Java Code Examples for org.apache.cxf.jaxrs.utils.JAXRSUtils#getCurrentMessage()
The following examples show how to use
org.apache.cxf.jaxrs.utils.JAXRSUtils#getCurrentMessage() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: BookStore.java From cxf with Apache License 2.0 | 6 votes |
private String getRecipientText(JweJsonConsumer consumer, String recipientPropLoc, String recipientKid) { Message message = JAXRSUtils.getCurrentMessage(); Properties recipientProps = JweUtils.loadJweProperties(message, recipientPropLoc); JsonWebKey recipientKey = JwkUtils.loadJwkSet(message, recipientProps, null).getKey(recipientKid); ContentAlgorithm contentEncryptionAlgorithm = JweUtils.getContentEncryptionAlgorithm(recipientProps); JweDecryptionProvider jweRecipient = JweUtils.createJweDecryptionProvider(recipientKey, contentEncryptionAlgorithm); JweDecryptionOutput jweRecipientOutput = consumer.decryptWith(jweRecipient, Collections.singletonMap("kid", recipientKid)); return jweRecipientOutput.getContentText(); }
Example 2
Source File: AbstractJweJsonWriterProvider.java From cxf with Apache License 2.0 | 6 votes |
protected List<String> getPropertyLocations() { Message m = JAXRSUtils.getCurrentMessage(); Object propLocsProp = MessageUtils.getContextualProperty(m, JoseConstants.RSSEC_ENCRYPTION_OUT_PROPS, JoseConstants.RSSEC_ENCRYPTION_PROPS); if (propLocsProp == null) { if (encProviders == null) { LOG.warning("JWE JSON init properties resource is not identified"); throw new JweException(JweException.Error.NO_INIT_PROPERTIES); } return Collections.emptyList(); } List<String> propLocs = null; if (propLocsProp instanceof String) { String[] props = ((String)propLocsProp).split(","); propLocs = Arrays.asList(props); } else { propLocs = CastUtils.cast((List<?>)propLocsProp); } return propLocs; }
Example 3
Source File: CrossOriginResourceSharingFilter.java From cxf with Apache License 2.0 | 6 votes |
@Override public void filter(ContainerRequestContext context) { Message m = JAXRSUtils.getCurrentMessage(); String httpMethod = (String)m.get(Message.HTTP_REQUEST_METHOD); if (HttpMethod.OPTIONS.equals(httpMethod)) { Response r = preflightRequest(m); if (r != null) { context.abortWith(r); } } else if (findResourceMethod) { Method method = getResourceMethod(m, httpMethod); simpleRequest(m, method); } else { m.getInterceptorChain().add(new CorsInInterceptor()); } }
Example 4
Source File: SamlHeaderInHandler.java From cxf with Apache License 2.0 | 6 votes |
@Override public void filter(ContainerRequestContext context) { Message message = JAXRSUtils.getCurrentMessage(); List<String> values = headers.getRequestHeader(HttpHeaders.AUTHORIZATION); if (values == null || values.size() != 1 || !values.get(0).startsWith(SAML_AUTH)) { throwFault("Authorization header must be available and use SAML profile", null); } String[] parts = values.get(0).split(" "); if (parts.length != 2) { throwFault("Authorization header is malformed", null); } handleToken(message, parts[1]); }
Example 5
Source File: WSS4JBasicAuthFilter.java From cxf with Apache License 2.0 | 6 votes |
public void filter(ContainerRequestContext requestContext) throws IOException { if (requestContext.getUriInfo().getPath().contains(WellKnownService.WELL_KNOWN_PATH)) { return; } Message message = JAXRSUtils.getCurrentMessage(); AuthorizationPolicy policy = message.get(AuthorizationPolicy.class); if (policy == null || policy.getUserName() == null || policy.getPassword() == null) { requestContext.abortWith( Response.status(401).header("WWW-Authenticate", "Basic realm=\"IdP\"").build()); return; } try { super.validate(message); } catch (Exception ex) { throw ExceptionUtils.toInternalServerErrorException(ex, null); } }
