org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature Java Examples

public ApplicationConfig(HugeConfig conf) {
    packages("com.baidu.hugegraph.api");

    // Register Jackson to support json
    register(org.glassfish.jersey.jackson.JacksonFeature.class);

    // Register to use the jsr250 annotations @RolesAllowed
    register(RolesAllowedDynamicFeature.class);

    // Register HugeConfig to context
    register(new ConfFactory(conf));

    // Register GraphManager to context
    register(new GraphManagerFactory(conf));

    // Register WorkLoad to context
    register(new WorkLoadFactory());

    // Let @Metric annotations work
    MetricRegistry registry = MetricManager.INSTANCE.getRegistry();
    register(new InstrumentedResourceMethodApplicationListener(registry));
}
 

@Override
public boolean configure(FeatureContext context) {
  final Configuration configuration = context.getConfiguration();

  Boolean disabled = PropertyHelper.getProperty(configuration, RestServerV2.DAC_AUTH_FILTER_DISABLE);
  // Default is not disabled
  if (disabled != null && disabled) {
    return false;
  }

  context.register(DACAuthFilter.class);
  if (!configuration.isRegistered(RolesAllowedDynamicFeature.class)) {
    context.register(RolesAllowedDynamicFeature.class);
  }
  return true;
}
 

@Override
public void init(Application<? extends ApplicationConfiguration> application) {
	ApplicationConfiguration applicationConfiguration = application.getConfiguration();
	if (! (applicationConfiguration instanceof SecurityAware)) {
		return;
	}
	SecurityConfiguration configuration = ((SecurityAware) applicationConfiguration).getSecurityConfiguration();
	clients.init();
	
	CallbackFilter callbackFilter = new CallbackFilter(clients, configuration);
	callbackFilter.registerListener(listener);
	application.addFilter(callbackFilter);
	application.addFilter(new AuthenticationFilter(clients, configuration));
	application.addFilter(new SecurityContextFilter(configuration));
	application.getResourceConfig().register(RolesAllowedDynamicFeature.class);
}
 

@Override
public void run(HelloWorldConfiguration configuration, Environment environment) {
    final PersonDAO dao = new PersonDAO(hibernateBundle.getSessionFactory());
    final Template template = configuration.buildTemplate();

    environment.healthChecks().register("template", new TemplateHealthCheck(template));
    environment.jersey().register(DateRequiredFeature.class);
    environment.jersey().register(new AuthDynamicFeature(new BasicCredentialAuthFilter.Builder<User>()
            .setAuthenticator(new ExampleAuthenticator())
            .setAuthorizer(new ExampleAuthorizer())
            .setRealm("SUPER SECRET STUFF")
            .buildAuthFilter()));
    environment.jersey().register(new AuthValueFactoryProvider.Binder<>(User.class));
    environment.jersey().register(RolesAllowedDynamicFeature.class);
    environment.jersey().register(new HelloWorldResource(template));
    environment.jersey().register(new ViewResource());
    environment.jersey().register(new ProtectedResource());
    environment.jersey().register(new PeopleResource(dao));
    environment.jersey().register(new PersonResource(dao));
    environment.jersey().register(new FilteredResource());
}
 

@SuppressWarnings("unchecked")
public ChainedAuthTestResourceConfig() {
    super(true, new MetricRegistry());

    final Authorizer<Principal> authorizer = AuthUtil.getTestAuthorizer(ADMIN_USER, ADMIN_ROLE);
    final AuthFilter<BasicCredentials, Principal> basicAuthFilter = new BasicCredentialAuthFilter.Builder<>()
            .setAuthenticator(AuthUtil.getBasicAuthenticator(ImmutableList.of(ADMIN_USER, ORDINARY_USER)))
            .setAuthorizer(authorizer)
            .buildAuthFilter();

    final AuthFilter<String, Principal> oAuthFilter = new OAuthCredentialAuthFilter.Builder<>()
            .setAuthenticator(AuthUtil.getSingleUserOAuthAuthenticator(BEARER_USER, ADMIN_USER))
            .setPrefix(BEARER_PREFIX)
            .setAuthorizer(authorizer)
            .buildAuthFilter();

    register(new AuthValueFactoryProvider.Binder(Principal.class));
    register(new AuthDynamicFeature(new ChainedAuthFilter<>(buildHandlerList(basicAuthFilter, oAuthFilter))));
    register(RolesAllowedDynamicFeature.class);
    register(AuthResource.class);
}
 

