redback/core/3.0.0-SNAPSHOT/apidocs/src-html/org/apache/archiva/redback/rest/services/interceptors/AbstractInterceptor.html - archiva-web-content - Git at Google

 <!DOCTYPE HTML>
 <html lang="en">
 <head>
 <title>Source code</title>
 <link rel="stylesheet" type="text/css" href="../../../../../../../../stylesheet.css" title="Style">
 </head>
 <body>
 <main role="main">
 <div class="sourceContainer">
 <pre><span class="sourceLineNo">001</span><a id="line.1">package org.apache.archiva.redback.rest.services.interceptors;</a>
 <span class="sourceLineNo">002</span><a id="line.2"></a>
 <span class="sourceLineNo">003</span><a id="line.3">/*</a>
 <span class="sourceLineNo">004</span><a id="line.4"> * Licensed to the Apache Software Foundation (ASF) under one</a>
 <span class="sourceLineNo">005</span><a id="line.5"> * or more contributor license agreements.  See the NOTICE file</a>
 <span class="sourceLineNo">006</span><a id="line.6"> * distributed with this work for additional information</a>
 <span class="sourceLineNo">007</span><a id="line.7"> * regarding copyright ownership.  The ASF licenses this file</a>
 <span class="sourceLineNo">008</span><a id="line.8"> * to you under the Apache License, Version 2.0 (the</a>
 <span class="sourceLineNo">009</span><a id="line.9"> * "License"); you may not use this file except in compliance</a>
 <span class="sourceLineNo">010</span><a id="line.10"> * with the License.  You may obtain a copy of the License at</a>
 <span class="sourceLineNo">011</span><a id="line.11"> *</a>
 <span class="sourceLineNo">012</span><a id="line.12"> * http://www.apache.org/licenses/LICENSE-2.0</a>
 <span class="sourceLineNo">013</span><a id="line.13"> *</a>
 <span class="sourceLineNo">014</span><a id="line.14"> * Unless required by applicable law or agreed to in writing,</a>
 <span class="sourceLineNo">015</span><a id="line.15"> * software distributed under the License is distributed on an</a>
 <span class="sourceLineNo">016</span><a id="line.16"> * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY</a>
 <span class="sourceLineNo">017</span><a id="line.17"> * KIND, either express or implied.  See the License for the</a>
 <span class="sourceLineNo">018</span><a id="line.18"> * specific language governing permissions and limitations</a>
 <span class="sourceLineNo">019</span><a id="line.19"> * under the License.</a>
 <span class="sourceLineNo">020</span><a id="line.20"> */</a>
 <span class="sourceLineNo">021</span><a id="line.21"></a>
 <span class="sourceLineNo">022</span><a id="line.22">import org.apache.archiva.redback.authentication.AuthenticationException;</a>
 <span class="sourceLineNo">023</span><a id="line.23">import org.apache.archiva.redback.authentication.AuthenticationResult;</a>
 <span class="sourceLineNo">024</span><a id="line.24">import org.apache.archiva.redback.authorization.RedbackAuthorization;</a>
 <span class="sourceLineNo">025</span><a id="line.25">import org.apache.archiva.redback.integration.filter.authentication.HttpAuthenticator;</a>
 <span class="sourceLineNo">026</span><a id="line.26">import org.apache.archiva.redback.policy.AccountLockedException;</a>
 <span class="sourceLineNo">027</span><a id="line.27">import org.apache.archiva.redback.policy.MustChangePasswordException;</a>
 <span class="sourceLineNo">028</span><a id="line.28">import org.apache.archiva.redback.rest.services.RedbackAuthenticationThreadLocal;</a>
 <span class="sourceLineNo">029</span><a id="line.29">import org.apache.archiva.redback.rest.services.RedbackRequestInformation;</a>
 <span class="sourceLineNo">030</span><a id="line.30">import org.apache.archiva.redback.system.SecuritySession;</a>
 <span class="sourceLineNo">031</span><a id="line.31">import org.slf4j.Logger;</a>
 <span class="sourceLineNo">032</span><a id="line.32">import org.slf4j.LoggerFactory;</a>
 <span class="sourceLineNo">033</span><a id="line.33">import org.springframework.core.annotation.AnnotationUtils;</a>
 <span class="sourceLineNo">034</span><a id="line.34"></a>
 <span class="sourceLineNo">035</span><a id="line.35">import javax.servlet.http.HttpServletRequest;</a>
