Example 1 with NotAuthorizedException
use of org.candlepin.common.exceptions.NotAuthorizedException in project candlepin by candlepin.
the class AuthenticationFilter method filter.
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
log.debug("Authentication check for {}", requestContext.getUriInfo().getPath());
HttpRequest httpRequest = ResteasyProviderFactory.getContextData(HttpRequest.class);
ResourceInfo resourceInfo = ResteasyProviderFactory.getContextData(ResourceInfo.class);
Method method = resourceInfo.getResourceMethod();
SecurityHole hole = method.getAnnotation(SecurityHole.class);
Principal principal = null;
if (hole != null && hole.anon()) {
principal = new NoAuthPrincipal();
} else if (resourceInfo.getResourceClass().equals(ApiListingResource.class)) {
log.debug("Swagger API request made; no principal required.");
principal = new NoAuthPrincipal();
} else {
for (AuthProvider provider : providers) {
principal = provider.getPrincipal(httpRequest);
if (principal != null) {
log.debug("Establishing principal with {}", provider.getClass().getName());
break;
}
}
}
/* At this point, there is no provider that has given a valid principal,
* so we use the NoAuthPrincipal here if it is allowed. */
if (principal == null) {
if (hole != null && hole.noAuth()) {
log.debug("No auth allowed for resource; setting NoAuth principal");
principal = new NoAuthPrincipal();
} else if (!config.getBoolean(ConfigProperties.AUTH_OVER_HTTP) && !request.isSecure()) {
throw new BadRequestException("Please use SSL when accessing protected resources");
} else {
throw new NotAuthorizedException("Invalid credentials.");
}
}
SecurityContext securityContext = new CandlepinSecurityContext(principal);
requestContext.setSecurityContext(securityContext);
// Push the principal into the context for the PrincipalProvider to access directly
ResteasyProviderFactory.pushContext(Principal.class, principal);
}
Also used :
HttpRequest(org.jboss.resteasy.spi.HttpRequest)
ResourceInfo(javax.ws.rs.container.ResourceInfo)
SecurityHole(org.candlepin.common.auth.SecurityHole)
NoAuthPrincipal(org.candlepin.auth.NoAuthPrincipal)
ApiListingResource(io.swagger.jaxrs.listing.ApiListingResource)
SecurityContext(javax.ws.rs.core.SecurityContext)
BadRequestException(org.candlepin.common.exceptions.BadRequestException)
AuthProvider(org.candlepin.auth.AuthProvider)
Method(java.lang.reflect.Method)
NotAuthorizedException(org.candlepin.common.exceptions.NotAuthorizedException)
Principal(org.candlepin.auth.Principal)
NoAuthPrincipal(org.candlepin.auth.NoAuthPrincipal)
Example 2 with NotAuthorizedException
use of org.candlepin.common.exceptions.NotAuthorizedException in project candlepin by candlepin.
the class OAuth method getPrincipal.
/**
* Attempt to pull a principal off of an oauth signed message.
*
* @return the principal if it can be created, null otherwise
*/
public Principal getPrincipal(HttpRequest httpRequest) {
Principal principal = null;
I18n i18n = i18nProvider.get();
try {
if (AuthUtil.getHeader(httpRequest, "Authorization").contains("oauth")) {
OAuthMessage requestMessage = new RestEasyOAuthMessage(httpRequest);
OAuthAccessor accessor = this.getAccessor(requestMessage);
// TODO: This is known to be memory intensive.
VALIDATOR.validateMessage(requestMessage, accessor);
// If we got here, it is a valid oauth message.
// Figure out which kind of principal we should create, based on header
log.debug("Using OAuth");
if (!AuthUtil.getHeader(httpRequest, TrustedUserAuth.USER_HEADER).equals("")) {
principal = userAuth.getPrincipal(httpRequest);
} else if (!AuthUtil.getHeader(httpRequest, TrustedConsumerAuth.CONSUMER_HEADER).equals("")) {
principal = consumerAuth.getPrincipal(httpRequest);
} else {
// The external system is acting on behalf of itself
principal = systemAuth.getPrincipal(httpRequest);
}
}
} catch (OAuthProblemException e) {
log.debug("OAuth Problem", e);
// status code of 200. make it 401 unauthorized instead.