Example 6
Source File: XmlStreamReaderProvider.java From cxf with Apache License 2.0 | 5 votes |
public void filter(ContainerRequestContext c) throws IOException { String method = context.get(Message.HTTP_REQUEST_METHOD).toString(); if ("PUT".equals(method)) { MultivaluedMap<String, String> map = context.getUriInfo().getPathParameters(); if (!"123".equals(map.getFirst("id"))) { throw new RuntimeException(); } Message m = JAXRSUtils.getCurrentMessage(); XMLStreamReader reader = StaxUtils.createXMLStreamReader(m.getContent(InputStream.class)); m.setContent(XMLStreamReader.class, new CustomXmlStreamReader(reader)); } }
Example 7
Source File: XmlStreamWriterProvider.java From cxf with Apache License 2.0 | 5 votes |
public void filter(ContainerRequestContext reqC, ContainerResponseContext respC) throws IOException { Message m = JAXRSUtils.getCurrentMessage(); OperationResourceInfo ori = m.getExchange().get(OperationResourceInfo.class); String method = ori.getHttpMethod(); if ("PUT".equals(method)) { XMLStreamWriter writer = StaxUtils.createXMLStreamWriter(m.getContent(OutputStream.class)); m.setContent(XMLStreamWriter.class, new CustomXmlStreamWriter(writer)); } }
Example 8
Source File: AbstractJwsJsonWriterProvider.java From cxf with Apache License 2.0 | 5 votes |
protected List<JwsSignatureProvider> getInitializedSigProviders( List<String> propLocs, List<JwsHeaders> protectedHeaders) { if (sigProviders != null) { return sigProviders; } Message m = JAXRSUtils.getCurrentMessage(); List<JwsSignatureProvider> theSigProviders = new LinkedList<>(); for (int i = 0; i < propLocs.size(); i++) { Properties props = JwsUtils.loadJwsProperties(m, propLocs.get(i)); theSigProviders.add(JwsUtils.loadSignatureProvider(props, protectedHeaders.get(i))); } return theSigProviders; }
Example 9
Source File: AttachmentUtils.java From cxf with Apache License 2.0 | 5 votes |
public static void addMultipartOutFilter(MultipartOutputFilter filter) { Message m = JAXRSUtils.getCurrentMessage(); List<MultipartOutputFilter> outFilters = CastUtils.cast((List<?>)m.get(OUT_FILTERS)); if (outFilters == null) { outFilters = new ArrayList<>(); m.put(OUT_FILTERS, outFilters); } outFilters.add(filter); }
Example 10
Source File: CreateSignatureInterceptor.java From cxf with Apache License 2.0 | 5 votes |
protected void sign(WriterInterceptorContext writerInterceptorContext) { Message m = JAXRSUtils.getCurrentMessage(); String method = ""; String path = ""; // We don't pass the HTTP method + URI for the response case if (MessageUtils.isRequestor(m)) { method = HttpUtils.getProtocolHeader(JAXRSUtils.getCurrentMessage(), Message.HTTP_REQUEST_METHOD, ""); path = uriInfo.getRequestUri().getPath(); } performSignature(writerInterceptorContext.getHeaders(), path, method); }
Example 11
Source File: WadlGenerator.java From cxf with Apache License 2.0 | 5 votes |
@Override public void filter(ContainerRequestContext context) { Message m = JAXRSUtils.getCurrentMessage(); if (m == null) { return; } doFilter(context, m); }
Example 12
Source File: MessageContextImpl.java From cxf with Apache License 2.0 | 5 votes |
private Message getCurrentMessage() { Message currentMessage = JAXRSUtils.getCurrentMessage(); if (currentMessage == null) { currentMessage = m; } return currentMessage; }
Example 13
Source File: Saml2BearerAuthHandler.java From cxf with Apache License 2.0 | 5 votes |
