1 | /*- | |
2 | * #%L | |
3 | * io.earcam.utilitarian.web.jaxrs | |
4 | * %% | |
5 | * Copyright (C) 2017 earcam | |
6 | * %% | |
7 | * SPDX-License-Identifier: (BSD-3-Clause OR EPL-1.0 OR Apache-2.0 OR MIT) | |
8 | * | |
9 | * You <b>must</b> choose to accept, in full - any individual or combination of | |
10 | * the following licenses: | |
11 | * <ul> | |
12 | * <li><a href="https://opensource.org/licenses/BSD-3-Clause">BSD-3-Clause</a></li> | |
13 | * <li><a href="https://www.eclipse.org/legal/epl-v10.html">EPL-1.0</a></li> | |
14 | * <li><a href="https://www.apache.org/licenses/LICENSE-2.0">Apache-2.0</a></li> | |
15 | * <li><a href="https://opensource.org/licenses/MIT">MIT</a></li> | |
16 | * </ul> | |
17 | * #L% | |
18 | */ | |
19 | package io.earcam.utilitarian.web.jaxrs; | |
20 | ||
21 | import static io.earcam.utilitarian.web.jaxrs.BasicAuthenticator.AUTHORIZATION; | |
22 | ||
23 | import java.io.IOException; | |
24 | ||
25 | import javax.ws.rs.client.ClientRequestContext; | |
26 | import javax.ws.rs.client.ClientRequestFilter; | |
27 | import javax.ws.rs.core.MultivaluedMap; | |
28 | ||
29 | /** | |
30 | * <p> | |
31 | * A JAX-RS client filter providing support for the | |
32 | * <a href="https://en.wikipedia.org/wiki/OAuth">OAuth/Token Bearer</a> | |
33 | * form of <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication">HTTP Authentication</a> | |
34 | * scheme. | |
35 | * </p> | |
36 | * | |
37 | * <p> | |
38 | * <b>Note</b>: unfortunately implementations (e.g. Jersey) don't acknowledge the risks | |
39 | * of interned String passwords by allowing the header value to be set as a {@code char} array. | |
40 | * This is likely due to API design, e.g. {@link javax.ws.rs.ext.RuntimeDelegate.HeaderDelegate} | |
41 | * </p> | |
42 | */ | |
43 | public class TokenBearerAuthenticator implements ClientRequestFilter { | |
44 | ||
45 | private static final String TYPE_PREFIX = "Bearer "; | |
46 | private final String token; | |
47 | ||
48 | ||
49 | public TokenBearerAuthenticator(String token) | |
50 | { | |
51 | this.token = token; | |
52 | } | |
53 | ||
54 | ||
55 | @Override | |
56 | public void filter(ClientRequestContext requestContext) throws IOException | |
57 | { | |
58 | MultivaluedMap<String, Object> headers = requestContext.getHeaders(); | |
59 |
1
1. filter : removed call to javax/ws/rs/core/MultivaluedMap::add → KILLED |
headers.add(AUTHORIZATION, TYPE_PREFIX + token); |
60 | } | |
61 | } | |
Mutations | ||
59 |
1.1 |