 <span class="sourceLineNo">036</span><a id="line.36">import javax.servlet.http.HttpServletResponse;</a>
 <span class="sourceLineNo">037</span><a id="line.37">import javax.ws.rs.container.ContainerRequestContext;</a>
 <span class="sourceLineNo">038</span><a id="line.38">import javax.ws.rs.container.ResourceInfo;</a>
 <span class="sourceLineNo">039</span><a id="line.39">import javax.ws.rs.core.Context;</a>
 <span class="sourceLineNo">040</span><a id="line.40">import java.lang.reflect.Method;</a>
 <span class="sourceLineNo">041</span><a id="line.41">import java.util.HashMap;</a>
 <span class="sourceLineNo">042</span><a id="line.42">import java.util.Map;</a>
 <span class="sourceLineNo">043</span><a id="line.43"></a>
 <span class="sourceLineNo">044</span><a id="line.44">/**</a>
 <span class="sourceLineNo">045</span><a id="line.45"> * @author Olivier Lamy</a>
 <span class="sourceLineNo">046</span><a id="line.46"> * @since 1.3</a>
 <span class="sourceLineNo">047</span><a id="line.47"> */</a>
 <span class="sourceLineNo">048</span><a id="line.48">public abstract class AbstractInterceptor</a>
 <span class="sourceLineNo">049</span><a id="line.49">{</a>
 <span class="sourceLineNo">050</span><a id="line.50"></a>
 <span class="sourceLineNo">051</span><a id="line.51">    private static final Logger log = LoggerFactory.getLogger( AbstractInterceptor.class );</a>
 <span class="sourceLineNo">052</span><a id="line.52"></a>
 <span class="sourceLineNo">053</span><a id="line.53">    private static final String API_DOCS = "api-docs";</a>
 <span class="sourceLineNo">054</span><a id="line.54">    private static final String OPENAPI_JSON = "openapi.json";</a>
 <span class="sourceLineNo">055</span><a id="line.55">    private static final String API_DOCS1 = "api-docs/";</a>
 <span class="sourceLineNo">056</span><a id="line.56"></a>
 <span class="sourceLineNo">057</span><a id="line.57">    private Map&lt;Method, RedbackAuthorization&gt; authorizationCache = new HashMap&lt;&gt;( );</a>
 <span class="sourceLineNo">058</span><a id="line.58"></a>
 <span class="sourceLineNo">059</span><a id="line.59">    public static final String AUTHENTICATION_RESULT = "org.apache.archiva.authResult";</a>
 <span class="sourceLineNo">060</span><a id="line.60">    public static final String SECURITY_SESSION = "org.apache.archiva.securitySession";</a>
 <span class="sourceLineNo">061</span><a id="line.61"></a>
 <span class="sourceLineNo">062</span><a id="line.62">    @Context</a>
 <span class="sourceLineNo">063</span><a id="line.63">    private HttpServletRequest httpServletRequest;</a>
 <span class="sourceLineNo">064</span><a id="line.64"></a>
 <span class="sourceLineNo">065</span><a id="line.65">    @Context</a>
 <span class="sourceLineNo">066</span><a id="line.66">    private HttpServletResponse httpServletResponse;</a>
 <span class="sourceLineNo">067</span><a id="line.67"></a>
 <span class="sourceLineNo">068</span><a id="line.68">    public HttpServletRequest getHttpServletRequest( )</a>
 <span class="sourceLineNo">069</span><a id="line.69">    {</a>
 <span class="sourceLineNo">070</span><a id="line.70">        return httpServletRequest;</a>
 <span class="sourceLineNo">071</span><a id="line.71">    }</a>
 <span class="sourceLineNo">072</span><a id="line.72"></a>
 <span class="sourceLineNo">073</span><a id="line.73">    public HttpServletResponse getHttpServletResponse( )</a>
 <span class="sourceLineNo">074</span><a id="line.74">    {</a>
 <span class="sourceLineNo">075</span><a id="line.75">        return httpServletResponse;</a>
 <span class="sourceLineNo">076</span><a id="line.76">    }</a>
 <span class="sourceLineNo">077</span><a id="line.77"></a>
 <span class="sourceLineNo">078</span><a id="line.78">    protected void setHttpServletRequest(HttpServletRequest request) {</a>
 <span class="sourceLineNo">079</span><a id="line.79">        this.httpServletRequest = request;</a>
 <span class="sourceLineNo">080</span><a id="line.80">    }</a>
 <span class="sourceLineNo">081</span><a id="line.81"></a>
