Permalink
Browse files

Allowing to pass RestxRequestMatcher to Permission implementations [b…

…reaking].

If you provided your own Permission implementation(s), you will have to update your has() prototype method to include the RestxRequestMatcher
  • Loading branch information...
fcamblor committed Oct 27, 2015
1 parent 58f190a commit f3e51cfae3c650c5c4958650188b725570bf88cb
@@ -86,7 +86,7 @@ public RestxFilter adminRoleFilter() {
public void handle(RestxRequestMatch match, RestxRequest req, RestxResponse resp, RestxContext ctx) throws IOException {
final RestxSession current = RestxSession.current();
if (current.getPrincipal().isPresent() &&
Permissions.hasRole(RESTX_ADMIN_ROLE).has(current.getPrincipal().get(), req).isPresent()) {
Permissions.hasRole(RESTX_ADMIN_ROLE).has(current.getPrincipal().get(), req, match).isPresent()) {
ctx.nextHandlerMatch().handle(req, resp, ctx);
} else {
throw new WebException(HttpStatus.UNAUTHORIZED);
@@ -2,6 +2,7 @@
import com.google.common.base.Optional;
import restx.RestxRequest;
import restx.RestxRequestMatch;
/**
* A permission is a generic security concept, used to check if a principal is allowed to access a resource.
@@ -15,7 +16,8 @@
*
* @param principal the principal to check
* @param request the request to check
* @param match the request matcher to check
* @return absent if not matched, the matching permission otherwise.
*/
Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request);
Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match);
}
@@ -2,6 +2,7 @@
import com.google.common.base.Optional;
import restx.RestxRequest;
import restx.RestxRequestMatch;
import java.util.Arrays;
@@ -12,7 +13,7 @@
public class Permissions {
private static final Permission OPEN = new Permission() {
@Override
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request) {
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match) {
return Optional.of(this);
}
@@ -23,7 +24,7 @@ public String toString() {
};
private static final Permission IS_AUTHENTICATED = new Permission() {
@Override
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request) {
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match) {
return Optional.of(this);
}
@@ -57,7 +58,7 @@ public static Permission hasRole(final String role) {
public final String TO_STRING = "HAS_ROLE[" + role + "]";
@Override
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request) {
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match) {
return principal.getPrincipalRoles().contains(role) || principal.getPrincipalRoles().contains("*")
? Optional.of(this) : Optional.<Permission>absent();
}
@@ -75,9 +76,9 @@ public String toString() {
public static Permission anyOf(final Permission... permissions) {
return new Permission() {
@Override
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request) {
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match) {
for (Permission permission : permissions) {
Optional<? extends Permission> p = permission.has(principal, request);
Optional<? extends Permission> p = permission.has(principal, request, match);
if (p.isPresent()) {
return p;
}
@@ -99,9 +100,9 @@ public String toString() {
public static Permission allOf(final Permission... permissions) {
return new Permission() {
@Override
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request) {
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match) {
for (Permission permission : permissions) {
Optional<? extends Permission> p = permission.has(principal, request);
Optional<? extends Permission> p = permission.has(principal, request, match);
if (!p.isPresent()) {
return Optional.absent();
}
@@ -124,7 +124,7 @@ public RestxSession buildContextFromRequest(RestxRequest req) throws IOException
Optional<RestxPrincipal> principalOptional = RestxSession.getValue(
sessionDefinition, RestxPrincipal.class, RestxPrincipal.SESSION_DEF_KEY, principalName);
if (principalOptional.isPresent()
&& Permissions.hasRole("restx-admin").has(principalOptional.get(), null).isPresent()) {
&& Permissions.hasRole("restx-admin").has(principalOptional.get(), null, null).isPresent()) {
Optional<String> su = req.getHeader("RestxSu");
if (su.isPresent() && !Strings.isNullOrEmpty(su.get())) {
try {
@@ -30,7 +30,7 @@ public void check(RestxRequest request, RestxRequestMatch requestMatch, Permissi
throw new WebException(HttpStatus.UNAUTHORIZED);
}
Optional<? extends Permission> match = permission.has(principal.get(), request);
Optional<? extends Permission> match = permission.has(principal.get(), request, requestMatch);
if (match.isPresent()) {
logger.debug("permission matched: request={} principal={} perm={}", request, principal.get(), match.get());
return;

0 comments on commit f3e51cf

Please sign in to comment.