[DEV] better filter
This commit is contained in:
parent
c297861d9e
commit
6b4b9988db
@ -1,5 +1,9 @@
|
|||||||
package org.kar.karideo;
|
package org.kar.karideo;
|
||||||
|
|
||||||
|
import java.lang.reflect.Method;
|
||||||
|
import javax.annotation.security.DenyAll;
|
||||||
|
import javax.annotation.security.PermitAll;
|
||||||
|
import javax.annotation.security.RolesAllowed;
|
||||||
import org.kar.karideo.model.User;
|
import org.kar.karideo.model.User;
|
||||||
import org.kar.karideo.model.UserSmall;
|
import org.kar.karideo.model.UserSmall;
|
||||||
|
|
||||||
@ -8,6 +12,8 @@ import javax.ws.rs.Path;
|
|||||||
import javax.ws.rs.Priorities;
|
import javax.ws.rs.Priorities;
|
||||||
import javax.ws.rs.container.ContainerRequestContext;
|
import javax.ws.rs.container.ContainerRequestContext;
|
||||||
import javax.ws.rs.container.ContainerRequestFilter;
|
import javax.ws.rs.container.ContainerRequestFilter;
|
||||||
|
import javax.ws.rs.container.ResourceInfo;
|
||||||
|
import javax.ws.rs.core.Context;
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
import javax.ws.rs.core.MultivaluedMap;
|
import javax.ws.rs.core.MultivaluedMap;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
@ -25,6 +31,8 @@ import java.util.Map.Entry;
|
|||||||
@Provider
|
@Provider
|
||||||
@Priority(Priorities.AUTHENTICATION)
|
@Priority(Priorities.AUTHENTICATION)
|
||||||
public class AuthenticationFilter implements ContainerRequestFilter {
|
public class AuthenticationFilter implements ContainerRequestFilter {
|
||||||
|
@Context
|
||||||
|
private ResourceInfo resourceInfo;
|
||||||
|
|
||||||
private static final String REALM = "example";
|
private static final String REALM = "example";
|
||||||
private static final String AUTHENTICATION_SCHEME = "Yota";
|
private static final String AUTHENTICATION_SCHEME = "Yota";
|
||||||
@ -52,8 +60,21 @@ public class AuthenticationFilter implements ContainerRequestFilter {
|
|||||||
}
|
}
|
||||||
System.out.println(" -------------------------------");
|
System.out.println(" -------------------------------");
|
||||||
|
|
||||||
|
Method method = resourceInfo.getResourceMethod();
|
||||||
|
//Access denied for all
|
||||||
|
if(method.isAnnotationPresent(DenyAll.class)) {
|
||||||
|
requestContext.abortWith(Response.status(Response.Status.FORBIDDEN).entity("Access blocked for all users !!").build());
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
//Access allowed for all
|
||||||
|
if( method.isAnnotationPresent(PermitAll.class)) {
|
||||||
|
// no control ...
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
// Validate the Authorization header
|
// Validate the Authorization header
|
||||||
if (!isTokenBasedAuthentication(authorizationHeader)) {
|
if (!isTokenBasedAuthentication(authorizationHeader)) {
|
||||||
|
System.out.println("REJECTED unauthorized: " + requestContext.getUriInfo().getPath());
|
||||||
abortWithUnauthorized(requestContext);
|
abortWithUnauthorized(requestContext);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -74,7 +95,45 @@ public class AuthenticationFilter implements ContainerRequestFilter {
|
|||||||
requestContext.setSecurityContext(new MySecurityContext(user, scheme));
|
requestContext.setSecurityContext(new MySecurityContext(user, scheme));
|
||||||
System.out.println("Get local user : " + user);
|
System.out.println("Get local user : " + user);
|
||||||
}
|
}
|
||||||
|
/*
|
||||||
|
//Verify user access
|
||||||
|
if(method.isAnnotationPresent(RolesAllowed.class))
|
||||||
|
{
|
||||||
|
RolesAllowed rolesAnnotation = method.getAnnotation(RolesAllowed.class);
|
||||||
|
Set<String> rolesSet = new HashSet<String>(Arrays.asList(rolesAnnotation.value()));
|
||||||
|
|
||||||
|
//Is user valid?
|
||||||
|
if( ! isUserAllowed(username, password, rolesSet))
|
||||||
|
{
|
||||||
|
requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED)
|
||||||
|
.entity("You cannot access this resource").build(););
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
private boolean isUserAllowed(final String username, final String password, final Set<String> rolesSet)
|
||||||
|
{
|
||||||
|
boolean isAllowed = false;
|
||||||
|
|
||||||
|
//Step 1. Fetch password from database and match with password in argument
|
||||||
|
//If both match then get the defined role for user from database and continue; else return isAllowed [false]
|
||||||
|
//Access the database and do this part yourself
|
||||||
|
//String userRole = userMgr.getUserRole(username);
|
||||||
|
|
||||||
|
if(username.equals("howtodoinjava") && password.equals("password"))
|
||||||
|
{
|
||||||
|
String userRole = "ADMIN";
|
||||||
|
|
||||||
|
//Step 2. Verify user role
|
||||||
|
if(rolesSet.contains(userRole))
|
||||||
|
{
|
||||||
|
isAllowed = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return isAllowed;
|
||||||
|
}
|
||||||
|
*/
|
||||||
private boolean isTokenBasedAuthentication(String authorizationHeader) {
|
private boolean isTokenBasedAuthentication(String authorizationHeader) {
|
||||||
|
|
||||||
// Check if the Authorization header is valid
|
// Check if the Authorization header is valid
|
||||||
|
@ -41,7 +41,8 @@ public class WebLauncher {
|
|||||||
// remove cors ==> all time called by an other system...
|
// remove cors ==> all time called by an other system...
|
||||||
rc.register(new CORSFilter());
|
rc.register(new CORSFilter());
|
||||||
// global authentication system
|
// global authentication system
|
||||||
rc.register(new AuthenticationFilter());
|
//rc.register(new AuthenticationFilter());
|
||||||
|
rc.registerClasses(AuthenticationFilter.class);
|
||||||
// add default resource:
|
// add default resource:
|
||||||
rc.registerClasses(UserResource.class);
|
rc.registerClasses(UserResource.class);
|
||||||
rc.registerClasses(SeriesResource.class);
|
rc.registerClasses(SeriesResource.class);
|
||||||
|
Loading…
Reference in New Issue
Block a user