 <span class="sourceLineNo">082</span><a id="line.82">    protected void setHttpServletResponse(HttpServletResponse response) {</a>
 <span class="sourceLineNo">083</span><a id="line.83">        this.httpServletResponse = response;</a>
 <span class="sourceLineNo">084</span><a id="line.84">    }</a>
 <span class="sourceLineNo">085</span><a id="line.85"></a>
 <span class="sourceLineNo">086</span><a id="line.86"></a>
 <span class="sourceLineNo">087</span><a id="line.87">    public static final boolean ignoreAuth(final String requestPath) {</a>
 <span class="sourceLineNo">088</span><a id="line.88">        final int len = requestPath.length( );</a>
 <span class="sourceLineNo">089</span><a id="line.89">        return len &gt;= 8 &amp;&amp; ( ( len == 12 &amp;&amp; OPENAPI_JSON.equals( requestPath ) ) ||</a>
 <span class="sourceLineNo">090</span><a id="line.90">            ( requestPath.startsWith( API_DOCS ) &amp;&amp; ( len == 8 || requestPath.startsWith( API_DOCS1 ) ) ) );</a>
 <span class="sourceLineNo">091</span><a id="line.91">    }</a>
 <span class="sourceLineNo">092</span><a id="line.92"></a>
 <span class="sourceLineNo">093</span><a id="line.93">    public RedbackAuthorization getRedbackAuthorization( ResourceInfo resourceInfo ) {</a>
 <span class="sourceLineNo">094</span><a id="line.94">        Method method = resourceInfo.getResourceMethod( );</a>
 <span class="sourceLineNo">095</span><a id="line.95">        RedbackAuthorization redbackAuthorization = getAuthorizationForMethod( method );</a>
 <span class="sourceLineNo">096</span><a id="line.96">        log.debug( "resourceClass {}, method {}, redbackAuthorization {}", //</a>
 <span class="sourceLineNo">097</span><a id="line.97">                resourceInfo.getResourceClass( ), //</a>
 <span class="sourceLineNo">098</span><a id="line.98">                method, //</a>
 <span class="sourceLineNo">099</span><a id="line.99">                redbackAuthorization );</a>
 <span class="sourceLineNo">100</span><a id="line.100">        return redbackAuthorization;</a>
 <span class="sourceLineNo">101</span><a id="line.101">    }</a>
 <span class="sourceLineNo">102</span><a id="line.102"></a>
 <span class="sourceLineNo">103</span><a id="line.103">    private RedbackAuthorization getAuthorizationForMethod(Method method) {</a>
 <span class="sourceLineNo">104</span><a id="line.104">        if (authorizationCache.containsKey( method )) {</a>
 <span class="sourceLineNo">105</span><a id="line.105">            return authorizationCache.get( method );</a>
 <span class="sourceLineNo">106</span><a id="line.106">        } else {</a>
 <span class="sourceLineNo">107</span><a id="line.107">            RedbackAuthorization authorization = AnnotationUtils.findAnnotation( method, RedbackAuthorization.class );</a>
 <span class="sourceLineNo">108</span><a id="line.108">            authorizationCache.put( method, authorization );</a>
 <span class="sourceLineNo">109</span><a id="line.109">            return authorization;</a>
 <span class="sourceLineNo">110</span><a id="line.110">        }</a>
 <span class="sourceLineNo">111</span><a id="line.111">    }</a>
 <span class="sourceLineNo">112</span><a id="line.112"></a>
 <span class="sourceLineNo">113</span><a id="line.113">    protected SecuritySession getSecuritySession(ContainerRequestContext containerRequestContext, HttpAuthenticator httpAuthenticator,</a>
 <span class="sourceLineNo">114</span><a id="line.114">    HttpServletRequest request) {</a>
 <span class="sourceLineNo">115</span><a id="line.115">        if ( containerRequestContext.getProperty( SECURITY_SESSION ) != null ) {</a>
 <span class="sourceLineNo">116</span><a id="line.116">            return (SecuritySession) containerRequestContext.getProperty( SECURITY_SESSION );</a>
 <span class="sourceLineNo">117</span><a id="line.117">        }</a>
 <span class="sourceLineNo">118</span><a id="line.118">        RedbackRequestInformation info = RedbackAuthenticationThreadLocal.get( );</a>
 <span class="sourceLineNo">119</span><a id="line.119">        SecuritySession securitySession = info == null ? null : info.getSecuritySession( );</a>
