You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@stratos.apache.org by la...@apache.org on 2015/04/13 08:20:03 UTC
[3/6] stratos git commit: Formatting rest endpoint component code
http://git-wip-us.apache.org/repos/asf/stratos/blob/d61e7132/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/BadRequestExceptionMapper.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/BadRequestExceptionMapper.java b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/BadRequestExceptionMapper.java
index 5ee8ebd..c10aae6 100644
--- a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/BadRequestExceptionMapper.java
+++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/BadRequestExceptionMapper.java
@@ -35,12 +35,12 @@ public class BadRequestExceptionMapper implements ExceptionMapper<BadRequestExce
private static Log log = LogFactory.getLog(BadRequestExceptionMapper.class);
public Response toResponse(BadRequestException badRequestException) {
- if(log.isDebugEnabled()){
+ if (log.isDebugEnabled()) {
log.debug("Error in input format", badRequestException);
}
String errorMsg = badRequestException.getMessage() != null ? badRequestException.getMessage() : "please check" +
"your input format";
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON).
- entity(new ErrorResponseBean(Response.Status.BAD_REQUEST.getStatusCode(),errorMsg)).build();
+ entity(new ErrorResponseBean(Response.Status.BAD_REQUEST.getStatusCode(), errorMsg)).build();
}
}
http://git-wip-us.apache.org/repos/asf/stratos/blob/d61e7132/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/ComponentSynchronizerHandler.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/ComponentSynchronizerHandler.java b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/ComponentSynchronizerHandler.java
index b7456e4..807ff8a 100644
--- a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/ComponentSynchronizerHandler.java
+++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/ComponentSynchronizerHandler.java
@@ -37,7 +37,7 @@ public class ComponentSynchronizerHandler implements RequestHandler {
public Response handleRequest(Message message, ClassResourceInfo classResourceInfo) {
ComponentStartUpSynchronizer componentStartUpSynchronizer =
ServiceReferenceHolder.getInstance().getComponentStartUpSynchronizer();
- if(!componentStartUpSynchronizer.isComponentActive(Component.StratosManager)) {
+ if (!componentStartUpSynchronizer.isComponentActive(Component.StratosManager)) {
ApiResponseBean responseBean = new ApiResponseBean();
responseBean.setMessage("Stratos manager component is not active");
return Response.status(Response.Status.NOT_ACCEPTABLE).entity(responseBean).build();
http://git-wip-us.apache.org/repos/asf/stratos/blob/d61e7132/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/CookieBasedAuthenticationHandler.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/CookieBasedAuthenticationHandler.java b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/CookieBasedAuthenticationHandler.java
index 9588f7b..40e7e1b 100644
--- a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/CookieBasedAuthenticationHandler.java
+++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/CookieBasedAuthenticationHandler.java
@@ -32,6 +32,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
+
/*
* authenticate an incoming request using the session availability. Session is first established using the
* basic auth authentication. This handler will be the last to get executed in the current handler chain. Hence failure
@@ -41,45 +42,45 @@ public class CookieBasedAuthenticationHandler implements RequestHandler {
private Log log = LogFactory.getLog(CookieBasedAuthenticationHandler.class);
public Response handleRequest(Message message, ClassResourceInfo classResourceInfo) {
- if(AuthenticationContext.isAthenticated()){
- return null;
- }
+ if (AuthenticationContext.isAthenticated()) {
+ return null;
+ }
- HttpServletRequest httpServletRequest = (HttpServletRequest)message.get("HTTP.REQUEST");
- HttpSession httpSession = httpServletRequest.getSession(false);
- if(httpSession != null && isUserLoggedIn(httpSession)){ // if sesion is avaialble
- String userName = (String)httpSession.getAttribute("userName");
- String tenantDomain = (String)httpSession.getAttribute("tenantDomain");
- int tenantId = (Integer)httpSession.getAttribute("tenantId");
- // the following will get used by the authorization handler..
- PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
- carbonContext.setUsername(userName);
- carbonContext.setTenantDomain(tenantDomain);
- carbonContext.setTenantId(tenantId);
+ HttpServletRequest httpServletRequest = (HttpServletRequest) message.get("HTTP.REQUEST");
+ HttpSession httpSession = httpServletRequest.getSession(false);
+ if (httpSession != null && isUserLoggedIn(httpSession)) { // if sesion is avaialble
+ String userName = (String) httpSession.getAttribute("userName");
+ String tenantDomain = (String) httpSession.getAttribute("tenantDomain");
+ int tenantId = (Integer) httpSession.getAttribute("tenantId");
+ // the following will get used by the authorization handler..
+ PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+ carbonContext.setUsername(userName);
+ carbonContext.setTenantDomain(tenantDomain);
+ carbonContext.setTenantId(tenantId);
- AuthenticationContext.setAuthenticated(true);
- if (log.isDebugEnabled()) {
- log.debug("authenticated using the " + CookieBasedAuthenticationHandler.class.getName() + "for username :" +
- userName + "tenantDomain : " + tenantDomain + " tenantId : " + tenantId);
- }
- return null;
+ AuthenticationContext.setAuthenticated(true);
+ if (log.isDebugEnabled()) {
+ log.debug("authenticated using the " + CookieBasedAuthenticationHandler.class.getName() + "for username :" +
+ userName + "tenantDomain : " + tenantDomain + " tenantId : " + tenantId);
+ }
+ return null;
- }
+ }
return Response.status(Response.Status.FORBIDDEN).
type(MediaType.APPLICATION_JSON).entity(
- new ErrorResponseBean(Response.Status.FORBIDDEN.getStatusCode(),
- "The endpoint requires authentication")).build();
+ new ErrorResponseBean(Response.Status.FORBIDDEN.getStatusCode(),
+ "The endpoint requires authentication")).build();
}
/*
* if the userName and tenantDomain is present in the session, we conclude this as an authenticated session.
* Thos params get set by the AuthenticationAdmin endpoint.
* */
- private boolean isUserLoggedIn(HttpSession httpSession){
- String userName = (String)httpSession.getAttribute("userName");
- String tenantDomain = (String)httpSession.getAttribute("tenantDomain");
- Integer tenantId = (Integer)httpSession.getAttribute("tenantId");
- if(userName != null && tenantDomain!=null && tenantId!=null) {
+ private boolean isUserLoggedIn(HttpSession httpSession) {
+ String userName = (String) httpSession.getAttribute("userName");
+ String tenantDomain = (String) httpSession.getAttribute("tenantDomain");
+ Integer tenantId = (Integer) httpSession.getAttribute("tenantId");
+ if (userName != null && tenantDomain != null && tenantId != null) {
return true;
}
return false;
http://git-wip-us.apache.org/repos/asf/stratos/blob/d61e7132/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/CustomExceptionMapper.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/CustomExceptionMapper.java b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/CustomExceptionMapper.java
index 2863c25..f54f4fc 100644
--- a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/CustomExceptionMapper.java
+++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/CustomExceptionMapper.java
@@ -1,20 +1,20 @@
/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
-
- * http://www.apache.org/licenses/LICENSE-2.0
-
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * <p/>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p/>
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package org.apache.stratos.rest.endpoint.handlers;
@@ -36,18 +36,18 @@ public class CustomExceptionMapper implements ExceptionMapper<RestAPIException>
private static Log log = LogFactory.getLog(CustomExceptionMapper.class);
public Response toResponse(RestAPIException restAPIException) {
- if(log.isDebugEnabled()){
+ if (log.isDebugEnabled()) {
log.debug("Error while invoking the admin rest api", restAPIException);
}
// if no specific error message specified, spitting out a generaic error message
- String errorMessage = (restAPIException.getMessage() != null)?
- restAPIException.getMessage():"Error while fulfilling the request";
+ String errorMessage = (restAPIException.getMessage() != null) ?
+ restAPIException.getMessage() : "Error while fulfilling the request";
// if no specific error specified we are throwing the bad request http status code by default
- Response.Status httpStatus= (restAPIException.getHTTPStatusCode() != null)?
