stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/SecurityFilter.java - usergrid - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.usergrid.rest.security.shiro.filters;


 import org.apache.commons.lang.StringUtils;
 import org.apache.usergrid.management.ManagementService;
 import org.apache.usergrid.persistence.EntityManagerFactory;
 import org.apache.usergrid.security.tokens.TokenService;
 import org.apache.usergrid.services.ServiceManagerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;

 import javax.ws.rs.container.ContainerRequestContext;
 import javax.ws.rs.container.ContainerRequestFilter;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.UriInfo;
 import javax.xml.ws.spi.http.HttpContext;
 import java.util.LinkedHashMap;
 import java.util.Map;
 import java.util.Properties;

 import static org.apache.usergrid.utils.StringUtils.stringOrSubstringAfterFirst;
 import static org.apache.usergrid.utils.StringUtils.stringOrSubstringBeforeFirst;

 public abstract class SecurityFilter implements ContainerRequestFilter {

     public static final String AUTH_OAUTH_2_ACCESS_TOKEN_TYPE = "BEARER";
     public static final String AUTH_BASIC_TYPE = "BASIC";
     public static final String AUTH_OAUTH_1_TYPE = "OAUTH";

     EntityManagerFactory emf;
     ServiceManagerFactory smf;
     Properties properties;
     ManagementService management;
     TokenService tokens;

     @Context
     UriInfo uriInfo;

     @Context
     HttpContext hc;


     public EntityManagerFactory getEntityManagerFactory() {
         return emf;
     }


     @Autowired
     public void setEntityManagerFactory( EntityManagerFactory emf ) {
         this.emf = emf;
     }


     public ServiceManagerFactory getServiceManagerFactory() {
         return smf;
     }


     @Autowired
     public void setServiceManagerFactory( ServiceManagerFactory smf ) {
         this.smf = smf;
     }


     public Properties getProperties() {
         return properties;
     }


     @Autowired
     @Qualifier("properties")
     public void setProperties( Properties properties ) {
         this.properties = properties;
     }


     public TokenService getTokenService() {
         return tokens;
     }


     @Autowired
     public void setTokenService( TokenService tokens ) {
         this.tokens = tokens;
     }


     public ManagementService getManagementService() {
         return management;
     }


     @Autowired
     public void setManagementService( ManagementService management ) {
         this.management = management;
     }


     public static Map<String, String> getAuthTypes( ContainerRequestContext request ) {
         String auth_header = request.getHeaderString( HttpHeaders.AUTHORIZATION );
         if ( auth_header == null ) {
             return null;
         }

         String[] auth_list = StringUtils.split( auth_header, ',' );
         if ( auth_list == null ) {
             return null;
         }
         Map<String, String> auth_types = new LinkedHashMap<String, String>();
         for ( String auth : auth_list ) {
             auth = auth.trim();
             String type = stringOrSubstringBeforeFirst( auth, ' ' ).toUpperCase();
             String token = stringOrSubstringAfterFirst( auth, ' ' );
             auth_types.put( type, token );
         }
         return auth_types;
     }

     public static boolean bypassSecurityCheck( ContainerRequestContext request ){

         // if this is a CORS Pre-Flight request, we can skip the security check
         // OPTIONS requests do not have access into Usergrid data, Jersey default handles these requests
         if( request.getMethod().equalsIgnoreCase("options") ){
             return true;
         }

         return false;

     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.usergrid.rest.security.shiro.filters;


	import org.apache.commons.lang.StringUtils;
	import org.apache.usergrid.management.ManagementService;
	import org.apache.usergrid.persistence.EntityManagerFactory;
	import org.apache.usergrid.security.tokens.TokenService;
	import org.apache.usergrid.services.ServiceManagerFactory;
	import org.springframework.beans.factory.annotation.Autowired;
	import org.springframework.beans.factory.annotation.Qualifier;

	import javax.ws.rs.container.ContainerRequestContext;
	import javax.ws.rs.container.ContainerRequestFilter;
	import javax.ws.rs.core.Context;
	import javax.ws.rs.core.HttpHeaders;
	import javax.ws.rs.core.UriInfo;
	import javax.xml.ws.spi.http.HttpContext;
	import java.util.LinkedHashMap;
	import java.util.Map;
	import java.util.Properties;

	import static org.apache.usergrid.utils.StringUtils.stringOrSubstringAfterFirst;
	import static org.apache.usergrid.utils.StringUtils.stringOrSubstringBeforeFirst;

	public abstract class SecurityFilter implements ContainerRequestFilter {

	public static final String AUTH_OAUTH_2_ACCESS_TOKEN_TYPE = "BEARER";
	public static final String AUTH_BASIC_TYPE = "BASIC";
	public static final String AUTH_OAUTH_1_TYPE = "OAUTH";

	EntityManagerFactory emf;
	ServiceManagerFactory smf;
	Properties properties;
	ManagementService management;
	TokenService tokens;

	@Context
	UriInfo uriInfo;

	@Context
	HttpContext hc;


	public EntityManagerFactory getEntityManagerFactory() {
	return emf;
	}


	@Autowired
	public void setEntityManagerFactory( EntityManagerFactory emf ) {
	this.emf = emf;
	}


	public ServiceManagerFactory getServiceManagerFactory() {
	return smf;
	}


	@Autowired
	public void setServiceManagerFactory( ServiceManagerFactory smf ) {
	this.smf = smf;
	}


	public Properties getProperties() {
	return properties;
	}


	@Autowired
	@Qualifier("properties")
	public void setProperties( Properties properties ) {
	this.properties = properties;
	}


	public TokenService getTokenService() {
	return tokens;
	}


	@Autowired
	public void setTokenService( TokenService tokens ) {
	this.tokens = tokens;
	}


	public ManagementService getManagementService() {
	return management;
	}


	@Autowired
	public void setManagementService( ManagementService management ) {
	this.management = management;
	}


	public static Map<String, String> getAuthTypes( ContainerRequestContext request ) {
	String auth_header = request.getHeaderString( HttpHeaders.AUTHORIZATION );
	if ( auth_header == null ) {
	return null;
	}

	String[] auth_list = StringUtils.split( auth_header, ',' );
	if ( auth_list == null ) {
	return null;
	}
	Map<String, String> auth_types = new LinkedHashMap<String, String>();
	for ( String auth : auth_list ) {
	auth = auth.trim();
	String type = stringOrSubstringBeforeFirst( auth, ' ' ).toUpperCase();
	String token = stringOrSubstringAfterFirst( auth, ' ' );
	auth_types.put( type, token );
	}
	return auth_types;
	}

	public static boolean bypassSecurityCheck( ContainerRequestContext request ){

	// if this is a CORS Pre-Flight request, we can skip the security check
	// OPTIONS requests do not have access into Usergrid data, Jersey default handles these requests
	if( request.getMethod().equalsIgnoreCase("options") ){
	return true;
	}

	return false;

	}
	}