View Javadoc

1   package com.atlassian.asap.core.server.jersey;
2   
3   import com.google.common.collect.ImmutableSet;
4   
5   import java.util.Set;
6   
7   /**
8    * Factory for {@link JerseyRequestAuthorizer}. Applications may override this factory to provide their own
9    * authorizer.
10   */
11  public class JerseyRequestAuthorizerFactory {
12      /**
13       * Instantiates {@link JerseyRequestAuthorizer} from the {@link JwtAuth} annotation.
14       *
15       * @param jwtAuth annotation in the Jersey resource. If it does not specify valid issuers, then the issuer
16       *                whitelist is copied from the subject whitelist.
17       * @return a new instance of the authorizer
18       */
19      public JerseyRequestAuthorizer create(JwtAuth jwtAuth) {
20          Set<String> authorizedIssuers = ImmutableSet.copyOf(jwtAuth.authorizedIssuers());
21          Set<String> authorizedSubjects = ImmutableSet.copyOf(jwtAuth.authorizedSubjects());
22          return new WhitelistJerseyRequestAuthorizer(
23                  authorizedSubjects,
24                  authorizedIssuers.isEmpty() ? authorizedSubjects : authorizedIssuers);
25      }
26  }