Examples of javax.ws.rs.core.SecurityContext

• javax.ws.rs.core.SecurityContext
  An injectable interface that provides access to security related information. @see Context

    }
    return false;
  }

  public static boolean hasRole(String role){
    SecurityContext context = ResteasyProviderFactory.getContextData(SecurityContext.class);
    return context.isUserInRole(role);
  }

    // From now on we can use this class since it's there. I (Stef Epardaud) don't think we need to
    // remove the reference here and use reflection.
    RolesAllowed rolesAllowed = m.getAnnotation(RolesAllowed.class);
    if(rolesAllowed == null)
      return true;
    SecurityContext context = ResteasyProviderFactory.getContextData(SecurityContext.class);
    for(String role : rolesAllowed.value())
      if(context.isUserInRole(role))
        return true;
    return false;
  }

   public ServerResponse preProcess(HttpRequest request, ResourceMethod method) throws Failure, WebApplicationException
   {
      if (denyAll) throw new UnauthorizedException();
      if (rolesAllowed != null)
      {
         SecurityContext context = ResteasyProviderFactory.getContextData(SecurityContext.class);
         if (context != null)
         {
            for (String role : rolesAllowed)
            {
               if (context.isUserInRole(role)) return null;
            }
            throw new UnauthorizedException();
         }
      }
      return null;

    @POST
    @ApiOperation(value = "Create a new session", notes = "This request creates a new session for a user or reactivates an existing session: the equivalent of logging in.")
    public Session newSession(@Context ContainerRequestContext requestContext,
            @ApiParam(name = "Login request", value = "Username and credentials", required = true) SessionCreateRequest createRequest) {
        final Session result = new Session();
        final SecurityContext securityContext = requestContext.getSecurityContext();
        if (!(securityContext instanceof ShiroSecurityContext)) {
            throw new InternalServerErrorException("Unsupported SecurityContext class, this is a bug!");
        }
        final ShiroSecurityContext shiroSecurityContext = (ShiroSecurityContext) securityContext;
        // we treat the BASIC auth username as the sessionid

        this.annotation = annotation;
    }

    @Override
    public void filter(ContainerRequestContext requestContext) throws IOException {
        final SecurityContext securityContext = requestContext.getSecurityContext();
        if (!(securityContext instanceof ShiroSecurityContext)) {
            return;
        }
        final ShiroSecurityContext context = (ShiroSecurityContext) securityContext;
        final Subject subject = context.getSubject();

    public ShiroAuthenticationFilter() {

    }
    @Override
    public void filter(ContainerRequestContext requestContext) throws IOException {
        final SecurityContext securityContext = requestContext.getSecurityContext();
        if (!(securityContext instanceof ShiroSecurityContext)) {
            return;
        }
        final ShiroSecurityContext context = (ShiroSecurityContext) securityContext;
        LOG.trace("Authenticating... {}", context.getSubject());

        when(containerRequest.getMethod()).thenReturn("POST");
        when(userRepository.findByUuid(user.getUuid().toString())).thenReturn(user);
        doAnswer(new Answer() {

            public Object answer(InvocationOnMock invocation) throws Throwable {
                SecurityContext context = (SecurityContext) invocation.getArguments()[0];
                ExternalUser user = (ExternalUser) context.getUserPrincipal();
                assertThat(user.getId(), is(externalUser.getId()));
                return null;
            }
        }).when(containerRequest).setSecurityContext(any(SecurityContext.class));
    }

 */
public class SecurityContextTest {

    @Test
    public void validRole() {
        SecurityContext context = createSecurityContext(Role.authenticated);
        assertThat(context.isUserInRole(Role.authenticated.name()), is(true));
    }

        assertThat(context.isUserInRole(Role.authenticated.name()), is(true));
    }

    @Test
    public void invalidRole() {
        SecurityContext context = createSecurityContext(Role.authenticated);
        assertThat(context.isUserInRole(Role.administrator.name()), is(false));
    }

        assertThat(context.isUserInRole(Role.administrator.name()), is(false));
    }

    @Test
    public void allowAnonymousRole() {
        SecurityContext context = createSecurityContext(Role.authenticated);
        assertThat(context.isUserInRole("anonymous"), is(true));
    }