use of org.simbasecurity.api.service.thrift.RequestData in project simba-os by cegeka.
the class JerseyBasicAuthenticationFilter method filter.
@Override
public void filter(ContainerRequestContext containerRequestContext) throws IOException {
ContainerRequest containerRequest = (ContainerRequest) containerRequestContext.getRequest();
Map<String, String> requestParameters = toMap(containerRequestContext.getUriInfo().getQueryParameters());
List<String> auth = containerRequest.getRequestHeader("authorization");
if (auth == null || auth.isEmpty()) {
throw new WebApplicationException(Response.Status.UNAUTHORIZED);
}
String[] credentials = decode(auth.get(0));
requestParameters.put(AuthenticationConstants.USERNAME, credentials[0]);
requestParameters.put(AuthenticationConstants.PASSWORD, credentials[1]);
RequestData requestData = new RequestData(requestParameters, toMap(containerRequest.getRequestHeaders()), containerRequest.getAbsolutePath().toString(), simbaWebURL, null, /* SSO Token */
null, /* Client IP */
false, false, false, false, false, containerRequest.getMethod(), RequestUtil.HOST_SERVER_NAME, null, null);
THttpClient tHttpClient = null;
try {
tHttpClient = new THttpClient(simbaWebURL + "/authenticationService");
TProtocol tProtocol = new TJSONProtocol(tHttpClient);
AuthenticationFilterService.Client authenticationClient = new AuthenticationFilterService.Client(tProtocol);
ActionDescriptor actionDescriptor = authenticationClient.processRequest(requestData, "wsLoginChain");
if (!actionDescriptor.getActionTypes().contains(ActionType.DO_FILTER_AND_SET_PRINCIPAL)) {
throw new WebApplicationException(Response.Status.UNAUTHORIZED);
}
} catch (Exception e) {
e.printStackTrace();
throw new WebApplicationException(e, Response.Status.UNAUTHORIZED);
} finally {
if (tHttpClient != null) {
tHttpClient.close();
}
}
}
use of org.simbasecurity.api.service.thrift.RequestData in project simba-os by cegeka.
the class ManagerSecurityInterceptor method preHandle.
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
RequestData requestData = RequestUtil.createRequestData(request, SystemConfiguration.getSimbaWebURL());
try {
ActionDescriptor actionDescriptor = authenticationService().processRequest(requestData, SystemConfiguration.getManagerAuthorizationChainName());
if (actionDescriptor.getActionTypes().contains(ActionType.DO_FILTER_AND_SET_PRINCIPAL)) {
return true;
}
} catch (Exception ignored) {
ignored.printStackTrace();
}
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return false;
}
Aggregations