@Override
public void run(MyConfiguration configuration, Environment environment) throws Exception {
    final byte[] key = configuration.getJwtTokenSecret();

    final JwtConsumer consumer = new JwtConsumerBuilder()
        .setAllowedClockSkewInSeconds(30) // allow some leeway in validating time based claims to account for clock skew
        .setRequireExpirationTime() // the JWT must have an expiration time
        .setRequireSubject() // the JWT must have a subject claim
        .setVerificationKey(new HmacKey(key)) // verify the signature with the public key
        .setRelaxVerificationKeyValidation() // relaxes key length requirement
        .build(); // create the JwtConsumer instance

    environment.jersey().register(new AuthDynamicFeature(
        new JwtAuthFilter.Builder<MyUser>()
            .setJwtConsumer(consumer)
            .setRealm("realm")
            .setPrefix("Bearer")
            .setAuthenticator(new ExampleAuthenticator())
            .buildAuthFilter()));

    environment.jersey().register(new AuthValueFactoryProvider.Binder<>(Principal.class));
    environment.jersey().register(RolesAllowedDynamicFeature.class);
    environment.jersey().register(new SecuredResource(configuration.getJwtTokenSecret()));
}
 

@Override
public void run(LotteryConfiguration configuration, Environment environment) {

    // tag::keycloak[]
    KeycloakDeployment keycloakDeployment =
            KeycloakDeploymentBuilder.build(configuration.getKeycloakConfiguration());
    JaxrsBearerTokenFilterImpl filter = new DropwizardBearerTokenFilterImpl(keycloakDeployment);
    environment.jersey().register(filter);
    // end::keycloak[]

    environment.jersey().register(new DrawRessource());

    // support annotation @RolesAllowed
    // tag::roles[]
    environment.jersey().register(RolesAllowedDynamicFeature.class);
    // end::roles[]

}
 

@Override
protected Application application(@Nullable final Key<BasicUserInfo> userInfoKey) {
    return new ResourceConfig(RoleProtectedResource.class)
            .register(RolesAllowedDynamicFeature.class)
            .registerInstances(userInfoKey != null ?
                    BasicAuthSecurityContextFilters.forGlobalBinding(userInfoKey)
                            .securityContextFunction((__, userInfo) ->
                                    new BasicAuthSecurityContext(new BasicAuthPrincipal<>(userInfo), false,
                                            role -> userInfo.roles().contains(role)))
                            .build() :
                    BasicAuthSecurityContextFilters.forGlobalBinding()
                            .securityContextFunction(__ ->
                                    new BasicAuthSecurityContext(() -> "N/A", false, "USER"::equals))
                            .build());
}
 

@Override
public void run(Object configuration, Environment environment) throws Exception {
    environment.jersey().register(OAuth2AccessTokenResource.class);
    environment.jersey().register(OAuth2AuthorizationRequestFactory.getBinder());

    environment.jersey().register(RolesAllowedDynamicFeature.class);
    environment.jersey().register(new AuthValueFactoryProvider.Binder<>(User.class));
    environment.jersey().register(new AuthDynamicFeature(
        new OAuthCredentialAuthFilter.Builder<User>()
            .setAuthenticator(new UserAuthenticator(ebeanBundle.getEbeanServer()))
            .setAuthorizer(new UserAuthorizer())
            .setPrefix("Bearer")
            .buildAuthFilter()));
}
 

public ApplicationConfig() {
    register(RequestContextFilter.class);
    register(RolesAllowedDynamicFeature.class);
    register(Jackson2Feature.class);

    register(AuthorizationRequestFilter.class);
    register(QuestionnairResource.class);
    register(LoggingFilter.class);

    // register(JerseyResource.class);
    // register(SpringSingletonResource.class);
    // register(SpringRequestResource.class);
    // register(CustomExceptionMapper.class);

