@Override public String getHeader(String name) { return request.getHeader(name); }
@Override public String getRequestHeader(String name) { return getRequest().getHeader(name); }
protected void authenticate(Context context) { Account session = context.getSession(AuthConstants.ACCOUNT_ATTRIBUTE); Account local = context.getLocal(AuthConstants.ACCOUNT_ATTRIBUTE); Account account = Optional.fromNullable(session).or(Optional.fromNullable(local).or(Account.GUEST)); if (account.isGuest()) { String authorization = context.getRequest().getHeader("Authorization"); if (!Strings.isNullOrEmpty(authorization)) { if (authorization.toLowerCase().startsWith("token")) { String packet = authorization.substring("token".length()).trim(); TokenCredentials credentials = new TokenCredentials(packet); account = securityManager.authenticate(credentials); } else if (authorization.toLowerCase().startsWith("basic")) { String packet = authorization.substring("basic".length()).trim(); String credentials1 = new String(Base64.getDecoder().decode(packet), StandardCharsets.UTF_8); String[] values1 = credentials1.split(":", 2); String username = values1[0]; String password = values1[1]; StandardCredentials authenticationToken = new StandardCredentials(username, password); account = securityManager.authenticate(authenticationToken); } } } account = Optional.fromNullable(account).or(Account.GUEST); context.setLocal(AuthConstants.ACCOUNT_ATTRIBUTE, account); } }
protected void authenticate(Context context) { Account session = context.getSession(AuthConstants.ACCOUNT_ATTRIBUTE); Account local = context.getLocal(AuthConstants.ACCOUNT_ATTRIBUTE); Account account = Optional.fromNullable(session).or(Optional.fromNullable(local).or(Account.GUEST)); if (account.isGuest()) { String authorization = context.getRequest().getHeader("Authorization"); if (!Strings.isNullOrEmpty(authorization)) { if (authorization.toLowerCase().startsWith("token")) { String packet = authorization.substring("token".length()).trim(); TokenCredentials credentials = new TokenCredentials(packet); account = securityManager.authenticate(credentials); } else if (authorization.toLowerCase().startsWith("basic")) { String packet = authorization.substring("basic".length()).trim(); String credentials1 = new String(Base64.getDecoder().decode(packet), StandardCharsets.UTF_8); String[] values1 = credentials1.split(":", 2); String username = values1[0]; String password = values1[1]; StandardCredentials authenticationToken = new StandardCredentials(username, password); account = securityManager.authenticate(authenticationToken); } } } account = Optional.fromNullable(account).or(Account.GUEST); context.setLocal(AuthConstants.ACCOUNT_ATTRIBUTE, account); } }
String authorization = context.getRequest().getHeader("Authorization"); if (!Strings.isNullOrEmpty(authorization) && authorization.startsWith("Basic")) {
String authorization = context.getRequest().getHeader("Authorization"); if (!Strings.isNullOrEmpty(authorization) && authorization.startsWith("Basic")) {
String authorization = context.getRequest().getHeader("Authorization"); if (!Strings.isNullOrEmpty(authorization) && authorization.startsWith("Basic")) {
@Override public Object invoke(MethodInvocation invocation) throws Throwable { RequireToken requireToken = ClassUtil.getAnnotation(invocation.getMethod(), RequireToken.class); String tokenName = requireToken.value(); Context context = RouteDispatcher.getRouteContext(); // extract the named token from a header or a query parameter String token = Strings.emptyToNull(context.getRequest().getHeader(tokenName)); token = Optional.fromNullable(token).or(context.getParameter(tokenName).toString("")); if (Strings.isNullOrEmpty(token)) { throw new AuthorizationException("Missing '{}' token", tokenName); } Account account = getAccount(); if (account.isGuest()) { // authenticate by token TokenCredentials credentials = new TokenCredentials(token); account = securityManager.get().authenticate(credentials); if (account == null) { throw new AuthorizationException("Invalid '{}' value '{}'", tokenName, token); } context.setLocal(AuthConstants.ACCOUNT_ATTRIBUTE, account); log.debug("'{}' account authenticated by token '{}'", account.getUsername(), token); } else { // validate token account.checkToken(token); } return invocation.proceed(); }
