Strolch
/
strolch
mirror of https://github.com/strolch-li/strolch.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[Minor] AuthenicationRequestFilter and AuthenticationService changes 

Now we check that the authorization header always exists except for the
AuthenticationService.login
This commit is contained in:
Robert von Burg 2014-10-31 20:53:56 +01:00
parent 4f9cd72d68
commit 8d5d8b2c89
2 changed files with 37 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java
View File

@ -71,16 +71,18 @@ public class AuthenticationService {
try { try {
StringBuilder sb = new StringBuilder(); StringBuilder sb = new StringBuilder();
if (StringHelper.isEmpty(login.getUsername())) { if (StringHelper.isEmpty(login.getUsername()) || login.getUsername().length() < 2) {
sb.append("Username was not given. "); //$NON-NLS-1$ sb.append("Username was not given or is too short!"); //$NON-NLS-1$
} }
if (StringHelper.isEmpty(login.getPassword())) { if (StringHelper.isEmpty(login.getPassword()) || login.getPassword().length() < 3) {
sb.append("Password was not given."); //$NON-NLS-1$ if (sb.length() > 0)
sb.append("\n");
sb.append("Password was not given or was too short!"); //$NON-NLS-1$
} }
if (sb.length() != 0) { if (sb.length() != 0) {
loginResult.setMsg(MessageFormat.format("Could not log in due to: {0}", sb.toString())); //$NON-NLS-1$ loginResult.setMsg(MessageFormat.format("Could not log in due to: {0}", sb.toString())); //$NON-NLS-1$
return Response.status(Status.UNAUTHORIZED).entity(loginResult).build(); return Response.status(Status.BAD_REQUEST).entity(loginResult).build();
} }
RestfulStrolchComponent restfulStrolchComponent = RestfulStrolchComponent.getInstance(); RestfulStrolchComponent restfulStrolchComponent = RestfulStrolchComponent.getInstance();
@ -103,12 +105,14 @@ public class AuthenticationService {
else else
loginResult.setPrivileges(allowList); loginResult.setPrivileges(allowList);
return Response.ok().entity(entity).build(); return Response.ok().entity(entity)//
.header(HttpHeaders.AUTHORIZATION, certificate.getAuthToken())//
.build();
} catch (StrolchException e) { } catch (StrolchException | PrivilegeException e) {
logger.error(e.getMessage(), e); logger.error(e.getMessage(), e);
loginResult.setMsg(MessageFormat.format("Could not log in due to: {0}", e.getMessage())); //$NON-NLS-1$ loginResult.setMsg(MessageFormat.format("Could not log in due to: {0}", e.getMessage())); //$NON-NLS-1$
return Response.status(Status.UNAUTHORIZED).entity(entity).build(); return Response.status(Status.FORBIDDEN).entity(entity).build();
} catch (Exception e) { } catch (Exception e) {
logger.error(e.getMessage(), e); logger.error(e.getMessage(), e);
String msg = e.getMessage(); String msg = e.getMessage();

35
li.strolch.rest/src/main/java/li/strolch/rest/filters/AuthenicationRequestFilter.java
View File

@ -6,16 +6,19 @@ package li.strolch.rest.filters;
import static li.strolch.rest.StrolchRestfulConstants.STROLCH_CERTIFICATE; import static li.strolch.rest.StrolchRestfulConstants.STROLCH_CERTIFICATE;
import java.io.IOException; import java.io.IOException;
import java.util.List;
import javax.ws.rs.container.ContainerRequestContext; import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter; import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider; import javax.ws.rs.ext.Provider;
import li.strolch.rest.RestfulStrolchComponent; import li.strolch.rest.RestfulStrolchComponent;
import li.strolch.rest.StrolchSessionHandler; import li.strolch.rest.StrolchSessionHandler;
import ch.eitchnet.privilege.model.Certificate; import ch.eitchnet.privilege.model.Certificate;
import ch.eitchnet.utils.helper.StringHelper;
/** /**
* @author Reto Breitenmoser <reto.breitenmoser@4trees.ch> * @author Reto Breitenmoser <reto.breitenmoser@4trees.ch>
@ -26,17 +29,29 @@ public class AuthenicationRequestFilter implements ContainerRequestFilter {
@Override @Override
public void filter(ContainerRequestContext requestContext) throws IOException { public void filter(ContainerRequestContext requestContext) throws IOException {
List<String> matchedURIs = requestContext.getUriInfo().getMatchedURIs();
// we allow unauthorized access to the authentication service
if (matchedURIs.contains("strolch/authentication")) {
return;
}
String sessionId = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION); String sessionId = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
if (sessionId != null) { if (StringHelper.isEmpty(sessionId)) {
try { requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED)
StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getComponent( .header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN).entity("Missing Authorization!").build()); //$NON-NLS-1$
StrolchSessionHandler.class); }
Certificate certificate = sessionHandler.validate(sessionId);
requestContext.setProperty(STROLCH_CERTIFICATE, certificate); try {
} catch (Exception e) { StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getComponent(
requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED) StrolchSessionHandler.class);
.entity("User cannot access the resource.").build()); //$NON-NLS-1$ Certificate certificate = sessionHandler.validate(sessionId);
} requestContext.setProperty(STROLCH_CERTIFICATE, certificate);
} catch (Exception e) {
requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED)
.header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN)
.entity("User cannot access the resource.").build()); //$NON-NLS-1$
} }
} }
} }