class);
            ThreadLocalContextManager.HTTP_SERVLET_RESPONSE.set(httpServletResponse);
        } else if (ServletConfig.class.equals(type)) {
            final ServletConfig servletConfig = JAXRSUtils.createContextValue(exchange.getInMessage(), null, ServletConfig.class);
            ThreadLocalContextManager.SERVLET_CONFIG.set(servletConfig);
        } else if (Configuration.class.equals(type)) {
            final Configuration config = JAXRSUtils.createContextValue(exchange.getInMessage(), null, Configuration.class);
            ThreadLocalContextManager.CONFIGURATION.set(config);
        } else if (ResourceInfo.class.equals(type)) {
            final ResourceInfo config = JAXRSUtils.createContextValue(exchange.getInMessage(), null, ResourceInfo.class);
            ThreadLocalContextManager.RESOURCE_INFO.set(config);
        } else if (ResourceContext.class.equals(type)) {
            final ResourceContext config = JAXRSUtils.createContextValue(exchange.getInMessage(), null, ResourceContext.class);
            ThreadLocalContextManager.RESOURCE_CONTEXT.set(config);
        } else if (Application.class.equals(type)) {
            final Application config = JAXRSUtils.createContextValue(exchange.getInMessage(), null, Application.class);
            ThreadLocalContextManager.APPLICATION.set(config);
        } else {
            final Message message = exchange.getInMessage();
            final ContextProvider<?> provider = ProviderFactory.getInstance(message).createContextProvider(type, message);
            if (provider != null) {
                final Object value = provider.createContext(message);
                Map<String, Object> map = ThreadLocalContextManager.OTHERS.get();
                if (map == null) {
                    map = new HashMap<>();
                    ThreadLocalContextManager.OTHERS.set(map);
                }
                map.put(type.getName(), value);
            }
        }
    }
}
Also used : HttpHeaders(javax.ws.rs.core.HttpHeaders) HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletRequest(javax.servlet.ServletRequest) OperationResourceInfo(org.apache.cxf.jaxrs.model.OperationResourceInfo) ResourceInfo(javax.ws.rs.container.ResourceInfo) ClassResourceInfo(org.apache.cxf.jaxrs.model.ClassResourceInfo) ResourceContext(javax.ws.rs.container.ResourceContext) Configuration(javax.ws.rs.core.Configuration) Message(org.apache.cxf.message.Message) HashMap(java.util.HashMap) HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletRequest(javax.servlet.ServletRequest) Request(javax.ws.rs.core.Request) ServletConfig(javax.servlet.ServletConfig) HttpServletResponse(javax.servlet.http.HttpServletResponse) ContextProvider(org.apache.cxf.jaxrs.ext.ContextProvider) Providers(javax.ws.rs.ext.Providers) HttpServletRequest(javax.servlet.http.HttpServletRequest) SecurityContext(javax.ws.rs.core.SecurityContext) Application(javax.ws.rs.core.Application) HashMap(java.util.HashMap) Map(java.util.Map) UriInfo(javax.ws.rs.core.UriInfo)

Example 29 with SecurityContext

use of javax.ws.rs.core.SecurityContext in project graylog2-server by Graylog2.

the class UserContextFactory method provide.

@Override
public UserContext provide() {
    final SecurityContext securityContext = containerRequestProvider.get().getSecurityContext();
    if (securityContext instanceof ShiroSecurityContext) {
        final ShiroSecurityContext context = (ShiroSecurityContext) securityContext;
        final Subject subject = context.getSubject();
        return new UserContext.Factory(userService).create(subject);
    }
    throw new IllegalStateException("Failed to create UserContext");
}
Also used : ShiroSecurityContext(org.graylog2.shared.security.ShiroSecurityContext) SecurityContext(javax.ws.rs.core.SecurityContext) Subject(org.apache.shiro.subject.Subject) ShiroSecurityContext(org.graylog2.shared.security.ShiroSecurityContext)

Example 30 with SecurityContext

use of javax.ws.rs.core.SecurityContext in project graylog2-server by Graylog2.

the class SessionsResource method newSession.

