/*
* Copyright (C) 2011-2012 Intel Corporation
* All rights reserved.
*/
package com.intel.mtwilson.ms.helper;
import com.intel.mtwilson.My;
import com.intel.mtwilson.i18n.ErrorCode;
import com.intel.mtwilson.ms.common.MSConfig;
import com.intel.mtwilson.ms.common.MSException;
import com.intel.mtwilson.security.jersey.AuthenticationJerseyFilter;
import com.intel.mtwilson.security.jersey.HmacRequestVerifier;
import com.intel.mtwilson.security.jersey.X509RequestVerifier;
import com.intel.mtwilson.security.jpa.ApiClientBO;
import com.intel.mtwilson.security.jpa.ApiClientX509BO;
import java.io.IOException;
import javax.ws.rs.container.ContainerRequestFilter;
/**
* Adapts the AuthenticationJerseyFilter from the MtWilsonHttpSecurity package
* to this application by configuring it with both X509 and MtWilson authentication
* schemes. The filter tries X509, then PublicKey, then MtWilson (Hmac).
* @since 0.5.1
* @author jbuhacoff
*/
public class MSAuthenticationFilter extends AuthenticationJerseyFilter implements ContainerRequestFilter {
private static final org.slf4j.Logger log = org.slf4j.LoggerFactory.getLogger(MSAuthenticationFilter.class);
public MSAuthenticationFilter() {
try {
// application-specific configuration
setRequestValidator(new HmacRequestVerifier(new ApiClientBO(My.persistenceManager().getMSData())));
setRequestValidator(new X509RequestVerifier(new ApiClientX509BO(My.persistenceManager().getMSData())));
setTrustedRemoteAddress(MSConfig.getConfiguration().getStringArray("mtwilson.api.trust"));
setSslRequired(MSConfig.getConfiguration().getBoolean("mtwilson.ssl.required", true));
} catch (IOException ex) {
log.error("Error during persistence manager initialization", ex);
throw new MSException(ErrorCode.SYSTEM_ERROR, ex.getClass().getSimpleName());
}
}
}