Commit 3d44961e4ee37436a7dce2b6326476257b8a10d2
1 parent
eca582ee
Exists in
master
Correção no BasicAuthFilter
Showing
9 changed files
with
152 additions
and
139 deletions
Show diff stats
impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/BadRequestException.java
| @@ -2,9 +2,7 @@ package br.gov.frameworkdemoiselle; | @@ -2,9 +2,7 @@ package br.gov.frameworkdemoiselle; | ||
| 2 | 2 | ||
| 3 | import static javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST; | 3 | import static javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST; |
| 4 | 4 | ||
| 5 | -import javax.xml.ws.http.HTTPException; | ||
| 6 | - | ||
| 7 | -public class BadRequestException extends HTTPException { | 5 | +public class BadRequestException extends HttpViolationException { |
| 8 | 6 | ||
| 9 | private static final long serialVersionUID = 1L; | 7 | private static final long serialVersionUID = 1L; |
| 10 | 8 |
impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/ForbiddenException.java
0 → 100644
| @@ -0,0 +1,14 @@ | @@ -0,0 +1,14 @@ | ||
| 1 | +package br.gov.frameworkdemoiselle; | ||
| 2 | + | ||
| 3 | +import static javax.servlet.http.HttpServletResponse.SC_FORBIDDEN; | ||
| 4 | + | ||
| 5 | +import javax.xml.ws.http.HTTPException; | ||
| 6 | + | ||
| 7 | +public class ForbiddenException extends HTTPException { | ||
| 8 | + | ||
| 9 | + private static final long serialVersionUID = 1L; | ||
| 10 | + | ||
| 11 | + public ForbiddenException() { | ||
| 12 | + super(SC_FORBIDDEN); | ||
| 13 | + } | ||
| 14 | +} |
impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/HttpViolationException.java
0 → 100644
| @@ -0,0 +1,97 @@ | @@ -0,0 +1,97 @@ | ||
| 1 | +package br.gov.frameworkdemoiselle; | ||
| 2 | + | ||
| 3 | +import java.util.HashSet; | ||
| 4 | +import java.util.Set; | ||
| 5 | + | ||
| 6 | +public class HttpViolationException extends Exception { | ||
| 7 | + | ||
| 8 | + private static final long serialVersionUID = 1L; | ||
| 9 | + | ||
| 10 | + private Set<Violation> violations = new HashSet<Violation>(); | ||
| 11 | + | ||
| 12 | + private int statusCode; | ||
| 13 | + | ||
| 14 | + public HttpViolationException(int statusCode) { | ||
| 15 | + this.statusCode = statusCode; | ||
| 16 | + } | ||
| 17 | + | ||
| 18 | + public HttpViolationException addViolation(String property, String message) { | ||
| 19 | + this.violations.add(new Violation(property, message)); | ||
| 20 | + return this; | ||
| 21 | + } | ||
| 22 | + | ||
| 23 | + public Set<Violation> getViolations() { | ||
| 24 | + return violations; | ||
| 25 | + } | ||
| 26 | + | ||
| 27 | + public static class Violation { | ||
| 28 | + | ||
| 29 | + public String property; | ||
| 30 | + | ||
| 31 | + public String message; | ||
| 32 | + | ||
| 33 | + public Violation() { | ||
| 34 | + } | ||
| 35 | + | ||
| 36 | + public Violation(String property, String message) { | ||
| 37 | + this.property = property; | ||
| 38 | + this.message = message; | ||
| 39 | + } | ||
| 40 | + | ||
| 41 | + public String getProperty() { | ||
| 42 | + return property; | ||
| 43 | + } | ||
| 44 | + | ||
| 45 | + public void setProperty(String property) { | ||
| 46 | + this.property = property; | ||
| 47 | + } | ||
| 48 | + | ||
| 49 | + public String getMessage() { | ||
| 50 | + return message; | ||
| 51 | + } | ||
| 52 | + | ||
| 53 | + public void setMessage(String message) { | ||
| 54 | + this.message = message; | ||
| 55 | + } | ||
| 56 | + | ||
| 57 | + @Override | ||
| 58 | + public int hashCode() { | ||
| 59 | + final int prime = 31; | ||
| 60 | + int result = 1; | ||
| 61 | + result = prime * result + ((message == null) ? 0 : message.hashCode()); | ||
| 62 | + result = prime * result + ((property == null) ? 0 : property.hashCode()); | ||
