Skip to content

Commit f3e51cf

Browse files
committed
Allowing to pass RestxRequestMatcher to Permission implementations [breaking].
If you provided your own Permission implementation(s), you will have to update your has() prototype method to include the RestxRequestMatcher
1 parent 58f190a commit f3e51cf

File tree

5 files changed

+14
-11
lines changed

5 files changed

+14
-11
lines changed

restx-admin/src/main/java/restx/admin/AdminModule.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -86,7 +86,7 @@ public Optional<RestxHandlerMatch> match(RestxRequest req) {
8686
public void handle(RestxRequestMatch match, RestxRequest req, RestxResponse resp, RestxContext ctx) throws IOException {
8787
final RestxSession current = RestxSession.current();
8888
if (current.getPrincipal().isPresent() &&
89-
Permissions.hasRole(RESTX_ADMIN_ROLE).has(current.getPrincipal().get(), req).isPresent()) {
89+
Permissions.hasRole(RESTX_ADMIN_ROLE).has(current.getPrincipal().get(), req, match).isPresent()) {
9090
ctx.nextHandlerMatch().handle(req, resp, ctx);
9191
} else {
9292
throw new WebException(HttpStatus.UNAUTHORIZED);

restx-core/src/main/java/restx/security/Permission.java

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22

33
import com.google.common.base.Optional;
44
import restx.RestxRequest;
5+
import restx.RestxRequestMatch;
56

67
/**
78
* A permission is a generic security concept, used to check if a principal is allowed to access a resource.
@@ -15,7 +16,8 @@ public interface Permission {
1516
*
1617
* @param principal the principal to check
1718
* @param request the request to check
19+
* @param match the request matcher to check
1820
* @return absent if not matched, the matching permission otherwise.
1921
*/
20-
Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request);
22+
Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match);
2123
}

restx-core/src/main/java/restx/security/Permissions.java

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22

33
import com.google.common.base.Optional;
44
import restx.RestxRequest;
5+
import restx.RestxRequestMatch;
56

67
import java.util.Arrays;
78

@@ -12,7 +13,7 @@
1213
public class Permissions {
1314
private static final Permission OPEN = new Permission() {
1415
@Override
15-
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request) {
16+
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match) {
1617
return Optional.of(this);
1718
}
1819

@@ -23,7 +24,7 @@ public String toString() {
2324
};
2425
private static final Permission IS_AUTHENTICATED = new Permission() {
2526
@Override
26-
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request) {
27+
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match) {
2728
return Optional.of(this);
2829
}
2930

@@ -57,7 +58,7 @@ public static Permission hasRole(final String role) {
5758
public final String TO_STRING = "HAS_ROLE[" + role + "]";
5859

5960
@Override
60-
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request) {
61+
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match) {
6162
return principal.getPrincipalRoles().contains(role) || principal.getPrincipalRoles().contains("*")
6263
? Optional.of(this) : Optional.<Permission>absent();
6364
}
@@ -75,9 +76,9 @@ public String toString() {
7576
public static Permission anyOf(final Permission... permissions) {
7677
return new Permission() {
7778
@Override
78-
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request) {
79+
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match) {
7980
for (Permission permission : permissions) {
80-
Optional<? extends Permission> p = permission.has(principal, request);
81+
Optional<? extends Permission> p = permission.has(principal, request, match);
8182
if (p.isPresent()) {
8283
return p;
8384
}
@@ -99,9 +100,9 @@ public String toString() {
99100
public static Permission allOf(final Permission... permissions) {
100101
return new Permission() {
101102
@Override
102-
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request) {
103+
public Optional<? extends Permission> has(RestxPrincipal principal, RestxRequest request, RestxRequestMatch match) {
103104
for (Permission permission : permissions) {
104-
Optional<? extends Permission> p = permission.has(principal, request);
105+
Optional<? extends Permission> p = permission.has(principal, request, match);
105106
if (!p.isPresent()) {
106107
return Optional.absent();
107108
}

restx-core/src/main/java/restx/security/RestxSessionCookieFilter.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -124,7 +124,7 @@ public RestxSession buildContextFromRequest(RestxRequest req) throws IOException
124124
Optional<RestxPrincipal> principalOptional = RestxSession.getValue(
125125
sessionDefinition, RestxPrincipal.class, RestxPrincipal.SESSION_DEF_KEY, principalName);
126126
if (principalOptional.isPresent()
127-
&& Permissions.hasRole("restx-admin").has(principalOptional.get(), null).isPresent()) {
127+
&& Permissions.hasRole("restx-admin").has(principalOptional.get(), null, null).isPresent()) {
128128
Optional<String> su = req.getHeader("RestxSu");
129129
if (su.isPresent() && !Strings.isNullOrEmpty(su.get())) {
130130
try {

restx-core/src/main/java/restx/security/StdRestxSecurityManager.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ public void check(RestxRequest request, RestxRequestMatch requestMatch, Permissi
3030
throw new WebException(HttpStatus.UNAUTHORIZED);
3131
}
3232

33-
Optional<? extends Permission> match = permission.has(principal.get(), request);
33+
Optional<? extends Permission> match = permission.has(principal.get(), request, requestMatch);
3434
if (match.isPresent()) {
3535
logger.debug("permission matched: request={} principal={} perm={}", request, principal.get(), match.get());
3636
return;

0 commit comments

Comments
 (0)