}
 

@Test
public void shouldInitPlugin() {
	Application application = mock(Application.class);
	SecureApplicationConfiguration securityAware = mock(SecureApplicationConfiguration.class);
	ResourceConfig resourceConfig = mock(ResourceConfig.class);
	when(application.getConfiguration()).thenReturn(securityAware);
	when(application.getResourceConfig()).thenReturn(resourceConfig);
	plugin.init(application);
	verify(application, atLeast(1)).addFilter(any(SecurityContextFilter.class));
	verify(application, atLeast(1)).addFilter(any(AuthenticationFilter.class));
	verify(application, atLeast(1)).addFilter(any(CallbackFilter.class));
	verify(resourceConfig).register(RolesAllowedDynamicFeature.class);
}
 

@Override
public void run(OxdServerConfiguration configuration, Environment environment) {
    ServerLauncher.configureServices(configuration);
    TracingUtil.configureGlobalTracer(configuration, "oxd-server");
    environment.healthChecks().register("dummy", new HealthCheck() {
        @Override
        protected Result check() {
            return Result.healthy();
        }
    });
    environment.jersey().register(RolesAllowedDynamicFeature.class);
    environment.jersey().register(RestResource.class);
}
 

public AbstractAuthResourceConfig() {
    super(true, new MetricRegistry());

    register(new AuthDynamicFeature(getAuthFilter()));
    register(new AuthValueFactoryProvider.Binder<>(getPrincipalClass()));
    register(RolesAllowedDynamicFeature.class);
}
 

public AuthBaseResourceConfig() {
    super(true, new MetricRegistry());

    register(new AuthDynamicFeature(getAuthFilter()));
    register(new AuthValueFactoryProvider.Binder<>(Principal.class));
    register(RolesAllowedDynamicFeature.class);
    register(AuthResource.class);
}
 

@Override
public void run(LotteryConfiguration configuration, Environment environment) {

    // register web resources.
    environment.jersey().register(DrawRessource.class);

    // support annotation @RolesAllowed
    environment.jersey().register(RolesAllowedDynamicFeature.class);
}
 

@Override
@SuppressWarnings("checkstyle:emptyblock")
public void run(T configuration, Environment environment) {

    /* setup the authenticator in front of the requests to allow for pre-auth integration */
    // tag::authenticator[]
    KeycloakJettyAuthenticator keycloak = new KeycloakDropwizardAuthenticator();
    keycloak.setAdapterConfig(getKeycloakConfiguration(configuration));
    ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
    environment.getApplicationContext().setSecurityHandler(securityHandler);
    environment.getApplicationContext().getSecurityHandler().setAuthenticator(keycloak);
    // end::authenticator[]

    // tag::authfactory[]
    environment.jersey().register(new AuthDynamicFeature(
            createAuthFactory(configuration)));
    // To use @RolesAllowed annotations
    environment.jersey().register(RolesAllowedDynamicFeature.class);
    // To use @Auth to inject a custom Principal type into your resource
    environment.jersey().register(new AuthValueFactoryProvider.Binder<>(getUserClass()));
    // end::authfactory[]

    if (getKeycloakConfiguration(configuration).isBearerOnly()) {
        // no session needed
    } else if (getKeycloakConfiguration(configuration).getTokenStore() != null
            && getKeycloakConfiguration(configuration).getTokenStore().toLowerCase(Locale.ENGLISH)
            .equals(TokenStore.COOKIE.toString().toLowerCase(Locale.ENGLISH))) {
        // no session needed
    } else {
        // allow (stateful) sessions in Dropwizard
        environment.jersey().register(HttpSessionFactory.class);
        environment.servlets().setSessionHandler(new SessionHandler());
    }
}
 

@Override
public void run(final AppConfig configuration, final Environment environment) {
  if (configuration.isLogRequestAndResponses()) {
    enableRequestResponseLogging(environment);
  }

  final MetricRegistry metrics = new MetricRegistry();
  final Jdbi jdbi = createJdbi(configuration, environment);

  environment.jersey().register(BannedPlayerFilter.newBannedPlayerFilter(jdbi));
  environment.jersey().register(new RolesAllowedDynamicFeature());
  enableAuthentication(environment, metrics, jdbi);

  exceptionMappers().forEach(mapper -> environment.jersey().register(mapper));

  final var sessionIsBannedCheck = SessionBannedCheck.build(jdbi);
  final var gameConnectionMessagingBus = new WebSocketMessagingBus();
  setupWebSocket(gameConnectionWebsocket, gameConnectionMessagingBus, sessionIsBannedCheck);