@POST
@ApiOperation(value = "Create a new session", notes = "This request creates a new session for a user or " + "reactivates an existing session: the equivalent of logging in.")
@NoAuditEvent("dispatches audit events in the method body")
public JsonNode newSession(@Context ContainerRequestContext requestContext, @ApiParam(name = "Login request", value = "Credentials. The default " + "implementation requires presence of two properties: 'username' and " + "'password'. However a plugin may customize which kind of credentials " + "are accepted and therefore expect different properties.", required = true) @NotNull JsonNode createRequest) {
    final SecurityContext securityContext = requestContext.getSecurityContext();
    if (!(securityContext instanceof ShiroSecurityContext)) {
        throw new InternalServerErrorException("Unsupported SecurityContext class, this is a bug!");
    }
    final ShiroSecurityContext shiroSecurityContext = (ShiroSecurityContext) securityContext;
    final ActorAwareAuthenticationToken authToken;
    try {
        authToken = tokenFactory.forRequestBody(createRequest);
    } catch (IllegalArgumentException e) {
        throw new BadRequestException(e.getMessage());
    }
    // we treat the BASIC auth username as the sessionid
    final String sessionId = shiroSecurityContext.getUsername();
    final String host = RestTools.getRemoteAddrFromRequest(grizzlyRequest, trustedSubnets);
    try {
        Optional<Session> session = sessionCreator.create(sessionId, host, authToken);
        if (session.isPresent()) {
            return sessionResponseFactory.forSession(session.get());
        } else {
            throw new NotAuthorizedException("Invalid credentials.", "Basic realm=\"Graylog Server session\"");
        }
    } catch (AuthenticationServiceUnavailableException e) {
        throw new ServiceUnavailableException("Authentication service unavailable");
    }
}
Also used : SecurityContext(javax.ws.rs.core.SecurityContext) ShiroSecurityContext(org.graylog2.shared.security.ShiroSecurityContext) ActorAwareAuthenticationToken(org.graylog2.shared.security.ActorAwareAuthenticationToken) InternalServerErrorException(javax.ws.rs.InternalServerErrorException) BadRequestException(javax.ws.rs.BadRequestException) NotAuthorizedException(javax.ws.rs.NotAuthorizedException) ServiceUnavailableException(javax.ws.rs.ServiceUnavailableException) AuthenticationServiceUnavailableException(org.graylog2.shared.security.AuthenticationServiceUnavailableException) AuthenticationServiceUnavailableException(org.graylog2.shared.security.AuthenticationServiceUnavailableException) ShiroSecurityContext(org.graylog2.shared.security.ShiroSecurityContext) Session(org.apache.shiro.session.Session) POST(javax.ws.rs.POST) ApiOperation(io.swagger.annotations.ApiOperation) NoAuditEvent(org.graylog2.audit.jersey.NoAuditEvent)

Aggregations

SecurityContext (javax.ws.rs.core.SecurityContext)77 Response (javax.ws.rs.core.Response)30 Context (javax.ws.rs.core.Context)18 Test (org.junit.Test)18 List (java.util.List)17 Principal (java.security.Principal)16 LoggerFactory (org.slf4j.LoggerFactory)16 Logger (org.slf4j.Logger)12 ArrayList (java.util.ArrayList)11 Collectors (java.util.stream.Collectors)11 Path (javax.ws.rs.Path)11 IOException (java.io.IOException)10 POST (javax.ws.rs.POST)8 LocalPasswordHandler (com.emc.storageos.systemservices.impl.util.LocalPasswordHandler)6 GET (javax.ws.rs.GET)6 PathParam (javax.ws.rs.PathParam)6 Produces (javax.ws.rs.Produces)6 MediaType (javax.ws.rs.core.MediaType)6 Status (javax.ws.rs.core.Response.Status)6 UriInfo (javax.ws.rs.core.UriInfo)6