if (e.getProblem().equals("signature_invalid")) {
throw new NotAuthorizedException(i18n.tr("Invalid OAuth unit or secret"));
}
Response.Status returnCode = Response.Status.fromStatusCode(e.getHttpStatusCode());
String message = i18n.tr("OAuth problem encountered. Internal message is: {0}", e.getMessage());
throw new CandlepinException(returnCode, message);
} catch (OAuthException e) {
log.debug("OAuth Error", e);
String message = i18n.tr("OAuth error encountered. Internal message is: {0}", e.getMessage());
throw new BadRequestException(message);
} catch (URISyntaxException e) {
throw new IseException(e.getMessage(), e);
} catch (IOException e) {
throw new IseException(e.getMessage(), e);
}
return principal;
}
Also used :
CandlepinException(org.candlepin.common.exceptions.CandlepinException)
RestEasyOAuthMessage(org.candlepin.common.resteasy.auth.RestEasyOAuthMessage)
OAuthMessage(net.oauth.OAuthMessage)
OAuthException(net.oauth.OAuthException)
NotAuthorizedException(org.candlepin.common.exceptions.NotAuthorizedException)
URISyntaxException(java.net.URISyntaxException)
IOException(java.io.IOException)
RestEasyOAuthMessage(org.candlepin.common.resteasy.auth.RestEasyOAuthMessage)
OAuthAccessor(net.oauth.OAuthAccessor)
OAuthProblemException(net.oauth.OAuthProblemException)
IseException(org.candlepin.common.exceptions.IseException)
BadRequestException(org.candlepin.common.exceptions.BadRequestException)
I18n(org.xnap.commons.i18n.I18n)
Example 3 with NotAuthorizedException
use of org.candlepin.common.exceptions.NotAuthorizedException in project candlepin by candlepin.
the class BasicAuth method getPrincipal.
@Override
public Principal getPrincipal(HttpRequest httpRequest) {
try {
String auth = AuthUtil.getHeader(httpRequest, "Authorization");
if (auth != null && auth.toUpperCase().startsWith("BASIC ")) {
String userpassEncoded = auth.substring(6);
String[] userpass = new String(Base64.decodeBase64(userpassEncoded)).split(":", 2);
String username = userpass[0];
String password = null;
if (userpass.length > 1) {
password = userpass[1];
}
if (log.isDebugEnabled()) {
Integer length = (password == null) ? 0 : password.length();
log.debug("check for: {} - password of length {}", username, length);
}
if (userServiceAdapter.validateUser(username, password)) {
Principal principal = createPrincipal(username);
log.debug("principal created for user '{}'", username);
return principal;
} else {
throw new NotAuthorizedException(i18n.get().tr("Invalid Credentials"));
}
}
} catch (CandlepinException e) {
if (log.isDebugEnabled()) {
log.debug("Error getting principal " + e);
}
throw e;
} catch (Exception e) {
if (log.isDebugEnabled()) {
log.debug("Error getting principal " + e);
}
throw new ServiceUnavailableException(i18n.get().tr("Error contacting user service"));
}
return null;
}
Also used :
CandlepinException(org.candlepin.common.exceptions.CandlepinException)
NotAuthorizedException(org.candlepin.common.exceptions.NotAuthorizedException)
ServiceUnavailableException(org.candlepin.common.exceptions.ServiceUnavailableException)
CandlepinException(org.candlepin.common.exceptions.CandlepinException)
ServiceUnavailableException(org.candlepin.common.exceptions.ServiceUnavailableException)
NotAuthorizedException(org.candlepin.common.exceptions.NotAuthorizedException)
Aggregations
NotAuthorizedException (org.candlepin.common.exceptions.NotAuthorizedException)3
BadRequestException (org.candlepin.common.exceptions.BadRequestException)2
CandlepinException (org.candlepin.common.exceptions.CandlepinException)2
ApiListingResource (io.swagger.jaxrs.listing.ApiListingResource)1
IOException (java.io.IOException)1
Method (java.lang.reflect.Method)1
URISyntaxException (java.net.URISyntaxException)1
ResourceInfo (javax.ws.rs.container.ResourceInfo)1
SecurityContext (javax.ws.rs.core.SecurityContext)1
OAuthAccessor (net.oauth.OAuthAccessor)1
OAuthException (net.oauth.OAuthException)1
OAuthMessage (net.oauth.OAuthMessage)1
OAuthProblemException (net.oauth.OAuthProblemException)1
AuthProvider (org.candlepin.auth.AuthProvider)1
NoAuthPrincipal (org.candlepin.auth.NoAuthPrincipal)1
Principal (org.candlepin.auth.Principal)1
SecurityHole (org.candlepin.common.auth.SecurityHole)1
IseException (org.candlepin.common.exceptions.IseException)1
ServiceUnavailableException (org.candlepin.common.exceptions.ServiceUnavailableException)1
RestEasyOAuthMessage (org.candlepin.common.resteasy.auth.RestEasyOAuthMessage)1