@Override public void filter(ContainerRequestContext context) { Message message = JAXRSUtils.getCurrentMessage(); Form form = readFormData(message); MultivaluedMap<String, String> formData = form.asMap(); String assertionType = formData.getFirst(Constants.CLIENT_AUTH_ASSERTION_TYPE); String decodedAssertionType = assertionType != null ? HttpUtils.urlDecode(assertionType) : null; if (decodedAssertionType == null || !Constants.CLIENT_AUTH_SAML2_BEARER.equals(decodedAssertionType)) { throw ExceptionUtils.toNotAuthorizedException(null, null); } String assertion = formData.getFirst(Constants.CLIENT_AUTH_ASSERTION_PARAM); Element token = readToken(message, assertion); String clientId = formData.getFirst(OAuthConstants.CLIENT_ID); validateToken(message, token, clientId); formData.remove(OAuthConstants.CLIENT_ID); formData.remove(Constants.CLIENT_AUTH_ASSERTION_PARAM); formData.remove(Constants.CLIENT_AUTH_ASSERTION_TYPE); // restore input stream try { FormUtils.restoreForm(provider, form, message); } catch (Exception ex) { throw ExceptionUtils.toNotAuthorizedException(null, null); } }
Example 14
Source File: SamlFormInHandler.java From cxf with Apache License 2.0 | 5 votes |
@Override public void filter(ContainerRequestContext context) { Message message = JAXRSUtils.getCurrentMessage(); Form form = readFormData(message); MultivaluedMap<String, String> formData = form.asMap(); String assertion = formData.getFirst(SAML_ELEMENT); handleToken(message, assertion); // redirect if needed String samlRequestURI = formData.getFirst(SAML_RELAY_STATE); if (samlRequestURI != null) { // RelayState may actually represent a reference to a transient local state // containing the actual REQUEST URI client was using before being redirected // back to IDP - at the moment assume it's URI UriInfoImpl ui = new UriInfoImpl(message); if (!samlRequestURI.startsWith(ui.getBaseUri().toString())) { context.abortWith(Response.status(302).location(URI.create(samlRequestURI)).build()); return; } } formData.remove(SAML_ELEMENT); formData.remove(SAML_RELAY_STATE); // restore input stream try { FormUtils.restoreForm(provider, form, message); } catch (Exception ex) { throwFault(ex.getMessage(), ex); } }
Example 15
Source File: OAuthUtils.java From cxf with Apache License 2.0 | 5 votes |
public static UserSubject createSubject(SecurityContext securityContext) { List<String> roleNames = Collections.emptyList(); if (securityContext instanceof LoginSecurityContext) { roleNames = ((LoginSecurityContext) securityContext).getUserRoles().stream().map(Principal::getName) .collect(toList()); } UserSubject subject = new UserSubject(securityContext.getUserPrincipal().getName(), roleNames); Message m = JAXRSUtils.getCurrentMessage(); if (m != null && m.get(AuthenticationMethod.class) != null) { subject.setAuthenticationMethod(m.get(AuthenticationMethod.class)); } return subject; }
Example 16
Source File: DOM4JProvider.java From cxf with Apache License 2.0 | 4 votes |
protected Message getCurrentMessage() { return JAXRSUtils.getCurrentMessage(); }
Example 17
Source File: ThreadLocalProviders.java From cxf with Apache License 2.0 | 4 votes |
private Providers getProvidersImpl() { Message m = JAXRSUtils.getCurrentMessage(); return m != null ? new ProvidersImpl(JAXRSUtils.getContextMessage(m)) : null; }
Example 18
Source File: JwtBearerAuthHandler.java From cxf with Apache License 2.0 | 4 votes |
