Permalink
Browse files

filter all requests to admin endpoints

The user must be authenticated, and have the admin role.
Some requests are excluded from the filter, permitting to serve
the static contents (html/js/css...) for the admin ui.
  • Loading branch information...
a-peyrard committed Feb 10, 2016
1 parent 86c4ef7 commit 418811f25b578445f32297ae1331d3e479085429
Showing with 42 additions and 0 deletions.
  1. +42 −0 restx-admin/src/main/java/restx/admin/AdminModule.java
@@ -5,8 +5,21 @@
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.hash.Hashing;
import java.io.IOException;
import java.util.regex.Pattern;
import restx.RestxContext;
import restx.RestxFilter;
import restx.RestxHandler;
import restx.RestxHandlerMatch;
import restx.RestxRequest;
import restx.RestxRequestMatch;
import restx.RestxResponse;
import restx.StdRestxRequestMatch;
import restx.WebException;
import restx.factory.Module;
import restx.factory.Provides;
import restx.http.HttpStatus;
import restx.security.*;
import javax.inject.Named;
@@ -57,4 +70,33 @@ public String getName() {
return "admin";
}
}
@Provides
public RestxFilter adminRoleFilter() {
return new RestxFilter() {
final Pattern privatePath = Pattern.compile("^/@/(?!(ui|webjars)/).*$");
@Override
public Optional<RestxHandlerMatch> match(RestxRequest req) {
if (privatePath.matcher(req.getRestxPath()).find()) {
return Optional.of(new RestxHandlerMatch(
new StdRestxRequestMatch("/@/*", req.getRestxPath()),
new RestxHandler() {
@Override
public void handle(RestxRequestMatch match, RestxRequest req, RestxResponse resp, RestxContext ctx) throws IOException {
final RestxSession current = RestxSession.current();
if (current.getPrincipal().isPresent() &&
Permissions.hasRole(RESTX_ADMIN_ROLE).has(current.getPrincipal().get(), req).isPresent()) {
ctx.nextHandlerMatch().handle(req, resp, ctx);
} else {
throw new WebException(HttpStatus.UNAUTHORIZED);
}
}
}
));
}
return Optional.absent();
}
};
}
}

0 comments on commit 418811f

Please sign in to comment.