Exemplo n.º 1
0
 private SecurityContext basicAuthentication(HttpRequest request, HttpResponse response)
     throws IOException {
   List<String> headers = request.getHttpHeaders().getRequestHeader(HttpHeaderNames.AUTHORIZATION);
   if (!headers.isEmpty()) {
     String auth = headers.get(0);
     if (auth.length() > 5) {
       String type = auth.substring(0, 5);
       type = type.toLowerCase();
       if ("basic".equals(type)) {
         String cookie = auth.substring(6);
         cookie = new String(Base64.decodeBase64(cookie.getBytes()));
         String[] split = cookie.split(":");
         Principal user = null;
         try {
           user = domain.authenticate(split[0], split[1]);
           return new NettySecurityContext(user, domain, "BASIC", true);
         } catch (SecurityException e) {
           response.sendError(HttpResponseCodes.SC_UNAUTHORIZED);
           return null;
         }
       } else {
         response.sendError(HttpResponseCodes.SC_UNAUTHORIZED);
         return null;
       }
     }
   }
   return null;
 }
Exemplo n.º 2
0
  protected void writeFailure(HttpRequest request, HttpResponse response, Response jaxrsResponse) {
    response.reset();
    try {
      writeJaxrsResponse(request, response, jaxrsResponse);
    } catch (WebApplicationException ex) {
      if (response.isCommitted())
        throw new UnhandledException("Request was committed couldn't handle exception", ex);
      // don't think I want to call writeJaxrsResponse infinately! so we'll just write the status
      response.reset();
      response.setStatus(ex.getResponse().getStatus());

    } catch (Exception e1) {
      throw new UnhandledException(e1); // we're screwed, can't handle the exception
    }
  }
Exemplo n.º 3
0
 public void doWrite(
     HttpResponse response,
     Object toOutput,
     Class type,
     Type genericType,
     Annotation[] annotations,
     MediaType mediaType)
     throws IOException {
   doWrite(
       toOutput,
       type,
       genericType,
       mediaType,
       annotations,
       response.getOutputHeaders(),
       response.getOutputStream());
 }
Exemplo n.º 4
0
  protected void handleWebApplicationException(
      HttpRequest request, HttpResponse response, WebApplicationException wae) {
    if (!(wae instanceof NoLogWebApplicationException)) logger.error("failed to execute", wae);
    if (response.isCommitted())
      throw new UnhandledException("Request was committed couldn't handle exception", wae);

    writeFailure(request, response, wae.getResponse());
  }
Exemplo n.º 5
0
  public void build(HttpResponse response) {
    String origin = request.getHttpHeaders().getRequestHeaders().getFirst(ORIGIN_HEADER);
    if (origin == null) {
      logger.debug("No origin returning");
      return;
    }

    if (!preflight
        && (allowedOrigins == null
            || (!allowedOrigins.contains(origin)
                && !allowedOrigins.contains(ACCESS_CONTROL_ALLOW_ORIGIN_WILDCARD)))) {
      logger.debug("!preflight and no origin");
      return;
    }

    logger.debug("build CORS headers and return");

    response.getOutputHeaders().add(ACCESS_CONTROL_ALLOW_ORIGIN, origin);

    if (preflight) {
      if (allowedMethods != null) {
        response
            .getOutputHeaders()
            .add(ACCESS_CONTROL_ALLOW_METHODS, CollectionUtil.join(allowedMethods));
      } else {
        response.getOutputHeaders().add(ACCESS_CONTROL_ALLOW_METHODS, DEFAULT_ALLOW_METHODS);
      }
    }

    if (!preflight && exposedHeaders != null) {
      response
          .getOutputHeaders()
          .add(ACCESS_CONTROL_EXPOSE_HEADERS, CollectionUtil.join(exposedHeaders));
    }

    response.getOutputHeaders().add(ACCESS_CONTROL_ALLOW_CREDENTIALS, Boolean.toString(auth));

    if (preflight) {
      if (auth) {
        response
            .getOutputHeaders()
            .add(
                ACCESS_CONTROL_ALLOW_HEADERS,
                String.format("%s, %s", DEFAULT_ALLOW_HEADERS, AUTHORIZATION_HEADER));
      } else {
        response.getOutputHeaders().add(ACCESS_CONTROL_ALLOW_HEADERS, DEFAULT_ALLOW_HEADERS);
      }
    }

    if (preflight) {
      response.getOutputHeaders().add(ACCESS_CONTROL_MAX_AGE, DEFAULT_MAX_AGE);
    }
  }
Exemplo n.º 6
0
  protected void handleFailure(HttpRequest request, HttpResponse response, Failure failure) {
    if (failure.isLoggable())
      logger.error(
          "Failed executing " + request.getHttpMethod() + " " + request.getUri().getPath(),
          failure);
    else
      logger.debug(
          "Failed executing " + request.getHttpMethod() + " " + request.getUri().getPath(),
          failure);

    if (failure.getResponse() != null) {
      writeFailure(request, response, failure.getResponse());
    } else {
      try {
        if (failure.getMessage() != null) {
          response.sendError(failure.getErrorCode(), failure.getMessage());
        } else {
          response.sendError(failure.getErrorCode());
        }
      } catch (IOException e1) {
        throw new UnhandledException(e1);
      }
    }
  }