예제 #1
0
  @Override
  public void configure(ResourceInfo resourceInfo, FeatureContext featureContext) {
    LOG.log(Level.INFO, "SecureRegistration.configure() Reading Annotation <Secure>");
    Secure secure = resourceInfo.getResourceMethod().getAnnotation(Secure.class);
    if (secure == null) return;

    //        // Try to set which Grant has been choosen
    //        HandleGrant handleGrant = null;
    //        switch(secure.grant()) {
    //            case IMPLICIT: handleGrant = new HandleImplicitGrant(
    //                                        tokenManagement, secure.scope()); break;
    //            case RESOURCE_OWNER_PASSWORD_CREDENTIALS:
    //                handleGrant = new HandleResourceOwnerPasswordCredentialsGrant(
    //                        tokenManagement, secure.username(), secure.password(),
    //                                                    secure.scope()); break;
    //            case CLIENT_CREDENTIALS: handleGrant = new HandleClientCredentialsGrant(
    //                                              tokenManagement, secure.scope()); break;
    //            // DEFAULT: Authorization Code Grant
    //            default: tokenManagement.setContext(context); // Setting the context
    //                handleGrant = new HandleAuthorizationCodeGrant(
    //                                                tokenManagement, secure.scope());
    //        }

    // Set the ServletContext
    tokenManagement.setContext(context);

    LOG.log(Level.INFO, "SecureRegistration.configure() Creating new instance of Filter");
    PorcupineFilter filter = new PorcupineFilter(context, tokenManagement, secure);
    featureContext.register(filter);
  }
 @Override
 public void configure(ResourceInfo resourceInfo, FeatureContext context) {
   final AnnotatedMethod am = new AnnotatedMethod(resourceInfo.getResourceMethod());
   if (am.isAnnotationPresent(RolesAllowed.class)
       || am.isAnnotationPresent(DenyAll.class)
       || am.isAnnotationPresent(PermitAll.class)) {
     context.register(authFilter);
   }
 }
  @Override
  public void configure(ResourceInfo resourceInfo, FeatureContext featureContext) {
    Method am = resourceInfo.getResourceMethod();

    logger.debug(
        "configure {} method {}",
        resourceInfo.getResourceClass().getSimpleName(),
        resourceInfo.getResourceMethod().getName());

    if (am.isAnnotationPresent(RequireApplicationAccess.class)) {
      featureContext.register(ApplicationFilter.class);
    } else if (am.isAnnotationPresent(RequireOrganizationAccess.class)) {
      featureContext.register(OrganizationFilter.class);
    } else if (am.isAnnotationPresent(RequireSystemAccess.class)) {
      featureContext.register(SystemFilter.class);
    } else if (am.isAnnotationPresent(RequireAdminUserAccess.class)) {
      featureContext.register(SystemFilter.AdminUserFilter.class);
    }
  }
  @Override
  public void configure(ResourceInfo resourceInfo, FeatureContext configurable) {
    final Class declaring = resourceInfo.getResourceClass();
    final Method method = resourceInfo.getResourceMethod();

    if (declaring == null || method == null) return;

    for (Annotation[] annotations : method.getParameterAnnotations()) {
      String encoding = getEncoding(annotations);
      if (encoding != null) {
        configurable.register(new ClientContentEncodingAnnotationFilter(encoding));
        return;
      }
    }
  }
  public void filter(ContainerRequestContext context) throws IOException {

    Class<?> resourceClass = resourceInfo.getResourceClass();
    if (resourceClass != null) {
      Annotation annotation = fetchAnnotation(resourceClass.getAnnotations());
      if (annotation != null) {
        ANNOTATION_MAP.get(annotation.annotationType()).assertAuthorized(annotation);
      }
    }

    Method method = resourceInfo.getResourceMethod();
    if (method != null) {
      Annotation annotation = fetchAnnotation(method.getAnnotations());
      if (annotation != null) {
        ANNOTATION_MAP.get(annotation.annotationType()).assertAuthorized(annotation);
      }
    }
  }
 private boolean isOpenGlobally(ContainerRequestContext requestContext) {
   /* Get method invoked. */
   Method methodInvoked = resourceInfo.getResourceMethod();
   /* Check if open method... */
   if (methodInvoked.isAnnotationPresent(PermitAll.class)) {
     /*
      * Method is globally permitted, so we proceed without interactions.
      */
     return true;
   }
   /* Check whether anonymous is allowed to read... */
   if ((anonymousCanRead) && (HttpMethod.GET.equals(requestContext.getMethod()))) {
     /*
      * Anonymous is allowed read, so we can open GET methods globally
      * and skip all other tests for performance reasons.
      */
     return true;
   }
   return false;
 }
예제 #7
0
  @Override
  public void configure(ResourceInfo resourceInfo, FeatureContext context) {

