Java Code Examples for org.jboss.resteasy.core.ResourceMethodInvoker#getMethod()
The following examples show how to use
org.jboss.resteasy.core.ResourceMethodInvoker#getMethod() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: SecurityInterceptor.java From maven-framework-project with MIT License | 4 votes |
|
@Override
public void filter(ContainerRequestContext requestContext) {
ResourceMethodInvoker methodInvoker = (ResourceMethodInvoker) requestContext
.getProperty("org.jboss.resteasy.core.ResourceMethodInvoker");
Method method = methodInvoker.getMethod();
// Access allowed for all
if (!method.isAnnotationPresent(PermitAll.class)) {
// Access denied for all
if (method.isAnnotationPresent(DenyAll.class)) {
requestContext.abortWith(ACCESS_FORBIDDEN);
return;
}
// Get request headers
final MultivaluedMap<String, String> headersMap = requestContext.getHeaders();
// Fetch authorization header
final List<String> authorization = headersMap.get(AUTHORIZATION_PROPERTY);
// If no authorization information present; block access
if (authorization == null || authorization.isEmpty()) {
requestContext.abortWith(ACCESS_DENIED);
return;
}
// Get encoded username and password
final String encodedUserPassword = authorization.get(0).replaceFirst(AUTHENTICATION_SCHEME + " ", "");
// Decode username and password
String usernameAndPassword = new String(Base64.decodeBase64(encodedUserPassword));
// Split username and password tokens
final StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":");
final String username = tokenizer.nextToken();
final String password = tokenizer.nextToken();
// Verify user access
if (method.isAnnotationPresent(RolesAllowed.class)) {
RolesAllowed rolesAnnotation = method.getAnnotation(RolesAllowed.class);
Set<String> rolesSet = new HashSet<String>(Arrays.asList(rolesAnnotation.value()));
// Is user valid?
if (!isUserAllowed(username, password, rolesSet)) {
requestContext.abortWith(ACCESS_DENIED);
return;
}
}
}
}
Example 2
| Source File: SecurityFilter.java From maven-framework-project with MIT License | 4 votes |
|
@Override
public void filter(ContainerRequestContext requestContext) {
ResourceMethodInvoker methodInvoker = (ResourceMethodInvoker) requestContext
.getProperty(RESOURCE_METHOD_INVOKER);
Method method = methodInvoker.getMethod();
// Access allowed for all
if (!method.isAnnotationPresent(PermitAll.class)) {
// Access denied for all
if (method.isAnnotationPresent(DenyAll.class)) {
requestContext.abortWith(ACCESS_FORBIDDEN);
return;
}
// Get request headers
final MultivaluedMap<String, String> headersMap = requestContext.getHeaders();
// Fetch authorization header
final List<String> authorizationList = headersMap.get(AUTHORIZATION_PROPERTY);
// If no authorization information present; block access
if (authorizationList == null || authorizationList.isEmpty()) {
requestContext.abortWith(ACCESS_DENIED);
return;
}
// Get encoded username and password
final String encodedUserPassword = authorizationList.get(0).replaceFirst(AUTHENTICATION_SCHEME + " ", "");
// Decode username and password
String usernameAndPassword = new String(Base64.decodeBase64(encodedUserPassword));
// Split username and password tokens
final StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":");
final String userName = tokenizer.nextToken();
final String password = tokenizer.nextToken();
// Verify user access
if (method.isAnnotationPresent(RolesAllowed.class)) {
RolesAllowed rolesAnnotation = method.getAnnotation(RolesAllowed.class);
Set<String> rolesSet = new HashSet<String>(Arrays.asList(rolesAnnotation.value()));
// Is user valid?
if (!isUserAllowed(userName, password, rolesSet)) {
requestContext.abortWith(ACCESS_DENIED);
return;
}
}
}
}
