下面列出了javax.ws.rs.container.ContainerRequestContext#setSecurityContext ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
MultivaluedMap<String, String> form = toFormData(requestContext);
String idTokenParamValue = form.getFirst(tokenFormParameter);
if (idTokenParamValue == null) {
requestContext.abortWith(Response.status(401).build());
return;
}
IdToken idToken = idTokenReader.getIdToken(idTokenParamValue, consumer);
JAXRSUtils.getCurrentMessage().setContent(IdToken.class, idToken);
OidcSecurityContext oidcSecCtx = new OidcSecurityContext(idToken);
oidcSecCtx.setRoleClaim(roleClaim);
requestContext.setSecurityContext(oidcSecCtx);
}
@Override
public void filter(final ContainerRequestContext requestContext) throws IOException {
requestContext.setSecurityContext(new SecurityContext() {
@Override
public Principal getUserPrincipal() {
return null;
}
@Override
public boolean isUserInRole(String string) {
return false;
}
@Override
public boolean isSecure() { return false; }
@Override
public String getAuthenticationScheme() { return "BASIC"; }
});
}
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
String userHeader = requestContext.getHeaderString(USER_HEADER);
String groupsHeader = requestContext.getHeaderString(GROUPS_HEADER);
DrKafkaSecurityContext ctx = null;
if (userHeader != null && groupsHeader != null) {
Set<String> userGroups = new HashSet<>(Arrays.asList(groupsHeader.split(",")));
SetView<String> intersection = Sets.intersection(allowedAdminGroups, userGroups);
if (intersection.size() > 0) {
ctx = new DrKafkaSecurityContext(new UserPrincipal(userHeader), ADMIN_ROLE_SET);
requestContext.setSecurityContext(ctx);
LOG.info("Received authenticated request, created context:" + ctx);
return;
}
}
ctx = new DrKafkaSecurityContext(new UserPrincipal(userHeader), EMPTY_ROLE_SET);
requestContext.setSecurityContext(ctx);
LOG.info("Received annonymous request, bypassing authorizer");
}
@Override
public void filter(final ContainerRequestContext requestContext) throws IOException {
requestContext.setSecurityContext(new SecurityContext() {
@Override
public Principal getUserPrincipal() {
return null;
}
@Override
public boolean isUserInRole(String string) {
return false;
}
@Override
public boolean isSecure() {
return false;
}
@Override
public String getAuthenticationScheme() {
return "BASIC";
}
});
}
@Override
public void filter(final ContainerRequestContext requestContext) throws IOException {
requestContext.setSecurityContext(new SecurityContext() {
@Override
public Principal getUserPrincipal() {
return null;
}
@Override
public boolean isUserInRole(String string) {
return false;
}
@Override
public boolean isSecure() { return false; }
@Override
public String getAuthenticationScheme() { return "BASIC"; }
});
}
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
Principal principal = httpRequest.getUserPrincipal();
String scheme = requestContext.getUriInfo().getRequestUri().getScheme();
LOG.debug("Method: {}, AuthType: {}, RemoteUser: {}, UserPrincipal: {}, Scheme: {}",
httpRequest.getMethod(), httpRequest.getAuthType(),
httpRequest.getRemoteUser(), principal, scheme);
if (principal == null || !httpRequest.getAuthType().equalsIgnoreCase(KERBEROS_AUTH)) {
throw new WebserviceAuthorizationException("Not authorized");
}
SecurityContext securityContext = new StreamlineSecurityContext(principal, scheme, KERBEROS_AUTH);
LOG.debug("SecurityContext {}", securityContext);
requestContext.setSecurityContext(securityContext);
}
@Override
public void filter(ContainerRequestContext requestContext) {
String username = Optional.ofNullable(requestContext.getHeaderString("X-Remote-User")).orElse("system:anonymous");
requestContext.setSecurityContext(new SecurityContext() {
@Override
public Principal getUserPrincipal() {
return RbacSecurityContext.getUserPrincipal(username, "");
}
@Override
public boolean isUserInRole(String role) {
return true;
}
@Override
public boolean isSecure() {
return true;
}
@Override
public String getAuthenticationScheme() {
return "dummy";
}
});
}
@Override
public void filter(ContainerRequestContext request) throws IOException {
log.info("Filter(): " + request.getUriInfo().getPath());
String path = request.getUriInfo().getPath();
if(!path.startsWith("/auth/user/data") && !path.startsWith("/auth/user/data/"))
if (
path.startsWith("auth")
|| path.startsWith("/auth")
|| securityManager.getSafePaths().contains(path)
) {
log.info("Auth Skipped : (" + path +")");
return;
}
UserContext context = authenticate(request);
if (context != null) {
log.info("Authenticated: " + context.getUser().getEmailAddress());
} else {
log.info("Authentication Failed");
}
request.setProperty(Session.SESSION_KEY,context);
request.setSecurityContext(context);
}
