From 84d2b260896e336482c302cf2a52a79c013ee13e Mon Sep 17 00:00:00 2001 From: Anton Tananaev Date: Wed, 2 Dec 2015 12:09:47 +1300 Subject: Use annotations for resource access control --- src/org/traccar/api/SecurityRequestFilter.java | 14 ++++++++------ src/org/traccar/api/resource/ServerResource.java | 2 ++ src/org/traccar/api/resource/SessionResource.java | 3 +++ 3 files changed, 13 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/org/traccar/api/SecurityRequestFilter.java b/src/org/traccar/api/SecurityRequestFilter.java index 3563cbf77..782ca7de5 100644 --- a/src/org/traccar/api/SecurityRequestFilter.java +++ b/src/org/traccar/api/SecurityRequestFilter.java @@ -16,17 +16,18 @@ package org.traccar.api; import org.traccar.Context; -import org.traccar.api.resource.ServerResource; import org.traccar.api.resource.SessionResource; import org.traccar.model.User; +import java.lang.reflect.Method; import java.nio.charset.Charset; import java.sql.SQLException; +import javax.annotation.security.PermitAll; import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.Path; import javax.ws.rs.WebApplicationException; import javax.ws.rs.container.ContainerRequestContext; import javax.ws.rs.container.ContainerRequestFilter; +import javax.ws.rs.container.ResourceInfo; import javax.ws.rs.core.Response; import javax.ws.rs.core.SecurityContext; import javax.xml.bind.DatatypeConverter; @@ -49,12 +50,13 @@ public class SecurityRequestFilter implements ContainerRequestFilter { @javax.ws.rs.core.Context private HttpServletRequest req; + @javax.ws.rs.core.Context + private ResourceInfo resourceInfo; + @Override public void filter(ContainerRequestContext requestContext) { - String path = requestContext.getUriInfo().getPath(); - String serverPath = ServerResource.class.getAnnotation(Path.class).value(); - String sessionPath = SessionResource.class.getAnnotation(Path.class).value(); - if (serverPath.equals(path) || sessionPath.equals(path)) { + Method method = resourceInfo.getResourceMethod(); + if (method.isAnnotationPresent(PermitAll.class)) { return; } diff --git a/src/org/traccar/api/resource/ServerResource.java b/src/org/traccar/api/resource/ServerResource.java index fc04ee248..ffe6745f4 100644 --- a/src/org/traccar/api/resource/ServerResource.java +++ b/src/org/traccar/api/resource/ServerResource.java @@ -20,6 +20,7 @@ import org.traccar.api.BaseResource; import org.traccar.model.Server; import org.traccar.model.User; +import javax.annotation.security.PermitAll; import javax.servlet.http.HttpServletRequest; import javax.ws.rs.Consumes; import javax.ws.rs.FormParam; @@ -37,6 +38,7 @@ import java.sql.SQLException; @Consumes(MediaType.APPLICATION_JSON) public class ServerResource extends BaseResource { + @PermitAll @GET public Server get() { try { diff --git a/src/org/traccar/api/resource/SessionResource.java b/src/org/traccar/api/resource/SessionResource.java index 347beb9a3..53e29802c 100644 --- a/src/org/traccar/api/resource/SessionResource.java +++ b/src/org/traccar/api/resource/SessionResource.java @@ -19,6 +19,7 @@ import org.traccar.Context; import org.traccar.api.BaseResource; import org.traccar.model.User; +import javax.annotation.security.PermitAll; import javax.servlet.http.HttpServletRequest; import javax.ws.rs.Consumes; import javax.ws.rs.DELETE; @@ -43,6 +44,7 @@ public class SessionResource extends BaseResource { @javax.ws.rs.core.Context private HttpServletRequest req; + @PermitAll @GET public User get() { try { @@ -57,6 +59,7 @@ public class SessionResource extends BaseResource { } } + @PermitAll @POST public User add(@FormParam("email") String email, @FormParam("password") String password) { try { -- cgit v1.2.3