Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
filter all requests to admin endpoints
The user must be authenticated, and have the admin role.
Some requests are excluded from the filter, permitting to serve
the static contents (html/js/css...) for the admin ui.
  • Loading branch information
a-peyrard committed Feb 10, 2016
1 parent 86c4ef7 commit 418811f
Showing 1 changed file with 42 additions and 0 deletions.
42 changes: 42 additions & 0 deletions restx-admin/src/main/java/restx/admin/AdminModule.java
Expand Up @@ -5,8 +5,21 @@
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.hash.Hashing;

import java.io.IOException;
import java.util.regex.Pattern;
import restx.RestxContext;
import restx.RestxFilter;
import restx.RestxHandler;
import restx.RestxHandlerMatch;
import restx.RestxRequest;
import restx.RestxRequestMatch;
import restx.RestxResponse;
import restx.StdRestxRequestMatch;
import restx.WebException;
import restx.factory.Module;
import restx.factory.Provides;
import restx.http.HttpStatus;
import restx.security.*;

import javax.inject.Named;
Expand Down Expand Up @@ -57,4 +70,33 @@ public String getName() {
return "admin";
}
}

@Provides
public RestxFilter adminRoleFilter() {
return new RestxFilter() {
final Pattern privatePath = Pattern.compile("^/@/(?!(ui|webjars)/).*$");

@Override
public Optional<RestxHandlerMatch> match(RestxRequest req) {
if (privatePath.matcher(req.getRestxPath()).find()) {
return Optional.of(new RestxHandlerMatch(
new StdRestxRequestMatch("/@/*", req.getRestxPath()),
new RestxHandler() {
@Override
public void handle(RestxRequestMatch match, RestxRequest req, RestxResponse resp, RestxContext ctx) throws IOException {
final RestxSession current = RestxSession.current();
if (current.getPrincipal().isPresent() &&
Permissions.hasRole(RESTX_ADMIN_ROLE).has(current.getPrincipal().get(), req).isPresent()) {
ctx.nextHandlerMatch().handle(req, resp, ctx);
} else {
throw new WebException(HttpStatus.UNAUTHORIZED);
}
}
}
));
}
return Optional.absent();
}
};
}
}

0 comments on commit 418811f

Please sign in to comment.