 <span class="sourceLineNo">120</span><a id="line.120">        if  (securitySession!=null) {</a>
 <span class="sourceLineNo">121</span><a id="line.121">            return securitySession;</a>
 <span class="sourceLineNo">122</span><a id="line.122">        } else</a>
 <span class="sourceLineNo">123</span><a id="line.123">        {</a>
 <span class="sourceLineNo">124</span><a id="line.124">            return httpAuthenticator.getSecuritySession( request.getSession( true ) );</a>
 <span class="sourceLineNo">125</span><a id="line.125">        }</a>
 <span class="sourceLineNo">126</span><a id="line.126">    }</a>
 <span class="sourceLineNo">127</span><a id="line.127"></a>
 <span class="sourceLineNo">128</span><a id="line.128">    protected AuthenticationResult getAuthenticationResult( ContainerRequestContext containerRequestContext, HttpAuthenticator httpAuthenticator, HttpServletRequest request )</a>
 <span class="sourceLineNo">129</span><a id="line.129">    {</a>
 <span class="sourceLineNo">130</span><a id="line.130">        AuthenticationResult authenticationResult = null;</a>
 <span class="sourceLineNo">131</span><a id="line.131"></a>
 <span class="sourceLineNo">132</span><a id="line.132">        if ( containerRequestContext.getProperty( AUTHENTICATION_RESULT ) == null )</a>
 <span class="sourceLineNo">133</span><a id="line.133">        {</a>
 <span class="sourceLineNo">134</span><a id="line.134">            try</a>
 <span class="sourceLineNo">135</span><a id="line.135">            {</a>
 <span class="sourceLineNo">136</span><a id="line.136">                authenticationResult =</a>
 <span class="sourceLineNo">137</span><a id="line.137">                    httpAuthenticator.getAuthenticationResult( request, getHttpServletResponse( ) );</a>
 <span class="sourceLineNo">138</span><a id="line.138"></a>
 <span class="sourceLineNo">139</span><a id="line.139">                if (authenticationResult!=null) {</a>
 <span class="sourceLineNo">140</span><a id="line.140">                    containerRequestContext.setProperty( AUTHENTICATION_RESULT, authenticationResult );</a>
 <span class="sourceLineNo">141</span><a id="line.141">                }</a>
 <span class="sourceLineNo">142</span><a id="line.142"></a>
 <span class="sourceLineNo">143</span><a id="line.143">                log.debug( "authenticationResult from request: {}", authenticationResult );</a>
 <span class="sourceLineNo">144</span><a id="line.144">            }</a>
 <span class="sourceLineNo">145</span><a id="line.145">            catch ( AuthenticationException e )</a>
 <span class="sourceLineNo">146</span><a id="line.146">            {</a>
 <span class="sourceLineNo">147</span><a id="line.147">                log.debug( "failed to authenticate for path {}", containerRequestContext.getUriInfo().getRequestUri() );</a>
 <span class="sourceLineNo">148</span><a id="line.148">            }</a>
 <span class="sourceLineNo">149</span><a id="line.149">            catch ( AccountLockedException e )</a>
 <span class="sourceLineNo">150</span><a id="line.150">            {</a>
 <span class="sourceLineNo">151</span><a id="line.151">                log.debug( "account locked for path {}", containerRequestContext.getUriInfo().getRequestUri() );</a>
 <span class="sourceLineNo">152</span><a id="line.152">            }</a>
 <span class="sourceLineNo">153</span><a id="line.153">            catch ( MustChangePasswordException e )</a>
 <span class="sourceLineNo">154</span><a id="line.154">            {</a>
 <span class="sourceLineNo">155</span><a id="line.155">                log.debug( "must change password for path {}", containerRequestContext.getUriInfo().getRequestUri() );</a>
 <span class="sourceLineNo">156</span><a id="line.156">            }</a>
 <span class="sourceLineNo">157</span><a id="line.157">        } else {</a>
 <span class="sourceLineNo">158</span><a id="line.158">            authenticationResult = (AuthenticationResult) containerRequestContext.getProperty( AUTHENTICATION_RESULT );</a>
 <span class="sourceLineNo">159</span><a id="line.159">        }</a>
 <span class="sourceLineNo">160</span><a id="line.160">        log.debug( "authenticationResult from message: {}", authenticationResult );</a>
 <span class="sourceLineNo">161</span><a id="line.161">        return authenticationResult;</a>
 <span class="sourceLineNo">162</span><a id="line.162">    }</a>
 <span class="sourceLineNo">163</span><a id="line.163">}</a>


 </pre>
 </div>
 </main>
 </body>
 </html>
	<!DOCTYPE HTML>
	<html lang="en">
	<head>
	<title>Source code</title>
	<link rel="stylesheet" type="text/css" href="../../../../../../../../stylesheet.css" title="Style">
	</head>
	<body>
	<main role="main">
	<div class="sourceContainer">
	<pre><span class="sourceLineNo">001</span><a id="line.1">package org.apache.archiva.redback.rest.services.interceptors;</a>
	<span class="sourceLineNo">002</span><a id="line.2"></a>
	<span class="sourceLineNo">003</span><a id="line.3">/*</a>
	<span class="sourceLineNo">004</span><a id="line.4"> * Licensed to the Apache Software Foundation (ASF) under one</a>
	<span class="sourceLineNo">005</span><a id="line.5"> * or more contributor license agreements. See the NOTICE file</a>
	<span class="sourceLineNo">006</span><a id="line.6"> * distributed with this work for additional information</a>
	<span class="sourceLineNo">007</span><a id="line.7"> * regarding copyright ownership. The ASF licenses this file</a>
	<span class="sourceLineNo">008</span><a id="line.8"> * to you under the Apache License, Version 2.0 (the</a>
	<span class="sourceLineNo">009</span><a id="line.9"> * "License"); you may not use this file except in compliance</a>
	<span class="sourceLineNo">010</span><a id="line.10"> * with the License. You may obtain a copy of the License at</a>
	<span class="sourceLineNo">011</span><a id="line.11"> *</a>
	<span class="sourceLineNo">012</span><a id="line.12"> * http://www.apache.org/licenses/LICENSE-2.0</a>
	<span class="sourceLineNo">013</span><a id="line.13"> *</a>
	<span class="sourceLineNo">014</span><a id="line.14"> * Unless required by applicable law or agreed to in writing,</a>
	<span class="sourceLineNo">015</span><a id="line.15"> * software distributed under the License is distributed on an</a>
	<span class="sourceLineNo">016</span><a id="line.16"> * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY</a>
	<span class="sourceLineNo">017</span><a id="line.17"> * KIND, either express or implied. See the License for the</a>
	<span class="sourceLineNo">018</span><a id="line.18"> * specific language governing permissions and limitations</a>
	<span class="sourceLineNo">019</span><a id="line.19"> * under the License.</a>
	<span class="sourceLineNo">020</span><a id="line.20"> */</a>
	<span class="sourceLineNo">021</span><a id="line.21"></a>
	<span class="sourceLineNo">022</span><a id="line.22">import org.apache.archiva.redback.authentication.AuthenticationException;</a>
	<span class="sourceLineNo">023</span><a id="line.23">import org.apache.archiva.redback.authentication.AuthenticationResult;</a>
	<span class="sourceLineNo">024</span><a id="line.24">import org.apache.archiva.redback.authorization.RedbackAuthorization;</a>
	<span class="sourceLineNo">025</span><a id="line.25">import org.apache.archiva.redback.integration.filter.authentication.HttpAuthenticator;</a>
	<span class="sourceLineNo">026</span><a id="line.26">import org.apache.archiva.redback.policy.AccountLockedException;</a>
	<span class="sourceLineNo">027</span><a id="line.27">import org.apache.archiva.redback.policy.MustChangePasswordException;</a>
	<span class="sourceLineNo">028</span><a id="line.28">import org.apache.archiva.redback.rest.services.RedbackAuthenticationThreadLocal;</a>
	<span class="sourceLineNo">029</span><a id="line.29">import org.apache.archiva.redback.rest.services.RedbackRequestInformation;</a>
	<span class="sourceLineNo">030</span><a id="line.30">import org.apache.archiva.redback.system.SecuritySession;</a>
	<span class="sourceLineNo">031</span><a id="line.31">import org.slf4j.Logger;</a>
	<span class="sourceLineNo">032</span><a id="line.32">import org.slf4j.LoggerFactory;</a>
