diff options
author | Roberto E. Escobar | 2014-03-25 19:59:18 +0000 |
---|---|---|
committer | Ryan D. Brooks | 2014-03-25 19:59:18 +0000 |
commit | 4ff5f9f7b0bca86f8b2d117f5ae6e72d63e5cdfb (patch) | |
tree | a4a65181beaa5114174afab819dc0b76fc7cf38a /plugins/org.eclipse.osee.rest.admin | |
parent | 43f4396514a1a41ba5a63ef2aafc995388fc093b (diff) | |
download | org.eclipse.osee-4ff5f9f7b0bca86f8b2d117f5ae6e72d63e5cdfb.tar.gz org.eclipse.osee-4ff5f9f7b0bca86f8b2d117f5ae6e72d63e5cdfb.tar.xz org.eclipse.osee-4ff5f9f7b0bca86f8b2d117f5ae6e72d63e5cdfb.zip |
feature[ats_0JVGP]: Add REST NoSecurityFilter annotation
Add support for an annotation to mark resources
that should not be processed by the REST
security filter.
Change-Id: Iabb695ee4aa8e8b05b38fe99b56d7777b37dee89
Diffstat (limited to 'plugins/org.eclipse.osee.rest.admin')
2 files changed, 25 insertions, 17 deletions
diff --git a/plugins/org.eclipse.osee.rest.admin/src/org/eclipse/osee/rest/admin/internal/RestComponentFactory.java b/plugins/org.eclipse.osee.rest.admin/src/org/eclipse/osee/rest/admin/internal/RestComponentFactory.java index 22b6943fa9b..e0676feb3b4 100644 --- a/plugins/org.eclipse.osee.rest.admin/src/org/eclipse/osee/rest/admin/internal/RestComponentFactory.java +++ b/plugins/org.eclipse.osee.rest.admin/src/org/eclipse/osee/rest/admin/internal/RestComponentFactory.java @@ -21,7 +21,6 @@ import org.eclipse.osee.rest.admin.internal.resources.ApplicationsResource; import org.osgi.framework.Bundle; import com.sun.jersey.api.core.DefaultResourceConfig; import com.sun.jersey.api.core.ResourceConfig; -import com.sun.jersey.spi.container.ContainerRequestFilter; import com.sun.jersey.spi.container.ResourceFilterFactory; import com.sun.jersey.spi.container.servlet.ServletContainer; @@ -33,7 +32,6 @@ public class RestComponentFactory { private final SecurityContextFilter securityContextFilter; private List<Object> defaultSingletonResources; - private List<ContainerRequestFilter> containerRequestFilters; public RestComponentFactory(Log logger, SecurityContextFilter securityContextFilter) { super(); @@ -41,15 +39,8 @@ public class RestComponentFactory { this.securityContextFilter = securityContextFilter; } - public List<ContainerRequestFilter> getRequestFilters() { - if (containerRequestFilters == null) { - containerRequestFilters = Collections.<ContainerRequestFilter> singletonList(securityContextFilter); - } - return containerRequestFilters; - } - public List<ResourceFilterFactory> getResourceFilterFactories() { - SecureResourceFilterFactory filterFactory = new SecureResourceFilterFactory(securityContextFilter); + SecureResourceFilterFactory filterFactory = new SecureResourceFilterFactory(logger, securityContextFilter); return Collections.<ResourceFilterFactory> singletonList(filterFactory); } @@ -70,7 +61,6 @@ public class RestComponentFactory { Map<String, Bundle> bundleMap = new ConcurrentHashMap<String, Bundle>(); ObjectProvider<Iterable<Bundle>> provider = newBundleProvider(bundleMap); - config.getProperties().put(ResourceConfig.PROPERTY_CONTAINER_REQUEST_FILTERS, getRequestFilters()); config.getProperties().put(ResourceConfig.PROPERTY_RESOURCE_FILTER_FACTORIES, getResourceFilterFactories()); BundleHttpContext bundleContext = new BundleHttpContext(provider); diff --git a/plugins/org.eclipse.osee.rest.admin/src/org/eclipse/osee/rest/admin/internal/filters/SecureResourceFilterFactory.java b/plugins/org.eclipse.osee.rest.admin/src/org/eclipse/osee/rest/admin/internal/filters/SecureResourceFilterFactory.java index d74c31bea6f..95331a2d68a 100644 --- a/plugins/org.eclipse.osee.rest.admin/src/org/eclipse/osee/rest/admin/internal/filters/SecureResourceFilterFactory.java +++ b/plugins/org.eclipse.osee.rest.admin/src/org/eclipse/osee/rest/admin/internal/filters/SecureResourceFilterFactory.java @@ -12,6 +12,8 @@ package org.eclipse.osee.rest.admin.internal.filters; import java.util.ArrayList; import java.util.List; +import org.eclipse.osee.logger.Log; +import org.eclipse.osee.rest.model.NoSecurityFilter; import com.sun.jersey.api.container.filter.servlet.RolesAllowedResourceFilterFactory; import com.sun.jersey.api.model.AbstractMethod; import com.sun.jersey.spi.container.ResourceFilter; @@ -23,21 +25,37 @@ import com.sun.jersey.spi.container.ResourceFilter; */ public class SecureResourceFilterFactory extends RolesAllowedResourceFilterFactory { + private static final String SECURE = "SECURE"; + private static final String INSECURE = "SKIPPED"; + + private final Log logger; private final SecurityContextFilter securityContextFilter; - public SecureResourceFilterFactory(SecurityContextFilter securityContextFilter) { + public SecureResourceFilterFactory(Log logger, SecurityContextFilter securityContextFilter) { super(); + this.logger = logger; this.securityContextFilter = securityContextFilter; } @Override public List<ResourceFilter> create(AbstractMethod am) { - List<ResourceFilter> filters = super.create(am); - if (filters == null) { - filters = new ArrayList<ResourceFilter>(); + List<ResourceFilter> securityFilters = super.create(am); + if (securityFilters == null) { + securityFilters = new ArrayList<ResourceFilter>(); + } else { + securityFilters = new ArrayList<ResourceFilter>(securityFilters); + } + + boolean secure = isSecured(am); + if (secure) { + securityFilters.add(0, securityContextFilter); } - List<ResourceFilter> securityFilters = new ArrayList<ResourceFilter>(filters); - securityFilters.add(0, securityContextFilter); + logger.info("REST Security Filter: [%s] [%s]", secure ? SECURE : INSECURE, am); return securityFilters; } + + private boolean isSecured(AbstractMethod am) { + return !am.isAnnotationPresent(NoSecurityFilter.class) && // + !am.getResource().isAnnotationPresent(NoSecurityFilter.class); + } }
\ No newline at end of file |