@Override
public ContainerRequest filter(ContainerRequest request) {
final String accessToken = request.getHeaderValue("Authorization");
Session session = null;
TokenWrapper response = null;
if (accessToken != null && accessToken.length() > 0) {
try {
PhiAuthClient.setHostname("http://evergreenalumniclub.com:7080/PhiAuth/rest");
response = PhiAuthClient.validateToken(accessToken);
} catch (URISyntaxException e) {
throw new UnableToValidateException(
String.valueOf(Math.random()),
"Could not validate token due to URI exception." + e.getMessage());
} catch (HttpException e) {
throw new UnableToValidateException(
String.valueOf(Math.random()),
"Could not validate token due to http exception." + e.getMessage());
} catch (IOException e) {
throw new UnableToValidateException(
String.valueOf(Math.random()), "Could not validate token due to IO exception.");
} catch (DependentServiceException e) {
throw e;
} catch (UnableToValidateException e) {
throw new WebApplicationException();
}
} else {
throw new InvalidTokenException(String.valueOf(Math.random()), "No token provided");
}
// Set security context
request.setSecurityContext(new PhiAuthSecurityContext(session, response));
return request;
}
@Override
public ContainerRequest filter(ContainerRequest request) {
// validate session still active
AuthUtils.validateSession(this.request, uriInfo, response);
boolean authenticated = authorizationService.isAuthenticated();
boolean anonAccessEnabled = authorizationService.isAnonAccessEnabled();
if (!authenticated) {
if (anonAccessEnabled || uriInfo.getPath().indexOf("auth") != -1) {
// If anon access is allowed and we didn't bother authenticating try to perform the action
// as a user
request.setSecurityContext(
new RoleAuthenticator(UserInfo.ANONYMOUS, AuthorizationService.ROLE_USER));
} else {
throw new AuthorizationRestException();
}
} else {
// Block all the REST calls that pass trough 'mc' entry point and are not authenticated by the
// MS token authentication,
// except the FIRST and only the FIRST call to the setupMC that can be authenticated by the
// basic authentication,
if (isMissionControlAccesPoint(request)) {
boolean firstCallToSetupMC = isFirstCallToSetupMC(request);
boolean tokenAuthentication = isTokenAuthentication(request);
if (!firstCallToSetupMC && !tokenAuthentication) {
// Block all the REST calls that pass trough 'mc' entry point and are not authenticated by
// the MS token authentication,
throw new AuthorizationRestException(
"The access trough the 'mc' entry point is allowed only with token authentication");
} else if ((firstCallToSetupMC && tokenAuthentication)) {
// Block the setupMC REST calls that pass trough 'mc' entry point and are authenticated by
// basic authentication except the first time.
throw new AuthorizationRestException(
"To initialize mission control chanel for the first time use user name and password ");
} else {
String username = authorizationService.currentUsername();
request.setSecurityContext(
new RoleAuthenticator(username, AuthorizationService.ROLE_ADMIN));
return request;
}
}
// Set the authenticated user and role
String username = authorizationService.currentUsername();
boolean admin = authorizationService.isAdmin();
boolean ha =
SecurityContextHolder.getContext().getAuthentication()
instanceof HaSystemAuthenticationToken;
if (ha) {
request.setSecurityContext(new RoleAuthenticator(username, HaRestConstants.ROLE_HA));
return request;
}
if (admin) {
request.setSecurityContext(
new RoleAuthenticator(username, AuthorizationService.ROLE_ADMIN));
} else {
request.setSecurityContext(new RoleAuthenticator(username, AuthorizationService.ROLE_USER));
}
}
return request;
}
