protected void checkAuthorizations(ContainerRequestContext requestContext, Object resource) { try { Method handler = resourceInfo.getResourceMethod(); AUTH_CHECKER.assertAuthorized(resource, handler); logger.debug("Standard Shiro security check passed."); if(resource instanceof PageAction) { checkPageActionInvocation(requestContext, (PageAction) resource); } } catch (UnauthenticatedException e) { logger.debug("Method required authentication", e); requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build()); } catch (AuthorizationException e) { logger.warn("Method invocation not authorized", e); requestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build()); } }
@Override public void filter(ContainerRequestContext requestContext) { UriInfo uriInfo = requestContext.getUriInfo(); if(uriInfo.getMatchedResources().isEmpty()) { return; } Object resource = uriInfo.getMatchedResources().get(0); if(resourceInfo == null || resourceInfo.getResourceClass() == null) { return; } if(resource.getClass() != resourceInfo.getResourceClass()) { throw new RuntimeException("Inconsistency: matched resource is not of the right type, " + resourceInfo.getResourceClass()); } fillMDC(); logger.debug("Publishing securityUtils in OGNL context"); OgnlContext ognlContext = ElementsThreadLocals.getOgnlContext(); ognlContext.put("securityUtils", new SecurityUtilsBean()); if(resource instanceof PageAction) { PageAction pageAction = (PageAction) resource; pageAction.prepareForExecution(); } checkAuthorizations(requestContext, resource); accessLogger.info(requestContext.getMethod()); }
public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) { addCacheHeaders(responseContext); for(String message : RequestMessages.consumeErrorMessages()) { responseContext.getHeaders().add(MESSAGE_HEADER, "error: " + message); } for(String message : RequestMessages.consumeWarningMessages()) { responseContext.getHeaders().add(MESSAGE_HEADER, "warning: " + message); } for(String message : RequestMessages.consumeInfoMessages()) { responseContext.getHeaders().add(MESSAGE_HEADER, "info: " + message); } }