Search in sources :

Example 1 with HttpRequest

use of org.jboss.resteasy.spi.HttpRequest in project candlepin by candlepin.

the class AuthenticationFilter method filter.

@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
    log.debug("Authentication check for {}", requestContext.getUriInfo().getPath());
    HttpRequest httpRequest = ResteasyProviderFactory.getContextData(HttpRequest.class);
    ResourceInfo resourceInfo = ResteasyProviderFactory.getContextData(ResourceInfo.class);
    Method method = resourceInfo.getResourceMethod();
    SecurityHole hole = method.getAnnotation(SecurityHole.class);
    Principal principal = null;
    if (hole != null && hole.anon()) {
        principal = new NoAuthPrincipal();
    } else if (resourceInfo.getResourceClass().equals(ApiListingResource.class)) {
        log.debug("Swagger API request made; no principal required.");
        principal = new NoAuthPrincipal();
    } else {
        for (AuthProvider provider : providers) {
            principal = provider.getPrincipal(httpRequest);
            if (principal != null) {
                log.debug("Establishing principal with {}", provider.getClass().getName());
                break;
            }
        }
    }
    /* At this point, there is no provider that has given a valid principal,
         * so we use the NoAuthPrincipal here if it is allowed. */
    if (principal == null) {
        if (hole != null && hole.noAuth()) {
            log.debug("No auth allowed for resource; setting NoAuth principal");
            principal = new NoAuthPrincipal();
        } else if (!config.getBoolean(ConfigProperties.AUTH_OVER_HTTP) && !request.isSecure()) {
            throw new BadRequestException("Please use SSL when accessing protected resources");
        } else {
            throw new NotAuthorizedException("Invalid credentials.");
        }
    }
    SecurityContext securityContext = new CandlepinSecurityContext(principal);
    requestContext.setSecurityContext(securityContext);
    // Push the principal into the context for the PrincipalProvider to access directly
    ResteasyProviderFactory.pushContext(Principal.class, principal);
}
Also used : HttpRequest(org.jboss.resteasy.spi.HttpRequest) ResourceInfo(javax.ws.rs.container.ResourceInfo) SecurityHole(org.candlepin.common.auth.SecurityHole) NoAuthPrincipal(org.candlepin.auth.NoAuthPrincipal) ApiListingResource(io.swagger.jaxrs.listing.ApiListingResource) SecurityContext(javax.ws.rs.core.SecurityContext) BadRequestException(org.candlepin.common.exceptions.BadRequestException) AuthProvider(org.candlepin.auth.AuthProvider) Method(java.lang.reflect.Method) NotAuthorizedException(org.candlepin.common.exceptions.NotAuthorizedException) Principal(org.candlepin.auth.Principal) NoAuthPrincipal(org.candlepin.auth.NoAuthPrincipal)

Example 2 with HttpRequest

use of org.jboss.resteasy.spi.HttpRequest in project candlepin by candlepin.

the class VerifyAuthorizationFilter method runFilter.

@Override
public void runFilter(ContainerRequestContext requestContext) {
    HttpRequest request = ResteasyProviderFactory.getContextData(HttpRequest.class);
    Principal principal = (Principal) requestContext.getSecurityContext().getUserPrincipal();
    ResourceInfo resourceInfo = ResteasyProviderFactory.getContextData(ResourceInfo.class);
    Method method = resourceInfo.getResourceMethod();
    if (log.isDebugEnabled()) {
        log.debug("Authorization check for {} mapping to {}.{}", requestContext.getUriInfo().getPath(), method.getDeclaringClass().getName(), method.getName());
    }
    Map<Verify, Object> argMap = getArguments(request, method);
    // Couldn't find a match in Resteasy for method
    if (argMap.isEmpty()) {
        /* It would also be possible to get here if a super-admin only method
             * were inadvertently being filtered through this filter.  Normally the
             * AuthorizationFeature takes care of sending methods without any @Verify
             * annotations through the SuperAdminAuthorizationFilter */
        throw new IseException("Could not get parameters for " + method);
    }
    Access defaultAccess = getDefaultAccess(method);
    if (!hasAccess(argMap, principal, defaultAccess)) {
        denyAccess(principal, method);
    }
}
Also used : HttpRequest(org.jboss.resteasy.spi.HttpRequest) ResourceInfo(javax.ws.rs.container.ResourceInfo) IseException(org.candlepin.common.exceptions.IseException) Access(org.candlepin.auth.Access) Method(java.lang.reflect.Method) Verify(org.candlepin.auth.Verify) Principal(org.candlepin.auth.Principal)

Aggregations

Method (java.lang.reflect.Method)2 ResourceInfo (javax.ws.rs.container.ResourceInfo)2 Principal (org.candlepin.auth.Principal)2 HttpRequest (org.jboss.resteasy.spi.HttpRequest)2 ApiListingResource (io.swagger.jaxrs.listing.ApiListingResource)1 SecurityContext (javax.ws.rs.core.SecurityContext)1 Access (org.candlepin.auth.Access)1 AuthProvider (org.candlepin.auth.AuthProvider)1 NoAuthPrincipal (org.candlepin.auth.NoAuthPrincipal)1 Verify (org.candlepin.auth.Verify)1 SecurityHole (org.candlepin.common.auth.SecurityHole)1 BadRequestException (org.candlepin.common.exceptions.BadRequestException)1 IseException (org.candlepin.common.exceptions.IseException)1 NotAuthorizedException (org.candlepin.common.exceptions.NotAuthorizedException)1