  final var playerConnectionMessagingBus = new WebSocketMessagingBus();
  setupWebSocket(playerConnectionWebsocket, playerConnectionMessagingBus, sessionIsBannedCheck);

  final var chatters = Chatters.build();
  ChatMessagingService.build(chatters, jdbi).configure(playerConnectionMessagingBus);

  endPointControllers(
          configuration, jdbi, chatters, playerConnectionMessagingBus, gameConnectionMessagingBus)
      .forEach(controller -> environment.jersey().register(controller));
}
 

public TriggerResourceConfig() {

        register(RestTriggerResource.class);
        register(GsonMessageProvider.class);
        register(VersionFilter.class);
        register(SecurityFilter.class);
        register(RolesAllowedDynamicFeature.class);
    }
 

@BeforeEach
public void setup() {
	testService = mock(ArticleService.class);
	Binder binder = new InstanceBinder.Builder().addInstance(testService, ArticleService.class).build();

	container = new JRestlessHandlerContainer<JRestlessContainerRequest>(
			new ResourceConfig().register(TestResource.class).register(binder).register(RolesAllowedDynamicFeature.class));
	container.onStartup();
}
 

@Override
public void run(Configuration configuration, Environment environment) {

    environment.jersey().register(new LoginResource());
    environment.jersey().register(new UserResource());
    environment.jersey().register(new TrekResource());

    environment.jersey().register(new AuthDynamicFeature(
            new OAuthCredentialAuthFilter.Builder<PrincipalImpl>()
                    .setAuthenticator(new TestOAuthAuthenticator()).setPrefix("Bearer")
                    .buildAuthFilter()));
    environment.jersey().register(RolesAllowedDynamicFeature.class);
    environment.jersey().register(new AuthValueFactoryProvider.Binder<>(PrincipalImpl.class));
}
 

private void checkAndInitializeAuthorizationFilter(Environment environment, DoctorKafkaConfig doctorKafkaConfig) {
  LOG.info("Checking authorization filter");
  try {
    Class<? extends DrKafkaAuthorizationFilter> authorizationFilterClass = doctorKafkaConfig.getAuthorizationFilterClass();
    if (authorizationFilterClass != null) {
      DrKafkaAuthorizationFilter filter = authorizationFilterClass.newInstance();
      filter.configure(doctorKafkaConfig);
      LOG.info("Using authorization filer:" + filter.getClass().getName());
      environment.jersey().register(filter);
      environment.jersey().register(RolesAllowedDynamicFeature.class);
    }
  } catch (Exception e) {
    LOG.error("Failed to get and initialize DrKafkaAuthorizationFilter", e);
  }
}
 

@Override
public void run(LotteryConfiguration configuration, Environment environment)
        throws ClassNotFoundException, IOException {

    // tag::constraint[]
    ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
    environment.getApplicationContext().setSecurityHandler(securityHandler);
    securityHandler.addRole("user");
    ConstraintMapping constraintMapping = new ConstraintMapping();
    constraintMapping.setPathSpec("/*");
    Constraint constraint = new Constraint();
    // end::constraint[]

    /* if I put false here, there will be deferred authentication. This will
    not work when using oAuth redirects (as they will not make it to the front end).
    The DeferredAuthentication will swallow them.

    This might be different with a bearer token?!
     */
    // tag::constraint[]
    constraint.setAuthenticate(true);
    constraint.setRoles(new String[]{"user"});
    constraintMapping.setConstraint(constraint);
    securityHandler.addConstraintMapping(constraintMapping);
    // end::constraint[]

    // tag::keycloak[]
    KeycloakJettyAuthenticator keycloak = new KeycloakJettyAuthenticator();
    environment.getApplicationContext().getSecurityHandler().setAuthenticator(keycloak);
    keycloak.setAdapterConfig(configuration.getKeycloakConfiguration());
    // end::keycloak[]

    // allow (stateful) sessions in Dropwizard, needed for Keycloak
    environment.jersey().register(HttpSessionFactory.class);
    environment.servlets().setSessionHandler(new SessionHandler());

    // register web resources.
    environment.jersey().register(DrawRessource.class);

