diff options
author | Rafael Guterres <guterresrafael@gmail.com> | 2015-11-27 03:32:59 -0200 |
---|---|---|
committer | Rafael Guterres <guterresrafael@gmail.com> | 2015-11-27 03:32:59 -0200 |
commit | c57bd2d472467b1b3a45aee1b97c9a0aeef5958a (patch) | |
tree | 26fae20adf1970b5834f06393a3c703c972f39b1 /src/org/traccar/api/SecurityRequestFilter.java | |
parent | 77cd23da84ebebcf99a97a8aef88aa9a4884ca40 (diff) | |
download | trackermap-server-c57bd2d472467b1b3a45aee1b97c9a0aeef5958a.tar.gz trackermap-server-c57bd2d472467b1b3a45aee1b97c9a0aeef5958a.tar.bz2 trackermap-server-c57bd2d472467b1b3a45aee1b97c9a0aeef5958a.zip |
Initial implementation of new api with jax-rs.
Revert servlets to old api and remove plurals.
Fix findbugs for header origin.
Diffstat (limited to 'src/org/traccar/api/SecurityRequestFilter.java')
-rw-r--r-- | src/org/traccar/api/SecurityRequestFilter.java | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/src/org/traccar/api/SecurityRequestFilter.java b/src/org/traccar/api/SecurityRequestFilter.java new file mode 100644 index 000000000..9d59cdc01 --- /dev/null +++ b/src/org/traccar/api/SecurityRequestFilter.java @@ -0,0 +1,82 @@ +/* + * Copyright 2015 Anton Tananaev (anton.tananaev@gmail.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.api; + +import java.lang.reflect.Method; +import java.util.Arrays; +import java.util.HashSet; +import java.util.Set; +import javax.annotation.security.DenyAll; +import javax.annotation.security.PermitAll; +import javax.annotation.security.RolesAllowed; +import javax.ws.rs.container.ContainerRequestContext; +import javax.ws.rs.container.ContainerRequestFilter; +import javax.ws.rs.container.ResourceInfo; +import javax.ws.rs.ext.Provider; + +@Provider +public class SecurityRequestFilter implements ContainerRequestFilter { + + @javax.ws.rs.core.Context + private ResourceInfo resourceInfo; + + @Override + public void filter(ContainerRequestContext requestContext) { + Method method = resourceInfo.getResourceMethod(); + + //@PermitAll + if (method.isAnnotationPresent(PermitAll.class)) { + return; + } + + //@DenyAll + if (method.isAnnotationPresent(DenyAll.class)) { + requestContext.abortWith(ResponseBuilder.forbidden()); + return; + } + + //AuthorizationBasic + UserPrincipal userPrincipal = AuthorizationBasic.getUserPrincipal(requestContext); + if (userPrincipal == null + || userPrincipal.getName() == null + || userPrincipal.getPassword() == null + || !isAuthenticatedUser(userPrincipal)) { + requestContext.abortWith(ResponseBuilder.unauthorized()); + return; + } + + //@RolesAllowed + if (method.isAnnotationPresent(RolesAllowed.class)) { + RolesAllowed rolesAnnotation = method.getAnnotation(RolesAllowed.class); + Set<String> roles = new HashSet<>(Arrays.asList(rolesAnnotation.value())); + if (!isAuthorizedUser(userPrincipal, roles)) { + requestContext.abortWith(ResponseBuilder.forbidden()); + return; + } + } + + //SecurityContext + requestContext.setSecurityContext(new SecurityContextApi(userPrincipal)); + } + + private boolean isAuthenticatedUser(UserPrincipal principal) { + return AuthorizationBasic.isAuthenticatedUser(principal); + } + + private boolean isAuthorizedUser(UserPrincipal userPrincipal, Set<String> roles) { + return AuthorizationBasic.isAuthorizedUser(userPrincipal, roles); + } +} |