@Provider public class SecurityInterceptor implements javax.ws.rs.container.ContainerRequestFilter { @Override public void filter(ContainerRequestContext requestContext){ if (not_authenticated){ requestContext.abortWith(response)}; } }
@Override public void filter(ContainerRequestContext ctx) throws IOException { // validate if (!headerValue.equals(ctx.getHeaderString(headerName))) { ctx.abortWith(Response.status(Response.Status.FORBIDDEN) .type(MediaType.TEXT_PLAIN) .entity(String.format("Expected header '%s' not present or value not equal to '%s'", headerName, headerValue)) .build()); } }
requestContext.abortWith( Response.status(Response.Status.UNAUTHORIZED).build());
@Override public void filter(ContainerRequestContext requestContext) throws IOException { // answer OPTIONS requests early so we don't have jersey produce WADL responses for them (we only use them for CORS preflight) if ("options".equalsIgnoreCase(requestContext.getRequest().getMethod())) { final Response.ResponseBuilder options = Response.noContent(); String origin = requestContext.getHeaders().getFirst("Origin"); if (origin != null && !origin.isEmpty()) { options.header("Access-Control-Allow-Origin", origin); options.header("Access-Control-Allow-Credentials", true); options.header("Access-Control-Allow-Headers", "Authorization, Content-Type, X-Graylog-No-Session-Extension, X-Requested-With, X-Requested-By"); options.header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS"); // In order to avoid redoing the preflight thingy for every request, see http://stackoverflow.com/a/12021982/1088469 options.header("Access-Control-Max-Age", "600"); // 10 minutes seems to be the maximum allowable value requestContext.abortWith(options.build()); } } } }
@Override public void filter(ContainerRequestContext requestContext) throws IOException { final SecurityContext sc = requestContext.getSecurityContext(); if (!isUserLoggedIn(sc)) { try { final String destResource = URLEncoder.encode( requestContext.getUriInfo().getRequestUri().toString(), "UTF-8"); final URI loginURI = requestContext.getUriInfo().getBaseUriBuilder() .path(LogInLogOutPages.LOGIN_RESOURCE) .queryParam(LogInLogOutPages.REDIRECT_QUERY_PARM, destResource) .build(); requestContext .abortWith(Response.temporaryRedirect(loginURI).build()); } catch (final Exception ex) { final String errMsg = String.format( "Failed to forward the request to login page: %s", ex.getMessage()); LOG.error(errMsg, ex); requestContext .abortWith(Response.serverError().entity(errMsg).build()); } } } }
/** * CORS request filter. * Hijack "preflight" OPTIONS requests before the Jersey resources get them. * The response will then pass through the CORS response filter on its way back out. */ @Override public void filter(ContainerRequestContext requestContext) throws IOException { if (HttpMethod.OPTIONS.equals(requestContext.getMethod())) { Response.ResponseBuilder preflightResponse = Response.status(Response.Status.OK); if (requestContext.getHeaderString("Access-Control-Request-Headers") != null) { preflightResponse.header("Access-Control-Allow-Headers", requestContext.getHeaderString("Access-Control-Request-Headers")); } if (requestContext.getHeaderString("Access-Control-Request-Method") != null) { preflightResponse.header("Access-Control-Allow-Method", "GET,POST"); } requestContext.abortWith(preflightResponse.build()); } }
requestContext.abortWith( Response.status(Response.Status.FORBIDDEN).build());
} catch (AuthorizationException ae) { LOG.error("Nimbus isn't allowing {} to access the topology conf of {}. {}", ReqContext.context(), topoId, ae.get_msg()); containerRequestContext.abortWith(makeResponse(ae, containerRequestContext, 403)); return; } catch (TException e) { LOG.error("Unable to fetch topo conf for {} due to ", topoId, e); containerRequestContext.abortWith( makeResponse(new IOException("Unable to fetch topo conf for topo id " + topoId, e), containerRequestContext, 500) containerRequestContext.abortWith( makeResponse(new AuthorizationException( "user '" + realUser + "' is not authorized to impersonate user '" user = principal.getName(); containerRequestContext.abortWith( makeResponse(new AuthorizationException("UI request '" + op + "' for '" + user + "' user is not authorized"),
requestContext.abortWith(builder.build());
@Override public void filter(ContainerRequestContext requestContext) throws IOException { // Contextual instances should be injected independently if (uriInfo == null || uriInfo.getBaseUri() == null) { requestContext.abortWith(Response.serverError().entity("uriInfo is not set").build()); } } }
public static void handle(ContainerRequestContext requestContext) { requestContext.abortWith(Response.status(Response.Status.FORBIDDEN) .entity(new GenericErrorMessage(GenericErrorMessage.NO_USER_MSG)) .build()); } }
@Override public void filter(ContainerRequestContext requestContext) throws IOException { // Contextual instances should be injected independently if (resourceInfo == null || resourceInfo.getResourceMethod() == null) { requestContext.abortWith(Response.serverError().build()); } if (!authenticator.authenticated()) { requestContext.abortWith(Response.status(Status.UNAUTHORIZED).build()); } } }
/** * Recognizes a CORS preflight request, and return OK without any further downstream processing in * such a case. * * <p>Note that the response filter below will still apply the relevant headers to the response. */ @Override public void filter(ContainerRequestContext creq) { if (HttpMethod.OPTIONS.equals(creq.getMethod())) { creq.abortWith(Response.ok().build()); } }
@Override public void filter(ContainerRequestContext requestContext) throws IOException { if (!serverHealthMonitor.get().isHealthy()) { requestContext.abortWith(Response.status(Response.Status.SERVICE_UNAVAILABLE).entity( serverHealthMonitor.get().getStatus()).build()); } } }
@Override public void filter(ContainerRequestContext context) { try { interceptor.handleMessage(JAXRSUtils.getCurrentMessage()); } catch (AccessDeniedException ex) { context.abortWith(Response.status(Response.Status.FORBIDDEN).build()); } }
@Override public void filter(ContainerRequestContext context) { Message message = JAXRSUtils.getCurrentMessage(); try { interceptor.handleMessage(message); } catch (AccessDeniedException ex) { context.abortWith(Response.status(Response.Status.FORBIDDEN).build()); } }
@Override public void filter(ContainerRequestContext context) { try { Message m = JAXRSUtils.getCurrentMessage(); MessageContext mc = new MessageContextImpl(m); OAuthInfo info = handleOAuthRequest(mc.getHttpServletRequest()); setSecurityContext(mc, m, info); } catch (Exception e) { context.abortWith(Response.status(401).header("WWW-Authenticate", "OAuth").build()); } }
@Override public void filter(ContainerRequestContext context) { Message m = JAXRSUtils.getCurrentMessage(); try { interceptor.handleMessage(m); } catch (SecurityException ex) { context.abortWith(handleAuthenticationException(ex, m)); } }
@Override public void filter(ContainerRequestContext requestContext) throws IOException { if (requestContext.getUriInfo().getPath().endsWith("/blockAndThrowException")) { requestContext.setProperty("blocked", Boolean.TRUE); requestContext.abortWith(Response.ok().build()); } }