@Override public void configure(ResourceInfo resourceInfo, FeatureContext featureContext) { LOG.log(Level.INFO, "SecureRegistration.configure() Reading Annotation <Secure>"); Secure secure = resourceInfo.getResourceMethod().getAnnotation(Secure.class); if (secure == null) return; // // Try to set which Grant has been choosen // HandleGrant handleGrant = null; // switch(secure.grant()) { // case IMPLICIT: handleGrant = new HandleImplicitGrant( // tokenManagement, secure.scope()); break; // case RESOURCE_OWNER_PASSWORD_CREDENTIALS: // handleGrant = new HandleResourceOwnerPasswordCredentialsGrant( // tokenManagement, secure.username(), secure.password(), // secure.scope()); break; // case CLIENT_CREDENTIALS: handleGrant = new HandleClientCredentialsGrant( // tokenManagement, secure.scope()); break; // // DEFAULT: Authorization Code Grant // default: tokenManagement.setContext(context); // Setting the context // handleGrant = new HandleAuthorizationCodeGrant( // tokenManagement, secure.scope()); // } // Set the ServletContext tokenManagement.setContext(context); LOG.log(Level.INFO, "SecureRegistration.configure() Creating new instance of Filter"); PorcupineFilter filter = new PorcupineFilter(context, tokenManagement, secure); featureContext.register(filter); }
@Override public void configure(ResourceInfo resourceInfo, FeatureContext context) { final AnnotatedMethod am = new AnnotatedMethod(resourceInfo.getResourceMethod()); if (am.isAnnotationPresent(RolesAllowed.class) || am.isAnnotationPresent(DenyAll.class) || am.isAnnotationPresent(PermitAll.class)) { context.register(authFilter); } }
@Override public void configure(ResourceInfo resourceInfo, FeatureContext featureContext) { Method am = resourceInfo.getResourceMethod(); logger.debug( "configure {} method {}", resourceInfo.getResourceClass().getSimpleName(), resourceInfo.getResourceMethod().getName()); if (am.isAnnotationPresent(RequireApplicationAccess.class)) { featureContext.register(ApplicationFilter.class); } else if (am.isAnnotationPresent(RequireOrganizationAccess.class)) { featureContext.register(OrganizationFilter.class); } else if (am.isAnnotationPresent(RequireSystemAccess.class)) { featureContext.register(SystemFilter.class); } else if (am.isAnnotationPresent(RequireAdminUserAccess.class)) { featureContext.register(SystemFilter.AdminUserFilter.class); } }
@Override public void configure(ResourceInfo resourceInfo, FeatureContext configurable) { final Class declaring = resourceInfo.getResourceClass(); final Method method = resourceInfo.getResourceMethod(); if (declaring == null || method == null) return; for (Annotation[] annotations : method.getParameterAnnotations()) { String encoding = getEncoding(annotations); if (encoding != null) { configurable.register(new ClientContentEncodingAnnotationFilter(encoding)); return; } } }
public void filter(ContainerRequestContext context) throws IOException { Class<?> resourceClass = resourceInfo.getResourceClass(); if (resourceClass != null) { Annotation annotation = fetchAnnotation(resourceClass.getAnnotations()); if (annotation != null) { ANNOTATION_MAP.get(annotation.annotationType()).assertAuthorized(annotation); } } Method method = resourceInfo.getResourceMethod(); if (method != null) { Annotation annotation = fetchAnnotation(method.getAnnotations()); if (annotation != null) { ANNOTATION_MAP.get(annotation.annotationType()).assertAuthorized(annotation); } } }
private boolean isOpenGlobally(ContainerRequestContext requestContext) { /* Get method invoked. */ Method methodInvoked = resourceInfo.getResourceMethod(); /* Check if open method... */ if (methodInvoked.isAnnotationPresent(PermitAll.class)) { /* * Method is globally permitted, so we proceed without interactions. */ return true; } /* Check whether anonymous is allowed to read... */ if ((anonymousCanRead) && (HttpMethod.GET.equals(requestContext.getMethod()))) { /* * Anonymous is allowed read, so we can open GET methods globally * and skip all other tests for performance reasons. */ return true; } return false; }