- restAPIException.getHTTPStatusCode():Response.Status.BAD_REQUEST;
-
+ Response.Status httpStatus = (restAPIException.getHTTPStatusCode() != null) ?
+ restAPIException.getHTTPStatusCode() : Response.Status.BAD_REQUEST;
+
log.error(errorMessage, restAPIException);
return Response.status(httpStatus.getStatusCode()).type(MediaType.APPLICATION_JSON).
- entity(new ErrorResponseBean(httpStatus.getStatusCode(),errorMessage)).build();
+ entity(new ErrorResponseBean(httpStatus.getStatusCode(), errorMessage)).build();
}
}
http://git-wip-us.apache.org/repos/asf/stratos/blob/d61e7132/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/CustomThrowableExceptionMapper.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/CustomThrowableExceptionMapper.java b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/CustomThrowableExceptionMapper.java
index d264cf1..73071b6 100644
--- a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/CustomThrowableExceptionMapper.java
+++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/CustomThrowableExceptionMapper.java
@@ -30,7 +30,7 @@ public class CustomThrowableExceptionMapper implements ExceptionMapper<Throwable
private static Log log = LogFactory.getLog(CustomThrowableExceptionMapper.class);
public Response toResponse(Throwable throwable) {
- if(log.isErrorEnabled()){
+ if (log.isErrorEnabled()) {
log.error("Internal server error", throwable);
}
http://git-wip-us.apache.org/repos/asf/stratos/blob/d61e7132/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/GenericExceptionMapper.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/GenericExceptionMapper.java b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/GenericExceptionMapper.java
index 3e4dc17..1ba9a06 100644
--- a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/GenericExceptionMapper.java
+++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/GenericExceptionMapper.java
@@ -35,12 +35,12 @@ public class GenericExceptionMapper implements ExceptionMapper<WebApplicationExc
private static Log log = LogFactory.getLog(GenericExceptionMapper.class);
public Response toResponse(WebApplicationException webApplicationException) {
- if(log.isDebugEnabled()){
+ if (log.isDebugEnabled()) {
log.debug("Internal server error", webApplicationException);
}
// if no specific error message specified, spitting out a generaic error message
- String errorMessage = (webApplicationException.getMessage() != null)?
- webApplicationException.getMessage():"Internal server error";
+ String errorMessage = (webApplicationException.getMessage() != null) ?
+ webApplicationException.getMessage() : "Internal server error";
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).type(MediaType.APPLICATION_JSON).
entity(new ErrorResponseBean(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), errorMessage)).build();
}
http://git-wip-us.apache.org/repos/asf/stratos/blob/d61e7132/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthenticationHandler.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthenticationHandler.java b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthenticationHandler.java
index 0a32c9d..fd95868 100644
--- a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthenticationHandler.java
+++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthenticationHandler.java
@@ -58,26 +58,27 @@ public class StratosAuthenticationHandler extends AbstractAuthenticationAuthoriz
private static Log log = LogFactory.getLog(StratosAuthenticationHandler.class);
private static String SUPPORTED_AUTHENTICATION_TYPE = "Basic";
- public boolean canHandle(String authHeaderPrefix){
+ public boolean canHandle(String authHeaderPrefix) {
return SUPPORTED_AUTHENTICATION_TYPE.equals(authHeaderPrefix);
}
/**
* Authenticate the user against the user store. Once authenticate, populate the {@link org.wso2.carbon.context.CarbonContext}
* to be used by the downstream code.
