Hi Evan:
Thanks a lot for your help, I got the idea from your post but not sure if I
implemented it right, following is what I have done based your suggestion.
RequestAwareAuthFilter.java
"
public class RequestAwareAuthFilter<P extends Principal> extends
AuthFilter<String, P> {
private AuthenticatorFactory<String, P> authFactory;
private RequestAwareAuthFilter(AuthenticatorFactory<String, P> authFactory) {
this.authFactory = authFactory;
}
@Override
public void filter(final ContainerRequestContext requestContext) throws
IOException {
final String credentials =
getCredentials(requestContext.getHeaders().getFirst(HttpHeaders
.AUTHORIZATION));
authenticator = authFactory.get(requestContext);
if (!authenticate(requestContext, credentials, SecurityContext.BASIC_AUTH))
{
throw new
WebApplicationException(unauthorizedHandler.buildResponse(prefix, realm));
}
}
@Nullable
private String getCredentials(String header) { ... }
public interface AuthenticatorFactory<C, P extends Principal> {
Authenticator<C, P> get(ContainerRequestContext requestContext);
}
}
"
Does that make sense? Basically its very much inspired by the existing
OAuthFilter, but in this case, the builder provides a way to set
'authenticator factory' instead of a singleton authenticator, then I create
a new Authenticator with request context in each filter call.
This allows me to inject the same request context into the Principal
subclass inside 'Authenticator.authenticate(credentials)'
Is this the best way to achieve what I need? or am I over engineering
things here?
Thanks again,
Saumitra
On Tuesday, July 12, 2016 at 8:06:47 AM UTC+5:30, Evan Meagher wrote:
>
> Can you provide relevant snippets of your code, please? If you're using
> AuthDynamicFeature, then you're presumably still creating an AuthFilter to
> pass to its constructor. In which case you still have access to the
> `ContainerRequestContext` within `AuthFilter.authenticate`.
>
> If you're relying on an AuthFilterBuilder to create a filter for use with
> AuthDynamicFeature, then perhaps you can simply manually create an
> AuthFilter subclass in order to regain access to `ContainerRequestContext`s.
>
> On Mon, Jul 11, 2016 at 1:28 PM, Saumitra Bhave <[email protected]
> <javascript:>> wrote:
>
>> I just moved from custom AuthFilter to dropwizard's authentication
>> Feature, One problem I am facing is that I can not access "PathParams" in
>> the authorize method.
>>
>> Basically, my requirement is simple, in that, For Eg. User A has signed
>> in and he has access to modify user B, I have this information stored in
>> the UserPrincipal at the time of authenticate call. Now, I want A to be
>> able to access PUT /users/A and PUT /users/B but not anything else.
>>
>> In the custom implementation, I used to store UriInfo.getPathParameters()
>> into the security context, and I could use user principal and the Path
>> together to resolve complex Authorization queries.
>>
>> Is there anyway I can achieve the same using DropWizard's
>> AuthDynamicFeature?
>>
>> Regards,
>> Saumitra
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "dropwizard-user" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
> Evan Meagher
>
--
You received this message because you are subscribed to the Google Groups
"dropwizard-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
