@Override public Object invoke(MethodInvocation invocation) throws Throwable { RequireToken requireToken = ClassUtil.getAnnotation(invocation.getMethod(), RequireToken.class); String tokenName = requireToken.value(); Context context = RouteDispatcher.getRouteContext(); // extract the named token from a header or a query parameter String token = Strings.emptyToNull(context.getRequest().getHeader(tokenName)); token = Optional.fromNullable(token).or(context.getParameter(tokenName).toString("")); if (Strings.isNullOrEmpty(token)) { throw new AuthorizationException("Missing '{}' token", tokenName); } Account account = getAccount(); if (account.isGuest()) { // authenticate by token TokenCredentials credentials = new TokenCredentials(token); account = securityManager.get().authenticate(credentials); if (account == null) { throw new AuthorizationException("Invalid '{}' value '{}'", tokenName, token); } context.setLocal(AuthConstants.ACCOUNT_ATTRIBUTE, account); log.debug("'{}' account authenticated by token '{}'", account.getUsername(), token); } else { // validate token account.checkToken(token); } return invocation.proceed(); }
@Override public Object invoke(MethodInvocation invocation) throws Throwable { RequireToken requireToken = ClassUtil.getAnnotation(invocation.getMethod(), RequireToken.class); String tokenName = requireToken.value(); Context context = RouteDispatcher.getRouteContext(); // extract the named token from a header or a query parameter String token = Strings.emptyToNull(context.getRequest().getHeader(tokenName)); token = Optional.fromNullable(token).or(context.getParameter(tokenName).toString("")); if (Strings.isNullOrEmpty(token)) { throw new AuthorizationException("Missing '{}' token", tokenName); } Account account = getAccount(); if (account.isGuest()) { // authenticate by token TokenCredentials credentials = new TokenCredentials(token); account = securityManager.get().authenticate(credentials); if (account == null) { throw new AuthorizationException("Invalid '{}' value '{}'", tokenName, token); } context.setLocal(AuthConstants.ACCOUNT_ATTRIBUTE, account); log.debug("'{}' account authenticated by token '{}'", account.getUsername(), token); } else { // validate token account.checkToken(token); } return invocation.proceed(); }
protected Account checkRequireToken(Method method) { Account account = getAccount(); RequireToken requireToken = ClassUtil.getAnnotation(method, RequireToken.class); if (requireToken != null) { String tokenName = requireToken.value(); Context context = RouteDispatcher.getRouteContext(); // extract the named token from a header or a query parameter String token = Strings.emptyToNull(context.getRequest().getHeader(tokenName)); token = Optional.fromNullable(token).or(context.getParameter(tokenName).toString("")); if (Strings.isNullOrEmpty(token)) { throw new AuthorizationException("Missing '{}' token", tokenName); } if (account.isGuest()) { // authenticate by token TokenCredentials credentials = new TokenCredentials(token); account = securityManager.get().authenticate(credentials); if (account == null) { throw new AuthorizationException("Invalid '{}' value '{}'", tokenName, token); } context.setLocal(AuthConstants.ACCOUNT_ATTRIBUTE, account); log.debug("'{}' account authenticated by token '{}'", account.getUsername(), token); } else { // validate token account.checkToken(token); } } return account; }
protected Account checkRequireToken(Method method) { Account account = getAccount(); RequireToken requireToken = ClassUtil.getAnnotation(method, RequireToken.class); if (requireToken != null) { String tokenName = requireToken.value(); Context context = RouteDispatcher.getRouteContext(); // extract the named token from a header or a query parameter String token = Strings.emptyToNull(context.getRequest().getHeader(tokenName)); token = Optional.fromNullable(token).or(context.getParameter(tokenName).toString("")); if (Strings.isNullOrEmpty(token)) { throw new AuthorizationException("Missing '{}' token", tokenName); } if (account.isGuest()) { // authenticate by token TokenCredentials credentials = new TokenCredentials(token); account = securityManager.get().authenticate(credentials); if (account == null) { throw new AuthorizationException("Invalid '{}' value '{}'", tokenName, token); } context.setLocal(AuthConstants.ACCOUNT_ATTRIBUTE, account); log.debug("'{}' account authenticated by token '{}'", account.getUsername(), token); } else { // validate token account.checkToken(token); } } return account; }
/** * Register authentication security. * * @param swagger * @param operation * @param method */ protected void registerSecurity(Swagger swagger, Operation operation, Method method) { RequireToken requireToken = ClassUtil.getAnnotation(method, RequireToken.class); if (requireToken != null) { String apiKeyName = requireToken.value(); if (swagger.getSecurityDefinitions() == null || !swagger.getSecurityDefinitions().containsKey(apiKeyName)) { ApiKeyAuthDefinition security = new ApiKeyAuthDefinition(); security.setName(apiKeyName); security.setIn(In.HEADER); security.setType("apiKey"); swagger.addSecurityDefinition(apiKeyName, security); } operation.addSecurity(apiKeyName, Collections.emptyList()); } BasicAuth basicAuth = ClassUtil.getAnnotation(method, BasicAuth.class); if (basicAuth != null) { if (swagger.getSecurityDefinitions() == null || !swagger.getSecurityDefinitions().containsKey("basic")) { BasicAuthDefinition security = new BasicAuthDefinition(); swagger.addSecurityDefinition("basic", security); } operation.addSecurity("basic", Collections.emptyList()); } }
/** * Register authentication security. * * @param swagger * @param operation * @param method */ protected void registerSecurity(Swagger swagger, Operation operation, Method method) { RequireToken requireToken = ClassUtil.getAnnotation(method, RequireToken.class); if (requireToken != null) { String apiKeyName = requireToken.value(); if (swagger.getSecurityDefinitions() == null || !swagger.getSecurityDefinitions().containsKey(apiKeyName)) { ApiKeyAuthDefinition security = new ApiKeyAuthDefinition(); security.setName(apiKeyName); security.setIn(In.HEADER); security.setType("apiKey"); swagger.addSecurityDefinition(apiKeyName, security); } operation.addSecurity(apiKeyName, Collections.emptyList()); } BasicAuth basicAuth = ClassUtil.getAnnotation(method, BasicAuth.class); if (basicAuth != null) { if (swagger.getSecurityDefinitions() == null || !swagger.getSecurityDefinitions().containsKey("basic")) { BasicAuthDefinition security = new BasicAuthDefinition(); swagger.addSecurityDefinition("basic", security); } operation.addSecurity("basic", Collections.emptyList()); } }