+ *
* @param message
* @param classResourceInfo
* @return
*/
public Response handle(Message message, ClassResourceInfo classResourceInfo) {
- if(log.isDebugEnabled()) {
+ if (log.isDebugEnabled()) {
log.debug(String.format("Authenticating request: [message-id] %s", message.getId()));
}
- // If Mutual SSL is enabled
+ // If Mutual SSL is enabled
HttpServletRequest request = (HttpServletRequest) message.get("HTTP.REQUEST");
Object certObject = request.getAttribute("javax.servlet.request.X509Certificate");
-
+
AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
String username = policy.getUserName().trim();
String password = policy.getPassword().trim();
@@ -86,28 +87,28 @@ public class StratosAuthenticationHandler extends AbstractAuthenticationAuthoriz
if (StringUtils.isEmpty(username)) {
log.error("username is seen as null/empty values");
return Response.status(Response.Status.UNAUTHORIZED)
- .header("WWW-Authenticate", "Basic").type(MediaType.APPLICATION_JSON)
- .entity(new ErrorResponseBean(Response.Status.UNAUTHORIZED.getStatusCode(),
- "Username cannot be null")).build();
+ .header("WWW-Authenticate", "Basic").type(MediaType.APPLICATION_JSON)
+ .entity(new ErrorResponseBean(Response.Status.UNAUTHORIZED.getStatusCode(),
+ "Username cannot be null")).build();
} else if (certObject == null && (StringUtils.isEmpty(password))) {
log.error("password is seen as null/empty values");
return Response.status(Response.Status.UNAUTHORIZED)
- .header("WWW-Authenticate", "Basic").type(MediaType.APPLICATION_JSON)
- .entity(new ErrorResponseBean(Response.Status.UNAUTHORIZED.getStatusCode(),
- "password cannot be null")).build();
+ .header("WWW-Authenticate", "Basic").type(MediaType.APPLICATION_JSON)
+ .entity(new ErrorResponseBean(Response.Status.UNAUTHORIZED.getStatusCode(),
+ "password cannot be null")).build();
}
-
+
try {
RealmService realmService = ServiceHolder.getRealmService();
RegistryService registryService = ServiceHolder.getRegistryService();
String tenantDomain = MultitenantUtils.getTenantDomain(username);
int tenantId = realmService.getTenantManager().getTenantId(tenantDomain);
-
+
UserRealm userRealm = null;
if (certObject == null) {
userRealm = AnonymousSessionUtil.getRealmByTenantDomain(registryService, realmService, tenantDomain);
if (userRealm == null) {
- log .error("Invalid domain or unactivated tenant login");
+ log.error("Invalid domain or unactivated tenant login");
// is this the correct HTTP code for this scenario ? (401)
return Response.status(Response.Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic").
type(MediaType.APPLICATION_JSON).entity(new ErrorResponseBean(Response.Status.UNAUTHORIZED.getStatusCode(), "Tenant not found")).build();
@@ -136,15 +137,15 @@ public class StratosAuthenticationHandler extends AbstractAuthenticationAuthoriz
log.warn(String.format("Unable to authenticate the request: [message-id] %s", message.getId()));
// authentication failed, request the authetication, add the realm name if needed to the value of WWW-Authenticate
return Response.status(Response.Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic").
- type(MediaType.APPLICATION_JSON).entity(new ErrorResponseBean ( Response.Status.UNAUTHORIZED.getStatusCode(),
- "Authentication failed. Please check your username/password")).build();
+ type(MediaType.APPLICATION_JSON).entity(new ErrorResponseBean(Response.Status.UNAUTHORIZED.getStatusCode(),
+ "Authentication failed. Please check your username/password")).build();
}
} catch (Exception exception) {
- log.error(String.format("Authentication failed: [message-id] %s", message.getId()),exception);
+ log.error(String.format("Authentication failed: [message-id] %s", message.getId()), exception);
// server error in the eyes of the client. Hence 5xx HTTP code.
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).type(MediaType.APPLICATION_JSON).
entity(new ErrorResponseBean(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(),
- "Unexpected error. Please contact the system admin")).build();
+ "Unexpected error. Please contact the system admin")).build();
}
}
}
http://git-wip-us.apache.org/repos/asf/stratos/blob/d61e7132/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthorizingHandler.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthorizingHandler.java b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthorizingHandler.java
index 1ec94d4..1e839fc 100644
--- a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthorizingHandler.java
+++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthorizingHandler.java
@@ -69,51 +69,50 @@ public class StratosAuthorizingHandler implements RequestHandler {
}
-
public Response handleRequest(Message message, ClassResourceInfo resourceClass) {
try {
AuthenticationContext.setAuthenticated(false); // TODO : fix this properly
String userName = CarbonContext.getThreadLocalCarbonContext().getUsername();
String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
- if(log.isDebugEnabled()){
+ if (log.isDebugEnabled()) {
log.debug("authorizing the action using" + StratosAuthorizingHandler.class.getName());
- log.debug("username :"+ userName);
+ log.debug("username :" + userName);
log.debug("tenantDomain" + tenantDomain);
- log.debug("tenantId :"+ tenantId);
+ log.debug("tenantId :" + tenantId);
}
Method targetMethod = getTargetMethod(message);
- if (!authorize(userName,tenantDomain,tenantId,targetMethod)) {
- log.warn("User :"+ userName + "trying to perform unauthrorized action" +
- " against the resource :"+ targetMethod);
- return Response.status(Response.Status.FORBIDDEN).type(MediaType.APPLICATION_JSON).
