public String authenticate(Request request, Response response) {
if (!request.getClientInfo().isAuthenticated()) {
authenticator.challenge(response, false);
return null;
}
return request.getClientInfo().getUser().getIdentifier();
}
@Override
protected int doHandle(Request request, Response response) {
super.doHandle(request, response);
if (response.getStatus().isSuccess() && request.getMethod().equals(Method.GET)) {
boolean isHtml = false;
for (Preference<MediaType> mt : request.getClientInfo().getAcceptedMediaTypes()) {
if (mt.getMetadata().includes(MediaType.APPLICATION_XHTML)
|| mt.getMetadata().includes(MediaType.TEXT_HTML)) {
isHtml = true;
break;
}
}
if (isHtml) {
try {
response.setEntity(toHtml(request, response));
} catch (SlipStreamException e) {
// ok it failed generating html... do we care?
}
}
}
return CONTINUE;
}
@Before
public void setUp() throws Exception {
contactsRepository = ContactsRepository.getInstance();
contactsRepository.setDbService(dbService);
attributes = new ConcurrentHashMap<String, Object>();
Subject subjectUnderTest = Mockito.mock(Subject.class);
setSubject(subjectUnderTest);
request = Mockito.mock(Request.class);
Mockito.when(request.getClientInfo()).thenReturn(new ClientInfo());
Mockito.when(request.getAttributes()).thenReturn(attributes);
Reference targetRef = Mockito.mock(Reference.class);
Reference resourceRef = Mockito.mock(Reference.class);
Mockito.when(request.getResourceRef()).thenReturn(resourceRef);
Mockito.when(resourceRef.getTargetRef()).thenReturn(targetRef);
response = new Response(request);
ValidatorService validatorService = Mockito.mock(ValidatorService.class);
Validator validator = Mockito.mock(Validator.class);
Mockito.when(validatorService.getValidator()).thenReturn(validator);
Mockito.when(clipboardApplication.getValidatorService()).thenReturn(validatorService);
RouteBuilder routeBuilder = Mockito.mock(RouteBuilder.class);
Mockito.when(clipboardApplication.getRouteBuilders(Mockito.any()))
.thenReturn(Arrays.asList(routeBuilder));
}
/**
* Allows filtering after its handling by the target Restlet. Does nothing by default.
*
* @param request The request to filter.
* @param response The response to filter.
*/
@Override
public void afterHandle(Request request, Response response) {
// Check if encoding of the response entity is needed
if (isEncodingResponse() && canEncode(response.getEntity())) {
response.setEntity(encode(request.getClientInfo(), response.getEntity()));
}
}
/**
* Creates an uniform call.
*
* @param jdbcURI The database's JDBC URI (ex: jdbc:mysql://[hostname]/[database]).
* @param request The request to send (valid XML request).
*/
public static Request create(String jdbcURI, Representation request) {
Request result = new Request();
result.getClientInfo().setAgent(Engine.VERSION_HEADER);
result.setMethod(Method.POST);
result.setResourceRef(jdbcURI);
result.setEntity(request);
return result;
}
private Request createXmlRequest(Reference reference, Representation representation) {
Request xmlRequest = createRequest(reference, representation);
xmlRequest
.getClientInfo()
.getAcceptedMediaTypes()
.add(new Preference<MediaType>(MediaType.APPLICATION_XML));
return xmlRequest;
}
private Request createJsonRequest(Reference reference, Representation representation) {
Request jsonRequest = createRequest(reference, representation);
jsonRequest
.getClientInfo()
.getAcceptedMediaTypes()
.add(new Preference<MediaType>(MediaType.APPLICATION_JSON));
return jsonRequest;
}
/**
* Allows filtering before its handling by the target Restlet. Does nothing by default.
*
* @param request The request to filter.
* @param response The response to filter.
* @return The continuation status.
*/
@Override
public int beforeHandle(Request request, Response response) {
// Check if encoding of the request entity is needed
if (isEncodingRequest() && canEncode(request.getEntity())) {
request.setEntity(encode(request.getClientInfo(), request.getEntity()));
}
return CONTINUE;
}
/**
* Invoked upon failed authentication. By default, it updates the request's clientInfo and
* challengeResponse "authenticated" properties, and returns {@link Filter#STOP}.
*
* @param request The request sent.
* @param response The response to update.
* @return The filter continuation code.
*/
@SuppressWarnings("deprecation")
protected int unauthenticated(Request request, Response response) {
if (isOptional()) {
response.setStatus(Status.SUCCESS_OK);
return CONTINUE;
}
// Update the challenge response accordingly
if (request.getChallengeResponse() != null) {
request.getChallengeResponse().setAuthenticated(false);
}
// Update the client info accordingly
if (request.getClientInfo() != null) {
request.getClientInfo().setAuthenticated(false);
}
// Stop the filtering chain
return STOP;
}
/** Pre-processing method testing if the client IP address is in the set of blocked addresses. */
@Override
protected int beforeHandle(Request request, Response response) {
int result = STOP;
if (getBlockedAddresses().contains(request.getClientInfo().getAddress())) {
response.setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Your IP address was blocked");
} else {
result = CONTINUE;
}
return result;
}
/**
* Invoked upon successful authentication. By default, it updates the request's clientInfo and
* challengeResponse "authenticated" properties, clears the existing challenge requests on the
* response, calls the enroler and finally returns {@link Filter#CONTINUE}.
*
* @param request The request sent.
* @param response The response to update.
* @return The filter continuation code.
*/
@SuppressWarnings("deprecation")
protected int authenticated(Request request, Response response) {
// Update the challenge response accordingly
if (request.getChallengeResponse() != null) {
request.getChallengeResponse().setAuthenticated(true);
}
// Update the client info accordingly
if (request.getClientInfo() != null) {
request.getClientInfo().setAuthenticated(true);
}
// Clear previous challenge requests
response.getChallengeRequests().clear();
// Add the roles for the authenticated subject
if (getEnroler() != null) {
getEnroler().enrole(request.getClientInfo());
}
return CONTINUE;
}
@Override
protected void afterHandle(Request request, Response response) {
super.afterHandle(request, response);
Cookie cookie = request.getCookies().getFirst("Credentials");
if (request.getClientInfo().isAuthenticated() && (cookie == null)) {
String identifier = request.getChallengeResponse().getIdentifier();
String secret = new String(request.getChallengeResponse().getSecret());
CookieSetting cookieSetting = new CookieSetting("Credentials", identifier + "=" + secret);
cookieSetting.setAccessRestricted(true);
cookieSetting.setPath("/");
cookieSetting.setComment("Unsecured cookie based authentication");
cookieSetting.setMaxAge(30);
response.getCookieSettings().add(cookieSetting);
}
}
private void setUserInfo(Request request, String token) {
com.github.richardwilly98.esdms.api.User user;
try {
user = getRestAuthenticationClient().validate(token);
if (user == null) {
throw new ServiceException(String.format("Cannot get user from token %s", token));
}
UserEntity userEntity = UserEntityManager.convertToUserEntity(user);
User restletUser = new User(userEntity.getId());
restletUser.setEmail(userEntity.getEmail());
restletUser.setFirstName(userEntity.getFirstName());
restletUser.setLastName(userEntity.getLastName());
request.getClientInfo().setUser(restletUser);
request.getClientInfo().setAuthenticated(true);
} catch (ServiceException ex) {
log.warn("setUserInfo failed", ex);
}
}