public static void setAuthenticatedIdentity(ContainerRequestContext request, Identity authenticatedIdentity)
{
request.setProperty(AUTHENTICATED_IDENTITY, authenticatedIdentity);
boolean secure = request.getSecurityContext().isSecure();
Principal principal = authenticatedIdentity.getPrincipal().orElse(null);
request.setSecurityContext(new SecurityContext()
{
@Override
public Principal getUserPrincipal()
{
return principal;
}
@Override
public boolean isUserInRole(String role)
{
return false;
}
@Override
public boolean isSecure()
{
return secure;
}
@Override
public String getAuthenticationScheme()
{
return "presto";
}
});
}
@Override
public void filter(final ContainerRequestContext requestCtx) {
final SecurityContext securityContext = securityContext(requestCtx);
if (securityContext != null) {
requestCtx.setSecurityContext(securityContext);
}
}
@Override
public void filter(final ContainerRequestContext requestCtx) {
if ("true".equals(requestCtx.getUriInfo().getQueryParameters().getFirst("none"))) {
return;
}
requestCtx.setSecurityContext(new SecurityContext() {
@Override
public Principal getUserPrincipal() {
return new JMXPrincipal("foo");
}
@Override
public boolean isUserInRole(final String role) {
return false;
}
@Override
public boolean isSecure() {
return true;
}
@Override
public String getAuthenticationScheme() {
return "bar";
}
});
}
protected void propagateSecurityContext(JaxrsHttpFacade facade, ContainerRequestContext request, KeycloakDeployment resolvedDeployment, BearerTokenRequestAuthenticator bearer) {
RefreshableKeycloakSecurityContext skSession = new RefreshableKeycloakSecurityContext(resolvedDeployment, null, bearer.getTokenString(), bearer.getToken(), null, null, null);
// Not needed to do resteasy specifics as KeycloakSecurityContext can be always retrieved from SecurityContext by typecast SecurityContext.getUserPrincipal to KeycloakPrincipal
// ResteasyProviderFactory.pushContext(KeycloakSecurityContext.class, skSession);
facade.setSecurityContext(skSession);
String principalName = AdapterUtils.getPrincipalName(resolvedDeployment, bearer.getToken());
final KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = new KeycloakPrincipal<RefreshableKeycloakSecurityContext>(principalName, skSession);
SecurityContext anonymousSecurityContext = getRequestSecurityContext(request);
final boolean isSecure = anonymousSecurityContext.isSecure();
final Set<String> roles = AdapterUtils.getRolesFromSecurityContext(skSession);
SecurityContext ctx = new SecurityContext() {
@Override
public Principal getUserPrincipal() {
return principal;
}
@Override
public boolean isUserInRole(String role) {
return roles.contains(role);
}
@Override
public boolean isSecure() {
return isSecure;
}
@Override
public String getAuthenticationScheme() {
return "OAUTH_BEARER";
}
};
request.setSecurityContext(ctx);
}
@GET
@Path("/recover/{token}")
@Produces(MediaType.APPLICATION_JSON)
public Response recoverFromOneTimeToken(@Context ContainerRequestContext context, @PathParam("token") String token) {
try{
Credentials user = authServerLogic.getUserFromRecoveryToken(token);
context.setSecurityContext(new UserContext(context.getUriInfo(),user));
return Response.ok(user).build();
}catch (ServerDAO.DAOException e) {
e.printStackTrace();
logger.severe(ExceptionUtils.getStackTrace(e));
return fromDAOExpection(e);
}
}
@Override
public void filter(final ContainerRequestContext requestContext)
throws IOException {
requestContext.setSecurityContext(new SecurityContext() {
@Override
public Principal getUserPrincipal() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
return (authentication instanceof AnonymousAuthenticationToken) ? null : authentication;
}
@Override
public boolean isUserInRole(final String role) {
return SecurityContextHolder.getContext().getAuthentication().getAuthorities()
.stream().anyMatch((Predicate<GrantedAuthority>) grantedAuthority -> grantedAuthority.getAuthority().equalsIgnoreCase(role));
}
@Override
public boolean isSecure() {
return requestContext.getUriInfo().getRequestUri().getScheme().equalsIgnoreCase("https");
}
@Override
public String getAuthenticationScheme() {
return requestContext.getUriInfo().getRequestUri().getScheme();
}
});
}
@Override
public void filter(final ContainerRequestContext requestContext)
throws IOException {
requestContext.setSecurityContext(new SecurityContext() {
@Override
public Principal getUserPrincipal() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
return (authentication instanceof AnonymousAuthenticationToken) ? null : authentication;
}
@Override
public boolean isUserInRole(final String role) {
return SecurityContextHolder.getContext().getAuthentication().getAuthorities()