	<span class="sourceLineNo">033</span><a id="line.33">import org.springframework.core.annotation.AnnotationUtils;</a>
	<span class="sourceLineNo">034</span><a id="line.34"></a>
	<span class="sourceLineNo">035</span><a id="line.35">import javax.servlet.http.HttpServletRequest;</a>
	<span class="sourceLineNo">036</span><a id="line.36">import javax.servlet.http.HttpServletResponse;</a>
	<span class="sourceLineNo">037</span><a id="line.37">import javax.ws.rs.container.ContainerRequestContext;</a>
	<span class="sourceLineNo">038</span><a id="line.38">import javax.ws.rs.container.ResourceInfo;</a>
	<span class="sourceLineNo">039</span><a id="line.39">import javax.ws.rs.core.Context;</a>
	<span class="sourceLineNo">040</span><a id="line.40">import java.lang.reflect.Method;</a>
	<span class="sourceLineNo">041</span><a id="line.41">import java.util.HashMap;</a>
	<span class="sourceLineNo">042</span><a id="line.42">import java.util.Map;</a>
	<span class="sourceLineNo">043</span><a id="line.43"></a>
	<span class="sourceLineNo">044</span><a id="line.44">/**</a>
	<span class="sourceLineNo">045</span><a id="line.45"> * @author Olivier Lamy</a>
	<span class="sourceLineNo">046</span><a id="line.46"> * @since 1.3</a>
	<span class="sourceLineNo">047</span><a id="line.47"> */</a>
	<span class="sourceLineNo">048</span><a id="line.48">public abstract class AbstractInterceptor</a>
	<span class="sourceLineNo">049</span><a id="line.49">{</a>
	<span class="sourceLineNo">050</span><a id="line.50"></a>
	<span class="sourceLineNo">051</span><a id="line.51"> private static final Logger log = LoggerFactory.getLogger( AbstractInterceptor.class );</a>
	<span class="sourceLineNo">052</span><a id="line.52"></a>
	<span class="sourceLineNo">053</span><a id="line.53"> private static final String API_DOCS = "api-docs";</a>
	<span class="sourceLineNo">054</span><a id="line.54"> private static final String OPENAPI_JSON = "openapi.json";</a>
	<span class="sourceLineNo">055</span><a id="line.55"> private static final String API_DOCS1 = "api-docs/";</a>
	<span class="sourceLineNo">056</span><a id="line.56"></a>
	<span class="sourceLineNo">057</span><a id="line.57"> private Map<Method, RedbackAuthorization> authorizationCache = new HashMap<>( );</a>
	<span class="sourceLineNo">058</span><a id="line.58"></a>
	<span class="sourceLineNo">059</span><a id="line.59"> public static final String AUTHENTICATION_RESULT = "org.apache.archiva.authResult";</a>
	<span class="sourceLineNo">060</span><a id="line.60"> public static final String SECURITY_SESSION = "org.apache.archiva.securitySession";</a>
	<span class="sourceLineNo">061</span><a id="line.61"></a>
	<span class="sourceLineNo">062</span><a id="line.62"> @Context</a>
	<span class="sourceLineNo">063</span><a id="line.63"> private HttpServletRequest httpServletRequest;</a>
	<span class="sourceLineNo">064</span><a id="line.64"></a>
	<span class="sourceLineNo">065</span><a id="line.65"> @Context</a>
	<span class="sourceLineNo">066</span><a id="line.66"> private HttpServletResponse httpServletResponse;</a>
	<span class="sourceLineNo">067</span><a id="line.67"></a>
	<span class="sourceLineNo">068</span><a id="line.68"> public HttpServletRequest getHttpServletRequest( )</a>
	<span class="sourceLineNo">069</span><a id="line.69"> {</a>
	<span class="sourceLineNo">070</span><a id="line.70"> return httpServletRequest;</a>
	<span class="sourceLineNo">071</span><a id="line.71"> }</a>
	<span class="sourceLineNo">072</span><a id="line.72"></a>
	<span class="sourceLineNo">073</span><a id="line.73"> public HttpServletResponse getHttpServletResponse( )</a>
	<span class="sourceLineNo">074</span><a id="line.74"> {</a>
	<span class="sourceLineNo">075</span><a id="line.75"> return httpServletResponse;</a>
	<span class="sourceLineNo">076</span><a id="line.76"> }</a>
	<span class="sourceLineNo">077</span><a id="line.77"></a>
	<span class="sourceLineNo">078</span><a id="line.78"> protected void setHttpServletRequest(HttpServletRequest request) {</a>
	<span class="sourceLineNo">079</span><a id="line.79"> this.httpServletRequest = request;</a>
