Allowing to pass RestxRequestMatcher to Permission implementations [b…

…reaking]. If you provided your own Permission implementation(s), you will have to update your has() prototype method to include the RestxRequestMatcher
restx · Oct 27, 2015 · f3e51cfae3c650c5c4958650188b725570bf88cb · f3e51cf
1 parent 58f190a
commit f3e51cfae3c650c5c4958650188b725570bf88cb
diff --git a/restx-admin/src/main/java/restx/admin/AdminModule.java b/restx-admin/src/main/java/restx/admin/AdminModule.java
@@ -86,7 +86,7 @@ public RestxFilter adminRoleFilter() {
                                public void handle(RestxRequestMatch match, RestxRequest req, RestxResponse resp, RestxContext ctx) throws IOException {
                                    final RestxSession current = RestxSession.current();
                                    if (current.getPrincipal().isPresent() &&
-                                            Permissions.hasRole(RESTX_ADMIN_ROLE).has(current.getPrincipal().get(), req).isPresent()) {
+                                            Permissions.hasRole(RESTX_ADMIN_ROLE).has(current.getPrincipal().get(), req, match).isPresent()) {
                                        ctx.nextHandlerMatch().handle(req, resp, ctx);
                                    } else {
                                        throw new WebException(HttpStatus.UNAUTHORIZED);
diff --git a/restx-core/src/main/java/restx/security/Permission.java b/restx-core/src/main/java/restx/security/Permission.java
@@ -2,6 +2,7 @@

 import com.google.common.base.Optional;
 import restx.RestxRequest;
+import restx.RestxRequestMatch;

 /**
 * A permission is a generic security concept, used to check if a principal is allowed to access a resource.
@@ -15,7 +16,8 @@
     *
     * @param principal the principal to check
     * @param request the request to check
+     * @param match the request matcher to check
     * @return absent if not matched, the matching permission otherwise.
     */
-    Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request);
+    Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match);
 }
diff --git a/restx-core/src/main/java/restx/security/Permissions.java b/restx-core/src/main/java/restx/security/Permissions.java
@@ -2,6 +2,7 @@

 import com.google.common.base.Optional;
 import restx.RestxRequest;
+import restx.RestxRequestMatch;

 import java.util.Arrays;

@@ -12,7 +13,7 @@
 public class Permissions {
    private static final Permission OPEN = new Permission() {
        @Override
-        public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request) {
+        public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match) {
            return Optional.of(this);
        }

@@ -23,7 +24,7 @@ public String toString() {
    };
    private static final Permission IS_AUTHENTICATED = new Permission() {
        @Override
-        public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request) {
+        public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match) {
            return Optional.of(this);
        }

@@ -57,7 +58,7 @@ public static Permission hasRole(final String role) {
            public final String TO_STRING = "HAS_ROLE[" + role + "]";

            @Override
-            public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request) {
+            public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match) {
                return principal.getPrincipalRoles().contains(role) || principal.getPrincipalRoles().contains("*")
                        ? Optional.of(this) : Optional.<Permission>absent();
            }
@@ -75,9 +76,9 @@ public String toString() {
    public static Permission anyOf(final Permission... permissions) {
        return new Permission() {
            @Override
-            public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request) {
+            public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match) {
                for (Permission permission : permissions) {
-                    Optional<? extends Permission> p = permission.has(principal, request);
+                    Optional<? extends Permission> p = permission.has(principal, request, match);
                    if (p.isPresent()) {
                        return p;
                    }
@@ -99,9 +100,9 @@ public String toString() {
    public static Permission allOf(final Permission... permissions) {
        return new Permission() {
            @Override
-            public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request) {
+            public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match) {
                for (Permission permission : permissions) {
-                    Optional<? extends Permission> p = permission.has(principal, request);
+                    Optional<? extends Permission> p = permission.has(principal, request, match);
                    if (!p.isPresent()) {
                        return Optional.absent();
                    }
diff --git a/restx-core/src/main/java/restx/security/RestxSessionCookieFilter.java b/restx-core/src/main/java/restx/security/RestxSessionCookieFilter.java
@@ -124,7 +124,7 @@ public RestxSession buildContextFromRequest(RestxRequest req) throws IOException
            Optional<RestxPrincipal> principalOptional = RestxSession.getValue(
                    sessionDefinition, RestxPrincipal.class, RestxPrincipal.SESSION_DEF_KEY, principalName);
            if (principalOptional.isPresent()
-                    && Permissions.hasRole("restx-admin").has(principalOptional.get(), null).isPresent()) {
+                    && Permissions.hasRole("restx-admin").has(principalOptional.get(), null, null).isPresent()) {
                Optional<String> su = req.getHeader("RestxSu");
                if (su.isPresent() && !Strings.isNullOrEmpty(su.get())) {
                    try {
diff --git a/restx-core/src/main/java/restx/security/StdRestxSecurityManager.java b/restx-core/src/main/java/restx/security/StdRestxSecurityManager.java
@@ -30,7 +30,7 @@ public void check(RestxRequest request, RestxRequestMatch requestMatch, Permissi
            throw new WebException(HttpStatus.UNAUTHORIZED);
        }

-        Optional<? extends Permission> match = permission.has(principal.get(), request);
+        Optional<? extends Permission> match = permission.has(principal.get(), request, requestMatch);
        if (match.isPresent()) {
            logger.debug("permission matched: request={} principal={} perm={}", request, principal.get(), match.get());
            return;