    // support annotation @RolesAllowed
    // tag::roles[]
    environment.jersey().register(RolesAllowedDynamicFeature.class);
    // end::roles[]
}
 

@Override
public void run(MqttHttpConfiguration configuration, Environment environment) throws Exception {
    // validator
    logger.debug("Initializing validator ...");
    Validator validator = new Validator(configuration);

    // storage
    SyncStorage storage = (SyncStorage) Class.forName(storageConfig.getString("storage.sync.class")).newInstance();
    environment.lifecycle().manage(new Managed() {
        @Override
        public void start() throws Exception {
            logger.debug("Initializing storage storage ...");
            storage.init(storageConfig);
        }

        @Override
        public void stop() throws Exception {
            logger.debug("Destroying storage storage ...");
            storage.destroy();
        }
    });

    // authenticator
    Authenticator authenticator = (Authenticator) Class.forName(authenticatorConfig.getString("authenticator.class")).newInstance();
    environment.lifecycle().manage(new Managed() {
        @Override
        public void start() throws Exception {
            logger.debug("Initializing authenticator ...");
            authenticator.init(authenticatorConfig);
        }

        @Override
        public void stop() throws Exception {
            logger.debug("Destroying authenticator ...");
            authenticator.destroy();
        }
    });

    // cluster
    Cluster cluster = (Cluster) Class.forName(clusterConfig.getString("cluster.class")).newInstance();
    environment.lifecycle().manage(new Managed() {
        @Override
        public void start() throws Exception {
            logger.debug("Initializing cluster ...");
            cluster.init(clusterConfig, null);
        }

        @Override
        public void stop() throws Exception {
            logger.debug("Destroying cluster ...");
            cluster.destroy();
        }
    });

    // OAuth
    environment.jersey().register(new AuthDynamicFeature(
            new OAuthCredentialAuthFilter.Builder<UserPrincipal>()
                    .setAuthenticator(new OAuthAuthenticator(authenticator))
                    .setAuthorizer(new PermitAllAuthorizer<>())
                    .setPrefix("Bearer")
                    .buildAuthFilter()));
    environment.jersey().register(RolesAllowedDynamicFeature.class);
    environment.jersey().register(new AuthValueFactoryProvider.Binder<>(UserPrincipal.class));

    // register resources
    environment.jersey().register(new MqttPublishResource(configuration.getServerId(), validator, storage, cluster, authenticator));
    environment.jersey().register(new MqttSubscribeResource(configuration.getServerId(), validator, storage, cluster, authenticator));
    environment.jersey().register(new MqttUnsubscribeResource(configuration.getServerId(), validator, storage, cluster, authenticator));

    // config jackson
    environment.getObjectMapper().configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
    environment.getObjectMapper().configure(SerializationFeature.FAIL_ON_EMPTY_BEANS, false);
    environment.getObjectMapper().configure(SerializationFeature.WRITE_NULL_MAP_VALUES, false);
    environment.getObjectMapper().setSerializationInclusion(JsonInclude.Include.NON_NULL);
}
 

public DrillRestServer(final WorkManager workManager, final ServletContext servletContext, final Drillbit drillbit) {
  register(DrillRoot.class);
  register(StatusResources.class);
  register(StorageResources.class);
  register(ProfileResources.class);
  register(QueryResources.class);
  register(MetricsResources.class);
  register(ThreadsResources.class);
  register(LogsResources.class);

  property(FreemarkerMvcFeature.TEMPLATE_OBJECT_FACTORY, getFreemarkerConfiguration(servletContext));
  register(FreemarkerMvcFeature.class);

  register(MultiPartFeature.class);
  property(ServerProperties.METAINF_SERVICES_LOOKUP_DISABLE, true);

  final boolean isAuthEnabled =
      workManager.getContext().getConfig().getBoolean(ExecConstants.USER_AUTHENTICATION_ENABLED);

  if (isAuthEnabled) {
    register(LogInLogOutResources.class);
    register(AuthDynamicFeature.class);
    register(RolesAllowedDynamicFeature.class);
  }

  //disable moxy so it doesn't conflict with jackson.
  final String disableMoxy = PropertiesHelper.getPropertyNameForRuntime(CommonProperties.MOXY_JSON_FEATURE_DISABLE,
      getConfiguration().getRuntimeType());
  property(disableMoxy, true);

  register(JsonParseExceptionMapper.class);
  register(JsonMappingExceptionMapper.class);
  register(GenericExceptionMapper.class);

