@Override
public void configure(ResourceInfo resourceInfo, FeatureContext configurable) {
final Class declaring = resourceInfo.getResourceClass();
final Method method = resourceInfo.getResourceMethod();
if (declaring == null || method == null) return;
for (Annotation[] annotations : method.getParameterAnnotations()) {
String encoding = getEncoding(annotations);
if (encoding != null) {
configurable.register(new ClientContentEncodingAnnotationFilter(encoding));
return;
}
}
}
@Override
public void configure(ResourceInfo resourceInfo, FeatureContext featureContext) {
LOG.log(Level.INFO, "SecureRegistration.configure() Reading Annotation <Secure>");
Secure secure = resourceInfo.getResourceMethod().getAnnotation(Secure.class);
if (secure == null) return;
// // Try to set which Grant has been choosen
// HandleGrant handleGrant = null;
// switch(secure.grant()) {
// case IMPLICIT: handleGrant = new HandleImplicitGrant(
// tokenManagement, secure.scope()); break;
// case RESOURCE_OWNER_PASSWORD_CREDENTIALS:
// handleGrant = new HandleResourceOwnerPasswordCredentialsGrant(
// tokenManagement, secure.username(), secure.password(),
// secure.scope()); break;
// case CLIENT_CREDENTIALS: handleGrant = new HandleClientCredentialsGrant(
// tokenManagement, secure.scope()); break;
// // DEFAULT: Authorization Code Grant
// default: tokenManagement.setContext(context); // Setting the context
// handleGrant = new HandleAuthorizationCodeGrant(
// tokenManagement, secure.scope());
// }
// Set the ServletContext
tokenManagement.setContext(context);
LOG.log(Level.INFO, "SecureRegistration.configure() Creating new instance of Filter");
PorcupineFilter filter = new PorcupineFilter(context, tokenManagement, secure);
featureContext.register(filter);
}
public void filter(ContainerRequestContext context) throws IOException {
Class<?> resourceClass = resourceInfo.getResourceClass();
if (resourceClass != null) {
Annotation annotation = fetchAnnotation(resourceClass.getAnnotations());
if (annotation != null) {
ANNOTATION_MAP.get(annotation.annotationType()).assertAuthorized(annotation);
}
}
Method method = resourceInfo.getResourceMethod();
if (method != null) {
Annotation annotation = fetchAnnotation(method.getAnnotations());
if (annotation != null) {
ANNOTATION_MAP.get(annotation.annotationType()).assertAuthorized(annotation);
}
}
}
@Override
public void configure(ResourceInfo resourceInfo, FeatureContext context) {
final AnnotatedMethod am = new AnnotatedMethod(resourceInfo.getResourceMethod());
if (am.isAnnotationPresent(RolesAllowed.class)
|| am.isAnnotationPresent(DenyAll.class)
|| am.isAnnotationPresent(PermitAll.class)) {
context.register(authFilter);
}
}
@Override
public void configure(ResourceInfo resourceInfo, FeatureContext featureContext) {
Method am = resourceInfo.getResourceMethod();
logger.debug(
"configure {} method {}",
resourceInfo.getResourceClass().getSimpleName(),
resourceInfo.getResourceMethod().getName());
if (am.isAnnotationPresent(RequireApplicationAccess.class)) {
featureContext.register(ApplicationFilter.class);
} else if (am.isAnnotationPresent(RequireOrganizationAccess.class)) {
featureContext.register(OrganizationFilter.class);
} else if (am.isAnnotationPresent(RequireSystemAccess.class)) {
featureContext.register(SystemFilter.class);
} else if (am.isAnnotationPresent(RequireAdminUserAccess.class)) {
featureContext.register(SystemFilter.AdminUserFilter.class);
}
}
@Override
public void configure(ResourceInfo resourceInfo, FeatureContext context) {
Method resourceMethod = resourceInfo.getResourceMethod();
Class<?> resourceClass = resourceInfo.getResourceClass();
if (metricsDisabled(resourceClass)) {
return;
}
Path methodPath = resourceMethod.getAnnotation(Path.class);
Path classPath = resourceClass.getAnnotation(Path.class);
Path path = methodPath != null ? methodPath : classPath;
if (path != null) {
UriBuilder builder =
methodPath != null
? UriBuilder.fromResource(resourceClass).path(resourceClass, resourceMethod.getName())
: UriBuilder.fromResource(resourceClass);
String template = builder.toTemplate();
context.register(new TimerBeforeFilter(template));
context.register(TimerAfterFilter.class);
}
}
private boolean isOpenGlobally(ContainerRequestContext requestContext) {
/* Get method invoked. */
Method methodInvoked = resourceInfo.getResourceMethod();
/* Check if open method... */
if (methodInvoked.isAnnotationPresent(PermitAll.class)) {
/*
* Method is globally permitted, so we proceed without interactions.
*/
return true;
}
/* Check whether anonymous is allowed to read... */
if ((anonymousCanRead) && (HttpMethod.GET.equals(requestContext.getMethod()))) {
/*
* Anonymous is allowed read, so we can open GET methods globally
* and skip all other tests for performance reasons.
*/
return true;
}
return false;
}
private static boolean classOrResourceAnnotatedWith(
ResourceInfo resourceInfo, Class<NeverCache> class1) {
return resourceInfo.getResourceClass().isAnnotationPresent(class1)
|| resourceInfo.getResourceMethod().isAnnotationPresent(class1);
}
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
/* Get AuthId and AuthToken from HTTP-Header. */
String authIdString = requestContext.getHeaderString(AuthElement.AUTH_ID_HEADER);
String authTokenString = requestContext.getHeaderString(AuthElement.AUTH_TOKEN_HEADER);
if ((authIdString == null)
|| (authIdString.isEmpty())
|| (authTokenString == null)
|| (authTokenString.isEmpty())) {
if (!isOpenGlobally(requestContext)) {
/*
* Method is not globally open and we do not have authentication
* data, so we need to ask for it.
*/
eventLogger.logEvent(createUserNotAuthenticatedEvent());
requestContext.abortWith(ACCESS_UNAUTHORIZED);
}
return;
}
/* Check email address format and convert it... */
EmailAddress email;
try {
email = new EmailAddress(authIdString);
} catch (IllegalArgumentException e) {
if (!isOpenGlobally(requestContext)) {
eventLogger.logEvent(createIllegalEmailAddressEvent(authIdString));
requestContext.abortWith(ACCESS_UNAUTHORIZED);
}
return;
}
/* Check authentication token and convert it... */
UUID authToken;
try {
authToken = UUID.fromString(authTokenString);
} catch (IllegalArgumentException e) {
if (!isOpenGlobally(requestContext)) {
eventLogger.logEvent(createIllegalTokenEvent(authTokenString, email));
requestContext.abortWith(ACCESS_UNAUTHORIZED);
}
return;
}
/* Check for correct authentication data... */
if (authService.isAuthenticated(email, authToken)) {
authService.updateActivity(email, authToken);
} else {
if (!isOpenGlobally(requestContext)) {
/*
* Authentication data does not fit, so we do not need to check
* further...
*/
eventLogger.logEvent(createInvalidAuthenticationDataEvent(authTokenString, email));
requestContext.abortWith(ACCESS_UNAUTHORIZED);
}
return;
}
/* Get method invoked. */
Method methodInvoked = resourceInfo.getResourceMethod();
/*
* Check for certain roles to be allowed...
*/
if (isOpenGlobally(requestContext)) {
return;
} else if (authService.isAuthorizedAdministrator(email, authToken)) {
/* User is an administrator, so she is allowed. */
return;
} else if (methodInvoked.isAnnotationPresent(RolesAllowed.class)) {
RolesAllowed rolesAllowedAnnotation = methodInvoked.getAnnotation(RolesAllowed.class);
Set<String> rolesAllowed = new HashSet<>(Arrays.asList(rolesAllowedAnnotation.roles()));
if (!authService.isAuthorized(email, authToken, rolesAllowed)) {
eventLogger.logEvent(createInsufficientPrivilegesEvent(methodInvoked, email));
requestContext.abortWith(FORBIDDEN);
}
return;
} else if (methodInvoked.isAnnotationPresent(DenyAll.class)) {
/* Globally forbidden method. */
eventLogger.logEvent(createForbiddenEvent(methodInvoked, email));
requestContext.abortWith(FORBIDDEN);
return;
}
/*
* ATTENTION(!): DUE TO SECURITY REASONS, ALL REST METHODS ARE DENIED
* PER DEFAULT!
*
* Functionality needs to be declared permitted or roles added to open
* methods into the public.
*/
eventLogger.logEvent(createUnspecifiedAuthorizationEvent(methodInvoked, email));
requestContext.abortWith(FORBIDDEN);
}
@Override
public void configure(ResourceInfo resourceInfo, FeatureContext context) {
if (resourceInfo.getResourceMethod().getAnnotation(DateRequired.class) != null) {
context.register(DateNotSpecifiedFilter.class);
}
}