Skip to content
Permalink
Browse files

Allowing to pass RestxRequestMatcher to RestxSecurityManager [breaking]

This is intended to be able to use path parameters to interpolate 'dynamic' roles in the future

If you implemented your own RestxSecurityManager, you will have to update your check() prototype to take the
new RestxRequestMatcher parameter into consideration.
If you implemented your own routes relying on the securityManager.check() call, you will have to pass
the current restx request matcher to the secrutyManager.check() call.
  • Loading branch information...
fcamblor committed Oct 27, 2015
1 parent fe0e599 commit 58f190a7b0432a4ce497967bc1c29aff796f9e20
@@ -50,7 +50,7 @@ public ErrorDescriptorsRoute(Iterable<ErrorDescriptor> errorDescriptors,

@Override
protected Optional<?> doRoute(RestxRequest restxRequest, RestxRequestMatch match, Object i) throws IOException {
securityManager.check(restxRequest, hasRole(AdminModule.RESTX_ADMIN_ROLE));
securityManager.check(restxRequest, match, hasRole(AdminModule.RESTX_ADMIN_ROLE));
return Optional.of(errorDescriptors.values());
}
}
@@ -56,7 +56,7 @@ public ApiDeclarationRoute(@Named(FrontObjectMapperFactory.WRITER_NAME) ObjectWr

@Override
protected Optional<?> doRoute(RestxRequest restxRequest, RestxRequestMatch match, Object body) throws IOException {
securityManager.check(restxRequest, hasRole(AdminModule.RESTX_ADMIN_ROLE));
securityManager.check(restxRequest, match, hasRole(AdminModule.RESTX_ADMIN_ROLE));
String routerName = match.getPathParam("router");
Optional<NamedComponent<RestxRouter>> router = getRouterByName(factory, routerName);

@@ -59,7 +59,7 @@ public ApiDocsIndexRoute(@Named(FrontObjectMapperFactory.WRITER_NAME) ObjectWrit

@Override
protected Optional<?> doRoute(RestxRequest restxRequest, RestxRequestMatch match, Object i) throws IOException {
securityManager.check(restxRequest, hasRole(AdminModule.RESTX_ADMIN_ROLE));
securityManager.check(restxRequest, match, hasRole(AdminModule.RESTX_ADMIN_ROLE));
return Optional.of(ImmutableMap.builder()
.put("apiVersion", "0.1") // TODO
.put("swaggerVersion", "1.1")
@@ -300,7 +300,7 @@ private void buildResourceRoutesCodeChunks(ResourceClass resourceClass, List<Imm
.put("method", resourceMethod.httpMethod)
.put("path", resourceMethod.path.replace("\\", "\\\\"))
.put("resource", resourceClass.name)
.put("securityCheck", "securityManager.check(request, " + resourceMethod.permission + ");")
.put("securityCheck", "securityManager.check(request, match, " + resourceMethod.permission + ");")
.put("call", call)
.put("responseClass", toTypeDescription(resourceMethod.returnType))
.put("sourceLocation", resourceMethod.sourceLocation)
@@ -1,6 +1,7 @@
package restx.security;

import restx.RestxRequest;
import restx.RestxRequestMatch;

/**
* A security manager is responsible for checking if the principal associated with a given request (or current session)
@@ -13,7 +14,8 @@
* The security manager can safely assume that a RestxSession is available in current thread context.
*
* @param request the request for which the check is performed
* @param request the request matcher for which the check is performed
* @param permission the permission to check. must not be null.
*/
void check(RestxRequest request, Permission permission);
void check(RestxRequest request, RestxRequestMatch match, Permission permission);
}
@@ -1,6 +1,7 @@
package restx.security;

import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;

@@ -3,6 +3,7 @@
import com.google.common.base.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import restx.RestxRequestMatch;
import restx.http.HttpStatus;
import restx.RestxRequest;
import restx.WebException;
@@ -17,7 +18,7 @@
private static final Logger logger = LoggerFactory.getLogger(StdRestxSecurityManager.class);

@Override
public void check(RestxRequest request, Permission permission) {
public void check(RestxRequest request, RestxRequestMatch requestMatch, Permission permission) {
if (permission == Permissions.open()) {
return;
}
@@ -24,7 +24,7 @@ public FactoryDumpRoute(Factory factory, RestxSecurityManager securityManager) {

