• Home
• com.yahoo.athenz
• athenz-zts-java-client
• 1.10.15
• source code
• SecurityEntityFilteringFeature.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

athenz.shade.zts.org.glassfish.jersey.message.filtering.SecurityEntityFilteringFeature Maven / Gradle / Ivy

/*
 * Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
 *
 * This program and the accompanying materials are made available under the
 * terms of the Eclipse Public License v. 2.0, which is available at
 * http://www.eclipse.org/legal/epl-2.0.
 *
 * This Source Code may also be made available under the following Secondary
 * Licenses when the conditions for such availability set forth in the
 * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
 * version 2 with the GNU Classpath Exception, which is available at
 * https://www.gnu.org/software/classpath/license.html.
 *
 * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
 */

package athenz.shade.zts.athenz.shade.zts.org.glassfish.jersey.message.filtering;

import athenz.shade.zts.athenz.shade.zts.javax.ws.rs.RuntimeType;
import athenz.shade.zts.athenz.shade.zts.javax.ws.rs.core.Configuration;
import athenz.shade.zts.athenz.shade.zts.javax.ws.rs.core.Feature;
import athenz.shade.zts.athenz.shade.zts.javax.ws.rs.core.FeatureContext;

import athenz.shade.zts.athenz.shade.zts.org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature;

/**
 * {@link Feature} used to add support for Java Security annotations (athenz.shade.zts.athenz.shade.zts.javax.annotation.security) for Entity Data
 * Filtering feature.
 * 

 * Supported annotations are:
 * 

 * 
{@link athenz.shade.zts.athenz.shade.zts.javax.annotation.security.PermitAll}
 * 
{@link athenz.shade.zts.athenz.shade.zts.javax.annotation.security.RolesAllowed}
 * 
{@link athenz.shade.zts.athenz.shade.zts.javax.annotation.security.DenyAll}
 * 
 * 

 * 

 * It is sufficient to annotate only property accessors of an entity without annotating resource method / resource class although
 * it is not recommended.
 * 
 * Note: This feature also registers the {@link EntityFilteringFeature}.
 *
 * @author Michal Gajdos
 * @see athenz.shade.zts.athenz.shade.zts.org.glassfish.jersey.message.filtering.EntityFilteringFeature
 */
public final class SecurityEntityFilteringFeature implements Feature {

    @Override
    public boolean configure(final FeatureContext context) {
        final Configuration config = context.getConfiguration();

        if (!config.isRegistered(SecurityEntityProcessor.class)) {
            // RolesAllowed feature.
            if (!config.isRegistered(RolesAllowedDynamicFeature.class)) {
                context.register(RolesAllowedDynamicFeature.class);
            }

            // Binder (FilteringObjectProvider/FilteringGraphTransformer).
            if (!config.isRegistered(EntityFilteringBinder.class)) {
                context.register(new EntityFilteringBinder());
            }

            // Entity Processors.
            context.register(SecurityEntityProcessor.class);
            if (!config.isRegistered(DefaultEntityProcessor.class)) {
                context.register(DefaultEntityProcessor.class);
            }

            // Scope Providers.
            context.register(SecurityScopeResolver.class);
            if (RuntimeType.SERVER.equals(config.getRuntimeType())) {
                context.register(SecurityServerScopeResolver.class);
            }

            // Scope Resolver.
            if (RuntimeType.SERVER == config.getRuntimeType()) {
                context.register(SecurityServerScopeProvider.class);
            } else {
                context.register(CommonScopeProvider.class);
            }

            return true;
        }
        return false;
    }
}