diff options
Diffstat (limited to 'src/org/traccar/api/SecurityRequestFilter.java')
-rw-r--r-- | src/org/traccar/api/SecurityRequestFilter.java | 40 |
1 files changed, 25 insertions, 15 deletions
diff --git a/src/org/traccar/api/SecurityRequestFilter.java b/src/org/traccar/api/SecurityRequestFilter.java index f0dd363db..ca3ebf04d 100644 --- a/src/org/traccar/api/SecurityRequestFilter.java +++ b/src/org/traccar/api/SecurityRequestFilter.java @@ -1,5 +1,5 @@ /* - * Copyright 2015 - 2016 Anton Tananaev (anton.tananaev@gmail.com) + * Copyright 2015 - 2016 Anton Tananaev (anton@traccar.org) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,6 +17,7 @@ package org.traccar.api; import org.traccar.Context; import org.traccar.api.resource.SessionResource; +import org.traccar.helper.Log; import org.traccar.model.User; import javax.annotation.security.PermitAll; @@ -62,26 +63,35 @@ public class SecurityRequestFilter implements ContainerRequestFilter { SecurityContext securityContext = null; - String authHeader = requestContext.getHeaderString(AUTHORIZATION_HEADER); - if (authHeader != null) { + try { - try { - String[] auth = decodeBasicAuth(authHeader); - User user = Context.getDataManager().login(auth[0], auth[1]); - if (user != null) { - securityContext = new UserSecurityContext(new UserPrincipal(user.getId())); + String authHeader = requestContext.getHeaderString(AUTHORIZATION_HEADER); + if (authHeader != null) { + + try { + String[] auth = decodeBasicAuth(authHeader); + User user = Context.getPermissionsManager().login(auth[0], auth[1]); + if (user != null) { + Context.getStatisticsManager().registerRequest(user.getId()); + securityContext = new UserSecurityContext(new UserPrincipal(user.getId())); + } + } catch (SQLException e) { + throw new WebApplicationException(e); } - } catch (SQLException e) { - throw new WebApplicationException(e); - } - } else if (request.getSession() != null) { + } else if (request.getSession() != null) { + + Long userId = (Long) request.getSession().getAttribute(SessionResource.USER_ID_KEY); + if (userId != null) { + Context.getPermissionsManager().checkUserEnabled(userId); + Context.getStatisticsManager().registerRequest(userId); + securityContext = new UserSecurityContext(new UserPrincipal(userId)); + } - Long userId = (Long) request.getSession().getAttribute(SessionResource.USER_ID_KEY); - if (userId != null) { - securityContext = new UserSecurityContext(new UserPrincipal(userId)); } + } catch (SecurityException e) { + Log.warning(e); } if (securityContext != null) { |