[breaking] Considering a StdEntityRoute should *always* bring a permissionFactory at construction time

Deprecated RestxRouter.Builder.addRoute() with no permissionFactory in order to avoid
NPEs when checking for security permissions

Author: fcamblor

restx-admin/src/main/java/restx/exceptions/ErrorDescriptorsRoute.java

@@ -34,10 +34,9 @@ public class ErrorDescriptorsRoute extends StdJsonProducerEntityRoute {
     public ErrorDescriptorsRoute(Iterable<ErrorDescriptor> errorDescriptors,
                                  @Named(FrontObjectMapperFactory.WRITER_NAME) ObjectWriter objectWriter,
                                  RestxSecurityManager securityManager,
-                                 PermissionFactory permissionFactory) {
-
-        super("ErrorDescriptorsRoute", ImmutableCollection.class, objectWriter, new StdRestxRequestMatcher("GET", "/@/errors/descriptors"));
-        this.permissionFactory = permissionFactory;
+                                 PermissionFactory permissionFactory
+    ) {
+        super("ErrorDescriptorsRoute", ImmutableCollection.class, objectWriter, new StdRestxRequestMatcher("GET", "/@/errors/descriptors"), permissionFactory);
         Map<String, ErrorDescriptor> map = Maps.newLinkedHashMap();
         for (ErrorDescriptor errorDescriptor : errorDescriptors) {
             if (map.containsKey(errorDescriptor.getErrorCode())) {

restx-apidocs/src/main/java/restx/apidocs/ApiDeclarationRoute.java

@@ -50,7 +50,7 @@ public class ApiDeclarationRoute extends StdJsonProducerEntityRoute {
     @Inject
     public ApiDeclarationRoute(@Named(FrontObjectMapperFactory.WRITER_NAME) ObjectWriter writer,
                                Factory factory, RestxSecurityManager securityManager, PermissionFactory permissionFactory) {
-        super("ApiDeclarationRoute", Map.class, writer, new StdRestxRequestMatcher("GET", "/@/api-docs/{router}"));
+        super("ApiDeclarationRoute", Map.class, writer, new StdRestxRequestMatcher("GET", "/@/api-docs/{router}"), permissionFactory);
         this.factory = factory;
         this.securityManager = securityManager;
         this.permissionFactory = permissionFactory;

restx-apidocs/src/main/java/restx/apidocs/ApiDocsIndexRoute.java

@@ -14,6 +14,7 @@
 import restx.jackson.StdJsonProducerEntityRoute;
 import restx.security.PermissionFactory;
 import restx.security.RestxSecurityManager;
+import restx.security.PermissionFactory;
 
 import javax.inject.Inject;
 import javax.inject.Named;
@@ -44,23 +45,20 @@
 public class ApiDocsIndexRoute extends StdJsonProducerEntityRoute {
     private final Factory factory;
     private final RestxSecurityManager securityManager;
-    private PermissionFactory permissionFactory;
 
     @Inject
     public ApiDocsIndexRoute(@Named(FrontObjectMapperFactory.WRITER_NAME) ObjectWriter writer,
                              Factory factory,
                              RestxSecurityManager securityManager,
                              PermissionFactory permissionFactory) {
-
-        super("ApiDocsIndexRoute", Map.class, writer, new StdRestxRequestMatcher("GET", "/@/api-docs"));
+        super("ApiDocsIndexRoute", Map.class, writer, new StdRestxRequestMatcher("GET", "/@/api-docs"), permissionFactory);
         this.factory = factory;
         this.securityManager = securityManager;
-        this.permissionFactory = permissionFactory;
     }
 
     @Override
     protected Optional<?> doRoute(RestxRequest restxRequest, RestxRequestMatch match, Object i) throws IOException {
-        securityManager.check(restxRequest, match, permissionFactory.hasRole(AdminModule.RESTX_ADMIN_ROLE));
+        securityManager.check(restxRequest, match, hasRole(AdminModule.RESTX_ADMIN_ROLE));
         return Optional.of(ImmutableMap.builder()
                 .put("apiVersion", "0.1") // TODO
                 .put("swaggerVersion", "1.1")

restx-core/src/main/java/restx/RestxRouter.java

@@ -9,9 +9,9 @@
 import restx.entity.MatchedEntityRoute;
 import restx.jackson.JsonEntityRouteBuilder;
 import restx.jackson.StdJsonProducerEntityRoute;
+import restx.security.PermissionFactory;
 
 import java.io.IOException;
-import java.lang.reflect.Type;
 import java.util.List;
 
 import static com.google.common.base.Preconditions.checkNotNull;
@@ -88,8 +88,16 @@ public <O> Builder addRoute(String method, String path, Class<O> outputType, fin
             return addRoute(path, new StdRestxRequestMatcher(method, path), outputType, route);
         }
 
