• Home
• org.apache.juneau
• juneau-all
• 9.0.1
• source code
• RoleBasedRestGuard.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.apache.juneau.rest.guard.RoleBasedRestGuard Maven / Gradle / Ivy

// ***************************************************************************************************************************
// * Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements.  See the NOTICE file *
// * distributed with this work for additional information regarding copyright ownership.  The ASF licenses this file        *
// * to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance            *
// * with the License.  You may obtain a copy of the License at                                                              *
// *                                                                                                                         *
// *  http://www.apache.org/licenses/LICENSE-2.0                                                                             *
// *                                                                                                                         *
// * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an  *
// * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the License for the        *
// * specific language governing permissions and limitations under the License.                                              *
// ***************************************************************************************************************************
package org.apache.juneau.rest.guard;

import java.text.*;
import java.util.*;
import java.util.stream.*;

import org.apache.juneau.rest.*;

/**
 * {@link RestGuard} that uses role expressions to determine whether an authenticated user has access to a class or method.
 *
 * 

 * The role expression supports the following constructs:
 * 

 * 	
"foo" - Single arguments.
 * 	
"foo,bar,baz" - Multiple OR'ed arguments.
 * 	
"foo | bar | bqz" - Multiple OR'ed arguments, pipe syntax.
 * 	
"foo || bar || bqz" - Multiple OR'ed arguments, Java-OR syntax.
 * 	
"fo*" - Patterns including '*' and '?'.
 * 	
"fo* & *oo" - Multiple AND'ed arguments, ampersand syntax.
 * 	
"fo* && *oo" - Multiple AND'ed arguments, Java-AND syntax.
 * 	
"fo* || (*oo || bar)" - Parenthesis.
 * 
 *
 * 
Notes:

 * 	
AND operations take precedence over OR operations (as expected).
 * 	
Whitespace is ignored.
 * 	
null or empty expressions always match as false.
 * 
 *
 * 
See Also:

 * 	
Guards
 * 
 */
public class RoleBasedRestGuard extends RestGuard {

	private final Set roles;
	private final RoleMatcher roleMatcher;

	/**
	 * Constructor.
	 *
	 * @param declaredRoles
	 * 	List of possible declared roles.
	 * 	
If null, we find the roles in the expression itself.
	 * 	
This is only needed if you're using pattern matching in the expression.
	 * @param roleExpression
	 * 	The role expression.
	 * 	
If null or empty/blanks, the this guard will never pass.
	 * @throws ParseException Invalid role expression syntax.
	 */
	public RoleBasedRestGuard(Set declaredRoles, String roleExpression) throws ParseException {
		roleMatcher = new RoleMatcher(roleExpression);
		roles = new TreeSet<>(declaredRoles == null ? roleMatcher.getRolesInExpression() : declaredRoles);
	}

	@Override
	public boolean isRequestAllowed(RestRequest req) {
		Set userRoles = roles.stream().filter(x -> req.isUserInRole(x)).collect(Collectors.toSet());
		return roleMatcher.matches(userRoles);
	}
}