diff --git a/pom.xml b/pom.xml
index e3a5aa837fcaa2a574e9cdd5cba3cf997c8e0a60..ea47fd06862d138fb1ca575bce60367246a80e33 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
es.uvigo.esei.daa
example-full-tests
war
- 0.1.16
+ 0.1.18
DAA Example
diff --git a/src/test/java/es/uvigo/esei/daa/filters/AuthorizationFilter.java b/src/test/java/es/uvigo/esei/daa/filters/AuthorizationFilter.java
index b2144df2ce1c5c1aaebd61932c0334430991cddc..40400f7a873791dddbcb3f6e0b18dad524f1f7cf 100644
--- a/src/test/java/es/uvigo/esei/daa/filters/AuthorizationFilter.java
+++ b/src/test/java/es/uvigo/esei/daa/filters/AuthorizationFilter.java
@@ -2,6 +2,7 @@ package es.uvigo.esei.daa.filters;
import java.io.IOException;
import java.security.Principal;
+import java.util.Arrays;
import java.util.Base64;
import java.util.List;
@@ -29,6 +30,9 @@ import es.uvigo.esei.daa.entities.User;
@Provider
@Priority(Priorities.AUTHENTICATION)
public class AuthorizationFilter implements ContainerRequestFilter {
+ // Add here the list of REST paths that an administrator can access.
+ private final static List ADMIN_PATHS = Arrays.asList("people");
+
private final UsersDAO dao;
public AuthorizationFilter() {
@@ -54,7 +58,7 @@ public class AuthorizationFilter implements ContainerRequestFilter {
if (this.dao.checkLogin(userPass[0], userPass[1])) {
final User user = this.dao.get(userPass[0]);
- if (isPeoplePath(requestContext) && !user.getRole().equals("ADMIN")) {
+ if (isAdminPath(requestContext) && !user.getRole().equals("ADMIN")) {
requestContext.abortWith(createResponse());
} else {
requestContext.setSecurityContext(new UserSecurityContext(user));
@@ -71,9 +75,15 @@ public class AuthorizationFilter implements ContainerRequestFilter {
}
}
- private static boolean isPeoplePath(ContainerRequestContext context) {
+ private static boolean isAdminPath(ContainerRequestContext context) {
final List pathSegments = context.getUriInfo().getPathSegments();
- return !pathSegments.isEmpty() && pathSegments.get(0).getPath().equals("people");
+
+ if (pathSegments.isEmpty()) {
+ return false;
+ } else {
+ final String path = pathSegments.get(0).getPath();
+ return ADMIN_PATHS.contains(path);
+ }
}
private static Response createResponse() {