+        /**
+         * @deprecated Prefer to use addRoute(String, RestxRequestMatcher, PermissionFactory, Class<O>, MatchedEntityRoute<Void, O>)
+         * in order to avoid NPEs when checking permissions through permissionFactory
+         */
         public <O> Builder addRoute(String name, RestxRequestMatcher matcher, Class<O> outputType, final MatchedEntityRoute<Void, O> route) {
-            routes.add(new StdJsonProducerEntityRoute<O>(name, outputType, writer.withType(outputType), matcher) {
+            return addRoute(name, matcher, null, outputType, route);
+        }
+
+        public <O> Builder addRoute(String name, RestxRequestMatcher matcher, PermissionFactory permissionFactory, Class<O> outputType, final MatchedEntityRoute<Void, O> route) {
+            routes.add(new StdJsonProducerEntityRoute<O>(name, outputType, writer.withType(outputType), matcher, permissionFactory) {
                 @Override
                 protected Optional<O> doRoute(RestxRequest restxRequest, RestxRequestMatch match, Void i) throws IOException {
                     return route.route(restxRequest, match, i);

restx-core/src/main/java/restx/entity/StdEntityRoute.java

@@ -32,6 +32,7 @@ public static class Builder<I,O> {
         protected RestxRequestMatcher matcher;
         protected HttpStatus successStatus = HttpStatus.OK;
         protected RestxLogLevel logLevel = RestxLogLevel.DEFAULT;
+        protected PermissionFactory permissionFactory;
         protected MatchedEntityRoute<I,O> matchedEntityRoute;
 
         public Builder<I,O> entityRequestBodyReader(final EntityRequestBodyReader<I> entityRequestBodyReader) {
@@ -49,6 +50,11 @@ public Builder<I,O> name(final String name) {
             return this;
         }
 
+        public Builder<I,O> permissionFactory(final PermissionFactory permissionFactory) {
+            this.permissionFactory = permissionFactory;
+            return this;
+        }
+
         public Builder<I,O> matcher(final RestxRequestMatcher matcher) {
             this.matcher = matcher;
             return this;
@@ -74,7 +80,7 @@ public StdEntityRoute<I,O> build() {
             return new StdEntityRoute<I, O>(
                     name, entityRequestBodyReader == null ? voidBodyReader() : entityRequestBodyReader,
                     entityResponseWriter,
-                    matcher, successStatus, logLevel) {
+                    matcher, successStatus, logLevel, permissionFactory) {
                 @Override
                 protected Optional<O> doRoute(RestxRequest restxRequest, RestxRequestMatch match, I i) throws IOException {
                     return matchedEntityRoute.route(restxRequest, match, i);
@@ -102,16 +108,6 @@ public static <I,O> Builder<I,O> builder() {
     private final RestxLogLevel logLevel;
     private final PermissionFactory permissionFactory;
 
-    public StdEntityRoute(String name,
-                          EntityRequestBodyReader<I> entityRequestBodyReader,
-                          EntityResponseWriter<O> entityResponseWriter,
-                          RestxRequestMatcher matcher,
-                          HttpStatus successStatus,
-                          RestxLogLevel logLevel
-    ) {
-        this(name, entityRequestBodyReader, entityResponseWriter, matcher, successStatus, logLevel, null);
-    }
-
     public StdEntityRoute(String name,
                           EntityRequestBodyReader<I> entityRequestBodyReader,
                           EntityResponseWriter<O> entityResponseWriter,

restx-core/src/main/java/restx/jackson/StdJsonProducerEntityRoute.java

@@ -6,6 +6,7 @@
 import restx.entity.StdEntityRoute;
 import restx.entity.VoidContentTypeModule;
 import restx.http.HttpStatus;
+import restx.security.PermissionFactory;
 
 import java.lang.reflect.Type;
 
@@ -14,11 +15,11 @@
  * Time: 11:06
  */
 public abstract class StdJsonProducerEntityRoute<O> extends StdEntityRoute<Void,O> {
-    public StdJsonProducerEntityRoute(String name, Type type, ObjectWriter writer, RestxRequestMatcher matcher) {
+    public StdJsonProducerEntityRoute(String name, Type type, ObjectWriter writer, RestxRequestMatcher matcher, PermissionFactory permissionFactory) {
         super(name,
                 VoidContentTypeModule.VoidEntityRequestBodyReader.INSTANCE,
                 JsonEntityResponseWriter.<O>using(type, writer),
                 matcher,
-                HttpStatus.OK, RestxLogLevel.DEFAULT);
+                HttpStatus.OK, RestxLogLevel.DEFAULT, permissionFactory);
     }
 }