    Method resourceMethod = resourceInfo.getResourceMethod();
    Class<?> resourceClass = resourceInfo.getResourceClass();
    if (metricsDisabled(resourceClass)) {
      return;
    }
    Path methodPath = resourceMethod.getAnnotation(Path.class);
    Path classPath = resourceClass.getAnnotation(Path.class);

    Path path = methodPath != null ? methodPath : classPath;
    if (path != null) {
      UriBuilder builder =
          methodPath != null
              ? UriBuilder.fromResource(resourceClass).path(resourceClass, resourceMethod.getName())
              : UriBuilder.fromResource(resourceClass);

      String template = builder.toTemplate();
      context.register(new TimerBeforeFilter(template));
      context.register(TimerAfterFilter.class);
    }
  }
 private static boolean classOrResourceAnnotatedWith(
     ResourceInfo resourceInfo, Class<NeverCache> class1) {
   return resourceInfo.getResourceClass().isAnnotationPresent(class1)
       || resourceInfo.getResourceMethod().isAnnotationPresent(class1);
 }
 @Override
 public void filter(ContainerRequestContext requestContext) throws IOException {
   /* Get AuthId and AuthToken from HTTP-Header. */
   String authIdString = requestContext.getHeaderString(AuthElement.AUTH_ID_HEADER);
   String authTokenString = requestContext.getHeaderString(AuthElement.AUTH_TOKEN_HEADER);
   if ((authIdString == null)
       || (authIdString.isEmpty())
       || (authTokenString == null)
       || (authTokenString.isEmpty())) {
     if (!isOpenGlobally(requestContext)) {
       /*
        * Method is not globally open and we do not have authentication
        * data, so we need to ask for it.
        */
       eventLogger.logEvent(createUserNotAuthenticatedEvent());
       requestContext.abortWith(ACCESS_UNAUTHORIZED);
     }
     return;
   }
   /* Check email address format and convert it... */
   EmailAddress email;
   try {
     email = new EmailAddress(authIdString);
   } catch (IllegalArgumentException e) {
     if (!isOpenGlobally(requestContext)) {
       eventLogger.logEvent(createIllegalEmailAddressEvent(authIdString));
       requestContext.abortWith(ACCESS_UNAUTHORIZED);
     }
     return;
   }
   /* Check authentication token and convert it... */
   UUID authToken;
   try {
     authToken = UUID.fromString(authTokenString);
   } catch (IllegalArgumentException e) {
     if (!isOpenGlobally(requestContext)) {
       eventLogger.logEvent(createIllegalTokenEvent(authTokenString, email));
       requestContext.abortWith(ACCESS_UNAUTHORIZED);
     }
     return;
   }
   /* Check for correct authentication data... */
   if (authService.isAuthenticated(email, authToken)) {
     authService.updateActivity(email, authToken);
   } else {
     if (!isOpenGlobally(requestContext)) {
       /*
        * Authentication data does not fit, so we do not need to check
        * further...
        */
       eventLogger.logEvent(createInvalidAuthenticationDataEvent(authTokenString, email));
       requestContext.abortWith(ACCESS_UNAUTHORIZED);
     }
     return;
   }
   /* Get method invoked. */
   Method methodInvoked = resourceInfo.getResourceMethod();
   /*
    * Check for certain roles to be allowed...
    */
   if (isOpenGlobally(requestContext)) {
     return;
   } else if (authService.isAuthorizedAdministrator(email, authToken)) {
     /* User is an administrator, so she is allowed. */
     return;
   } else if (methodInvoked.isAnnotationPresent(RolesAllowed.class)) {
     RolesAllowed rolesAllowedAnnotation = methodInvoked.getAnnotation(RolesAllowed.class);
     Set<String> rolesAllowed = new HashSet<>(Arrays.asList(rolesAllowedAnnotation.roles()));
     if (!authService.isAuthorized(email, authToken, rolesAllowed)) {
       eventLogger.logEvent(createInsufficientPrivilegesEvent(methodInvoked, email));
       requestContext.abortWith(FORBIDDEN);
     }
     return;
   } else if (methodInvoked.isAnnotationPresent(DenyAll.class)) {
     /* Globally forbidden method. */
     eventLogger.logEvent(createForbiddenEvent(methodInvoked, email));
     requestContext.abortWith(FORBIDDEN);
     return;
   }
   /*
    * ATTENTION(!): DUE TO SECURITY REASONS, ALL REST METHODS ARE DENIED
    * PER DEFAULT!
    *
    * Functionality needs to be declared permitted or roles added to open
    * methods into the public.
    */
   eventLogger.logEvent(createUnspecifiedAuthorizationEvent(methodInvoked, email));
   requestContext.abortWith(FORBIDDEN);
 }
예제 #10
0
 @Override
 public void configure(ResourceInfo resourceInfo, FeatureContext context) {
   if (resourceInfo.getResourceMethod().getAnnotation(DateRequired.class) != null) {
     context.register(DateNotSpecifiedFilter.class);
   }
 }