- entity(new ErrorResponseBean(Response.Status.FORBIDDEN.getStatusCode(), "The user does not have required permissions to " +
- "perform this operation")).build();
+ if (!authorize(userName, tenantDomain, tenantId, targetMethod)) {
+ log.warn("User :" + userName + "trying to perform unauthrorized action" +
+ " against the resource :" + targetMethod);
+ return Response.status(Response.Status.FORBIDDEN).type(MediaType.APPLICATION_JSON).
+ entity(new ErrorResponseBean(Response.Status.FORBIDDEN.getStatusCode(), "The user does not have required permissions to " +
+ "perform this operation")).build();
}
return null;
} catch (Exception exception) {
- log.error("Unexpected error occured while REST api, authorization process",exception);
+ log.error("Unexpected error occured while REST api, authorization process", exception);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).type(MediaType.APPLICATION_JSON).
entity(new ErrorResponseBean(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(),
- "Unexpected error. Please contact the system admin")).build();
+ "Unexpected error. Please contact the system admin")).build();
}
}
- private boolean authorize(String userName, String tenantDomain,int tenantId, Method targetMethod) throws Exception{
- // first we try to see whether this is a super.tenant only operation
- if (superTenantServiceSet.contains(targetMethod.getName()) && !isCurrentUserSuperTenant(tenantDomain, tenantId)) {
- return false;
- }
- // authorize using permissionString given as annotation in the service class
- String permissionString = authorizationActionMap.get(targetMethod.getName());
+ private boolean authorize(String userName, String tenantDomain, int tenantId, Method targetMethod) throws Exception {
+ // first we try to see whether this is a super.tenant only operation
+ if (superTenantServiceSet.contains(targetMethod.getName()) && !isCurrentUserSuperTenant(tenantDomain, tenantId)) {
+ return false;
+ }
+ // authorize using permissionString given as annotation in the service class
+ String permissionString = authorizationActionMap.get(targetMethod.getName());
- // get the authorization manager for this tenant..
- UserRealm userRealm = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm();
- AuthorizationManager authorizationManager = userRealm.getAuthorizationManager();
+ // get the authorization manager for this tenant..
+ UserRealm userRealm = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm();
+ AuthorizationManager authorizationManager = userRealm.getAuthorizationManager();
- boolean isAuthorized = isAuthorized(authorizationManager, userName, permissionString, ACTION_ON_RESOURCE);
- return isAuthorized;
+ boolean isAuthorized = isAuthorized(authorizationManager, userName, permissionString, ACTION_ON_RESOURCE);
+ return isAuthorized;
}
@@ -140,7 +139,8 @@ public class StratosAuthorizingHandler implements RequestHandler {
/**
* Here we are getting the target invocation method. The method get set as a property in the
* message by the {@link org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor}
- * @param message incoming message
+ *
+ * @param message incoming message
* @return
*/
protected Method getTargetMethod(Message message) {
@@ -160,6 +160,7 @@ public class StratosAuthorizingHandler implements RequestHandler {
/**
* The instance of the secured bean get injected by the IOC framework
+ *
* @param securedObject
*/
public void setSecuredObject(Object securedObject) {
@@ -184,8 +185,9 @@ public class StratosAuthorizingHandler implements RequestHandler {
/**
* Goes through the class hierarchy and find the authorization annotations attached to a certain
* method.
- * @param clazz class to be scanned
- * @param authorizationActionMap the map to be populated
+ *
+ * @param clazz class to be scanned
+ * @param authorizationActionMap the map to be populated
*/
private void findAuthorizationActions(Class<?> clazz, Map<String, String> authorizationActionMap) {
if (clazz == null || clazz == Object.class) {
@@ -219,6 +221,7 @@ public class StratosAuthorizingHandler implements RequestHandler {
/**
* Goes through the class hierarchy and figure out the supertenant annotations coupled with operations/methods.
+ *
* @param clazz
* @param superTenantServiceSet
*/
http://git-wip-us.apache.org/repos/asf/stratos/blob/d61e7132/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosMockHandler.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosMockHandler.java b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosMockHandler.java
index 12e0261..ebf2d3a 100644
--- a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosMockHandler.java
+++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosMockHandler.java
@@ -57,22 +57,23 @@ public class StratosMockHandler extends AbstractAuthenticationAuthorizationHandl
private static Log log = LogFactory.getLog(StratosAuthenticationHandler.class);
private static String SUPPORTED_AUTHENTICATION_TYPE = "Basic";
- public boolean canHandle(String authHeaderPrefix){
+ public boolean canHandle(String authHeaderPrefix) {
return SUPPORTED_AUTHENTICATION_TYPE.equals(authHeaderPrefix);
}
/**
* Authenticate the user against the user store. Once authenticate, populate the {@link org.wso2.carbon.context.CarbonContext}
* to be used by the downstream code.
+ *
* @param message
* @param classResourceInfo
* @return
*/
public Response handle(Message message, ClassResourceInfo classResourceInfo) {
- // If Mutual SSL is enabled
+ // If Mutual SSL is enabled
HttpServletRequest request = (HttpServletRequest) message.get("HTTP.REQUEST");
Object certObject = request.getAttribute("javax.servlet.request.X509Certificate");
-
+
AuthorizationPolicy policy = (AuthorizationPolicy) message.get(AuthorizationPolicy.class);
String username = policy.getUserName().trim();
String password = policy.getPassword().trim();
@@ -81,29 +82,29 @@ public class StratosMockHandler extends AbstractAuthenticationAuthorizationHandl
if ((username == null) || username.equals("")) {
log.error("username is seen as null/empty values.");
return Response.status(Response.Status.UNAUTHORIZED)
- .header("WWW-Authenticate", "Basic").type(MediaType.APPLICATION_JSON)
- .entity(new ErrorResponseBean(Response.Status.UNAUTHORIZED.getStatusCode(),
- "Username cannot be null")).build();
+ .header("WWW-Authenticate", "Basic").type(MediaType.APPLICATION_JSON)
+ .entity(new ErrorResponseBean(Response.Status.UNAUTHORIZED.getStatusCode(),
+ "Username cannot be null")).build();
} else if (certObject == null && ((password == null) || password.equals(""))) {
log.error("password is seen as null/empty values.");
return Response.status(Response.Status.UNAUTHORIZED)
- .header("WWW-Authenticate", "Basic").type(MediaType.APPLICATION_JSON)
- .entity(new ErrorResponseBean(Response.Status.UNAUTHORIZED.getStatusCode(),
- "password cannot be null")).build();
+ .header("WWW-Authenticate", "Basic").type(MediaType.APPLICATION_JSON)
+ .entity(new ErrorResponseBean(Response.Status.UNAUTHORIZED.getStatusCode(),
+ "password cannot be null")).build();
}
-
+
try {
- // setting the correct tenant info for downstream code..
+ // setting the correct tenant info for downstream code..
PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
carbonContext.setUsername(username);
-
+
return null;
} catch (Exception exception) {
- log.error("Authentication failed",exception);
+ log.error("Authentication failed", exception);
// server error in the eyes of the client. Hence 5xx HTTP code.
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).type(MediaType.APPLICATION_JSON).
- entity(new ErrorResponseBean(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(),
- "Unexpected error. Please contact the system admin")).build();
+ entity(new ErrorResponseBean(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(),
+ "Unexpected error. Please contact the system admin")).build();
}
}