	<span class="sourceLineNo">080</span><a id="line.80"> }</a>
	<span class="sourceLineNo">081</span><a id="line.81"></a>
	<span class="sourceLineNo">082</span><a id="line.82"> protected void setHttpServletResponse(HttpServletResponse response) {</a>
	<span class="sourceLineNo">083</span><a id="line.83"> this.httpServletResponse = response;</a>
	<span class="sourceLineNo">084</span><a id="line.84"> }</a>
	<span class="sourceLineNo">085</span><a id="line.85"></a>
	<span class="sourceLineNo">086</span><a id="line.86"></a>
	<span class="sourceLineNo">087</span><a id="line.87"> public static final boolean ignoreAuth(final String requestPath) {</a>
	<span class="sourceLineNo">088</span><a id="line.88"> final int len = requestPath.length( );</a>
	<span class="sourceLineNo">089</span><a id="line.89"> return len >= 8 && ( ( len == 12 && OPENAPI_JSON.equals( requestPath ) ) \|\|</a>
	<span class="sourceLineNo">090</span><a id="line.90"> ( requestPath.startsWith( API_DOCS ) && ( len == 8 \|\| requestPath.startsWith( API_DOCS1 ) ) ) );</a>
	<span class="sourceLineNo">091</span><a id="line.91"> }</a>
	<span class="sourceLineNo">092</span><a id="line.92"></a>
	<span class="sourceLineNo">093</span><a id="line.93"> public RedbackAuthorization getRedbackAuthorization( ResourceInfo resourceInfo ) {</a>
	<span class="sourceLineNo">094</span><a id="line.94"> Method method = resourceInfo.getResourceMethod( );</a>
	<span class="sourceLineNo">095</span><a id="line.95"> RedbackAuthorization redbackAuthorization = getAuthorizationForMethod( method );</a>
	<span class="sourceLineNo">096</span><a id="line.96"> log.debug( "resourceClass {}, method {}, redbackAuthorization {}", //</a>
	<span class="sourceLineNo">097</span><a id="line.97"> resourceInfo.getResourceClass( ), //</a>
	<span class="sourceLineNo">098</span><a id="line.98"> method, //</a>
	<span class="sourceLineNo">099</span><a id="line.99"> redbackAuthorization );</a>
	<span class="sourceLineNo">100</span><a id="line.100"> return redbackAuthorization;</a>
	<span class="sourceLineNo">101</span><a id="line.101"> }</a>
	<span class="sourceLineNo">102</span><a id="line.102"></a>
	<span class="sourceLineNo">103</span><a id="line.103"> private RedbackAuthorization getAuthorizationForMethod(Method method) {</a>
	<span class="sourceLineNo">104</span><a id="line.104"> if (authorizationCache.containsKey( method )) {</a>
	<span class="sourceLineNo">105</span><a id="line.105"> return authorizationCache.get( method );</a>
	<span class="sourceLineNo">106</span><a id="line.106"> } else {</a>
	<span class="sourceLineNo">107</span><a id="line.107"> RedbackAuthorization authorization = AnnotationUtils.findAnnotation( method, RedbackAuthorization.class );</a>
	<span class="sourceLineNo">108</span><a id="line.108"> authorizationCache.put( method, authorization );</a>
	<span class="sourceLineNo">109</span><a id="line.109"> return authorization;</a>
	<span class="sourceLineNo">110</span><a id="line.110"> }</a>
	<span class="sourceLineNo">111</span><a id="line.111"> }</a>
	<span class="sourceLineNo">112</span><a id="line.112"></a>
	<span class="sourceLineNo">113</span><a id="line.113"> protected SecuritySession getSecuritySession(ContainerRequestContext containerRequestContext, HttpAuthenticator httpAuthenticator,</a>
	<span class="sourceLineNo">114</span><a id="line.114"> HttpServletRequest request) {</a>
	<span class="sourceLineNo">115</span><a id="line.115"> if ( containerRequestContext.getProperty( SECURITY_SESSION ) != null ) {</a>
	<span class="sourceLineNo">116</span><a id="line.116"> return (SecuritySession) containerRequestContext.getProperty( SECURITY_SESSION );</a>
	<span class="sourceLineNo">117</span><a id="line.117"> }</a>
	<span class="sourceLineNo">118</span><a id="line.118"> RedbackRequestInformation info = RedbackAuthenticationThreadLocal.get( );</a>
	<span class="sourceLineNo">119</span><a id="line.119"> SecuritySession securitySession = info == null ? null : info.getSecuritySession( );</a>
	<span class="sourceLineNo">120</span><a id="line.120"> if (securitySession!=null) {</a>