| 63 | + return result; | ||
| 64 | + } | ||
| 65 | + | ||
| 66 | + @Override | ||
| 67 | + public boolean equals(Object obj) { | ||
| 68 | + if (this == obj) | ||
| 69 | + return true; | ||
| 70 | + if (obj == null) | ||
| 71 | + return false; | ||
| 72 | + if (getClass() != obj.getClass()) | ||
| 73 | + return false; | ||
| 74 | + Violation other = (Violation) obj; | ||
| 75 | + if (message == null) { | ||
| 76 | + if (other.message != null) | ||
| 77 | + return false; | ||
| 78 | + } else if (!message.equals(other.message)) | ||
| 79 | + return false; | ||
| 80 | + if (property == null) { | ||
| 81 | + if (other.property != null) | ||
| 82 | + return false; | ||
| 83 | + } else if (!property.equals(other.property)) | ||
| 84 | + return false; | ||
| 85 | + return true; | ||
| 86 | + } | ||
| 87 | + | ||
| 88 | + @Override | ||
| 89 | + public String toString() { | ||
| 90 | + return this.property + " " + this.message; | ||
| 91 | + } | ||
| 92 | + } | ||
| 93 | + | ||
| 94 | + public int getStatusCode() { | ||
| 95 | + return statusCode; | ||
| 96 | + } | ||
| 97 | +} |
impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/PreconditionFailedException.java
| @@ -1,90 +0,0 @@ | @@ -1,90 +0,0 @@ | ||
| 1 | -package br.gov.frameworkdemoiselle; | ||
| 2 | - | ||
| 3 | -import java.util.HashSet; | ||
| 4 | -import java.util.Set; | ||
| 5 | - | ||
| 6 | -public class PreconditionFailedException extends Exception { | ||
| 7 | - | ||
| 8 | - private static final long serialVersionUID = 1L; | ||
| 9 | - | ||
| 10 | - private Set<Violation> violations = new HashSet<Violation>(); | ||
| 11 | - | ||
| 12 | - public PreconditionFailedException() { | ||
| 13 | - } | ||
| 14 | - | ||
| 15 | - public PreconditionFailedException addViolation(String property, String message) { | ||
| 16 | - this.violations.add(new Violation(property, message)); | ||
| 17 | - return this; | ||
| 18 | - } | ||
| 19 | - | ||
| 20 | - public Set<Violation> getViolations() { | ||
| 21 | - return violations; | ||
| 22 | - } | ||
| 23 | - | ||
| 24 | - public static class Violation { | ||
| 25 | - | ||
| 26 | - public String property; | ||
| 27 | - | ||
| 28 | - public String message; | ||
| 29 | - | ||
| 30 | - public Violation() { | ||
| 31 | - } | ||
| 32 | - | ||
| 33 | - public Violation(String property, String message) { | ||
| 34 | - this.property = property; | ||
| 35 | - this.message = message; | ||
| 36 | - } | ||
| 37 | - | ||
| 38 | - public String getProperty() { | ||
| 39 | - return property; | ||
| 40 | - } | ||
| 41 | - | ||
| 42 | - public void setProperty(String property) { | ||
| 43 | - this.property = property; | ||
| 44 | - } | ||
| 45 | - | ||
| 46 | - public String getMessage() { | ||
| 47 | - return message; | ||
| 48 | - } | ||
| 49 | - | ||
| 50 | - public void setMessage(String message) { | ||
| 51 | - this.message = message; | ||
| 52 | - } | ||
| 53 | - | ||
| 54 | - @Override | ||
| 55 | - public int hashCode() { | ||
| 56 | - final int prime = 31; | ||
| 57 | - int result = 1; | ||
| 58 | - result = prime * result + ((message == null) ? 0 : message.hashCode()); | ||
| 59 | - result = prime * result + ((property == null) ? 0 : property.hashCode()); | ||
| 60 | - return result; | ||
| 61 | - } | ||
| 62 | - | ||
| 63 | - @Override | ||
| 64 | - public boolean equals(Object obj) { | ||
| 65 | - if (this == obj) | ||
| 66 | - return true; | ||
| 67 | - if (obj == null) | ||
| 68 | - return false; | ||
| 69 | - if (getClass() != obj.getClass()) | ||
| 70 | - return false; | ||
| 71 | - Violation other = (Violation) obj; | ||
| 72 | - if (message == null) { | ||
| 73 | - if (other.message != null) | ||
| 74 | - return false; | ||
| 75 | - } else if (!message.equals(other.message)) | ||
| 76 | - return false; | ||
| 77 | - if (property == null) { | ||
| 78 | - if (other.property != null) | ||
| 79 | - return false; | ||
| 80 | - } else if (!property.equals(other.property)) | ||
| 81 | - return false; | ||
| 82 | - return true; | ||
| 83 | - } | ||
| 84 | - | ||
| 85 | - @Override | ||
| 86 | - public String toString() { | ||
| 87 | - return this.property + " " + this.message; | ||
| 88 | - } | ||
| 89 | - } | ||
| 90 | -} |
impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/UnprocessableEntityException.java
0 → 100644
impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/ConstraintViolationExceptionMapper.java
| @@ -10,14 +10,14 @@ import javax.ws.rs.core.Response; | @@ -10,14 +10,14 @@ import javax.ws.rs.core.Response; | ||
| 10 | import javax.ws.rs.ext.ExceptionMapper; | 10 | import javax.ws.rs.ext.ExceptionMapper; |
| 11 | import javax.ws.rs.ext.Provider; | 11 | import javax.ws.rs.ext.Provider; |
| 12 | 12 | ||
| 13 | -import br.gov.frameworkdemoiselle.PreconditionFailedException; | 13 | +import br.gov.frameworkdemoiselle.UnprocessableEntityException; |
| 14 | 14 | ||
| 15 | @Provider | 15 | @Provider |
| 16 | public class ConstraintViolationExceptionMapper implements ExceptionMapper<ConstraintViolationException> { | 16 | public class ConstraintViolationExceptionMapper implements ExceptionMapper<ConstraintViolationException> { |
| 17 | 17 | ||
| 18 | @Override | 18 | @Override |
| 19 | public Response toResponse(ConstraintViolationException exception) { | 19 | public Response toResponse(ConstraintViolationException exception) { |
| 20 | - PreconditionFailedException failed = new PreconditionFailedException(); | 20 | + UnprocessableEntityException failed = new UnprocessableEntityException(); |
| 21 | 21 | ||
| 22 | for (Iterator<ConstraintViolation<?>> iter = exception.getConstraintViolations().iterator(); iter.hasNext();) { | 22 | for (Iterator<ConstraintViolation<?>> iter = exception.getConstraintViolations().iterator(); iter.hasNext();) { |
| 23 | ConstraintViolation<?> violation = iter.next(); | 23 | ConstraintViolation<?> violation = iter.next(); |
impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/HttpViolationExceptionMapper.java
0 → 100644
| @@ -0,0 +1,16 @@ | @@ -0,0 +1,16 @@ | ||
| 1 | +package br.gov.frameworkdemoiselle.internal.implementation; | ||
| 2 | + | ||
| 3 | +import javax.ws.rs.core.Response; | ||
| 4 | +import javax.ws.rs.ext.ExceptionMapper; | ||
| 5 | +import javax.ws.rs.ext.Provider; | ||
| 6 | + | ||
| 7 | +import br.gov.frameworkdemoiselle.HttpViolationException; | ||
| 8 | + | ||
| 9 | +@Provider | ||
| 10 | +public class HttpViolationExceptionMapper implements ExceptionMapper<HttpViolationException> { | ||
| 11 | + | ||
| 12 | + @Override | ||
| 13 | + public Response toResponse(HttpViolationException exception) { | ||
| 14 | + return Response.status(exception.getStatusCode()).entity(exception.getViolations()).build(); | ||
| 15 | + } | ||
| 16 | +} |
impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/PreconditionFailedExceptionMapper.java
| @@ -1,18 +0,0 @@ | @@ -1,18 +0,0 @@ | ||
| 1 | -package br.gov.frameworkdemoiselle.internal.implementation; | ||
| 2 | - | ||
| 3 | -import static javax.ws.rs.core.Response.Status.PRECONDITION_FAILED; | ||
| 4 | - | ||
| 5 | -import javax.ws.rs.core.Response; | ||
| 6 | -import javax.ws.rs.ext.ExceptionMapper; | ||
| 7 | -import javax.ws.rs.ext.Provider; | ||
| 8 | - | ||
| 9 | -import br.gov.frameworkdemoiselle.PreconditionFailedException; | ||
| 10 | - | ||
| 11 | -@Provider | ||
| 12 | -public class PreconditionFailedExceptionMapper implements ExceptionMapper<PreconditionFailedException> { | ||
| 13 | - | ||
| 14 | - @Override | ||
| 15 | - public Response toResponse(PreconditionFailedException exception) { | ||
