@Override public ContainerRequest filter(ContainerRequest request) { final String accessToken = request.getHeaderValue("Authorization"); Session session = null; TokenWrapper response = null; if (accessToken != null && accessToken.length() > 0) { try { PhiAuthClient.setHostname("http://evergreenalumniclub.com:7080/PhiAuth/rest"); response = PhiAuthClient.validateToken(accessToken); } catch (URISyntaxException e) { throw new UnableToValidateException( String.valueOf(Math.random()), "Could not validate token due to URI exception." + e.getMessage()); } catch (HttpException e) { throw new UnableToValidateException( String.valueOf(Math.random()), "Could not validate token due to http exception." + e.getMessage()); } catch (IOException e) { throw new UnableToValidateException( String.valueOf(Math.random()), "Could not validate token due to IO exception."); } catch (DependentServiceException e) { throw e; } catch (UnableToValidateException e) { throw new WebApplicationException(); } } else { throw new InvalidTokenException(String.valueOf(Math.random()), "No token provided"); } // Set security context request.setSecurityContext(new PhiAuthSecurityContext(session, response)); return request; }
@Override public ContainerRequest filter(ContainerRequest request) { // validate session still active AuthUtils.validateSession(this.request, uriInfo, response); boolean authenticated = authorizationService.isAuthenticated(); boolean anonAccessEnabled = authorizationService.isAnonAccessEnabled(); if (!authenticated) { if (anonAccessEnabled || uriInfo.getPath().indexOf("auth") != -1) { // If anon access is allowed and we didn't bother authenticating try to perform the action // as a user request.setSecurityContext( new RoleAuthenticator(UserInfo.ANONYMOUS, AuthorizationService.ROLE_USER)); } else { throw new AuthorizationRestException(); } } else { // Block all the REST calls that pass trough 'mc' entry point and are not authenticated by the // MS token authentication, // except the FIRST and only the FIRST call to the setupMC that can be authenticated by the // basic authentication, if (isMissionControlAccesPoint(request)) { boolean firstCallToSetupMC = isFirstCallToSetupMC(request); boolean tokenAuthentication = isTokenAuthentication(request); if (!firstCallToSetupMC && !tokenAuthentication) { // Block all the REST calls that pass trough 'mc' entry point and are not authenticated by // the MS token authentication, throw new AuthorizationRestException( "The access trough the 'mc' entry point is allowed only with token authentication"); } else if ((firstCallToSetupMC && tokenAuthentication)) { // Block the setupMC REST calls that pass trough 'mc' entry point and are authenticated by // basic authentication except the first time. throw new AuthorizationRestException( "To initialize mission control chanel for the first time use user name and password "); } else { String username = authorizationService.currentUsername(); request.setSecurityContext( new RoleAuthenticator(username, AuthorizationService.ROLE_ADMIN)); return request; } } // Set the authenticated user and role String username = authorizationService.currentUsername(); boolean admin = authorizationService.isAdmin(); boolean ha = SecurityContextHolder.getContext().getAuthentication() instanceof HaSystemAuthenticationToken; if (ha) { request.setSecurityContext(new RoleAuthenticator(username, HaRestConstants.ROLE_HA)); return request; } if (admin) { request.setSecurityContext( new RoleAuthenticator(username, AuthorizationService.ROLE_ADMIN)); } else { request.setSecurityContext(new RoleAuthenticator(username, AuthorizationService.ROLE_USER)); } } return request; }