View Javadoc

1   package com.atlassian.plugins.rest.common.security.jersey;
2   
3   import com.atlassian.plugins.rest.common.security.AnonymousAllowed;
4   import com.atlassian.plugins.rest.common.security.AuthenticationContext;
5   import com.atlassian.plugins.rest.common.security.AuthenticationRequiredException;
6   import com.google.common.base.Preconditions;
7   import com.sun.jersey.api.model.AbstractMethod;
8   import com.sun.jersey.spi.container.ContainerRequest;
9   import com.sun.jersey.spi.container.ContainerRequestFilter;
10  import com.sun.jersey.spi.container.ContainerResponseFilter;
11  import com.sun.jersey.spi.container.ResourceFilter;
12  
13  /**
14   * <p>This is a Jersey resource filter that checks wether the current client is authenticated or not.
15   * If the client is not authenticated then an {@link AuthenticationRequiredException} is thrown.</p>
16   * <p>Resources can be marked as not needing authentication by using the {@link AnonymousAllowed} annotation.</p>
17   */
18  class AuthenticatedResourceFilter implements ResourceFilter, ContainerRequestFilter {
19      private final AbstractMethod abstractMethod;
20      private final AuthenticationContext authenticationContext;
21  
22      public AuthenticatedResourceFilter(AbstractMethod abstractMethod, AuthenticationContext authenticationContext) {
23          this.abstractMethod = Preconditions.checkNotNull(abstractMethod);
24          this.authenticationContext = Preconditions.checkNotNull(authenticationContext);
25      }
26  
27      public ContainerRequestFilter getRequestFilter() {
28          return this;
29      }
30  
31      public ContainerResponseFilter getResponseFilter() {
32          return null;
33      }
34  
35      public ContainerRequest filter(ContainerRequest request) {
36          if (!isAnonymousAllowed() && !isClientAuthenticated()) {
37              throw new AuthenticationRequiredException();
38          }
39          return request;
40      }
41  
42      private boolean isAnonymousAllowed() {
43          return (abstractMethod.getMethod() != null && abstractMethod.getMethod().getAnnotation(AnonymousAllowed.class) != null)
44                  || abstractMethod.getResource().getAnnotation(AnonymousAllowed.class) != null;
45      }
46  
47      private boolean isClientAuthenticated() {
48          return authenticationContext.isAuthenticated();
49      }
50  }