	<span class="sourceLineNo">121</span><a id="line.121"> return securitySession;</a>
	<span class="sourceLineNo">122</span><a id="line.122"> } else</a>
	<span class="sourceLineNo">123</span><a id="line.123"> {</a>
	<span class="sourceLineNo">124</span><a id="line.124"> return httpAuthenticator.getSecuritySession( request.getSession( true ) );</a>
	<span class="sourceLineNo">125</span><a id="line.125"> }</a>
	<span class="sourceLineNo">126</span><a id="line.126"> }</a>
	<span class="sourceLineNo">127</span><a id="line.127"></a>
	<span class="sourceLineNo">128</span><a id="line.128"> protected AuthenticationResult getAuthenticationResult( ContainerRequestContext containerRequestContext, HttpAuthenticator httpAuthenticator, HttpServletRequest request )</a>
	<span class="sourceLineNo">129</span><a id="line.129"> {</a>
	<span class="sourceLineNo">130</span><a id="line.130"> AuthenticationResult authenticationResult = null;</a>
	<span class="sourceLineNo">131</span><a id="line.131"></a>
	<span class="sourceLineNo">132</span><a id="line.132"> if ( containerRequestContext.getProperty( AUTHENTICATION_RESULT ) == null )</a>
	<span class="sourceLineNo">133</span><a id="line.133"> {</a>
	<span class="sourceLineNo">134</span><a id="line.134"> try</a>
	<span class="sourceLineNo">135</span><a id="line.135"> {</a>
	<span class="sourceLineNo">136</span><a id="line.136"> authenticationResult =</a>
	<span class="sourceLineNo">137</span><a id="line.137"> httpAuthenticator.getAuthenticationResult( request, getHttpServletResponse( ) );</a>
	<span class="sourceLineNo">138</span><a id="line.138"></a>
	<span class="sourceLineNo">139</span><a id="line.139"> if (authenticationResult!=null) {</a>
	<span class="sourceLineNo">140</span><a id="line.140"> containerRequestContext.setProperty( AUTHENTICATION_RESULT, authenticationResult );</a>
	<span class="sourceLineNo">141</span><a id="line.141"> }</a>
	<span class="sourceLineNo">142</span><a id="line.142"></a>
	<span class="sourceLineNo">143</span><a id="line.143"> log.debug( "authenticationResult from request: {}", authenticationResult );</a>
	<span class="sourceLineNo">144</span><a id="line.144"> }</a>
	<span class="sourceLineNo">145</span><a id="line.145"> catch ( AuthenticationException e )</a>
	<span class="sourceLineNo">146</span><a id="line.146"> {</a>
	<span class="sourceLineNo">147</span><a id="line.147"> log.debug( "failed to authenticate for path {}", containerRequestContext.getUriInfo().getRequestUri() );</a>
	<span class="sourceLineNo">148</span><a id="line.148"> }</a>
	<span class="sourceLineNo">149</span><a id="line.149"> catch ( AccountLockedException e )</a>
	<span class="sourceLineNo">150</span><a id="line.150"> {</a>
	<span class="sourceLineNo">151</span><a id="line.151"> log.debug( "account locked for path {}", containerRequestContext.getUriInfo().getRequestUri() );</a>
	<span class="sourceLineNo">152</span><a id="line.152"> }</a>
	<span class="sourceLineNo">153</span><a id="line.153"> catch ( MustChangePasswordException e )</a>
	<span class="sourceLineNo">154</span><a id="line.154"> {</a>
	<span class="sourceLineNo">155</span><a id="line.155"> log.debug( "must change password for path {}", containerRequestContext.getUriInfo().getRequestUri() );</a>
	<span class="sourceLineNo">156</span><a id="line.156"> }</a>
	<span class="sourceLineNo">157</span><a id="line.157"> } else {</a>
	<span class="sourceLineNo">158</span><a id="line.158"> authenticationResult = (AuthenticationResult) containerRequestContext.getProperty( AUTHENTICATION_RESULT );</a>
	<span class="sourceLineNo">159</span><a id="line.159"> }</a>
	<span class="sourceLineNo">160</span><a id="line.160"> log.debug( "authenticationResult from message: {}", authenticationResult );</a>
	<span class="sourceLineNo">161</span><a id="line.161"> return authenticationResult;</a>
	<span class="sourceLineNo">162</span><a id="line.162"> }</a>
	<span class="sourceLineNo">163</span><a id="line.163">}</a>




























































	</pre>
	</div>
	</main>
	</body>
	</html>