Example 1 with SubjectSecurityContext
use of org.glassfish.jersey.server.SubjectSecurityContext in project jersey by jersey.
the class SubResourceLocatorRouter method getResource.
private Object getResource(final RequestProcessingContext context) {
final Object resource = context.routingContext().peekMatchedResource();
final Method handlingMethod = locatorModel.getInvocable().getHandlingMethod();
final Object[] parameterValues = ParameterValueHelper.getParameterValues(valueProviders);
context.triggerEvent(RequestEvent.Type.LOCATOR_MATCHED);
final PrivilegedAction invokeMethodAction = new PrivilegedAction() {
@Override
public Object run() {
try {
return handlingMethod.invoke(resource, parameterValues);
} catch (IllegalAccessException | IllegalArgumentException | UndeclaredThrowableException ex) {
throw new ProcessingException(LocalizationMessages.ERROR_RESOURCE_JAVA_METHOD_INVOCATION(), ex);
} catch (final InvocationTargetException ex) {
final Throwable cause = ex.getCause();
if (cause instanceof WebApplicationException) {
throw (WebApplicationException) cause;
}
// handle all exceptions as potentially mappable (incl. ProcessingException)
throw new MappableException(cause);
} catch (final Throwable t) {
throw new ProcessingException(t);
}
}
};
final SecurityContext securityContext = context.request().getSecurityContext();
return (securityContext instanceof SubjectSecurityContext) ? ((SubjectSecurityContext) securityContext).doAsSubject(invokeMethodAction) : invokeMethodAction.run();
}
Also used :
MappableException(org.glassfish.jersey.server.internal.process.MappableException)
WebApplicationException(javax.ws.rs.WebApplicationException)
ResourceMethod(org.glassfish.jersey.server.model.ResourceMethod)
Method(java.lang.reflect.Method)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
SubjectSecurityContext(org.glassfish.jersey.server.SubjectSecurityContext)
PrivilegedAction(java.security.PrivilegedAction)
UndeclaredThrowableException(java.lang.reflect.UndeclaredThrowableException)
SecurityContext(javax.ws.rs.core.SecurityContext)
SubjectSecurityContext(org.glassfish.jersey.server.SubjectSecurityContext)
ProcessingException(javax.ws.rs.ProcessingException)
Example 2 with SubjectSecurityContext
use of org.glassfish.jersey.server.SubjectSecurityContext in project jersey by jersey.
the class AbstractJavaResourceMethodDispatcher method invoke.
/**
* Use the underlying invocation handler to invoke the underlying Java method
* with the supplied input method argument values on a given resource instance.
*
* @param containerRequest container request.
* @param resource resource class instance.
* @param args input argument values for the invoked Java method.
* @return invocation result.
* @throws ProcessingException (possibly {@link MappableException mappable})
* container exception in case the invocation failed.
*/
final Object invoke(final ContainerRequest containerRequest, final Object resource, final Object... args) throws ProcessingException {
try {
// Validate resource class & method input parameters.
if (validator != null) {
validator.validateResourceAndInputParams(resource, resourceMethod, args);
}
final PrivilegedAction invokeMethodAction = new PrivilegedAction() {
@Override
public Object run() {
final TracingLogger tracingLogger = TracingLogger.getInstance(containerRequest);
final long timestamp = tracingLogger.timestamp(ServerTraceEvent.METHOD_INVOKE);
try {
return methodHandler.invoke(resource, method, args);
} catch (IllegalAccessException | IllegalArgumentException | UndeclaredThrowableException ex) {
throw new ProcessingException(LocalizationMessages.ERROR_RESOURCE_JAVA_METHOD_INVOCATION(), ex);
} catch (InvocationTargetException ex) {
throw mapTargetToRuntimeEx(ex.getCause());
} catch (Throwable t) {
throw new ProcessingException(t);
} finally {
tracingLogger.logDuration(ServerTraceEvent.METHOD_INVOKE, timestamp, resource, method);
}
}
};
final SecurityContext securityContext = containerRequest.getSecurityContext();
final Object invocationResult = (securityContext instanceof SubjectSecurityContext) ? ((SubjectSecurityContext) securityContext).doAsSubject(invokeMethodAction) : invokeMethodAction.run();
// Validate response entity.
if (validator != null) {
validator.validateResult(resource, resourceMethod, invocationResult);
}
return invocationResult;
} catch (ValidationException ex) {
// handle validation exceptions -> potentially mappable
throw new MappableException(ex);
}
}
Also used :
MappableException(org.glassfish.jersey.server.internal.process.MappableException)
ValidationException(javax.validation.ValidationException)
TracingLogger(org.glassfish.jersey.message.internal.TracingLogger)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
SubjectSecurityContext(org.glassfish.jersey.server.SubjectSecurityContext)
PrivilegedAction(java.security.PrivilegedAction)
UndeclaredThrowableException(java.lang.reflect.UndeclaredThrowableException)
SecurityContext(javax.ws.rs.core.SecurityContext)
SubjectSecurityContext(org.glassfish.jersey.server.SubjectSecurityContext)
ProcessingException(javax.ws.rs.ProcessingException)
Aggregations
InvocationTargetException (java.lang.reflect.InvocationTargetException)2
UndeclaredThrowableException (java.lang.reflect.UndeclaredThrowableException)2
PrivilegedAction (java.security.PrivilegedAction)2
ProcessingException (javax.ws.rs.ProcessingException)2
SecurityContext (javax.ws.rs.core.SecurityContext)2
SubjectSecurityContext (org.glassfish.jersey.server.SubjectSecurityContext)2
MappableException (org.glassfish.jersey.server.internal.process.MappableException)2
Method (java.lang.reflect.Method)1
ValidationException (javax.validation.ValidationException)1
WebApplicationException (javax.ws.rs.WebApplicationException)1
TracingLogger (org.glassfish.jersey.message.internal.TracingLogger)1
ResourceMethod (org.glassfish.jersey.server.model.ResourceMethod)1
