View Javadoc

1   package com.atlassian.asap.core.server.jersey;
2   
3   import com.atlassian.asap.api.Jwt;
4   import com.atlassian.asap.api.exception.AuthorizationFailedException;
5   import org.slf4j.Logger;
6   import org.slf4j.LoggerFactory;
7   
8   import javax.annotation.Priority;
9   import javax.ws.rs.Priorities;
10  import javax.ws.rs.container.ContainerRequestContext;
11  import javax.ws.rs.container.ContainerRequestFilter;
12  import javax.ws.rs.container.ResourceInfo;
13  import javax.ws.rs.core.Context;
14  import javax.ws.rs.ext.Provider;
15  import java.io.IOException;
16  
17  import static com.atlassian.asap.core.server.filter.AbstractRequestAuthenticationFilter.AUTHENTIC_JWT_REQUEST_ATTRIBUTE;
18  import static com.atlassian.asap.core.server.jersey.AuthenticationRequestFilter.ASAP_REQUEST_ATTRIBUTE;
19  import static java.util.Objects.requireNonNull;
20  
21  /**
22   * AuthorizationRequestFilter is a {@link ContainerRequestFilter} that validates an authenticated jwt token.
23   */
24  @Provider
25  @Priority(Priorities.AUTHORIZATION)
26  public class AuthorizationRequestFilter implements ContainerRequestFilter {
27      private static final Logger LOG = LoggerFactory.getLogger(AuthorizationRequestFilter.class);
28  
29      @SuppressWarnings("checkstyle:VisibilityModifier")
30      @Context
31      ResourceInfo resourceInfo;
32  
33      private final FailureHandler failureHandler;
34      private final AsapValidator asapValidator;
35  
36      @SuppressWarnings("WeakerAccess")
37      public AuthorizationRequestFilter(FailureHandler failureHandler, AsapValidator asapValidator) {
38          this.asapValidator = requireNonNull(asapValidator);
39          this.failureHandler = requireNonNull(failureHandler);
40      }
41  
42      @Override
43      public void filter(ContainerRequestContext context) throws IOException {
44          Jwt jwt = (Jwt) context.getProperty(AUTHENTIC_JWT_REQUEST_ATTRIBUTE);
45          if (jwt != null) {
46              Asap asap = (Asap) context.getProperty(ASAP_REQUEST_ATTRIBUTE);
47              authorizeToken(context, jwt, asap);
48          }
49      }
50  
51      private void authorizeToken(ContainerRequestContext context, final Jwt jwt, final Asap asap) {
52          try {
53              asapValidator.validate(asap, jwt);
54              LOG.trace("Accepting authorized token with identifier '{}'", jwt.getClaims().getJwtId());
55          } catch (AuthorizationFailedException e) {
56              failureHandler.onAuthorizationFailure(context, e);
57          }
58      }
59  
60      /**
61       * Use this factory method to create a new AuthorizationRequestFilter instance with the specified audience, issuers
62       * list, and public key repository URL.
63       *
64       * @return the new instance
65       */
66      public static AuthorizationRequestFilter newInstance() {
67          return new AuthorizationRequestFilter(new EmptyBodyFailureHandler(), AsapValidator.newAnnotationValidator());
68      }
69  }