Hi,
I am developing an application with JAXRS 2.0, and for this reason
currently I am using TomEE2. I need to implement my own SecurityContext
based on JWT. I need to implement on my own because currently I cannot rely
on any CXF class because I don't know the final application server yet. But
anyway, the problem is that I don't know but it just don't works. Let me
post a simple example.
@Provider
public class JWTRequestFilter implements ContainerRequestFilter {
@Override
public void filter(ContainerRequestContext request) throws IOException {
String token = request.getHeaderString("x-access-token");
try {
String username = getUsernameFromToken(token);
final User user = getUserByName(username);
request.setSecurityContext(new SecurityContext() {
@Override
public boolean isUserInRole(String role) {
return user.isUserInRole(role);
}
@Override
public boolean isSecure() {
return false;
}
@Override
public Principal getUserPrincipal() {
return user;
}
@Override
public String getAuthenticationScheme() {
return SecurityContext.BASIC_AUTH;
}
});
} catch (ParseException | JOSEException e) {
e.printStackTrace();
}
}
}
And the endpoint:
@Path("/book")
@PermitAll
public class BookResource {
@GET
@Produces(MediaType.TEXT_PLAIN)
@RolesAllowed("admin")
public String book() {
return "book";
}
@GET
@Path("article")
@Produces(MediaType.TEXT_PLAIN)
@RolesAllowed("superadmin")
public String article() {
return "article";
}
}
I have added two debug breakpoints, the firstone just before registering
the new SecurityContext, and the second one inside SecurityContext in
method isUserInRole.
The problem is that the first breakpoint is executed but not the second
one, so the SecurityContext I have implemented is not called and of course
the endpoints are accessible for any user.
What am I missing?
--
+----------------------------------------------------------+
Alex Soto Bueno
www.lordofthejars.com
+----------------------------------------------------------+
