Skip to content

Commit 418811f

Browse files
committed
filter all requests to admin endpoints
The user must be authenticated, and have the admin role. Some requests are excluded from the filter, permitting to serve the static contents (html/js/css...) for the admin ui.
1 parent 86c4ef7 commit 418811f

File tree

1 file changed

+42
-0
lines changed

1 file changed

+42
-0
lines changed

restx-admin/src/main/java/restx/admin/AdminModule.java

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,8 +5,21 @@
55
import com.google.common.collect.ImmutableMap;
66
import com.google.common.collect.ImmutableSet;
77
import com.google.common.hash.Hashing;
8+
9+
import java.io.IOException;
10+
import java.util.regex.Pattern;
11+
import restx.RestxContext;
12+
import restx.RestxFilter;
13+
import restx.RestxHandler;
14+
import restx.RestxHandlerMatch;
15+
import restx.RestxRequest;
16+
import restx.RestxRequestMatch;
17+
import restx.RestxResponse;
18+
import restx.StdRestxRequestMatch;
19+
import restx.WebException;
820
import restx.factory.Module;
921
import restx.factory.Provides;
22+
import restx.http.HttpStatus;
1023
import restx.security.*;
1124

1225
import javax.inject.Named;
@@ -57,4 +70,33 @@ public String getName() {
5770
return "admin";
5871
}
5972
}
73+
74+
@Provides
75+
public RestxFilter adminRoleFilter() {
76+
return new RestxFilter() {
77+
final Pattern privatePath = Pattern.compile("^/@/(?!(ui|webjars)/).*$");
78+
79+
@Override
80+
public Optional<RestxHandlerMatch> match(RestxRequest req) {
81+
if (privatePath.matcher(req.getRestxPath()).find()) {
82+
return Optional.of(new RestxHandlerMatch(
83+
new StdRestxRequestMatch("/@/*", req.getRestxPath()),
84+
new RestxHandler() {
85+
@Override
86+
public void handle(RestxRequestMatch match, RestxRequest req, RestxResponse resp, RestxContext ctx) throws IOException {
87+
final RestxSession current = RestxSession.current();
88+
if (current.getPrincipal().isPresent() &&
89+
Permissions.hasRole(RESTX_ADMIN_ROLE).has(current.getPrincipal().get(), req).isPresent()) {
90+
ctx.nextHandlerMatch().handle(req, resp, ctx);
91+
} else {
92+
throw new WebException(HttpStatus.UNAUTHORIZED);
93+
}
94+
}
95+
}
96+
));
97+
}
98+
return Optional.absent();
99+
}
100+
};
101+
}
60102
}

0 commit comments

Comments
 (0)