ChainedAuthFilter with PolymorphicAuthDynamicFeature

[Sheldon D'Souza]

Is it possible to you a Chained auth filter with 
PolymorphicAuthDynamicFeature? we need a use case where our apis uses 3 
different types of Principals. Some resources only need an X-API-KEY for 
authentication.

While the rest require a combination of X-API-KEY along with an 
X-AUTH-TOKEN for authentication and authorization. We have tried the 
following but only the KeyAuthFilter works.

public class UserMultiAuthBuilder {

    private final UserKeyAuthenticator keyAuthenticator;
    private final UserAuthenticator userAuthenticator;
    private final JwtConsumer jwtConsumer;

    @Inject
    public UserMultiAuthBuilder(UserKeyAuthenticator keyAuthenticator,
                                UserAuthenticator userAuthenticator,
                                JwtConsumer jwtConsumer) {
        this.keyAuthenticator = keyAuthenticator;
        this.userAuthenticator = userAuthenticator;
        this.jwtConsumer = jwtConsumer;
    }

    public ChainedAuthFilter createChainedFilter() {
        return new ChainedAuthFilter(Lists.newArrayList(
                new KeyAuthFilter.Builder<UserAccess>()
                        .setPrefix("Basic")
                        .setAuthenticator(new CachingAuthenticator<>(
                                new MetricRegistry(), keyAuthenticator, 
CacheBuilderSpec.parse("maximumSize=10000, expireAfterAccess=10m")))
                        .buildAuthFilter(),
                new UserJwtAuthFilter.Builder<UserAccess>()
                        .setJwtConsumer(jwtConsumer)
                        .setRealm("realm")
                        .setPrefix("Bearer")
                        .setAuthenticator(new CachingAuthenticator<>(
                                new MetricRegistry(), userAuthenticator, 
CacheBuilderSpec.parse("maximumSize=10000, expireAfterAccess=10m")))
                        .buildAuthFilter()));
    }
}


public class MultiAuthFeature extends PolymorphicAuthDynamicFeature {

    @Inject
    public MultiAuthFeature(UserMultiAuthBuilder userMultiAuthBuilder,
                            BusinessMultiAuthBuilder businessMultiAuthBuilder,
                            SingleAuthBuilder singleAuthBuilder,
                            Environment environment) {

        super(ImmutableMap.of(UserAccess.class, 
userMultiAuthBuilder.createChainedFilter(),
                              BusinessAccess.class, 
businessMultiAuthBuilder.createChainedFilter(),
                              KeyAccess.class, 
singleAuthBuilder.createBasicAuthFilter(),
                              ApiAccess.class, 
singleAuthBuilder.createDefaultAuthFilter()));
        final AbstractBinder binder = new 
PolymorphicAuthValueFactoryProvider.Binder<>(
                ImmutableSet.of(UserAccess.class, BusinessAccess.class, 
KeyAccess.class, ApiAccess.class));
        environment.jersey().register(binder);
        environment.jersey().register(RolesAllowedDynamicFeature.class);
    }
}

-- 
You received this message because you are subscribed to the Google Groups 
"dropwizard-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dropwizard-user+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.