23 messages in net.java.dev.jersey.usersRe: [Jersey] Getting ready for 1.0.2 ...| From | Sent On | Attachments |
|---|---|---|
| Paul Sandoz | Feb 2, 2009 1:45 am | |
| Craig McClanahan | Feb 2, 2009 11:44 am | |
| Martin Grotzke | Feb 2, 2009 6:02 pm | |
| Paul Sandoz | Feb 3, 2009 1:24 am | |
| Paul Sandoz | Feb 3, 2009 1:33 am | |
| Martin Grotzke | Feb 3, 2009 6:59 pm | |
| Paul Sandoz | Feb 4, 2009 2:33 am | |
| Paul Sandoz | Feb 4, 2009 3:10 am | |
| Martin Grotzke | Feb 4, 2009 4:17 am | |
| Paul Sandoz | Feb 4, 2009 4:56 am | |
| Paul Sandoz | Feb 4, 2009 9:16 am | |
| Craig McClanahan | Feb 4, 2009 10:35 am | |
| Craig McClanahan | Feb 4, 2009 10:43 am | |
| tarjei | Feb 5, 2009 1:09 am | |
| Paul Sandoz | Feb 5, 2009 2:12 am | |
| Paul Sandoz | Feb 5, 2009 2:20 am | |
| tarjei | Feb 5, 2009 2:43 am | |
| Paul Sandoz | Feb 5, 2009 4:24 am | |
| Craig McClanahan | Feb 5, 2009 9:10 am | |
| Craig McClanahan | Feb 5, 2009 1:27 pm | |
| Paul Sandoz | Feb 6, 2009 1:50 am | |
| Craig McClanahan | Feb 6, 2009 11:53 am | |
| Paul Sandoz | Feb 10, 2009 1:41 am |
| Subject: | Re: [Jersey] Getting ready for 1.0.2 (WAS: Re: [Jersey] Extract ResourceDoclet from maven-wadl-plugin as new artifact) | |
|---|---|---|
| From: | Paul Sandoz (Paul...@Sun.COM) | |
| Date: | Feb 5, 2009 4:24:34 am | |
| List: | net.java.dev.jersey.users | |
On Feb 5, 2009, at 11:21 AM, Paul Sandoz wrote:
Craig, what do you think?
That sounds really good ... I'll take it on (along with using resource specific filters).
I just realized that the way things are currently supported you will need supply two injectable provider implements for the per request and singleton scope (where the latter injects a proxy) and there are currently some ordering issues in that the latter cannot currently be overridden by the user.
Since this is something that seems highly desirable i am going to tweak the ContainerRequest so that a SecurityContext implementation can be set. That way the filter can do:
request.setSecurityContext(...)
Fixed in the trunk. See below for a unit test exercising a very similar use-case.
Paul.
import com.sun.jersey.api.client.Client; import com.sun.jersey.api.client.ClientResponse; import com.sun.jersey.api.client.WebResource; import com.sun.jersey.api.container.filter.RolesAllowedResourceFilterFactory; import com.sun.jersey.api.core.ResourceConfig; import com.sun.jersey.spi.container.ContainerRequest; import com.sun.jersey.spi.container.ContainerRequestFilter; import java.security.Principal; import java.util.HashMap; import java.util.Map; import javax.annotation.security.RolesAllowed; import javax.ws.rs.GET; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.core.Context; import javax.ws.rs.core.SecurityContext; import javax.ws.rs.core.UriInfo;
/** * * @author Paul...@Sun.Com */ public class RolesAllowedTest extends AbstractGrizzlyWebContainerTester {
public static class SecurityFilter implements ContainerRequestFilter {
@Context UriInfo ui;
public ContainerRequest filter(ContainerRequest request) { String user = request.getHeaderValue("X-USER"); request.setSecurityContext(new Authenticator(user)); return request; }
//
public class Authenticator implements SecurityContext { private Principal p;
Authenticator(final String name) { p = new Principal() { public String getName() { return name; } }; }
public Principal getUserPrincipal() { return p; }
public boolean isUserInRole(String role) { if (role.equals("user")) { if ("admin".equals(p.getName())) return true;
String user = ui.getPathParameters().getFirst(role); return user.equals(p.getName()); } else if (role.equals("admin")) { return role.equals(p.getName()); } else { return false; } }
public boolean isSecure() { return false; }
public String getAuthenticationScheme() { return ""; } } }
@Path("/{user}") public static class Resource { @RolesAllowed("user") @GET public String get() { return "GET"; }
@RolesAllowed("admin") @POST public String post(String content) { return content; } }
public RolesAllowedTest(String testName) { super(testName); }
WebResource r;
@Override public void setUp() { Map<String, String> initParams = new HashMap<String, String>();
initParams.put(ResourceConfig.PROPERTY_CONTAINER_REQUEST_FILTERS, SecurityFilter.class.getName());
initParams.put(ResourceConfig.PROPERTY_RESOURCE_FILTER_FACTORIES, RolesAllowedResourceFilterFactory.class.getName()); startServer(initParams, Resource.class);
Client c = Client.create(); r = c.resource(getUri().build()); }
public void testGetAsUser() { assertEquals("GET", r.path("foo").header("X-USER", "foo").get(String.class)); }
public void testGetAsAdmin() { assertEquals("GET", r.path("foo").header("X-USER", "admin").get(String.class)); }
public void testPostAsUser() { ClientResponse cr = r.path("foo").header("X-USER", "foo").post(ClientResponse.class, "POST"); assertEquals(403, cr.getStatus()); }
public void testPostAsAdmin() { assertEquals("POST", r.path("foo").header("X-USER", "admin").post(String.class, "POST")); } }