@Override
public void handle(RestxRequestMatch match, RestxRequest req, RestxResponse resp, RestxContext ctx) throws IOException {
securityManager.check(req, hasRole(AdminModule.RESTX_ADMIN_ROLE));
securityManager.check(req, match, hasRole(AdminModule.RESTX_ADMIN_ROLE));
resp.setContentType("text/plain");
resp.getWriter().println(factory.dump());
}
@@ -33,7 +33,7 @@ public WarehouseRoute(Warehouse warehouse, RestxSecurityManager securityManager)

@Override
public void handle(RestxRequestMatch match, RestxRequest req, RestxResponse resp, RestxContext ctx) throws IOException {
securityManager.check(req, hasRole(AdminModule.RESTX_ADMIN_ROLE));
securityManager.check(req, match, hasRole(AdminModule.RESTX_ADMIN_ROLE));
resp.setContentType("application/json");

List<String> nodesCode = Lists.newArrayList();
@@ -42,7 +42,7 @@ private static StdRoute getGetMonitorRoute(restx.common.metrics.api.MetricRegist
return new StdRoute("MonitorRoute", new StdRestxRequestMatcher("GET", "/@/monitor")) {
@Override
public void handle(RestxRequestMatch match, RestxRequest req, RestxResponse resp, RestxContext ctx) throws IOException {
securityManager.check(req, hasRole(AdminModule.RESTX_ADMIN_ROLE));
securityManager.check(req, match, hasRole(AdminModule.RESTX_ADMIN_ROLE));
resp.setStatus(HttpStatus.OK);
resp.setContentType("application/json");
resp.getWriter().print("[");
@@ -29,7 +29,7 @@ public SpecRecorderRoute(final RestxSpecRecorder.Repository recordedSpecsReposit
new StdRoute("RecorderRoute", new StdRestxRequestMatcher("GET", "/@/recorders")) {
@Override
public void handle(RestxRequestMatch match, RestxRequest req, RestxResponse resp, RestxContext ctx) throws IOException {
securityManager.check(req, hasRole(AdminModule.RESTX_ADMIN_ROLE));
securityManager.check(req, match, hasRole(AdminModule.RESTX_ADMIN_ROLE));
resp.setContentType("application/json");
List<String> data = Lists.newArrayList();
for (RestxSpecRecorder.RecordedSpec spec : recordedSpecsRepository.getRecordedSpecs()) {
@@ -48,7 +48,7 @@ public void handle(RestxRequestMatch match, RestxRequest req, RestxResponse resp
new StdRoute("RecorderRecord", new StdRestxRequestMatcher("GET", "/@/recorders/{id}")) {
@Override
public void handle(RestxRequestMatch match, RestxRequest req, RestxResponse resp, RestxContext ctx) throws IOException {
securityManager.check(req, hasRole(AdminModule.RESTX_ADMIN_ROLE));
securityManager.check(req, match, hasRole(AdminModule.RESTX_ADMIN_ROLE));
int id = Integer.parseInt(match.getPathParam("id"));
for (RestxSpecRecorder.RecordedSpec spec : recordedSpecsRepository.getRecordedSpecs()) {
if (spec.getId() == id) {
@@ -65,7 +65,7 @@ public void handle(RestxRequestMatch match, RestxRequest req, RestxResponse resp
new StdRoute("RecorderRecordStorage", new StdRestxRequestMatcher("POST", "/@/recorders/storage/{id}")) {
@Override
public void handle(RestxRequestMatch match, RestxRequest req, RestxResponse resp, RestxContext ctx) throws IOException {
securityManager.check(req, hasRole(AdminModule.RESTX_ADMIN_ROLE));
securityManager.check(req, match, hasRole(AdminModule.RESTX_ADMIN_ROLE));
int id = Integer.parseInt(match.getPathParam("id"));
for (RestxSpecRecorder.RecordedSpec spec : recordedSpecsRepository.getRecordedSpecs()) {
if (spec.getId() == id) {

0 comments on commit 58f190a

Please sign in to comment.
You can’t perform that action at this time.