ResourceConfig resourceConfig = new ResourceConfig(); String httpMethod = resource.getAttributeValue( new QName(Constants.RESOURCE_HTTP_METHOD_ATTR)); resourceConfig.setContext(context); resourceConfig.setHttpMethod(httpMethod); if ( StringUtils.isNotEmpty(isSecured) && (Boolean.TRUE.toString().equals(isSecured) || Boolean.FALSE.toString().equals(isSecured)) ) { resourceConfig.setIsSecured(Boolean.parseBoolean(isSecured)); resourceConfig.setIsCrossTenantAllowed(Boolean.parseBoolean(isCrossTenantAllowed)); resourceConfig.setAllowedAuthHandlers(allowedAuthHandlers); resourceConfig.setPermissions(permissionBuilder.toString()); resourceConfigMap.put(new ResourceConfigKey(context, httpMethod), resourceConfig);
/** * Filter all available authentication handlers based on the configured 'allowed-auth-handlers' property that * defines the handlers that need to be engaged for the particular resource. * * Eg. * <Resource context="(.*)/usermanagement/v1/user/(.*)" http-method="all" secured="true" * allowed-auth-handlers="BasicAuthentication,ClientAuthentication"></Resource> * * In this case only "BasicAuthentication" and "ClientAuthentication" will be engaged for the resource. If * 'allowed-auth-handlers' property is not configured we set the default value 'all' which implies all available * are engaged to the resource. * * @param authenticationContext * @param handlers * @return List of filtered {@link AuthenticationHandler} based on */ private List<AuthenticationHandler> filterAuthenticationHandlers(AuthenticationContext authenticationContext, List<AuthenticationHandler> handlers) { ResourceConfig resourceConfig = getResourceConfig(authenticationContext); final String allowedAuthHandlers = resourceConfig.getAllowedAuthHandlers(); final List<String> allowedAuthenticationHandlersForResource = AuthConfigurationUtil.getInstance().buildAllowedAuthenticationHandlers(allowedAuthHandlers); return handlers.stream() .filter(handler -> isHandlerAllowedForResource(allowedAuthenticationHandlersForResource, handler)) .collect(Collectors.toList()); }
ResourceConfig resourceConfig = new ResourceConfig(); String httpMethod = resource.getAttributeValue( new QName(Constants.RESOURCE_HTTP_METHOD_ATTR)); resourceConfig.setContext(context); resourceConfig.setHttpMethod(httpMethod); if ( StringUtils.isNotEmpty(isSecured) && (Boolean.TRUE.toString().equals(isSecured) || Boolean.FALSE.toString().equals(isSecured)) ) { resourceConfig.setIsSecured(Boolean.parseBoolean(isSecured)); resourceConfig.setPermissions(permissionBuilder.toString()); resourceConfigMap.put(new ResourceConfigKey(context, httpMethod), resourceConfig);
if ( resourceConfig != null && StringUtils.isNotEmpty(resourceConfig.getPermissions()) ) { authorizationContext.setPermissionString(resourceConfig.getPermissions());
ResourceConfig securedResource = authenticationManager.getSecuredResource(new ResourceConfigKey(request .getRequestURI(), request.getMethod())); if (securedResource == null || !securedResource.isSecured()) { getNext().invoke(request, response); return;