Auth filter in OSGi?

Question

I follow this tutorial Best practice for REST token-based authentication with JAX-RS and Jersey and I am at the filter part.

I am using OSGI and I don't know how to register my Filter. I created my filter and build my project with no error. I deployed my bundle in karaf but my @Secured services are not secured cause the filter is not called...

Should I add my filter in the Activator ? In the blueprint ? (I am new in osgi world)

Here my filter :

@Secured
@Provider
@Priority(Priorities.AUTHENTICATION)
public class AuthenticationFilter implements ContainerRequestFilter {
    private static Logger LOGGER = LoggerFactory.getLogger(AuthenticationFilter.class);
    @Override
    public void filter(ContainerRequestContext requestContext) throws IOException {
        LOGGER.info("[AuthenticationFilter] started");
        // Get the HTTP Authorization header from the request
        String authorizationHeader = 
            requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);

        // Check if the HTTP Authorization header is present and formatted correctly 
        if (authorizationHeader == null || !authorizationHeader.startsWith("Bearer ")) {
            throw new NotAuthorizedException("Authorization header must be provided");
        }

        // Extract the token from the HTTP Authorization header
        String token = authorizationHeader.substring("Bearer".length()).trim();

        try {
            // Validate the token
            validateToken(token);
        } catch (Exception e) {
            requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
        }
        LOGGER.info("[AuthenticationFilter] ended");
    }

    //TODO: add the key in properties
    //TODO: check the username in DB
    private void validateToken(String token) throws Exception {
        // Check if it was issued by the server and if it's not expired
        // Throw an Exception if the token is invalid
        String username = Jwts.parser()
            .setSigningKey("jeSuisLaSecretPhrase,1234,ilFaudraMePlacerEnConf,Merci")
            .parseClaimsJws(token)
            .getBody()
            .getIssuer();
        if(!"admin".equals(username)){
            throw new NotAuthorizedException("bad token");
        }

    }
}

EDIT

Karaf cannot load "http://cxf.apache.org/blueprint/jaxrs" Here is my blueprint :

<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0"
    xmlns:jaxrs="http://cxf.apache.org/blueprint/jaxrs">

    <!-- Beans declaration -->
    <bean id="AuthenticationServlet" class="com.mycompanie.fr.core.servlets.jaxrs.impl.AuthenticationServletImpl">
        <property name="service" ref="service" />
    </bean>
    <service ref="AuthenticationServlet" interface="com.mycompanie.fr.core.servlets.jaxrs.AuthenticationServlet" />

    <bean id="CommitmentServlet" class="com.mycompanie.fr.core.servlets.jaxrs.impl.CommitmentServletImpl">
        <property name="service" ref="service" />
    </bean>
    <service ref="CommitmentServlet" interface="com.mycompanie.fr.core.servlets.jaxrs.CommitmentServlet" />


    <!-- Dependency definition -->
    <reference id="service" interface="com.mycompanie.fr.core.api.services.MainService" />

    <jaxrs:providers>
      <ref bean="AuthenticationFilter" />
    </jaxrs:providers>
    <bean id="AuthenticationFilter" class="com.mycompanie.fr.core.servlets.filter.AuthenticationFilter"/>


    <web-spa xmlns="http://www.mycompanie.com/xmlns/web-spa/v1.0.0" context="/myProject">
        <service ref="AuthenticationServlet" />
        <service ref="CommitmentServlet" />
    </web-spa>

</blueprint>

How do you expose your REST service? Do you use blueprint and the CXF namespace or something else like CXF-DOSGi? — Christian Schneider, Feb 22 '17 at 14:58

score 2 · Accepted Answer · answered Feb 22 '17 at 15:21

2

Try to add the filter like described in the CXF JAX-RS filter docs.

...
<jaxrs:providers>
  <ref bean="authorizationFilter" />
</jaxrs:providers>
...
<bean id="authorizationFilter" class="com....AuthenticationFilter">

answered Feb 22 '17 at 15:21

Christian Schneider

19,420
2
39
64

in my blueprint ? – Charly berthet Feb 22 '17 at 15:39
I added xmlns:jaxrs="http://cxf.apache.org/blueprint/jaxrs" and those lines in my blueprint but now karaf log say "1.8.0.SNAPSHOT is waiting for namespace handlers [http://cxf.apache.org/blueprint/jaxrs]" – Charly berthet Feb 22 '17 at 15:59
The jaxrs namespace should already be in your blueprint as you must have exported the service in some way. Can you post your complete example on github or similar? – Christian Schneider Feb 22 '17 at 16:36
My blueprint is added as EDIT – Charly berthet Feb 22 '17 at 16:49
1

From the blueprint it looks like you are using your own namespace web-spa to publish your servlet. This does not seem to be related to CXF so the CXF way to add a filter will not help. You will either need to do all the service with CXF or find a way to add the filter using your web-spa framework. – Christian Schneider Feb 22 '17 at 17:28

Auth filter in OSGi?

1 Answers1