Search in sources :

Example 41 with SecurityContext

use of javax.ws.rs.core.SecurityContext in project coprhd-controller by CoprHD.

the class PasswordServiceTest method testUpdatePasswordEmptyParams.

@Test(expected = BadRequestException.class)
public void testUpdatePasswordEmptyParams() {
    PasswordService passwordResource = new PasswordService();
    passwordResource.setPropertiesMetadata(_propertiesMetadata);
    passwordResource.setAuditLogManager(new DummyAuditLogManager());
    PasswordUpdateParam passwordUpdate = getDummyPasswordUpdate("", "");
    LocalPasswordHandler ph = getPasswordHandler();
    ph.setLocalUsers(createLocalUsers());
    passwordResource.setPasswordHandler(ph);
    SecurityContext sc = new DummySecurityContext(LOCAL_ROOT);
    passwordResource.setSecurityContext(sc);
    Response res = passwordResource.updatePassword(null, null, passwordUpdate, false);
}
Also used : Response(javax.ws.rs.core.Response) SecurityContext(javax.ws.rs.core.SecurityContext) PasswordUpdateParam(com.emc.storageos.model.password.PasswordUpdateParam) LocalPasswordHandler(com.emc.storageos.systemservices.impl.util.LocalPasswordHandler) Test(org.junit.Test)

Example 42 with SecurityContext

use of javax.ws.rs.core.SecurityContext in project coprhd-controller by CoprHD.

the class PasswordServiceTest method testUpdateUserPasswordTooManyParams.

@Test(expected = BadRequestException.class)
public void testUpdateUserPasswordTooManyParams() {
    PasswordService passwordResource = new PasswordService();
    passwordResource.setPropertiesMetadata(_propertiesMetadata);
    passwordResource.setAuditLogManager(new DummyAuditLogManager());
    PasswordResetParam passwordUpdate = getDummyPasswordReset(LOCAL_ROOT, "clearTextPwd", "HashedPassword");
    LocalPasswordHandler ph = getPasswordHandler();
    ph.setLocalUsers(createLocalUsers());
    passwordResource.setPasswordHandler(ph);
    SecurityContext sc = new DummySecurityContext(LOCAL_ROOT);
    passwordResource.setSecurityContext(sc);
    Response res = passwordResource.updateUserPassword(passwordUpdate, false);
}
Also used : Response(javax.ws.rs.core.Response) PasswordResetParam(com.emc.storageos.model.password.PasswordResetParam) SecurityContext(javax.ws.rs.core.SecurityContext) LocalPasswordHandler(com.emc.storageos.systemservices.impl.util.LocalPasswordHandler) Test(org.junit.Test)

Example 43 with SecurityContext

use of javax.ws.rs.core.SecurityContext in project coprhd-controller by CoprHD.

the class PasswordServiceTest method testUpdateSamePassword.

@Test(expected = BadRequestException.class)
public void testUpdateSamePassword() {
    PasswordService passwordResource = new PasswordService();
    passwordResource.setPropertiesMetadata(_propertiesMetadata);
    passwordResource.setAuditLogManager(new DummyAuditLogManager());
    PasswordUpdateParam passwordUpdate = getDummyPasswordUpdate("ChangeMe", null);
    LocalPasswordHandler ph = new DummyLocalPasswordHandler();
    ph.setLocalUsers(createLocalUsers());
    passwordResource.setPasswordHandler(ph);
    SecurityContext sc = new DummySecurityContext(LOCAL_ROOT);
    passwordResource.setSecurityContext(sc);
    // The following should fail with exception
    Response res = passwordResource.updatePassword(null, null, passwordUpdate, false);
}
Also used : Response(javax.ws.rs.core.Response) SecurityContext(javax.ws.rs.core.SecurityContext) PasswordUpdateParam(com.emc.storageos.model.password.PasswordUpdateParam) LocalPasswordHandler(com.emc.storageos.systemservices.impl.util.LocalPasswordHandler) Test(org.junit.Test)

Example 44 with SecurityContext

use of javax.ws.rs.core.SecurityContext in project jersey by jersey.

the class SubResourceLocatorRouter method getResource.

private Object getResource(final RequestProcessingContext context) {
    final Object resource = context.routingContext().peekMatchedResource();
    final Method handlingMethod = locatorModel.getInvocable().getHandlingMethod();
    final Object[] parameterValues = ParameterValueHelper.getParameterValues(valueProviders);
    context.triggerEvent(RequestEvent.Type.LOCATOR_MATCHED);
    final PrivilegedAction invokeMethodAction = new PrivilegedAction() {

