aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnton Tananaev <anton.tananaev@gmail.com>2015-12-02 12:09:47 +1300
committerAnton Tananaev <anton.tananaev@gmail.com>2015-12-02 12:09:47 +1300
commit84d2b260896e336482c302cf2a52a79c013ee13e (patch)
tree91483f406f5d90b6b06034b5e704f4cce4c00514
parenta0c9cec5beb28448073b127c31df23134336f4cf (diff)
downloadtraccar-server-84d2b260896e336482c302cf2a52a79c013ee13e.tar.gz
traccar-server-84d2b260896e336482c302cf2a52a79c013ee13e.tar.bz2
traccar-server-84d2b260896e336482c302cf2a52a79c013ee13e.zip
Use annotations for resource access control
-rw-r--r--src/org/traccar/api/SecurityRequestFilter.java14
-rw-r--r--src/org/traccar/api/resource/ServerResource.java2
-rw-r--r--src/org/traccar/api/resource/SessionResource.java3
3 files changed, 13 insertions, 6 deletions
diff --git a/src/org/traccar/api/SecurityRequestFilter.java b/src/org/traccar/api/SecurityRequestFilter.java
index 3563cbf77..782ca7de5 100644
--- a/src/org/traccar/api/SecurityRequestFilter.java
+++ b/src/org/traccar/api/SecurityRequestFilter.java
@@ -16,17 +16,18 @@
package org.traccar.api;
import org.traccar.Context;
-import org.traccar.api.resource.ServerResource;
import org.traccar.api.resource.SessionResource;
import org.traccar.model.User;
+import java.lang.reflect.Method;
import java.nio.charset.Charset;
import java.sql.SQLException;
+import javax.annotation.security.PermitAll;
import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.Path;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
+import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import javax.xml.bind.DatatypeConverter;
@@ -49,12 +50,13 @@ public class SecurityRequestFilter implements ContainerRequestFilter {
@javax.ws.rs.core.Context
private HttpServletRequest req;
+ @javax.ws.rs.core.Context
+ private ResourceInfo resourceInfo;
+
@Override
public void filter(ContainerRequestContext requestContext) {
- String path = requestContext.getUriInfo().getPath();
- String serverPath = ServerResource.class.getAnnotation(Path.class).value();
- String sessionPath = SessionResource.class.getAnnotation(Path.class).value();
- if (serverPath.equals(path) || sessionPath.equals(path)) {
+ Method method = resourceInfo.getResourceMethod();
+ if (method.isAnnotationPresent(PermitAll.class)) {
return;
}
diff --git a/src/org/traccar/api/resource/ServerResource.java b/src/org/traccar/api/resource/ServerResource.java
index fc04ee248..ffe6745f4 100644
--- a/src/org/traccar/api/resource/ServerResource.java
+++ b/src/org/traccar/api/resource/ServerResource.java
@@ -20,6 +20,7 @@ import org.traccar.api.BaseResource;
import org.traccar.model.Server;
import org.traccar.model.User;
+import javax.annotation.security.PermitAll;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.FormParam;
@@ -37,6 +38,7 @@ import java.sql.SQLException;
@Consumes(MediaType.APPLICATION_JSON)
public class ServerResource extends BaseResource {
+ @PermitAll
@GET
public Server get() {
try {
diff --git a/src/org/traccar/api/resource/SessionResource.java b/src/org/traccar/api/resource/SessionResource.java
index 347beb9a3..53e29802c 100644
--- a/src/org/traccar/api/resource/SessionResource.java
+++ b/src/org/traccar/api/resource/SessionResource.java
@@ -19,6 +19,7 @@ import org.traccar.Context;
import org.traccar.api.BaseResource;
import org.traccar.model.User;
+import javax.annotation.security.PermitAll;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
@@ -43,6 +44,7 @@ public class SessionResource extends BaseResource {
@javax.ws.rs.core.Context
private HttpServletRequest req;
+ @PermitAll
@GET
public User get() {
try {
@@ -57,6 +59,7 @@ public class SessionResource extends BaseResource {
}
}
+ @PermitAll
@POST
public User add(@FormParam("email") String email, @FormParam("password") String password) {
try {