kangaroo-and-rabbit/karideo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[DEV] better filter

Browse Source
This commit is contained in:
Edouard DUPIN 2022-05-23 19:37:55 +02:00
parent c297861d9e
commit 6b4b9988db
2 changed files with 64 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
back/src/org/kar/karideo/AuthenticationFilter.java
View File

@ -1,5 +1,9 @@
package org.kar.karideo;
import java.lang.reflect.Method;
import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import org.kar.karideo.model.User;
import org.kar.karideo.model.UserSmall;
@ -8,6 +12,8 @@ import javax.ws.rs.Path;
import javax.ws.rs.Priorities;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
@ -25,8 +31,10 @@ import java.util.Map.Entry;
@Provider
@Priority(Priorities.AUTHENTICATION)
public class AuthenticationFilter implements ContainerRequestFilter {
private static final String REALM = "example";
@Context
private ResourceInfo resourceInfo;
private static final String REALM = "example";
private static final String AUTHENTICATION_SCHEME = "Yota";
@Override
@ -52,8 +60,21 @@ public class AuthenticationFilter implements ContainerRequestFilter {
}
System.out.println(" -------------------------------");
Method method = resourceInfo.getResourceMethod();
//Access denied for all
if(method.isAnnotationPresent(DenyAll.class)) {
requestContext.abortWith(Response.status(Response.Status.FORBIDDEN).entity("Access blocked for all users !!").build());
return;
}
//Access allowed for all
if( method.isAnnotationPresent(PermitAll.class)) {
// no control ...
return;
}
// Validate the Authorization header
if (!isTokenBasedAuthentication(authorizationHeader)) {
System.out.println("REJECTED unauthorized: " + requestContext.getUriInfo().getPath());
abortWithUnauthorized(requestContext);
return;
}
@ -74,7 +95,45 @@ public class AuthenticationFilter implements ContainerRequestFilter {
requestContext.setSecurityContext(new MySecurityContext(user, scheme));
System.out.println("Get local user : " + user);
}
/*
//Verify user access
if(method.isAnnotationPresent(RolesAllowed.class))
{
RolesAllowed rolesAnnotation = method.getAnnotation(RolesAllowed.class);
Set<String> rolesSet = new HashSet<String>(Arrays.asList(rolesAnnotation.value()));
//Is user valid?
if( ! isUserAllowed(username, password, rolesSet))
{
requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED)
.entity("You cannot access this resource").build(););
return;
}
}
}
}
private boolean isUserAllowed(final String username, final String password, final Set<String> rolesSet)
{
boolean isAllowed = false;
//Step 1. Fetch password from database and match with password in argument
//If both match then get the defined role for user from database and continue; else return isAllowed [false]
//Access the database and do this part yourself
//String userRole = userMgr.getUserRole(username);
if(username.equals("howtodoinjava") && password.equals("password"))
{
String userRole = "ADMIN";
//Step 2. Verify user role
if(rolesSet.contains(userRole))
{
isAllowed = true;
}
}
return isAllowed;
}
*/
private boolean isTokenBasedAuthentication(String authorizationHeader) {
// Check if the Authorization header is valid

3
back/src/org/kar/karideo/WebLauncher.java
View File

@ -41,7 +41,8 @@ public class WebLauncher {
// remove cors ==> all time called by an other system...
rc.register(new CORSFilter());
// global authentication system
rc.register(new AuthenticationFilter());
//rc.register(new AuthenticationFilter());
rc.registerClasses(AuthenticationFilter.class);
// add default resource:
rc.registerClasses(UserResource.class);
rc.registerClasses(SeriesResource.class);