From 466caa8e4c3e0d827dabe4eb87945948ce58e2d3 Mon Sep 17 00:00:00 2001 From: Miguel Reboiro-Jato Date: Mon, 9 Mar 2020 13:01:10 +0100 Subject: [PATCH] Simplifies the configuration of the AuthorizationFilter The AuthorizationFilter is used by the test to simulate the HTTP basic authentication. It was initially programmed to just allow access to the "people" path. This commit modifies this filter so that now it is easier to include more paths accessible by the administrator. --- src/main/angular/package-lock.json | 2 +- src/main/angular/package.json | 2 +- .../esei/daa/filters/AuthorizationFilter.java | 16 +++++++++++++--- 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/src/main/angular/package-lock.json b/src/main/angular/package-lock.json index 18703ab..231878b 100644 --- a/src/main/angular/package-lock.json +++ b/src/main/angular/package-lock.json @@ -1,6 +1,6 @@ { "name": "daa-example", - "version": "0.2.0-alpha.12", + "version": "0.2.0-alpha.13", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/src/main/angular/package.json b/src/main/angular/package.json index ca8a395..fc96ff8 100644 --- a/src/main/angular/package.json +++ b/src/main/angular/package.json @@ -1,6 +1,6 @@ { "name": "daa-example", - "version": "0.2.0-alpha.12", + "version": "0.2.0-alpha.13", "scripts": { "ng": "./node_modules/.bin/ng", "start": "./node_modules/.bin/ng serve", diff --git a/src/test/java/es/uvigo/esei/daa/filters/AuthorizationFilter.java b/src/test/java/es/uvigo/esei/daa/filters/AuthorizationFilter.java index b2144df..40400f7 100644 --- a/src/test/java/es/uvigo/esei/daa/filters/AuthorizationFilter.java +++ b/src/test/java/es/uvigo/esei/daa/filters/AuthorizationFilter.java @@ -2,6 +2,7 @@ package es.uvigo.esei.daa.filters; import java.io.IOException; import java.security.Principal; +import java.util.Arrays; import java.util.Base64; import java.util.List; @@ -29,6 +30,9 @@ import es.uvigo.esei.daa.entities.User; @Provider @Priority(Priorities.AUTHENTICATION) public class AuthorizationFilter implements ContainerRequestFilter { + // Add here the list of REST paths that an administrator can access. + private final static List ADMIN_PATHS = Arrays.asList("people"); + private final UsersDAO dao; public AuthorizationFilter() { @@ -54,7 +58,7 @@ public class AuthorizationFilter implements ContainerRequestFilter { if (this.dao.checkLogin(userPass[0], userPass[1])) { final User user = this.dao.get(userPass[0]); - if (isPeoplePath(requestContext) && !user.getRole().equals("ADMIN")) { + if (isAdminPath(requestContext) && !user.getRole().equals("ADMIN")) { requestContext.abortWith(createResponse()); } else { requestContext.setSecurityContext(new UserSecurityContext(user)); @@ -71,9 +75,15 @@ public class AuthorizationFilter implements ContainerRequestFilter { } } - private static boolean isPeoplePath(ContainerRequestContext context) { + private static boolean isAdminPath(ContainerRequestContext context) { final List pathSegments = context.getUriInfo().getPathSegments(); - return !pathSegments.isEmpty() && pathSegments.get(0).getPath().equals("people"); + + if (pathSegments.isEmpty()) { + return false; + } else { + final String path = pathSegments.get(0).getPath(); + return ADMIN_PATHS.contains(path); + } } private static Response createResponse() { -- 2.18.1