  JacksonJaxbJsonProvider provider = new JacksonJaxbJsonProvider();
  provider.setMapper(workManager.getContext().getLpPersistence().getMapper());
  register(provider);

  // Get an EventExecutor out of the BitServer EventLoopGroup to notify listeners for WebUserConnection. For
  // actual connections between Drillbits this EventLoopGroup is used to handle network related events. Though
  // there is no actual network connection associated with WebUserConnection but we need a CloseFuture in
  // WebSessionResources, so we are using EvenExecutor from network EventLoopGroup pool.
  final EventExecutor executor = workManager.getContext().getBitLoopGroup().next();

  register(new AbstractBinder() {
    @Override
    protected void configure() {
      bind(drillbit).to(Drillbit.class);
      bind(workManager).to(WorkManager.class);
      bind(executor).to(EventExecutor.class);
      bind(workManager.getContext().getLpPersistence().getMapper()).to(ObjectMapper.class);
      bind(workManager.getContext().getStoreProvider()).to(PersistentStoreProvider.class);
      bind(workManager.getContext().getStorage()).to(StoragePluginRegistry.class);
      bind(new UserAuthEnabled(isAuthEnabled)).to(UserAuthEnabled.class);
      if (isAuthEnabled) {
        bindFactory(DrillUserPrincipalProvider.class).to(DrillUserPrincipal.class);
        bindFactory(AuthWebUserConnectionProvider.class).to(WebUserConnection.class);
      } else {
        bindFactory(AnonDrillUserPrincipalProvider.class).to(DrillUserPrincipal.class);
        bindFactory(AnonWebUserConnectionProvider.class).to(WebUserConnection.class);
      }
    }
  });
}
 

public Openscoring(){
	Config config = ConfigFactory.load();

	setConfig(config);

	Binder configBinder = new AbstractBinder(){

		@Override
		public void configure(){
			bind(config).to(Config.class).named("openscoring");
		}
	};
	register(configBinder);

	ModelRegistry modelRegistry = createModelRegistry(config);

	setModelRegistry(modelRegistry);

	Binder modelRegistryBinder = new AbstractBinder(){

		@Override
		public void configure(){
			bind(modelRegistry).to(ModelRegistry.class).named("openscoring");
		}
	};
	register(modelRegistryBinder);

	LoadingModelEvaluatorBuilder loadingModelEvaluatorBuilder = createLoadingModelEvaluatorBuilder(config);

	setLoadingModelEvaluatorBuilder(loadingModelEvaluatorBuilder);

	Binder loadingModelEvaluatorBuilderBinder = new AbstractBinder(){

		@Override
		public void configure(){
			bind(loadingModelEvaluatorBuilder).to(LoadingModelEvaluatorBuilder.class);
		}
	};
	register(loadingModelEvaluatorBuilderBinder);

	Config applicationConfig = config.getConfig("application");

	register(ModelResource.class);

	// Convert path variables to ModelRef objects
	register(loadClass(ModelRefConverterProvider.class, applicationConfig));

	// PMML support
	register(loadClass(ModelProvider.class, applicationConfig));

	// JSON support
	register(JacksonJsonProvider.class);
	register(ObjectMapperProvider.class);

	// CSV support
	register(loadClass(TableProvider.class, applicationConfig));

	// Convert exceptions to JSON objects
	register(WebApplicationExceptionMapper.class);

	// Permit the HTTP POST method to be changed to HTTP PUT or DELETE methods
	register(HttpMethodOverrideFilter.class);

	// File upload support
	register(MultiPartFeature.class);

	// Security support
	register(RolesAllowedDynamicFeature.class);

	// GZip and Deflate encoding support
	register(EncodingFilter.class);
	register(GZipEncoder.class);
	register(DeflateEncoder.class);

	// Application identification
	register(ApplicationHeaderFilter.class);

	List<String> componentClassNames = applicationConfig.getStringList("componentClasses");
	for(String componentClassName : componentClassNames){
		Class<?> clazz = loadClass(Object.class, componentClassName);

		register(clazz);
	}
}