Java Code Examples for javax.ws.rs.core.SecurityContext#isSecure()

The following examples show how to use javax.ws.rs.core.SecurityContext#isSecure() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: OAuthFilter.java    From trellis with Apache License 2.0 5 votes vote down vote up
@Override
public void filter(final ContainerRequestContext requestContext) {

    final SecurityContext securityContext = requestContext.getSecurityContext();
    final boolean secure = securityContext != null && securityContext.isSecure();

    final String token = getOAuthToken(requestContext);
    if (token != null) {
        final Principal principal = authenticate(token);
        if (principal == null) throw new NotAuthorizedException(challenge);
        requestContext.setSecurityContext(new OAuthSecurityContext(principal, admins, secure));
    }
}
 
Example 2
Source File: SecurityCatalogResource.java    From streamline with Apache License 2.0 5 votes vote down vote up
@POST
@Path("/users/current/logout")
@Timed
public Response logoutCurrentUser(@Context UriInfo uriInfo,
                                  @Context SecurityContext securityContext) throws Exception {
    User currentUser = getCurrentUser(securityContext);
    // Set-Cookie	hadoop.auth=deleted;Version=1;Path=/;Max-Age=0;HttpOnly;Expires=Thu, 01 Jan 1970 00:00:00 GMT
    Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, "deleted", "/", null);
    NewCookie newCookie = new NewCookie(cookie, null, 0, new Date(0), securityContext.isSecure(), true);
    return Response.status(OK)
            .entity(currentUser)
            .cookie(newCookie)
            .build();
}
 
Example 3
Source File: AccessTokenValidatorService.java    From cxf with Apache License 2.0 5 votes vote down vote up
private void checkSecurityContext() {
    SecurityContext sc = getMessageContext().getSecurityContext();
    if (!sc.isSecure() && blockUnsecureRequests) {
        LOG.warning("Unsecure HTTP, Transport Layer Security is recommended");
        AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
    }
    if (sc.getUserPrincipal() == null && blockUnauthorizedRequests) {
        //TODO: check client certificates
        LOG.warning("Authenticated Principal is not available");
        AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
    }

}
 
Example 4
Source File: TokenIntrospectionService.java    From cxf with Apache License 2.0 5 votes vote down vote up
private void checkSecurityContext() {
    SecurityContext sc = mc.getSecurityContext();
    if (!sc.isSecure() && blockUnsecureRequests) {
        LOG.warning("Unsecure HTTP, Transport Layer Security is recommended");
        ExceptionUtils.toNotAuthorizedException(null,  null);
    }
    if (sc.getUserPrincipal() == null && blockUnauthorizedRequests) {
        LOG.warning("Authenticated Principal is not available");
        ExceptionUtils.toNotAuthorizedException(null, null);
    }

}
 
Example 5
Source File: JaxrsBearerTokenFilterImpl.java    From keycloak with Apache License 2.0 5 votes vote down vote up
protected void propagateSecurityContext(JaxrsHttpFacade facade, ContainerRequestContext request, KeycloakDeployment resolvedDeployment, BearerTokenRequestAuthenticator bearer) {
    RefreshableKeycloakSecurityContext skSession = new RefreshableKeycloakSecurityContext(resolvedDeployment, null, bearer.getTokenString(), bearer.getToken(), null, null, null);

    // Not needed to do resteasy specifics as KeycloakSecurityContext can be always retrieved from SecurityContext by typecast SecurityContext.getUserPrincipal to KeycloakPrincipal
    // ResteasyProviderFactory.pushContext(KeycloakSecurityContext.class, skSession);

    facade.setSecurityContext(skSession);
    String principalName = AdapterUtils.getPrincipalName(resolvedDeployment, bearer.getToken());
    final KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = new KeycloakPrincipal<RefreshableKeycloakSecurityContext>(principalName, skSession);
    SecurityContext anonymousSecurityContext = getRequestSecurityContext(request);
    final boolean isSecure = anonymousSecurityContext.isSecure();
    final Set<String> roles = AdapterUtils.getRolesFromSecurityContext(skSession);

    SecurityContext ctx = new SecurityContext() {
        @Override
        public Principal getUserPrincipal() {
            return principal;
        }

        @Override
        public boolean isUserInRole(String role) {
            return roles.contains(role);
        }

        @Override
        public boolean isSecure() {
            return isSecure;
        }

        @Override
        public String getAuthenticationScheme() {
            return "OAUTH_BEARER";
        }
    };
    request.setSecurityContext(ctx);
}
 
Example 6
Source File: JsonWebTokenAuthFilter.java    From jobson with Apache License 2.0 4 votes vote down vote up
private static boolean isRequestSecure(ContainerRequestContext request) {
    final SecurityContext securityContext = request.getSecurityContext();

    return securityContext != null && securityContext.isSecure();
}
 
Example 7
Source File: NetworkSecurityContextFilter.java    From openscoring with GNU Affero General Public License v3.0 4 votes vote down vote up
@Override
public void filter(ContainerRequestContext requestContext){
	HttpServletRequest request = getRequest();

	SecurityContext requestSecurityContext = requestContext.getSecurityContext();

	SecurityContext securityContext = new SecurityContext(){

		@Override
		public Principal getUserPrincipal(){
			return Anonymous.INSTANCE;
		}

		@Override
		public boolean isUserInRole(String role){
			String address = getAddress();

			Set<String> roleAddresses;

			switch(role){
				case Roles.USER:
					roleAddresses = getUserAddresses();
					break;
				case Roles.ADMIN:
					roleAddresses = getAdminAddresses();
					break;
				default:
					return false;
			}

			return (roleAddresses).contains(address) || (roleAddresses).contains("*");
		}

		@Override
		public boolean isSecure(){
			return requestSecurityContext != null && requestSecurityContext.isSecure();
		}

		@Override
		public String getAuthenticationScheme(){
			return "REMOTE_ADDR";
		}

		private String getAddress(){

			if(request == null){
				return null;
			}

			return request.getRemoteAddr();
		}
	};

	requestContext.setSecurityContext(securityContext);
}
 
Example 8
Source File: TokenSecurityContextFilter.java    From openscoring with GNU Affero General Public License v3.0 4 votes vote down vote up
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
	SecurityContext requestSecurityContext = requestContext.getSecurityContext();

	SecurityContext securityContext = new SecurityContext(){

		@Override
		public Principal getUserPrincipal(){
			return Anonymous.INSTANCE;
		}

		@Override
		public boolean isUserInRole(String role){
			String token = getToken();

			String roleToken;

			switch(role){
				case Roles.USER:
					roleToken = getUserToken();
					break;
				case Roles.ADMIN:
					roleToken = getAdminToken();
					break;
				default:
					return false;
			}

			return (roleToken).equals(token) || (roleToken).equals("");
		}

		@Override
		public boolean isSecure(){
			return requestSecurityContext != null && requestSecurityContext.isSecure();
		}

		@Override
		public String getAuthenticationScheme(){
			return "TOKEN";
		}

		private String getToken(){
			Map<String, Cookie> cookies = requestContext.getCookies();
			MultivaluedMap<String, String> headers = requestContext.getHeaders();

			Cookie tokenCookie = cookies.get("token");
			if(tokenCookie != null){
				return tokenCookie.getValue();
			}

			String authorizationHeader = headers.getFirst(HttpHeaders.AUTHORIZATION);
			if(authorizationHeader != null && authorizationHeader.startsWith("Bearer ")){
				return authorizationHeader.substring("Bearer ".length());
			}

			return null;
		}
	};

	requestContext.setSecurityContext(securityContext);
}