Access rest service internal using config bean, property loader, injection and security annotation with filter

Posted: July 7, 2014 in web

Configuration Bean

import java.io.IOException;
import java.net.MalformedURLException;
import java.util.Properties;
import javax.annotation.Resource;
import javax.ejb.Lock;
import javax.ejb.LockType;
import javax.ejb.Singleton;
import javax.ejb.Startup;
import javax.enterprise.inject.Produces;
import javax.enterprise.inject.spi.InjectionPoint;
import javax.inject.Inject;
import javax.inject.Named;

@Startup
@Singleton
@Lock(LockType.READ)
public class ConfigBean {

    @Inject
    public void init() throws IOException {
        properties.load(Thread.currentThread().getContextClassLoader().getResourceAsStream("/api/config.properties"));
    }

    @Produces
    public String getConfig(InjectionPoint ip) {
        return getConfig(ip.getMember().getName());
    }

    public static String getConfig(String key) {
        return properties.getProperty(key);
    }
    
}

config.properties

someInternalIP=192.1.1.19
emailRX=\\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4}\\b

Internal rights annotation interface

import static java.lang.annotation.ElementType.METHOD;
import static java.lang.annotation.ElementType.TYPE;
import static java.lang.annotation.RetentionPolicy.RUNTIME;

import java.lang.annotation.Retention;
import java.lang.annotation.Target;

import javax.ws.rs.NameBinding;

@Target({ TYPE, METHOD })
@Retention(RUNTIME)
@NameBinding
public @interface SecuredInternal {

}

Internal filter


import java.io.IOException;
import java.util.ResourceBundle;
import javax.inject.Inject;

import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;

@Provider
@SecuredInternal
public class InternalSecurityFilter implements ContainerRequestFilter {
    
    @Context
    HttpServletRequest request;
    
    @Inject
    String someInternalIP;
    
    @Override
    public void filter(ContainerRequestContext requestContext) throws IOException {
        if (!request.getRemoteAddr().equals(someInternalIP)) {
            String message = ResourceBundle.getBundle("api.content",request.getLocale()).getString("error.unauthorized.request");
            requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).entity(new ApiResponse(false, message, null)).build());
        }
    }
    
}

Usage


import javax.validation.Valid;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;

@Path("somepath")
public interface ClientService {

    @POST
    @Produces(MediaType.APPLICATION_JSON)
    @Consumes(MediaType.APPLICATION_JSON)
    @SecuredInternal
    public Response someMethodCall(@Context UriInfo uriInfo, @Valid Client client);
}

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s