1 package com.atlassian.asap.core.server;
2
3 import com.atlassian.asap.api.server.http.RequestAuthenticator;
4 import com.atlassian.asap.core.server.filter.AbstractRequestAuthenticationFilter;
5 import com.atlassian.asap.core.server.filter.WhitelistRequestAuthorizationFilter;
6 import com.atlassian.asap.core.server.http.RequestAuthenticatorImpl;
7 import com.atlassian.asap.core.validator.JwtValidator;
8 import com.atlassian.asap.core.validator.JwtValidatorImpl;
9 import com.google.common.collect.ImmutableSet;
10 import com.sun.grizzly.http.SelectorThread;
11 import com.sun.grizzly.http.servlet.ServletAdapter;
12 import com.sun.jersey.api.container.grizzly.GrizzlyServerFactory;
13 import org.slf4j.Logger;
14 import org.slf4j.LoggerFactory;
15
16 import javax.servlet.Filter;
17 import javax.servlet.FilterConfig;
18 import javax.servlet.ServletException;
19 import javax.servlet.http.HttpServlet;
20 import javax.servlet.http.HttpServletRequest;
21 import javax.servlet.http.HttpServletResponse;
22 import java.io.IOException;
23 import java.net.URI;
24 import java.util.Collections;
25 import java.util.Set;
26
27
28
29
30 public class SimpleServer {
31 private static Logger logger = LoggerFactory.getLogger(SimpleServer.class);
32
33 private final int port;
34
35 private final String publicKeyBaseUrl;
36 private final String audience;
37 private final Set<String> authorizedSubjects;
38 private final Set<String> authorizedIssuers;
39
40 private SelectorThread thread;
41
42 public SimpleServer(int port, String publicKeyBaseUrl, String audience,
43 Set<String> authorizedSubjects, Set<String> authorizedIssuers) {
44 this.port = port;
45 this.publicKeyBaseUrl = publicKeyBaseUrl;
46 this.audience = audience;
47 this.authorizedIssuers = ImmutableSet.copyOf(authorizedIssuers);
48 this.authorizedSubjects = ImmutableSet.copyOf(authorizedSubjects);
49 }
50
51 public URI getUrl() {
52 return URI.create("http://localhost:" + port);
53 }
54
55
56
57
58
59
60 public void start() throws Exception {
61 ServletAdapter servletAdapter = new ServletAdapter();
62
63 servletAdapter.setServletInstance(new HelloWorldServlet());
64
65 servletAdapter.addFilter(
66 newAuthenticationFilter(),
67 "authenticationFilter",
68 Collections.emptyMap()
69 );
70 servletAdapter.addFilter(
71 newAuthorizationFilter(),
72 "authorizationFilter",
73 Collections.emptyMap()
74 );
75
76 thread = GrizzlyServerFactory.create(getUrl(), servletAdapter);
77 }
78
79
80
81
82 public void stop() {
83 thread.stopEndpoint();
84 }
85
86 private Filter newAuthenticationFilter() {
87 JwtValidator jwtValidator = JwtValidatorImpl.createDefault(audience, publicKeyBaseUrl);
88 final RequestAuthenticator requestAuthenticator = new RequestAuthenticatorImpl(jwtValidator);
89 return new AbstractRequestAuthenticationFilter() {
90 @Override
91 protected RequestAuthenticator getRequestAuthenticator(FilterConfig filterConfig) {
92 return requestAuthenticator;
93 }
94 };
95 }
96
97 private Filter newAuthorizationFilter() {
98 return new WhitelistRequestAuthorizationFilter(authorizedSubjects, authorizedIssuers);
99 }
100
101 private static class HelloWorldServlet extends HttpServlet {
102 private static final long serialVersionUID = -134479483378982999L;
103
104 @Override
105 protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
106 doGet(req, resp);
107 }
108
109 @Override
110 protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
111 logger.info("Successfully authenticated request!");
112 resp.getWriter().println("Hello World!");
113 }
114 }
115 }