Simplifies the configuration of the AuthorizationFilter

The AuthorizationFilter is used by the test to simulate the HTTP basic authentication. It was initially programmed to just allow access to the "people" path. This commit modifies this filter so that now it is easier to include more paths accessible by the administrator.

Simplifies the configuration of the AuthorizationFilter
The AuthorizationFilter is used by the test to simulate the HTTP basic authentication. It was initially programmed to just allow access to the "people" path. This commit modifies this filter so that now it is easier to include more paths accessible by the administrator.
8cae49f8 · Administrator · 14c57c7c · 8cae49f8 · 8cae49f8
Commit 8cae49f8 authored Mar 09, 2020 by Administrator
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 4 deletions

pom.xml pom.xml +1 -1

AuthorizationFilter.java ...t/java/es/uvigo/esei/daa/filters/AuthorizationFilter.java +13 -3

No files found.
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
 	<groupId>es.uvigo.esei.daa</groupId>
 	<artifactId>example</artifactId>
 	<packaging>war</packaging>
-	<version>0.1.16</version>
+	<version>0.1.18</version>
 	<name>DAA Example</name>
 	<licenses>

--- a/src/test/java/es/uvigo/esei/daa/filters/AuthorizationFilter.java
+++ b/src/test/java/es/uvigo/esei/daa/filters/AuthorizationFilter.java
@@ -2,6 +2,7 @@ package es.uvigo.esei.daa.filters;
 import java.io.IOException;
 import java.security.Principal;
+import java.util.Arrays;
 import java.util.Base64;
 import java.util.List;
@@ -29,6 +30,9 @@ import es.uvigo.esei.daa.entities.User;
 @Provider
 @Priority(Priorities.AUTHENTICATION)
 public class AuthorizationFilter implements ContainerRequestFilter {
+	// Add here the list of REST paths that an administrator can access.
+	private final static List<String> ADMIN_PATHS = Arrays.asList("people");
 	private final UsersDAO dao;
 	public AuthorizationFilter() {
@@ -54,7 +58,7 @@ public class AuthorizationFilter implements ContainerRequestFilter {
 					if (this.dao.checkLogin(userPass[0], userPass[1])) {
 						final User user = this.dao.get(userPass[0]);
-						if (isPeoplePath(requestContext) && !user.getRole().equals("ADMIN")) {
+						if (isAdminPath(requestContext) && !user.getRole().equals("ADMIN")) {
 							requestContext.abortWith(createResponse());
 						} else {
 							requestContext.setSecurityContext(new UserSecurityContext(user));
@@ -71,9 +75,15 @@ public class AuthorizationFilter implements ContainerRequestFilter {
 		}
 	}
-	private static boolean isPeoplePath(ContainerRequestContext context) {
+	private static boolean isAdminPath(ContainerRequestContext context) {
 		final List<PathSegment> pathSegments = context.getUriInfo().getPathSegments();
-		return !pathSegments.isEmpty() && pathSegments.get(0).getPath().equals("people");
+		if (pathSegments.isEmpty()) {
+			return false;
+		} else {
+			final String path = pathSegments.get(0).getPath();
+			return ADMIN_PATHS.contains(path);
+		}
 	}
 	private static Response createResponse() {