package com.opensoc.dataservices.auth;
import java.io.IOException;
import java.util.Map;
import java.util.Properties;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.ext.Provider;
import org.jboss.resteasy.core.Headers;
import org.jboss.resteasy.core.ServerResponse;
import com.google.inject.Inject;
@AuthTokenFilter
@Provider
public class RestSecurityInterceptor implements javax.ws.rs.container.ContainerRequestFilter {
private static final ServerResponse ACCESS_DENIED = new ServerResponse("Access denied for this resource", 401, new Headers<Object>());;
@Inject
private Properties configProps;
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
// get our token...
Map<String, Cookie> cookies = requestContext.getCookies();
Cookie authTokenCookie = cookies.get( "authToken" );
if( authTokenCookie == null )
{
requestContext.abortWith(ACCESS_DENIED );
return;
}
String authToken = authTokenCookie.getValue();
try {
if( ! AuthToken.validateToken(configProps, authToken) )
{
requestContext.abortWith(ACCESS_DENIED );
return;
}
}
catch (Exception e) {
e.printStackTrace();
requestContext.abortWith(ACCESS_DENIED );
return;
}
// if the token is good, just return...
}
}