/**
* Copyright (c) 2014-2017 by the respective copyright holders.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*/
package org.eclipse.smarthome.io.rest.auth;
import java.security.Principal;
import javax.ws.rs.container.ContainerRequestContext;
import org.eclipse.smarthome.core.auth.Authentication;
import org.eclipse.smarthome.core.auth.AuthenticationProvider;
import org.eclipse.smarthome.core.auth.Credentials;
import org.eclipse.smarthome.io.rest.auth.internal.SmartHomePrincipal;
import com.eclipsesource.jaxrs.provider.security.AuthenticationHandler;
import com.eclipsesource.jaxrs.provider.security.AuthorizationHandler;
/**
* Base type for handling authentication and authorization delegated from rest/jaxrs service layer.
*
* @author Ćukasz Dywicki - Initial contribution and API
* @author Kai Kreuzer - Added JavaDoc
*
*/
public abstract class AbstractSecurityHandler implements AuthenticationHandler, AuthorizationHandler {
private AuthenticationProvider authenticationProvider;
@Override
public final boolean isUserInRole(Principal user, String role) {
if (user instanceof SmartHomePrincipal) {
return ((SmartHomePrincipal) user).getRoles().contains(role);
}
return false;
}
@Override
public Principal authenticate(ContainerRequestContext requestContext) {
if (authenticationProvider == null) {
return null;
}
Credentials credentials = createCredentials(requestContext);
if (credentials == null) {
return null;
}
Authentication authentication = authenticationProvider.authenticate(credentials);
if (authentication != null) {
return new SmartHomePrincipal(authentication);
}
return null;
}
/**
* provides the credentials from a given request context. To be implemented by child classes.
*
* @param requestContext the request context
* @return the inferred credentials
*/
protected abstract Credentials createCredentials(ContainerRequestContext requestContext);
protected void setAuthenticationService(AuthenticationProvider authenticationProvider) {
this.authenticationProvider = authenticationProvider;
}
protected void unsetAuthenticationService(AuthenticationProvider authenticationProvider) {
this.authenticationProvider = null;
}
}