Untitled

package br.com.audilog.logpaper.jersey;

import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.inject.Singleton;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;

/**
 * This filter verify the access permissions for a user
 * based on username and passowrd provided in request
 * */
@Singleton
@Provider
public class AuthenticationFilter implements ContainerRequestFilter {

	@Context
    private ResourceInfo resourceInfo;

    private static final String AUTHORIZATION_PROPERTY = "Authorization";
    private static final String AUTHENTICATION_SCHEME = "Basic";
    private static final Response ACCESS_DENIED = Response.status(Response.Status.UNAUTHORIZED)
                                                        .entity("Usuário não tem permissão para acessar este recurso.").build();
    private static final Response ACCESS_FORBIDDEN = Response.status(Response.Status.FORBIDDEN)
                                                        .entity("Acesso bloqueado a todos os usuários.").build();

    /* (non-Javadoc)
     * @see javax.ws.rs.container.ContainerRequestFilter#filter(javax.ws.rs.container.ContainerRequestContext)
     */
    @Override
    public void filter(ContainerRequestContext requestContext)
    {

    	Method method = resourceInfo.getResourceMethod();

        /*
         * Verifica se o serviço tem acesso publico,
         * se tiver nao é necessario a validacao da senha.
         */
        if(!method.isAnnotationPresent(PermitAll.class))
        {
            /*
             * Verifica se o acesso esta negado para todos.
             * Se estiver retorna acesso bloqueado e para a validacao.
             */
            if(method.isAnnotationPresent(DenyAll.class))
            {
                requestContext.abortWith(ACCESS_FORBIDDEN);
                return;
            }

            //Recupera os dados do header da requisicao
            final MultivaluedMap<String, String> headers = requestContext.getHeaders();

            //Recupera a autorizacao do header da requisicao.
            final List<String> authorization = headers.get(AUTHORIZATION_PROPERTY);
            System.out.println("Authorization: " + authorization);

            /*
             * Se nao existir uma propriedade de autorizacao
             * bloqueia acesso ao servico.
             */
            if(authorization == null || authorization.isEmpty())
            {
                requestContext.abortWith(ACCESS_DENIED);
                return;
            }

            //Recupera o token de autorizacao Base64
//            final String encodedUserPassword = authorization.get(0).replaceFirst(AUTHENTICATION_SCHEME + " ", "");

            //Decodifica usuario e senha
//            String usernameAndPassword = new String(Base64.decode(encodedUserPassword.getBytes()));;

            //Recupera usuario e senha do token
//            final StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":");
//            final String username = tokenizer.nextToken();
//            final String password = tokenizer.nextToken();

            /*
             *  Verifica se o servico tem regras de acesso definidas.
             */
            if(method.isAnnotationPresent(RolesAllowed.class))
            {
                RolesAllowed rolesAnnotation = method.getAnnotation(RolesAllowed.class);
                Set<String> rolesSet = new HashSet<String>(Arrays.asList(rolesAnnotation.value()));

                /*
                 * Verifica se as informacoes de usuarios sao validas.
                 */
//                if(!isUserAllowed(username, password, rolesSet))
               	if(!isUserAllowed())
                {
                    requestContext.abortWith(ACCESS_DENIED);
                    return;
                }
            }
        }
    }

    /**
     * Verifica se as informacoes do usuario sao validas.
     *
     * @param username
     * @param password
     * @param rolesSet
     * @return
     */
//    private boolean isUserAllowed(final String username, final String password, final Set<String> rolesSet)
//    {
//        boolean isAllowed = false;
//
//        /*
//         * TODO Recuperar informacoes de usuario de senha da base de dados
//         * bem como politicas de acesso.
//         */
//        if(username.equals("1") && password.equals("c4ca4238a0b923820dcc509a6f75849b"))
//        {
//            String userRole = "ADMIN";
//
//            //Step 2. Verify user role
//            if(rolesSet.contains(userRole))
//            {
//                isAllowed = true;
//            }
//        }
//        return isAllowed;
//    }

    /**
     * Verifica se as informacoes do usuario sao validas.
     *
     * @param username
     * @param password
     * @param rolesSet
     * @return
     */
    private boolean isUserAllowed()
    {
    	return true;
    }

}