Skip to content


Browse files Browse the repository at this point in the history
filter all requests to admin endpoints
The user must be authenticated, and have the admin role.
Some requests are excluded from the filter, permitting to serve
the static contents (html/js/css...) for the admin ui.
  • Loading branch information
a-peyrard committed Feb 10, 2016
1 parent 86c4ef7 commit 418811f
Showing 1 changed file with 42 additions and 0 deletions.
42 changes: 42 additions & 0 deletions restx-admin/src/main/java/restx/admin/
Expand Up @@ -5,8 +5,21 @@

import java.util.regex.Pattern;
import restx.RestxContext;
import restx.RestxFilter;
import restx.RestxHandler;
import restx.RestxHandlerMatch;
import restx.RestxRequest;
import restx.RestxRequestMatch;
import restx.RestxResponse;
import restx.StdRestxRequestMatch;
import restx.WebException;
import restx.factory.Module;
import restx.factory.Provides;
import restx.http.HttpStatus;

import javax.inject.Named;
Expand Down Expand Up @@ -57,4 +70,33 @@ public String getName() {
return "admin";

public RestxFilter adminRoleFilter() {
return new RestxFilter() {
final Pattern privatePath = Pattern.compile("^/@/(?!(ui|webjars)/).*$");

public Optional<RestxHandlerMatch> match(RestxRequest req) {
if (privatePath.matcher(req.getRestxPath()).find()) {
return Optional.of(new RestxHandlerMatch(
new StdRestxRequestMatch("/@/*", req.getRestxPath()),
new RestxHandler() {
public void handle(RestxRequestMatch match, RestxRequest req, RestxResponse resp, RestxContext ctx) throws IOException {
final RestxSession current = RestxSession.current();
if (current.getPrincipal().isPresent() &&
Permissions.hasRole(RESTX_ADMIN_ROLE).has(current.getPrincipal().get(), req).isPresent()) {
ctx.nextHandlerMatch().handle(req, resp, ctx);
} else {
throw new WebException(HttpStatus.UNAUTHORIZED);
return Optional.absent();

0 comments on commit 418811f

Please sign in to comment.