Closes #106: Header base authentication

2025-12-29 09:31:45 +00:00 · 2016-05-16 21:07:01 +02:00
parent ce0678784b
commit 67a4dc63ca
8 changed files with 302 additions and 152 deletions
--- a/docs-web/src/main/java/com/sismics/docs/rest/resource/BaseResource.java
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/BaseResource.java
@@ -1,19 +1,18 @@
 package com.sismics.docs.rest.resource;

-import java.security.Principal;
-import java.util.List;
-import java.util.Set;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.QueryParam;
-import javax.ws.rs.core.Context;
-
 import com.google.common.collect.Lists;
 import com.sismics.docs.rest.constant.BaseFunction;
 import com.sismics.rest.exception.ForbiddenClientException;
 import com.sismics.security.IPrincipal;
 import com.sismics.security.UserPrincipal;
-import com.sismics.util.filter.TokenBasedSecurityFilter;
+import com.sismics.util.filter.SecurityFilter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.Context;
+import java.security.Principal;
+import java.util.List;
+import java.util.Set;

 /**
 * Base class of REST resources.
@@ -67,7 +66,7 @@ public abstract class BaseResource {
     * @return True if the user is authenticated and not anonymous
     */
    protected boolean authenticate() {
-        Principal principal = (Principal) request.getAttribute(TokenBasedSecurityFilter.PRINCIPAL_ATTRIBUTE);
+        Principal principal = (Principal) request.getAttribute(SecurityFilter.PRINCIPAL_ATTRIBUTE);
        if (principal != null && principal instanceof IPrincipal) {
            this.principal = (IPrincipal) principal;
            return !this.principal.isAnonymous();
--- a/docs-web/src/main/webapp/WEB-INF/web.xml
+++ b/docs-web/src/main/webapp/WEB-INF/web.xml
@@ -26,18 +26,33 @@
    <url-pattern>*.jsp</url-pattern>
  </filter-mapping>

-  <!-- This filter is used to secure URLs -->
+  <!-- These filters are used to secure URLs -->
  <filter>
    <filter-name>tokenBasedSecurityFilter</filter-name>
    <filter-class>com.sismics.util.filter.TokenBasedSecurityFilter</filter-class>
    <async-supported>true</async-supported>
  </filter>
+
+  <filter>
+    <filter-name>headerBasedSecurityFilter</filter-name>
+    <filter-class>com.sismics.util.filter.HeaderBasedSecurityFilter</filter-class>
+    <async-supported>true</async-supported>
+    <init-param>
+      <param-name>enabled</param-name>
+      <param-value>false</param-value>
+    </init-param>
+  </filter>
  
  <filter-mapping>
    <filter-name>tokenBasedSecurityFilter</filter-name>
    <url-pattern>/api/*</url-pattern>
  </filter-mapping>

+  <filter-mapping>
+    <filter-name>headerBasedSecurityFilter</filter-name>
+    <url-pattern>/api/*</url-pattern>
+  </filter-mapping>
+
  <!-- Jersey -->
  <servlet>
    <servlet-name>JerseyServlet</servlet-name>