@Path("listBundles")
@GET
@Produces(MediaType.APPLICATION_JSON)
public Response listBundles() throws Exception {
if (authorizationService.isAnonymous() || !authorizationService.isAdmin()) {
return Response.status(Response.Status.UNAUTHORIZED).build();
}
return runService(advancedServiceFactory.getSupportServiceListBundles());
}
@Path("deleteBundle/{archive: .+}")
@DELETE
@Produces(MediaType.APPLICATION_JSON)
public Response deleteBundle(@PathParam("archive") String archive) throws Exception {
if (authorizationService.isAnonymous() || !authorizationService.isAdmin()) {
return Response.status(Response.Status.UNAUTHORIZED).build();
}
return runService(advancedServiceFactory.getSupportServiceDeleteBundle(), archive);
}
@Path("generateBundle")
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Response generateBundle(BundleConfigurationImpl bundleConfiguration) throws Exception {
if (authorizationService.isAnonymous() || !authorizationService.isAdmin()) {
return Response.status(Response.Status.UNAUTHORIZED).build();
}
return runService(
advancedServiceFactory.getSupportServiceGenerateBundle(),
new BundleConfigurationWrapper(bundleConfiguration, httpServletRequest));
}
@Override
public ContainerRequest filter(ContainerRequest request) {
// validate session still active
AuthUtils.validateSession(this.request, uriInfo, response);
boolean authenticated = authorizationService.isAuthenticated();
boolean anonAccessEnabled = authorizationService.isAnonAccessEnabled();
if (!authenticated) {
if (anonAccessEnabled || uriInfo.getPath().indexOf("auth") != -1) {
// If anon access is allowed and we didn't bother authenticating try to perform the action
// as a user
request.setSecurityContext(
new RoleAuthenticator(UserInfo.ANONYMOUS, AuthorizationService.ROLE_USER));
} else {
throw new AuthorizationRestException();
}
} else {
// Block all the REST calls that pass trough 'mc' entry point and are not authenticated by the
// MS token authentication,
// except the FIRST and only the FIRST call to the setupMC that can be authenticated by the
// basic authentication,
if (isMissionControlAccesPoint(request)) {
boolean firstCallToSetupMC = isFirstCallToSetupMC(request);
boolean tokenAuthentication = isTokenAuthentication(request);
if (!firstCallToSetupMC && !tokenAuthentication) {
// Block all the REST calls that pass trough 'mc' entry point and are not authenticated by
// the MS token authentication,
throw new AuthorizationRestException(
"The access trough the 'mc' entry point is allowed only with token authentication");
} else if ((firstCallToSetupMC && tokenAuthentication)) {
// Block the setupMC REST calls that pass trough 'mc' entry point and are authenticated by
// basic authentication except the first time.
throw new AuthorizationRestException(
"To initialize mission control chanel for the first time use user name and password ");
} else {
String username = authorizationService.currentUsername();
request.setSecurityContext(
new RoleAuthenticator(username, AuthorizationService.ROLE_ADMIN));
return request;
}
}
// Set the authenticated user and role
String username = authorizationService.currentUsername();
boolean admin = authorizationService.isAdmin();
boolean ha =
SecurityContextHolder.getContext().getAuthentication()
instanceof HaSystemAuthenticationToken;
if (ha) {
request.setSecurityContext(new RoleAuthenticator(username, HaRestConstants.ROLE_HA));
return request;
}
if (admin) {
request.setSecurityContext(
new RoleAuthenticator(username, AuthorizationService.ROLE_ADMIN));
} else {
request.setSecurityContext(new RoleAuthenticator(username, AuthorizationService.ROLE_USER));
}
}
return request;
}