@Override public void configure(ResourceInfo resourceInfo, FeatureContext context) { Method resourceMethod = resourceInfo.getResourceMethod(); Class<?> resourceClass = resourceInfo.getResourceClass(); if (metricsDisabled(resourceClass)) { return; } Path methodPath = resourceMethod.getAnnotation(Path.class); Path classPath = resourceClass.getAnnotation(Path.class); Path path = methodPath != null ? methodPath : classPath; if (path != null) { UriBuilder builder = methodPath != null ? UriBuilder.fromResource(resourceClass).path(resourceClass, resourceMethod.getName()) : UriBuilder.fromResource(resourceClass); String template = builder.toTemplate(); context.register(new TimerBeforeFilter(template)); context.register(TimerAfterFilter.class); } }
private static boolean classOrResourceAnnotatedWith( ResourceInfo resourceInfo, Class<NeverCache> class1) { return resourceInfo.getResourceClass().isAnnotationPresent(class1) || resourceInfo.getResourceMethod().isAnnotationPresent(class1); }
@Override public void filter(ContainerRequestContext requestContext) throws IOException { /* Get AuthId and AuthToken from HTTP-Header. */ String authIdString = requestContext.getHeaderString(AuthElement.AUTH_ID_HEADER); String authTokenString = requestContext.getHeaderString(AuthElement.AUTH_TOKEN_HEADER); if ((authIdString == null) || (authIdString.isEmpty()) || (authTokenString == null) || (authTokenString.isEmpty())) { if (!isOpenGlobally(requestContext)) { /* * Method is not globally open and we do not have authentication * data, so we need to ask for it. */ eventLogger.logEvent(createUserNotAuthenticatedEvent()); requestContext.abortWith(ACCESS_UNAUTHORIZED); } return; } /* Check email address format and convert it... */ EmailAddress email; try { email = new EmailAddress(authIdString); } catch (IllegalArgumentException e) { if (!isOpenGlobally(requestContext)) { eventLogger.logEvent(createIllegalEmailAddressEvent(authIdString)); requestContext.abortWith(ACCESS_UNAUTHORIZED); } return; } /* Check authentication token and convert it... */ UUID authToken; try { authToken = UUID.fromString(authTokenString); } catch (IllegalArgumentException e) { if (!isOpenGlobally(requestContext)) { eventLogger.logEvent(createIllegalTokenEvent(authTokenString, email)); requestContext.abortWith(ACCESS_UNAUTHORIZED); } return; } /* Check for correct authentication data... */ if (authService.isAuthenticated(email, authToken)) { authService.updateActivity(email, authToken); } else { if (!isOpenGlobally(requestContext)) { /* * Authentication data does not fit, so we do not need to check * further... */ eventLogger.logEvent(createInvalidAuthenticationDataEvent(authTokenString, email)); requestContext.abortWith(ACCESS_UNAUTHORIZED); } return; } /* Get method invoked. */ Method methodInvoked = resourceInfo.getResourceMethod(); /* * Check for certain roles to be allowed... */ if (isOpenGlobally(requestContext)) { return; } else if (authService.isAuthorizedAdministrator(email, authToken)) { /* User is an administrator, so she is allowed. */ return; } else if (methodInvoked.isAnnotationPresent(RolesAllowed.class)) { RolesAllowed rolesAllowedAnnotation = methodInvoked.getAnnotation(RolesAllowed.class); Set<String> rolesAllowed = new HashSet<>(Arrays.asList(rolesAllowedAnnotation.roles())); if (!authService.isAuthorized(email, authToken, rolesAllowed)) { eventLogger.logEvent(createInsufficientPrivilegesEvent(methodInvoked, email)); requestContext.abortWith(FORBIDDEN); } return; } else if (methodInvoked.isAnnotationPresent(DenyAll.class)) { /* Globally forbidden method. */ eventLogger.logEvent(createForbiddenEvent(methodInvoked, email)); requestContext.abortWith(FORBIDDEN); return; } /* * ATTENTION(!): DUE TO SECURITY REASONS, ALL REST METHODS ARE DENIED * PER DEFAULT! * * Functionality needs to be declared permitted or roles added to open * methods into the public. */ eventLogger.logEvent(createUnspecifiedAuthorizationEvent(methodInvoked, email)); requestContext.abortWith(FORBIDDEN); }
@Override public void configure(ResourceInfo resourceInfo, FeatureContext context) { if (resourceInfo.getResourceMethod().getAnnotation(DateRequired.class) != null) { context.register(DateNotSpecifiedFilter.class); } }