API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 28th, 2016
58
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.02 KB | None | 0 0
raw download clone embed print report
  1. package com.irgen.rest;
  2.  
  3. import java.io.IOException;
  4. import java.lang.reflect.Method;
  5. import java.util.Arrays;
  6. import java.util.HashSet;
  7. import java.util.List;
  8. import java.util.Set;
  9. import java.util.StringTokenizer;
  10.  
  11. import javax.annotation.security.DenyAll;
  12. import javax.annotation.security.PermitAll;
  13. import javax.annotation.security.RolesAllowed;
  14. import javax.ws.rs.container.ContainerRequestContext;
  15. import javax.ws.rs.container.ContainerRequestFilter;
  16. import javax.ws.rs.container.ResourceInfo;
  17. import javax.ws.rs.core.Context;
  18. import javax.ws.rs.core.MultivaluedMap;
  19. import javax.ws.rs.core.Response;
  20. import javax.ws.rs.ext.Provider;
  21.  
  22. import org.glassfish.jersey.internal.util.Base64;
  23.  
  24. @Provider
  25. public class BasicAuthenticationFilter implements ContainerRequestFilter {
  26.  
  27. @Context
  28. private ResourceInfo resourceInfo;
  29.  
  30. private static final String AUTHORIZATION_PROPERTY = "Authorization";
  31. private static final String AUTHENTICATION_SCHEME = "Basic";
  32. private static final Response ACCESS_DENIED = Response.status(Response.Status.UNAUTHORIZED)
  33. .entity("Nie masz dostępu do żądanego zasobu!").build();
  34. private static final Response ACCESS_FORBIDDEN = Response.status(Response.Status.FORBIDDEN)
  35. .entity("Dostęp zablokowany!").build();
  36.  
  37. @Override
  38. public void filter(ContainerRequestContext requestContext) throws IOException {
  39. Method method = resourceInfo.getResourceMethod();
  40. if (!method.isAnnotationPresent(PermitAll.class)) {
  41. if (method.isAnnotationPresent(DenyAll.class)) {
  42. requestContext.abortWith(ACCESS_FORBIDDEN);
  43. return;
  44. }
  45.  
  46. final MultivaluedMap<String, String> headers = requestContext.getHeaders();
  47. final List<String> authorization = headers.get(AUTHORIZATION_PROPERTY);
  48. if (authorization == null || authorization.isEmpty()) {
  49. requestContext.abortWith(ACCESS_DENIED);
  50. return;
  51. }
  52.  
  53. final String encodedUserPassword = authorization.get(0).replaceFirst(AUTHENTICATION_SCHEME + " ", "");
  54. String usernameAndPassword = new String(Base64.decode(encodedUserPassword.getBytes()));
  55.  
  56. final StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":");
  57. final String username = tokenizer.nextToken();
  58. final String password = tokenizer.nextToken();
  59.  
  60. System.out.println("Username:" + username);
  61. System.out.println("Password:" + password);
  62.  
  63. if (method.isAnnotationPresent(RolesAllowed.class)) {
  64. RolesAllowed rolesAnnotation = method.getAnnotation(RolesAllowed.class);
  65. Set<String> rolesSet = new HashSet<String>(Arrays.asList(rolesAnnotation.value()));
  66.  
  67. if (!isUserAllowed(username, password, rolesSet)) {
  68. requestContext.abortWith(ACCESS_DENIED);
  69. return;
  70. }
  71. }
  72. }
  73. }
  74.  
  75. private boolean isUserAllowed(final String username, final String password, final Set<String> rolesSet) {
  76. boolean isAllowed = false;
  77. if (username.equals("karol") && password.equals("karol1")) {
  78. String userRole = "ADMIN";
  79. if (rolesSet.contains(userRole)) {
  80. isAllowed = true;
  81. }
  82. }
  83. return isAllowed;
  84. }
  85.  
  86. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!