[Minor] AuthenicationRequestFilter and AuthenticationService changes
Now we check that the authorization header always exists except for the AuthenticationService.login
This commit is contained in:
parent
4f9cd72d68
commit
8d5d8b2c89
|
@ -71,16 +71,18 @@ public class AuthenticationService {
|
||||||
try {
|
try {
|
||||||
|
|
||||||
StringBuilder sb = new StringBuilder();
|
StringBuilder sb = new StringBuilder();
|
||||||
if (StringHelper.isEmpty(login.getUsername())) {
|
if (StringHelper.isEmpty(login.getUsername()) || login.getUsername().length() < 2) {
|
||||||
sb.append("Username was not given. "); //$NON-NLS-1$
|
sb.append("Username was not given or is too short!"); //$NON-NLS-1$
|
||||||
}
|
}
|
||||||
if (StringHelper.isEmpty(login.getPassword())) {
|
if (StringHelper.isEmpty(login.getPassword()) || login.getPassword().length() < 3) {
|
||||||
sb.append("Password was not given."); //$NON-NLS-1$
|
if (sb.length() > 0)
|
||||||
|
sb.append("\n");
|
||||||
|
sb.append("Password was not given or was too short!"); //$NON-NLS-1$
|
||||||
}
|
}
|
||||||
|
|
||||||
if (sb.length() != 0) {
|
if (sb.length() != 0) {
|
||||||
loginResult.setMsg(MessageFormat.format("Could not log in due to: {0}", sb.toString())); //$NON-NLS-1$
|
loginResult.setMsg(MessageFormat.format("Could not log in due to: {0}", sb.toString())); //$NON-NLS-1$
|
||||||
return Response.status(Status.UNAUTHORIZED).entity(loginResult).build();
|
return Response.status(Status.BAD_REQUEST).entity(loginResult).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
RestfulStrolchComponent restfulStrolchComponent = RestfulStrolchComponent.getInstance();
|
RestfulStrolchComponent restfulStrolchComponent = RestfulStrolchComponent.getInstance();
|
||||||
|
@ -103,12 +105,14 @@ public class AuthenticationService {
|
||||||
else
|
else
|
||||||
loginResult.setPrivileges(allowList);
|
loginResult.setPrivileges(allowList);
|
||||||
|
|
||||||
return Response.ok().entity(entity).build();
|
return Response.ok().entity(entity)//
|
||||||
|
.header(HttpHeaders.AUTHORIZATION, certificate.getAuthToken())//
|
||||||
|
.build();
|
||||||
|
|
||||||
} catch (StrolchException e) {
|
} catch (StrolchException | PrivilegeException e) {
|
||||||
logger.error(e.getMessage(), e);
|
logger.error(e.getMessage(), e);
|
||||||
loginResult.setMsg(MessageFormat.format("Could not log in due to: {0}", e.getMessage())); //$NON-NLS-1$
|
loginResult.setMsg(MessageFormat.format("Could not log in due to: {0}", e.getMessage())); //$NON-NLS-1$
|
||||||
return Response.status(Status.UNAUTHORIZED).entity(entity).build();
|
return Response.status(Status.FORBIDDEN).entity(entity).build();
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
logger.error(e.getMessage(), e);
|
logger.error(e.getMessage(), e);
|
||||||
String msg = e.getMessage();
|
String msg = e.getMessage();
|
||||||
|
|
|
@ -6,16 +6,19 @@ package li.strolch.rest.filters;
|
||||||
import static li.strolch.rest.StrolchRestfulConstants.STROLCH_CERTIFICATE;
|
import static li.strolch.rest.StrolchRestfulConstants.STROLCH_CERTIFICATE;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
import javax.ws.rs.container.ContainerRequestContext;
|
import javax.ws.rs.container.ContainerRequestContext;
|
||||||
import javax.ws.rs.container.ContainerRequestFilter;
|
import javax.ws.rs.container.ContainerRequestFilter;
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
import javax.ws.rs.ext.Provider;
|
import javax.ws.rs.ext.Provider;
|
||||||
|
|
||||||
import li.strolch.rest.RestfulStrolchComponent;
|
import li.strolch.rest.RestfulStrolchComponent;
|
||||||
import li.strolch.rest.StrolchSessionHandler;
|
import li.strolch.rest.StrolchSessionHandler;
|
||||||
import ch.eitchnet.privilege.model.Certificate;
|
import ch.eitchnet.privilege.model.Certificate;
|
||||||
|
import ch.eitchnet.utils.helper.StringHelper;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author Reto Breitenmoser <reto.breitenmoser@4trees.ch>
|
* @author Reto Breitenmoser <reto.breitenmoser@4trees.ch>
|
||||||
|
@ -26,17 +29,29 @@ public class AuthenicationRequestFilter implements ContainerRequestFilter {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void filter(ContainerRequestContext requestContext) throws IOException {
|
public void filter(ContainerRequestContext requestContext) throws IOException {
|
||||||
|
|
||||||
|
List<String> matchedURIs = requestContext.getUriInfo().getMatchedURIs();
|
||||||
|
|
||||||
|
// we allow unauthorized access to the authentication service
|
||||||
|
if (matchedURIs.contains("strolch/authentication")) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
String sessionId = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
|
String sessionId = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
|
||||||
if (sessionId != null) {
|
if (StringHelper.isEmpty(sessionId)) {
|
||||||
try {
|
requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED)
|
||||||
StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getComponent(
|
.header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN).entity("Missing Authorization!").build()); //$NON-NLS-1$
|
||||||
StrolchSessionHandler.class);
|
}
|
||||||
Certificate certificate = sessionHandler.validate(sessionId);
|
|
||||||
requestContext.setProperty(STROLCH_CERTIFICATE, certificate);
|
try {
|
||||||
} catch (Exception e) {
|
StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getComponent(
|
||||||
requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED)
|
StrolchSessionHandler.class);
|
||||||
.entity("User cannot access the resource.").build()); //$NON-NLS-1$
|
Certificate certificate = sessionHandler.validate(sessionId);
|
||||||
}
|
requestContext.setProperty(STROLCH_CERTIFICATE, certificate);
|
||||||
|
} catch (Exception e) {
|
||||||
|
requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED)
|
||||||
|
.header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN)
|
||||||
|
.entity("User cannot access the resource.").build()); //$NON-NLS-1$
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue