You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@archiva.apache.org by ma...@apache.org on 2020/01/17 16:37:58 UTC
[archiva-redback-core] 01/05: Removing ctx dependency in interceptor
This is an automated email from the ASF dual-hosted git repository.
martin_s pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/archiva-redback-core.git
commit 8899cbf60932535677603dc4a0ed7ca8ecabcce4
Author: Martin Stockhammer <ma...@apache.org>
AuthorDate: Thu Jan 16 20:54:55 2020 +0100
Removing ctx dependency in interceptor
---
.../services/interceptors/AbstractInterceptor.java | 16 +++++++++--
.../interceptors/AuthenticationInterceptor.java | 31 ++++++++++++----------
.../interceptors/PermissionsInterceptor.java | 7 ++---
.../interceptors/RequestValidationInterceptor.java | 4 +--
4 files changed, 35 insertions(+), 23 deletions(-)
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/AbstractInterceptor.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/AbstractInterceptor.java
index 5d2dd5e..dff6037 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/AbstractInterceptor.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/AbstractInterceptor.java
@@ -24,9 +24,11 @@ import org.apache.cxf.jaxrs.model.OperationResourceInfo;
import org.apache.cxf.message.Message;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.core.annotation.AnnotationUtils;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import java.lang.reflect.Method;
@@ -45,12 +47,12 @@ public abstract class AbstractInterceptor
@Context
private HttpServletResponse httpServletResponse;
- public HttpServletRequest getHttpServletRequest( Message message )
+ public HttpServletRequest getHttpServletRequest( )
{
return httpServletRequest;
}
- public HttpServletResponse getHttpServletResponse( Message message )
+ public HttpServletResponse getHttpServletResponse( )
{
return httpServletResponse;
}
@@ -75,4 +77,14 @@ public abstract class AbstractInterceptor
return redbackAuthorization;
}
+
+ public RedbackAuthorization getRedbackAuthorization( ResourceInfo resourceInfo ) {
+ Method method = resourceInfo.getResourceMethod( );
+ RedbackAuthorization redbackAuthorization = AnnotationUtils.findAnnotation( method, RedbackAuthorization.class );
+ log.debug( "resourceClass {}, method {}, redbackAuthorization {}", //
+ resourceInfo.getResourceClass( ), //
+ method, //
+ redbackAuthorization );
+ return redbackAuthorization;
+ }
}
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/AuthenticationInterceptor.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/AuthenticationInterceptor.java
index ae16637..c7dadfe 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/AuthenticationInterceptor.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/AuthenticationInterceptor.java
@@ -34,8 +34,6 @@ import org.apache.archiva.redback.users.User;
import org.apache.archiva.redback.users.UserManager;
import org.apache.archiva.redback.users.UserManagerException;
import org.apache.archiva.redback.users.UserNotFoundException;
-import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.message.Message;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
@@ -46,6 +44,8 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
+import javax.ws.rs.container.ResourceInfo;
+import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;
@@ -71,25 +71,28 @@ public class AuthenticationInterceptor
@Named(value = "httpAuthenticator#basic")
private HttpBasicAuthentication httpAuthenticator;
+ @Context
+ private ResourceInfo resourceInfo;
+
private final Logger log = LoggerFactory.getLogger( getClass() );
public void filter( ContainerRequestContext containerRequestContext )
{
- Message message = JAXRSUtils.getCurrentMessage();
+ // Message message = JAXRSUtils.getCurrentMessage();
- RedbackAuthorization redbackAuthorization = getRedbackAuthorization( message );
+ RedbackAuthorization redbackAuthorization = getRedbackAuthorization( resourceInfo );
if ( redbackAuthorization == null )
{
log.warn( "http path {} doesn't contain any informations regarding permissions ",
- message.get( Message.REQUEST_URI ) );
+ containerRequestContext.getUriInfo().getRequestUri());
// here we failed to authenticate so 403 as there is no detail on karma for this
// it must be marked as it's exposed
containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() );
return;
}
- HttpServletRequest request = getHttpServletRequest( message );
- HttpServletResponse response = getHttpServletResponse( message );
+ HttpServletRequest request = getHttpServletRequest( );
+ HttpServletResponse response = getHttpServletResponse( );
if ( redbackAuthorization.noRestriction() )
{
@@ -122,7 +125,7 @@ public class AuthenticationInterceptor
new RedbackRequestInformation( user, request.getRemoteAddr() );
RedbackAuthenticationThreadLocal.set( redbackRequestInformation );
- message.put( AuthenticationResult.class, authenticationResult );
+ // message.put( AuthenticationResult.class, authenticationResult );
}
catch ( Exception e )
{
@@ -149,29 +152,29 @@ public class AuthenticationInterceptor
new RedbackRequestInformation( user, request.getRemoteAddr() );
RedbackAuthenticationThreadLocal.set( redbackRequestInformation );
- message.put( AuthenticationResult.class, authenticationResult );
+ // message.put( AuthenticationResult.class, authenticationResult );
return;
}
catch ( UserNotFoundException e )
{
- log.debug( "UserNotFoundException for path {}", message.get( Message.REQUEST_URI ) );
+ log.debug( "UserNotFoundException for path {}", containerRequestContext.getUriInfo().getRequestUri() );
}
catch ( AccountLockedException e )
{
- log.debug( "account locked for path {}", message.get( Message.REQUEST_URI ) );
+ log.debug( "account locked for path {}", containerRequestContext.getUriInfo().getRequestUri() );
}
catch ( MustChangePasswordException e )
{
- log.debug( "must change password for path {}", message.get( Message.REQUEST_URI ) );
+ log.debug( "must change password for path {}", containerRequestContext.getUriInfo().getRequestUri() );
}
catch ( AuthenticationException e )
{
- log.debug( "failed to authenticate for path {}", message.get( Message.REQUEST_URI ) );
+ log.debug( "failed to authenticate for path {}", containerRequestContext.getUriInfo().getRequestUri() );
}
catch ( UserManagerException e )
{
- log.debug( "UserManagerException: {} for path", e.getMessage(), message.get( Message.REQUEST_URI ) );
+ log.debug( "UserManagerException: {} for path", e.getMessage(), containerRequestContext.getUriInfo().getRequestUri() );
}
containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() );
}
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/PermissionsInterceptor.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/PermissionsInterceptor.java
index 714500a..d71ba6c 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/PermissionsInterceptor.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/PermissionsInterceptor.java
@@ -31,7 +31,6 @@ import org.apache.archiva.redback.system.SecuritySession;
import org.apache.archiva.redback.system.SecuritySystem;
import org.apache.commons.lang3.StringUtils;
import org.apache.cxf.jaxrs.model.OperationResourceInfo;
-import org.apache.cxf.jaxrs.model.Parameter;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.message.Message;
import org.slf4j.Logger;
@@ -50,8 +49,6 @@ import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import javax.ws.rs.ext.Provider;
import java.lang.annotation.Annotation;
-import java.lang.reflect.Method;
-import java.util.List;
/**
* @author Olivier Lamy
@@ -94,7 +91,7 @@ public class PermissionsInterceptor
if ( permissions != null && permissions.length > 0 //
&& !( permissions.length == 1 && StringUtils.isEmpty( permissions[0] ) ) )
{
- HttpServletRequest request = getHttpServletRequest( message );
+ HttpServletRequest request = getHttpServletRequest( );
SecuritySession securitySession = httpAuthenticator.getSecuritySession( request.getSession() );
AuthenticationResult authenticationResult = message.get( AuthenticationResult.class );
@@ -105,7 +102,7 @@ public class PermissionsInterceptor
try
{
authenticationResult =
- httpAuthenticator.getAuthenticationResult( request, getHttpServletResponse( message ) );
+ httpAuthenticator.getAuthenticationResult( request, getHttpServletResponse( ) );
log.debug( "authenticationResult from request: {}", authenticationResult );
}
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/RequestValidationInterceptor.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/RequestValidationInterceptor.java
index e654aa5..ddd4027 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/RequestValidationInterceptor.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/RequestValidationInterceptor.java
@@ -506,7 +506,7 @@ public class RequestValidationInterceptor
else
{
Message message = JAXRSUtils.getCurrentMessage();
- return getHttpServletRequest( message );
+ return getHttpServletRequest( );
}
}
@@ -627,7 +627,7 @@ public class RequestValidationInterceptor
try
{
authenticationResult =
- httpAuthenticator.getAuthenticationResult( request, getHttpServletResponse( message ) );
+ httpAuthenticator.getAuthenticationResult( request, getHttpServletResponse( ) );
log.debug( "authenticationResult from request: {}", authenticationResult );
}