@Override public Object invoke(MethodInvocation invocation) throws Throwable { RequireToken requireToken = ClassUtil.getAnnotation(invocation.getMethod(), RequireToken.class); String tokenName = requireToken.value(); Context context = RouteDispatcher.getRouteContext(); // extract the named token from a header or a query parameter String token = Strings.emptyToNull(context.getRequest().getHeader(tokenName)); token = Optional.fromNullable(token).or(context.getParameter(tokenName).toString("")); if (Strings.isNullOrEmpty(token)) { throw new AuthorizationException("Missing '{}' token", tokenName); } Account account = getAccount(); if (account.isGuest()) { // authenticate by token TokenCredentials credentials = new TokenCredentials(token); account = securityManager.get().authenticate(credentials); if (account == null) { throw new AuthorizationException("Invalid '{}' value '{}'", tokenName, token); } context.setLocal(AuthConstants.ACCOUNT_ATTRIBUTE, account); log.debug("'{}' account authenticated by token '{}'", account.getUsername(), token); } else { // validate token account.checkToken(token); } return invocation.proceed(); }
String authorization = context.getRequest().getHeader("Authorization"); if (Strings.isNullOrEmpty(authorization)) {
String contentType = Util.getPreSubstring(context.getRequest().getHeader("Content-Type").toLowerCase(), ';'); if (!guardedTypes.contains(contentType)) { log.debug("Ignoring '{}' request for {} '{}'", contentType, context.getRequestMethod(), String requestToken = context.getRequest().getHeader(HEADER); if ("nocheck".equals(requestToken)) { log.debug("Ignoring 'nocheck' request for {} '{}'", context.getRequestMethod(), context.getRequestUri());
String authorization = context.getRequest().getHeader("Authorization"); if (Strings.isNullOrEmpty(authorization)) {
String contentType = context.getRequest().getHeader("Content-Type").toLowerCase(); if (!guardedTypes.contains(contentType)) { log.debug("Ignoring '{}' request for {} '{}'", contentType, context.getRequestMethod(), String requestToken = context.getRequest().getHeader("Csrf-Token"); if ("nocheck".equals(requestToken)) { log.debug("Ignoring 'nocheck' request for {} '{}'", context.getRequestMethod(), context.getRequestUri());
String contentType = Util.getPreSubstring(context.getRequest().getHeader("Content-Type").toLowerCase(), ';'); if (!guardedTypes.contains(contentType)) { log.debug("Ignoring '{}' request for {} '{}'", contentType, context.getRequestMethod(), String requestToken = context.getRequest().getHeader(HEADER); if ("nocheck".equals(requestToken)) { log.debug("Ignoring 'nocheck' request for {} '{}'", context.getRequestMethod(), context.getRequestUri());
protected Account checkRequireToken(Method method) { Account account = getAccount(); RequireToken requireToken = ClassUtil.getAnnotation(method, RequireToken.class); if (requireToken != null) { String tokenName = requireToken.value(); Context context = RouteDispatcher.getRouteContext(); // extract the named token from a header or a query parameter String token = Strings.emptyToNull(context.getRequest().getHeader(tokenName)); token = Optional.fromNullable(token).or(context.getParameter(tokenName).toString("")); if (Strings.isNullOrEmpty(token)) { throw new AuthorizationException("Missing '{}' token", tokenName); } if (account.isGuest()) { // authenticate by token TokenCredentials credentials = new TokenCredentials(token); account = securityManager.get().authenticate(credentials); if (account == null) { throw new AuthorizationException("Invalid '{}' value '{}'", tokenName, token); } context.setLocal(AuthConstants.ACCOUNT_ATTRIBUTE, account); log.debug("'{}' account authenticated by token '{}'", account.getUsername(), token); } else { // validate token account.checkToken(token); } } return account; }
protected Account checkRequireToken(Method method) { Account account = getAccount(); RequireToken requireToken = ClassUtil.getAnnotation(method, RequireToken.class); if (requireToken != null) { String tokenName = requireToken.value(); Context context = RouteDispatcher.getRouteContext(); // extract the named token from a header or a query parameter String token = Strings.emptyToNull(context.getRequest().getHeader(tokenName)); token = Optional.fromNullable(token).or(context.getParameter(tokenName).toString("")); if (Strings.isNullOrEmpty(token)) { throw new AuthorizationException("Missing '{}' token", tokenName); } if (account.isGuest()) { // authenticate by token TokenCredentials credentials = new TokenCredentials(token); account = securityManager.get().authenticate(credentials); if (account == null) { throw new AuthorizationException("Invalid '{}' value '{}'", tokenName, token); } context.setLocal(AuthConstants.ACCOUNT_ATTRIBUTE, account); log.debug("'{}' account authenticated by token '{}'", account.getUsername(), token); } else { // validate token account.checkToken(token); } } return account; }