| 16 | - return Response.status(PRECONDITION_FAILED).entity(exception.getViolations()).build(); | ||
| 17 | - } | ||
| 18 | -} |
impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/BasicAuthFilter.java
| @@ -36,9 +36,6 @@ | @@ -36,9 +36,6 @@ | ||
| 36 | */ | 36 | */ |
| 37 | package br.gov.frameworkdemoiselle.security; | 37 | package br.gov.frameworkdemoiselle.security; |
| 38 | 38 | ||
| 39 | -import java.util.regex.Matcher; | ||
| 40 | -import java.util.regex.Pattern; | ||
| 41 | - | ||
| 42 | import org.apache.commons.codec.binary.Base64; | 39 | import org.apache.commons.codec.binary.Base64; |
| 43 | 40 | ||
| 44 | import br.gov.frameworkdemoiselle.util.Beans; | 41 | import br.gov.frameworkdemoiselle.util.Beans; |
| @@ -46,48 +43,37 @@ import br.gov.frameworkdemoiselle.util.Strings; | @@ -46,48 +43,37 @@ import br.gov.frameworkdemoiselle.util.Strings; | ||
| 46 | 43 | ||
| 47 | public class BasicAuthFilter extends AbstractHTTPAuthorizationFilter { | 44 | public class BasicAuthFilter extends AbstractHTTPAuthorizationFilter { |
| 48 | 45 | ||
| 49 | - private String header; | 46 | + private String credentials; |
| 50 | 47 | ||
| 51 | @Override | 48 | @Override |
| 52 | protected boolean isSupported(String authHeader) { | 49 | protected boolean isSupported(String authHeader) { |
| 53 | - header = authHeader; | ||
| 54 | - return !Strings.isEmpty(header); | 50 | + credentials = extractCredentials("Basic", authHeader); |
| 51 | + return !Strings.isEmpty(credentials); | ||
| 55 | } | 52 | } |
| 56 | 53 | ||
| 57 | @Override | 54 | @Override |
| 58 | protected void prepareForLogin() { | 55 | protected void prepareForLogin() { |
| 59 | - if (header != null) { | ||
| 60 | - String[] basicCredentials = getCredentials(header); | 56 | + String[] basicCredentials = getCredentials(credentials); |
| 61 | 57 | ||
| 62 | - Credentials credentials = Beans.getReference(Credentials.class); | ||
| 63 | - credentials.setUsername(basicCredentials[0]); | ||
| 64 | - credentials.setPassword(basicCredentials[1]); | ||
| 65 | - } | 58 | + Credentials credentials = Beans.getReference(Credentials.class); |
| 59 | + credentials.setUsername(basicCredentials[0]); | ||
| 60 | + credentials.setPassword(basicCredentials[1]); | ||
| 66 | } | 61 | } |
| 67 | 62 | ||
| 68 | @Override | 63 | @Override |
| 69 | protected void prepareForLogout() { | 64 | protected void prepareForLogout() { |
| 70 | } | 65 | } |
| 71 | 66 | ||
| 72 | - private static String[] getCredentials(String header) | ||
| 73 | - throws InvalidCredentialsException { | 67 | + private static String[] getCredentials(String header) throws InvalidCredentialsException { |
| 74 | String[] result = null; | 68 | String[] result = null; |
| 75 | 69 | ||
| 76 | - String regexp = "^Basic[ \\n]+(.+)$"; | ||
| 77 | - Pattern pattern = Pattern.compile(regexp); | ||
| 78 | - Matcher matcher = pattern.matcher(header); | ||
| 79 | - | ||
| 80 | - if (matcher.matches()) { | ||
| 81 | - byte[] decoded = Base64.decodeBase64(matcher.group(1)); | ||
| 82 | - result = new String(decoded).split(":"); | ||
| 83 | - } | 70 | + byte[] decoded = Base64.decodeBase64(header); |
| 71 | + result = new String(decoded).split(":"); | ||
| 84 | 72 | ||
| 85 | if (result == null || result.length != 2) { | 73 | if (result == null || result.length != 2) { |
| 86 | - throw new InvalidCredentialsException( | ||
| 87 | - "Formato inválido do cabeçalho"); | 74 | + throw new InvalidCredentialsException("Formato inválido do cabeçalho"); |
| 88 | } | 75 | } |
| 89 | 76 | ||
| 90 | return result; | 77 | return result; |
| 91 | } | 78 | } |
| 92 | - | ||
| 93 | -} | ||
| 94 | \ No newline at end of file | 79 | \ No newline at end of file |
| 80 | +} |