source: DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/test/java/eu/dasish/annotation/backend/rest/DummySecurityFilter.java @ 4173

Last change on this file since 4173 was 4173, checked in by olhsha, 10 years ago

lintegrity unit test reconstructed so it does not mock any more. getAnnotation works (the others are "ignored"). Needs refactoring (the subdirectory with beans and DummySecurityFilter? class.
File size: 5.1 KB
Line 
1/*
2 * Copyright (C) 2013 DASISH
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
17 */
18package eu.dasish.annotation.backend.rest;
19
20/**
21 *
22 * @author olhsha
23 */
24import java.io.IOException;
25import java.security.Principal;
26import java.util.Arrays;
27import java.util.List;
28
29import javax.naming.AuthenticationException;
30import javax.servlet.Filter;
31import javax.servlet.FilterChain;
32import javax.servlet.FilterConfig;
33import javax.servlet.ServletException;
34import javax.servlet.ServletRequest;
35import javax.servlet.ServletResponse;
36import javax.servlet.http.HttpServletRequest;
37import javax.servlet.http.HttpServletRequestWrapper;
38import javax.ws.rs.core.HttpHeaders;
39
40import com.sun.jersey.api.container.MappableContainerException;
41import com.sun.jersey.core.util.Base64;
42
43/**
44 * Dummy security filter, very handy for unit testing.
45 *
46 */
47public class DummySecurityFilter implements Filter {
48
49    private final List<String> ALLOWED_USERS = Arrays.asList(DummyPrincipal.DUMMY_PRINCIPAL.getName());
50
51    /**
52     * Dummy validation for unit tests
53     *
54     * @param username
55     * @param password
56     * @return
57     */
58    private boolean isValid(String username, String password) {
59        return ALLOWED_USERS.contains(username);
60    }
61
62    @Override
63    public void destroy() {
64    }
65
66    @Override
67    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
68        Principal principalResult = null;
69        HttpServletRequest req = (HttpServletRequest) request;
70        String authentication = req.getHeader(HttpHeaders.AUTHORIZATION);
71
72        if (authentication != null) { //if no authentication then do nothing
73            if (!authentication.startsWith("Basic ")) {
74                throw new MappableContainerException(new AuthenticationException("Only HTTP Basic authentication is supported"));
75            }
76            authentication = authentication.substring("Basic ".length());
77            String base64Decode = new String(Base64.decode(authentication.getBytes()));
78            String[] values = base64Decode.split(":");
79            if (values.length < 2) {
80                throw new MappableContainerException(new AuthenticationException("Invalid syntax for username and password"));
81            }
82            final String username = values[0];
83            String password = values[1];
84            if ((username == null) || (password == null)) {
85                throw new MappableContainerException(new AuthenticationException("Missing username or password"));
86            }
87            if (!isValid(username, password)) {
88                throw new MappableContainerException(new AuthenticationException("Invalid user/password"));
89            }
90           
91            principalResult = new DummyPrincipal(username);
92            final Principal principal = principalResult;
93            HttpServletRequestWrapper wrapper = new HttpServletRequestWrapper(req) {
94                public boolean isUserInRole(String role) {
95                    return true;
96                }
97
98                public boolean isSecure() {
99                    return false;
100                }
101
102                public Principal getUserPrincipal() {
103                    return principal;
104                }
105
106                @Override
107                public String getAuthType() {
108                    return HttpServletRequest.BASIC_AUTH;
109                }
110
111                @Override
112                public String getRemoteUser() {
113                    return username;
114                }
115            };
116
117            chain.doFilter(wrapper, response);
118        } else {
119            final Principal principal = principalResult;
120            HttpServletRequestWrapper wrapper = new HttpServletRequestWrapper(req) {
121                public boolean isUserInRole(String role) {
122                    return true;
123                }
124
125                public boolean isSecure() {
126                    return false;
127                }
128
129                public Principal getUserPrincipal() {
130                    return principal;
131                }
132
133                @Override
134                public String getAuthType() {
135                    return HttpServletRequest.BASIC_AUTH;
136                }
137
138                @Override
139                public String getRemoteUser() {
140                    return null;
141                }
142            };
143            chain.doFilter(wrapper, response);
144        }
145    }
146
147    @Override
148    public void init(FilterConfig filterConfig) throws ServletException {
149    }
150}
Note: See TracBrowser for help on using the repository browser.