@Override public void filter(ContainerRequestContext context) { Message message = JAXRSUtils.getCurrentMessage(); Form form = readFormData(message); MultivaluedMap<String, String> formData = form.asMap(); String assertionType = formData.getFirst(Constants.CLIENT_AUTH_ASSERTION_TYPE); String decodedAssertionType = assertionType != null ? HttpUtils.urlDecode(assertionType) : null; if (decodedAssertionType == null || !Constants.CLIENT_AUTH_JWT_BEARER.equals(decodedAssertionType)) { throw ExceptionUtils.toNotAuthorizedException(null, null); } String assertion = formData.getFirst(Constants.CLIENT_AUTH_ASSERTION_PARAM); if (assertion == null) { throw ExceptionUtils.toNotAuthorizedException(null, null); } String clientId = formData.getFirst(OAuthConstants.CLIENT_ID); Client client = null; if (clientId != null && clientProvider != null) { client = clientProvider.getClient(clientId); if (client == null) { throw ExceptionUtils.toNotAuthorizedException(null, null); } message.put(Client.class, client); } JwtToken token = super.getJwtToken(assertion, client); String subjectName = (String)token.getClaim(JwtConstants.CLAIM_SUBJECT); if (clientId != null && !clientId.equals(subjectName)) { throw ExceptionUtils.toNotAuthorizedException(null, null); } message.put(OAuthConstants.CLIENT_ID, subjectName); formData.remove(OAuthConstants.CLIENT_ID); formData.remove(Constants.CLIENT_AUTH_ASSERTION_PARAM); formData.remove(Constants.CLIENT_AUTH_ASSERTION_TYPE); SecurityContext securityContext = configureSecurityContext(token); if (securityContext != null) { JAXRSUtils.getCurrentMessage().put(SecurityContext.class, securityContext); } // restore input stream try { FormUtils.restoreForm(provider, form, message); } catch (Exception ex) { throw ExceptionUtils.toNotAuthorizedException(null, null); } }
Example 19
Source File: AuthorizationFilter.java From iaf with Apache License 2.0 | 4 votes |
@Override public void filter(ContainerRequestContext requestContext) throws IOException { if(requestContext.getMethod().equalsIgnoreCase("OPTIONS")) { //Preflight in here? return; } Message message = JAXRSUtils.getCurrentMessage(); Method method = (Method)message.get("org.apache.cxf.resource.method"); if(method == null) { log.error("Unable to fetch method from CXF Message"); requestContext.abortWith(SERVER_ERROR); } if(method.isAnnotationPresent(DenyAll.class)) { //Functionality has been disallowed. requestContext.abortWith(FORBIDDEN); return; } if(method.isAnnotationPresent(PermitAll.class)) { //No authorization required. return; } //Presume `PermitAll` when RolesAllowed annotation is not set if(method.isAnnotationPresent(RolesAllowed.class)) { SecurityContext securityContext = requestContext.getSecurityContext(); if(securityContext.getUserPrincipal() == null) { if(!login(requestContext)) { //Not logged in. Manually trying to authenticate the user requestContext.abortWith(UNAUTHORIZED); return; } else { System.out.println("manually logged in user [" + securityContext.getUserPrincipal().getName()+"]"); } } RolesAllowed rolesAnnotation = method.getAnnotation(RolesAllowed.class); Set<String> rolesSet = new HashSet<String>(Arrays.asList(rolesAnnotation.value())); System.out.println("Checking authentication for user ["+securityContext.getUserPrincipal().getName()+"] uri ["+method.getAnnotation(javax.ws.rs.Path.class).value()+"] roles " + rolesSet.toString()); //Verifying username and password if(!doAuth(securityContext, rolesSet)) { requestContext.abortWith(FORBIDDEN); return; } } }
Example 20
Source File: XmlSigInHandler.java From cxf with Apache License 2.0 | 3 votes |
@Override public void filter(ContainerRequestContext context) { Message message = JAXRSUtils.getCurrentMessage(); checkSignature(message); }