This repository has been archived by the owner on Nov 18, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 98
/
Copy pathSecurityHandler.java
47 lines (40 loc) · 1.62 KB
/
SecurityHandler.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
/*******************************************************************************
* Copyright (c) 2013 Bryan Hunt and others.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*
* Contributors:
* Bryan Hunt - initial API and implementation
******************************************************************************/
package com.eclipsesource.jaxrs.security.example;
import java.security.Principal;
import javax.ws.rs.container.ContainerRequestContext;
import com.eclipsesource.jaxrs.provider.security.AuthenticationHandler;
import com.eclipsesource.jaxrs.provider.security.AuthorizationHandler;
/**
* This is a simple example of a security handler that uses headers for authentication.
* The client request header must include a "user=test" for authentication to succeed.
* The authorization is successful only if the user is "test" and the role is "secure".
*
* @see SecureResource
*/
public class SecurityHandler implements AuthenticationHandler, AuthorizationHandler {
@Override
public boolean isUserInRole( Principal user, String role ) {
return user.getName().equals( "test" ) && role.equals( "secure" );
}
@Override
public Principal authenticate( ContainerRequestContext requestContext ) {
String user = requestContext.getHeaderString( "user" );
if( user == null ) {
return null;
}
return new User( user );
}
@Override
public String getAuthenticationScheme() {
return null;
}
}