All Downloads are FREE. Search and download functionalities are using the official Maven repository.

io.dropwizard.auth.JettyAuthenticationUtil Maven / Gradle / Ivy

There is a newer version: 5.0.0-alpha.4
Show newest version
package io.dropwizard.auth;

import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.GenericType;
import javax.ws.rs.core.SecurityContext;
import org.checkerframework.checker.nullness.qual.Nullable;
import org.eclipse.jetty.security.AbstractUserAuthentication;
import org.eclipse.jetty.server.Authentication;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.UserIdentity;
import org.glassfish.jersey.internal.inject.InjectionManager;
import org.glassfish.jersey.internal.util.collection.Ref;

import javax.security.auth.Subject;
import java.lang.reflect.Type;
import java.security.Principal;
import java.util.Optional;
import java.util.Set;

class JettyAuthenticationUtil {
    private static final Type HTTP_SERVLET_REQUEST_REF_TYPE = (new GenericType>() {}).getType();

    static void setJettyAuthenticationIfPossible(SecurityContext securityContext, @Nullable InjectionManager injectionManager) {
        if (injectionManager == null) {
            return;
        }
        final Ref requestRef = injectionManager.getInstance(HTTP_SERVLET_REQUEST_REF_TYPE);
        if (requestRef == null) {
            return;
        }
        HttpServletRequest request = requestRef.get();
        if (!(request instanceof Request)) {
            return;
        }
        Request jettyRequest = (Request) request;

        Authentication authentication = new DropwizardJettyAuthentication(securityContext);
        jettyRequest.setAuthentication(authentication);
    }

    private static class DropwizardJettyAuthentication extends AbstractUserAuthentication {
        public DropwizardJettyAuthentication(SecurityContext securityContext) {
            super(securityContext.getAuthenticationScheme(), new DropwizardJettyUserIdentity(securityContext));
        }
    }

    private static class DropwizardJettyUserIdentity implements UserIdentity {
        private final Subject subject;
        private final SecurityContext securityContext;

        public DropwizardJettyUserIdentity(SecurityContext securityContext) {
            this.securityContext = securityContext;
            this.subject = new Subject(true, Set.of(securityContext.getUserPrincipal()), Set.of(), Set.of());
        }

        @Override
        public Subject getSubject() {
            return subject;
        }

        @Override
        public Principal getUserPrincipal() {
            return securityContext.getUserPrincipal();
        }

        @Override
        public boolean isUserInRole(String role, Scope scope) {
            // Servlet spec forbids the role name "*", so return false in that case
            if ("*".equals(role)) {
                return false;
            }

            // get the scope-mapped role, if present
            // else use the original role
            String resolvedRole = Optional.ofNullable(scope)
                .map(Scope::getRoleRefMap)
                .map(roleMap -> roleMap.get(role))
                .orElse(role);
            return securityContext.isUserInRole(resolvedRole);
        }
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy