Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Allowing to pass RestxRequestMatcher to Permission implementations [b… 
…reaking].

If you provided your own Permission implementation(s), you will have to update your has() prototype method to include the RestxRequestMatcher
  • Loading branch information
@fcamblor
fcamblor committed Apr 22, 2016
1 parent 58f190a commit f3e51cf
Show file tree
Hide file tree
Showing 5 changed files with 14 additions and 11 deletions.
2 changes: 1 addition & 1 deletion restx-admin/src/main/java/restx/admin/AdminModule.java
View file
Expand Up @@ -86,7 +86,7 @@ public Optional<RestxHandlerMatch> match(RestxRequest req) {
public void handle(RestxRequestMatch match, RestxRequest req, RestxResponse resp, RestxContext ctx) throws IOException {
final RestxSession current = RestxSession.current();
if (current.getPrincipal().isPresent() &&
Permissions.hasRole(RESTX_ADMIN_ROLE).has(current.getPrincipal().get(), req).isPresent()) {
Permissions.hasRole(RESTX_ADMIN_ROLE).has(current.getPrincipal().get(), req, match).isPresent()) {
ctx.nextHandlerMatch().handle(req, resp, ctx);
} else {
throw new WebException(HttpStatus.UNAUTHORIZED);
Expand Down
4 changes: 3 additions & 1 deletion restx-core/src/main/java/restx/security/Permission.java
View file
Expand Up @@ -2,6 +2,7 @@

import com.google.common.base.Optional;
import restx.RestxRequest;
import restx.RestxRequestMatch;

/**
* A permission is a generic security concept, used to check if a principal is allowed to access a resource.
Expand All @@ -15,7 +16,8 @@ public interface Permission {
*
* @param principal the principal to check
* @param request the request to check
* @param match the request matcher to check
* @return absent if not matched, the matching permission otherwise.
*/
Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request);
Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match);
}
15 changes: 8 additions & 7 deletions restx-core/src/main/java/restx/security/Permissions.java
View file
Expand Up @@ -2,6 +2,7 @@

import com.google.common.base.Optional;
import restx.RestxRequest;
import restx.RestxRequestMatch;

import java.util.Arrays;

Expand All @@ -12,7 +13,7 @@
public class Permissions {
private static final Permission OPEN = new Permission() {
@Override
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request) {
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match) {
return Optional.of(this);
}

Expand All @@ -23,7 +24,7 @@ public String toString() {
};
private static final Permission IS_AUTHENTICATED = new Permission() {
@Override
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request) {
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match) {
return Optional.of(this);
}

Expand Down Expand Up @@ -57,7 +58,7 @@ public static Permission hasRole(final String role) {
public final String TO_STRING = "HAS_ROLE[" + role + "]";

@Override
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request) {
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match) {
return principal.getPrincipalRoles().contains(role) || principal.getPrincipalRoles().contains("*")
? Optional.of(this) : Optional.<Permission>absent();
}
Expand All @@ -75,9 +76,9 @@ public String toString() {
public static Permission anyOf(final Permission... permissions) {
return new Permission() {
@Override
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request) {
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match) {
for (Permission permission : permissions) {
Optional<? extends Permission> p = permission.has(principal, request);
Optional<? extends Permission> p = permission.has(principal, request, match);
if (p.isPresent()) {
return p;
}
Expand All @@ -99,9 +100,9 @@ public String toString() {
public static Permission allOf(final Permission... permissions) {
return new Permission() {
@Override
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request) {
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match) {
for (Permission permission : permissions) {
Optional<? extends Permission> p = permission.has(principal, request);
Optional<? extends Permission> p = permission.has(principal, request, match);
if (!p.isPresent()) {
return Optional.absent();
}
Expand Down
2 changes: 1 addition & 1 deletion restx-core/src/main/java/restx/security/RestxSessionCookieFilter.java
View file
Expand Up @@ -124,7 +124,7 @@ public RestxSession buildContextFromRequest(RestxRequest req) throws IOException
Optional<RestxPrincipal> principalOptional = RestxSession.getValue(
sessionDefinition, RestxPrincipal.class, RestxPrincipal.SESSION_DEF_KEY, principalName);
if (principalOptional.isPresent()
&& Permissions.hasRole("restx-admin").has(principalOptional.get(), null).isPresent()) {
&& Permissions.hasRole("restx-admin").has(principalOptional.get(), null, null).isPresent()) {
Optional<String> su = req.getHeader("RestxSu");
if (su.isPresent() && !Strings.isNullOrEmpty(su.get())) {
try {
Expand Down
2 changes: 1 addition & 1 deletion restx-core/src/main/java/restx/security/StdRestxSecurityManager.java
View file
Expand Up @@ -30,7 +30,7 @@ public void check(RestxRequest request, RestxRequestMatch requestMatch, Permissi
throw new WebException(HttpStatus.UNAUTHORIZED);
}

Optional<? extends Permission> match = permission.has(principal.get(), request);
Optional<? extends Permission> match = permission.has(principal.get(), request, requestMatch);
if (match.isPresent()) {
logger.debug("permission matched: request={} principal={} perm={}", request, principal.get(), match.get());
return;
Expand Down

0 comments on commit f3e51cf

Please sign in to comment.