        @Override
        public Object run() {
            try {
                return handlingMethod.invoke(resource, parameterValues);
            } catch (IllegalAccessException | IllegalArgumentException | UndeclaredThrowableException ex) {
                throw new ProcessingException(LocalizationMessages.ERROR_RESOURCE_JAVA_METHOD_INVOCATION(), ex);
            } catch (final InvocationTargetException ex) {
                final Throwable cause = ex.getCause();
                if (cause instanceof WebApplicationException) {
                    throw (WebApplicationException) cause;
                }
                // handle all exceptions as potentially mappable (incl. ProcessingException)
                throw new MappableException(cause);
            } catch (final Throwable t) {
                throw new ProcessingException(t);
            }
        }
    };
    final SecurityContext securityContext = context.request().getSecurityContext();
    return (securityContext instanceof SubjectSecurityContext) ? ((SubjectSecurityContext) securityContext).doAsSubject(invokeMethodAction) : invokeMethodAction.run();
}
Also used : MappableException(org.glassfish.jersey.server.internal.process.MappableException) WebApplicationException(javax.ws.rs.WebApplicationException) ResourceMethod(org.glassfish.jersey.server.model.ResourceMethod) Method(java.lang.reflect.Method) InvocationTargetException(java.lang.reflect.InvocationTargetException) SubjectSecurityContext(org.glassfish.jersey.server.SubjectSecurityContext) PrivilegedAction(java.security.PrivilegedAction) UndeclaredThrowableException(java.lang.reflect.UndeclaredThrowableException) SecurityContext(javax.ws.rs.core.SecurityContext) SubjectSecurityContext(org.glassfish.jersey.server.SubjectSecurityContext) ProcessingException(javax.ws.rs.ProcessingException)

Example 45 with SecurityContext

use of javax.ws.rs.core.SecurityContext in project jersey by jersey.

the class AbstractJavaResourceMethodDispatcher method invoke.

/**
     * Use the underlying invocation handler to invoke the underlying Java method
     * with the supplied input method argument values on a given resource instance.
     *
     * @param containerRequest container request.
     * @param resource         resource class instance.
     * @param args             input argument values for the invoked Java method.
     * @return invocation result.
     * @throws ProcessingException (possibly {@link MappableException mappable})
     *                             container exception in case the invocation failed.
     */
final Object invoke(final ContainerRequest containerRequest, final Object resource, final Object... args) throws ProcessingException {
    try {
        // Validate resource class & method input parameters.
        if (validator != null) {
            validator.validateResourceAndInputParams(resource, resourceMethod, args);
        }
        final PrivilegedAction invokeMethodAction = new PrivilegedAction() {

            @Override
            public Object run() {
                final TracingLogger tracingLogger = TracingLogger.getInstance(containerRequest);
                final long timestamp = tracingLogger.timestamp(ServerTraceEvent.METHOD_INVOKE);
                try {
                    return methodHandler.invoke(resource, method, args);
                } catch (IllegalAccessException | IllegalArgumentException | UndeclaredThrowableException ex) {
                    throw new ProcessingException(LocalizationMessages.ERROR_RESOURCE_JAVA_METHOD_INVOCATION(), ex);
                } catch (InvocationTargetException ex) {
                    throw mapTargetToRuntimeEx(ex.getCause());
                } catch (Throwable t) {
                    throw new ProcessingException(t);
                } finally {
                    tracingLogger.logDuration(ServerTraceEvent.METHOD_INVOKE, timestamp, resource, method);
                }
            }
        };
        final SecurityContext securityContext = containerRequest.getSecurityContext();
        final Object invocationResult = (securityContext instanceof SubjectSecurityContext) ? ((SubjectSecurityContext) securityContext).doAsSubject(invokeMethodAction) : invokeMethodAction.run();
        // Validate response entity.
        if (validator != null) {
            validator.validateResult(resource, resourceMethod, invocationResult);
        }
        return invocationResult;
    } catch (ValidationException ex) {
        // handle validation exceptions -> potentially mappable
        throw new MappableException(ex);
    }
}
Also used : MappableException(org.glassfish.jersey.server.internal.process.MappableException) ValidationException(javax.validation.ValidationException) TracingLogger(org.glassfish.jersey.message.internal.TracingLogger) InvocationTargetException(java.lang.reflect.InvocationTargetException) SubjectSecurityContext(org.glassfish.jersey.server.SubjectSecurityContext) PrivilegedAction(java.security.PrivilegedAction) UndeclaredThrowableException(java.lang.reflect.UndeclaredThrowableException) SecurityContext(javax.ws.rs.core.SecurityContext) SubjectSecurityContext(org.glassfish.jersey.server.SubjectSecurityContext) ProcessingException(javax.ws.rs.ProcessingException)

Aggregations

SecurityContext (javax.ws.rs.core.SecurityContext)77 Response (javax.ws.rs.core.Response)30 Context (javax.ws.rs.core.Context)18 Test (org.junit.Test)18 List (java.util.List)17 Principal (java.security.Principal)16 LoggerFactory (org.slf4j.LoggerFactory)16 Logger (org.slf4j.Logger)12 ArrayList (java.util.ArrayList)11 Collectors (java.util.stream.Collectors)11 Path (javax.ws.rs.Path)11 IOException (java.io.IOException)10 POST (javax.ws.rs.POST)8 LocalPasswordHandler (com.emc.storageos.systemservices.impl.util.LocalPasswordHandler)6 GET (javax.ws.rs.GET)6 PathParam (javax.ws.rs.PathParam)6 Produces (javax.ws.rs.Produces)6 MediaType (javax.ws.rs.core.MediaType)6 Status (javax.ws.rs.core.Response.Status)6 UriInfo (javax.ws.rs.core.UriInfo)6