/** * @param mc the {@link MessageContext} * @param role the role to check * @throws WebApplicationException with Status 401 if not authenticated * @throws WebApplicationException with Status 403 if user doesn't have needed role */ public static void assertRole(final MessageContext mc, final String role) { if (!isUserInRole(mc, role)) { throw ExceptionUtils.toForbiddenException(null, null); } }
/** * @param mc the {@link MessageContext} * @param role the role to check * @throws WebApplicationException with Status 401 if not authenticated * @throws WebApplicationException with Status 403 if user doesn't have needed role */ public static void assertRole(final MessageContext mc, final String role) { if (!isUserInRole(mc, role)) { throw ExceptionUtils.toForbiddenException(null, null); } }
/** * @param mc the {@link MessageContext} * @param client the desired client registration id * @throws WebApplicationException with Status 403 if the current client id is not valid */ public static void assertClient(MessageContext mc, String client) { String cl = resolveClient(mc); if ((cl == null) || !cl.equals(client)) { throw ExceptionUtils.toForbiddenException(null, null); } }
protected Method getTargetMethod() { Method method = (Method)mc.get("org.apache.cxf.resource.method"); if (method != null) { return method; } throw ExceptionUtils.toForbiddenException(null, null); }
protected Method getTargetMethod() { Method method = (Method)mc.get("org.apache.cxf.resource.method"); if (method != null) { return method; } throw ExceptionUtils.toForbiddenException(null, null); }
/** * @param mc the {@link MessageContext} * @param client the desired client registration id * @throws WebApplicationException with Status 403 if the current client id is not valid */ public static void assertClient(MessageContext mc, String client) { String cl = resolveClient(mc); if ((cl == null) || !cl.equals(client)) { throw ExceptionUtils.toForbiddenException(null, null); } }
protected void checkClient(Method m) { if (confidentialClientMethods.contains(m.getName())) { OAuthContext context = OAuthContextUtils.getContext(mc); if (!context.isClientConfidential()) { LOG.warning("Non confidential client " + context.getClientId() + " has attempted to invoke " + m.getName()); throw ExceptionUtils.toForbiddenException(null, null); } } } protected void checkScopes(Method m) {
protected void checkClient(Method m) { if (confidentialClientMethods.contains(m.getName())) { OAuthContext context = OAuthContextUtils.getContext(mc); if (!context.isClientConfidential()) { LOG.warning("Non confidential client " + context.getClientId() + " has attempted to invoke " + m.getName()); throw ExceptionUtils.toForbiddenException(null, null); } } } protected void checkScopes(Method m) {
protected void checkScopes(Method m) { List<String> methodScopes = scopesMap.get(m.getName()); if (methodScopes == null) { return; } boolean matchAll = scopesMatchAllMap.get(m.getName()); OAuthContext context = OAuthContextUtils.getContext(mc); List<String> requestScopes = new LinkedList<>(); for (OAuthPermission perm : context.getPermissions()) { if (matchAll) { requestScopes.add(perm.getPermission()); } else if (methodScopes.contains(perm.getPermission())) { return; } } if (!requestScopes.containsAll(methodScopes)) { LOG.warning("Scopes do not match"); throw ExceptionUtils.toForbiddenException(null, null); } } protected Method getTargetMethod() {
protected void checkScopes(Method m) { List<String> methodScopes = scopesMap.get(m.getName()); if (methodScopes == null) { return; } boolean matchAll = scopesMatchAllMap.get(m.getName()); OAuthContext context = OAuthContextUtils.getContext(mc); List<String> requestScopes = new LinkedList<>(); for (OAuthPermission perm : context.getPermissions()) { if (matchAll) { requestScopes.add(perm.getPermission()); } else if (methodScopes.contains(perm.getPermission())) { return; } } if (!requestScopes.containsAll(methodScopes)) { LOG.warning("Scopes do not match"); throw ExceptionUtils.toForbiddenException(null, null); } } protected Method getTargetMethod() {
protected void checkSecurityContext() { SecurityContext sc = mc.getSecurityContext(); if (sc.getUserPrincipal() == null) { throw ExceptionUtils.toNotAuthorizedException(null, null); } if (userRole != null && !sc.isUserInRole(userRole)) { throw ExceptionUtils.toForbiddenException(null, null); } }
protected void checkSecurityContext() { SecurityContext sc = mc.getSecurityContext(); if (sc.getUserPrincipal() == null) { throw ExceptionUtils.toNotAuthorizedException(null, null); } if (userRole != null && !sc.isUserInRole(userRole)) { throw ExceptionUtils.toForbiddenException(null, null); } }
throw ExceptionUtils.toForbiddenException(null, null); String message = "Client has no valid permissions"; LOG.warning(message); throw ExceptionUtils.toForbiddenException(null, null); String message = "Client IP Address is invalid"; LOG.warning(message); throw ExceptionUtils.toForbiddenException(null, null); String message = "Only Confidential Clients are supported"; LOG.warning(message); throw ExceptionUtils.toForbiddenException(null, null);
throw ExceptionUtils.toForbiddenException(null, null); String message = "Client has no valid permissions"; LOG.warning(message); throw ExceptionUtils.toForbiddenException(null, null); String message = "Client IP Address is invalid"; LOG.warning(message); throw ExceptionUtils.toForbiddenException(null, null); String message = "Only Confidential Clients are supported"; LOG.warning(message); throw ExceptionUtils.toForbiddenException(null, null);