.stream().anyMatch((Predicate<GrantedAuthority>) grantedAuthority -> grantedAuthority.getAuthority().equalsIgnoreCase(role));
}
@Override
public boolean isSecure() {
return requestContext.getUriInfo().getRequestUri().getScheme().equalsIgnoreCase("https");
}
@Override
public String getAuthenticationScheme() {
return requestContext.getUriInfo().getRequestUri().getScheme();
}
});
}
@Override
public void filter(final ContainerRequestContext requestContext) {
validateRequest(requestContext);
HttpServletRequest request =
(HttpServletRequest) requestContext.getProperty(HttpServletRequest.class.getName());
final Optional<P> principal;
try {
principal = authenticator.authenticate(request);
if (principal.isPresent()) {
requestContext.setSecurityContext(new SecurityContext() {
@Override
public Principal getUserPrincipal() {
return principal.get();
}
@Override
public boolean isUserInRole(String role) {
return authorizer.authorize(principal.get(), role);
}
@Override
public boolean isSecure() {
return requestContext.getSecurityContext().isSecure();
}
@Override
public String getAuthenticationScheme() {
return SecurityContext.BASIC_AUTH;
}
});
return;
}
} catch (AuthenticationException e) {
LOGGER.warn("Error authenticating credentials", e);
throw new InternalServerErrorException();
}
// TODO: re-enable / check if 302 has been returned
// throw new WebApplicationException(unauthorizedHandler.buildResponse(prefix, realm));
}
@Override
public void filter(ContainerRequestContext requestContext) {
// ignore filter for classes that do not have @RolesAllowed
var rolesAllowed = resourceInfo.getResourceClass().getAnnotation(RolesAllowed.class);
if (rolesAllowed == null) {
return;
}
// ignore filter for OPTIONS requests (pre-flight requests)
if (Objects.equals(requestContext.getMethod(), "OPTIONS")) {
return;
}
String authorization = requestContext.getHeaderString(HEADER_AUTHORIZATION);
if (authorization == null || authorization.isEmpty()) {
// try cookies
var cookie = requestContext.getCookies().get("authentication");
if (cookie != null) {
authorization = cookie.getValue();
}
}
if (authorization == null || !authorization.startsWith("Bearer")) {
throw new NotAuthorizedException("No token was specified");
}
String[] rr = authorization.split(" ");
if (rr.length != 2) {
throw new NotAuthorizedException("Invalid authentication format");
}
String token = rr[1];
try {
User user = authenticationService.verifyToken(token);
LOGGER.debug(
"Authenticated API access to {} as {}",
requestContext.getUriInfo().getPath(),
user.getName());
var ctx = new UserContext(user, requestContext.getSecurityContext().isSecure());
requestContext.setSecurityContext(ctx);
var authorized = false;
for (var role : rolesAllowed.value()) {
if (ctx.isUserInRole(role)) {
authorized = true;
break;
}
}
if (!authorized) {
throw new ForbiddenException(
"User " + user.getName() + " does not have appropriate role to view resource.");
}
} catch (NotAuthorizedException | ForbiddenException ex) {
// log the error
LOGGER.error(
"API access to {} was denied: {}",
requestContext.getUriInfo().getPath(),
ex.getMessage());
// re-throw it
throw ex;
}
}
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
SecurityContext requestSecurityContext = requestContext.getSecurityContext();
SecurityContext securityContext = new SecurityContext(){
@Override
public Principal getUserPrincipal(){
return Anonymous.INSTANCE;
}
@Override
public boolean isUserInRole(String role){
String token = getToken();
String roleToken;
switch(role){
case Roles.USER:
roleToken = getUserToken();
break;
case Roles.ADMIN:
roleToken = getAdminToken();
break;
default:
return false;
}
return (roleToken).equals(token) || (roleToken).equals("");
}
@Override
public boolean isSecure(){
return requestSecurityContext != null && requestSecurityContext.isSecure();
}
@Override
public String getAuthenticationScheme(){
return "TOKEN";
}
private String getToken(){
Map<String, Cookie> cookies = requestContext.getCookies();
MultivaluedMap<String, String> headers = requestContext.getHeaders();
Cookie tokenCookie = cookies.get("token");
if(tokenCookie != null){
return tokenCookie.getValue();
}
String authorizationHeader = headers.getFirst(HttpHeaders.AUTHORIZATION);
if(authorizationHeader != null && authorizationHeader.startsWith("Bearer ")){
return authorizationHeader.substring("Bearer ".length());
}
return null;
}
};
requestContext.setSecurityContext(securityContext);
}
@Override
public void filter(final ContainerRequestContext ctx) throws IOException {
LOGGER.trace("JWT Auth Token: {}", jwt);
ctx.setSecurityContext(new WebIdSecurityContext(ctx.getSecurityContext(), jwt, admins));
}
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
requestContext.setSecurityContext(createSecurityContext());
}