Java tutorial
/* * CEAMSO-USAID * Copyright (C) 2014 Governance and Democracy Program * ---------------------------------------------------------------------------- * This file is part of TICPY Framework. * * TICPY Framework is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License version 3 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License version 3 * along with this program; if not, see <http://www.gnu.org/licenses/> * or write to the Free Software Foundation, Inc., 51 Franklin Street, * Fifth Floor, Boston, MA 02110-1301, USA. * ---------------------------------------------------------------------------- * Este archivo es parte del Framework TICPY. * * El TICPY Framework es software libre; Usted puede redistribuirlo y/o * modificarlo bajo los trminos de la GNU Lesser General Public Licence versin 3 * de la Free Software Foundation. * * Este programa es distribuido con la esperanza que sea de utilidad, * pero sin NINGUNA GARANT?A; sin una garanta implcita de ADECUACION a cualquier * MERCADO o APLICACION EN PARTICULAR. vea la GNU General Public Licence * ms detalles. * * Usted deber haber recibido una copia de la GNU Lesser General Public Licence versin 3 * "LICENCA.txt", junto con este programa; en caso que no, acceda a <http://www.gnu.org/licenses/> * o escriba a la Free Software Foundation (FSF) Inc., * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA. */ package ${package}.security; import java.io.IOException; import java.lang.reflect.Method; import java.util.Arrays; import java.util.HashSet; import java.util.List; import java.util.Set; import java.util.StringTokenizer; import org.apache.shiro.SecurityUtils; import org.apache.shiro.subject.Subject; import org.apache.shiro.authc.UsernamePasswordToken; import javax.annotation.security.DenyAll; import javax.annotation.security.PermitAll; import javax.annotation.security.RolesAllowed; import javax.ws.rs.container.ContainerRequestContext; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.ext.Provider; import org.jboss.resteasy.core.Headers; import org.jboss.resteasy.core.ResourceMethodInvoker; import org.jboss.resteasy.core.ServerResponse; import org.jboss.resteasy.util.Base64; import java.io.Serializable; import java.lang.annotation.Annotation; import java.lang.reflect.Method; import java.util.Arrays; import javax.interceptor.AroundInvoke; import javax.interceptor.Interceptor; import javax.interceptor.InvocationContext; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authz.AuthorizationException; import org.apache.shiro.authz.UnauthenticatedException; import org.apache.shiro.authz.annotation.RequiresAuthentication; import org.apache.shiro.authz.annotation.RequiresGuest; import org.apache.shiro.authz.annotation.RequiresPermissions; import org.apache.shiro.authz.annotation.RequiresRoles; import org.apache.shiro.authz.annotation.RequiresUser; import org.apache.shiro.subject.Subject; @Provider public class SecurityInterceptor implements javax.ws.rs.container.ContainerRequestFilter { private static final String AUTHORIZATION_PROPERTY = "Authorization"; private static final String AUTHENTICATION_SCHEME = "Basic"; private static final ServerResponse ACCESS_DENIED = new ServerResponse("Access denied for this resource", 401, new Headers<Object>());; private static final ServerResponse ACCESS_FORBIDDEN = new ServerResponse("Nobody can access this resource", 403, new Headers<Object>());; private static final ServerResponse SERVER_ERROR = new ServerResponse("INTERNAL SERVER ERROR", 500, new Headers<Object>());; @Override public void filter(ContainerRequestContext requestContext) { ResourceMethodInvoker methodInvoker = (ResourceMethodInvoker) requestContext .getProperty("org.jboss.resteasy.core.ResourceMethodInvoker"); Method method = methodInvoker.getMethod(); Subject subject = SecurityUtils.getSubject(); if (!subject.isAuthenticated() && method.isAnnotationPresent(RequiresAuthentication.class)) { //throw new UnauthenticatedException("Authentication required"); requestContext.abortWith(ACCESS_DENIED); } if (subject.getPrincipal() != null && method.isAnnotationPresent(RequiresGuest.class)) { //throw new UnauthenticatedException("Guest required"); requestContext.abortWith(ACCESS_DENIED); } if (subject.getPrincipal() == null && method.isAnnotationPresent(RequiresUser.class)) { // throw new UnauthenticatedException("User required"); requestContext.abortWith(ACCESS_DENIED); } RequiresRoles roles = method.getAnnotation(RequiresRoles.class); if (roles != null) { subject.checkRoles(Arrays.asList(roles.value())); } RequiresPermissions permissions = method.getAnnotation(RequiresPermissions.class); if (permissions != null) { try { subject.checkPermissions(permissions.value()); } catch (AuthorizationException e) { //e.printStackTrace(); //requestContext.abortWith(SERVER_ERROR); requestContext.abortWith(ACCESS_DENIED); return; } } } }