Implement tenant ID checking in authorizationinterceptor
This commit is contained in:
parent
16038ece26
commit
0677f35847
|
@ -131,19 +131,23 @@ public class RuleBuilder implements IAuthRuleBuilder {
|
|||
|
||||
@Override
|
||||
public IAuthRuleBuilderRuleOpClassifierFinishedWithTenantId forTenantIds(final Collection<String> theTenantIds) {
|
||||
myTenantApplicabilityChecker = new ITenantApplicabilityChecker(){
|
||||
setTenantApplicabilityChecker(new ITenantApplicabilityChecker() {
|
||||
@Override
|
||||
public boolean applies(RequestDetails theRequest) {
|
||||
return theTenantIds.contains(theRequest.getTenantId());
|
||||
}
|
||||
};
|
||||
});
|
||||
return this;
|
||||
}
|
||||
|
||||
private void setTenantApplicabilityChecker(ITenantApplicabilityChecker theTenantApplicabilityChecker) {
|
||||
myTenantApplicabilityChecker = theTenantApplicabilityChecker;
|
||||
if (myOpRule != null) {
|
||||
myOpRule.setTenantApplicabilityChecker(myTenantApplicabilityChecker);
|
||||
}
|
||||
if (myOperationRule != null) {
|
||||
myOperationRule.setTenentApplicabilityChecker(myTenantApplicabilityChecker);
|
||||
}
|
||||
return this;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -152,8 +156,14 @@ public class RuleBuilder implements IAuthRuleBuilder {
|
|||
}
|
||||
|
||||
@Override
|
||||
public IAuthRuleBuilderRuleOpClassifierFinishedWithTenantId notForTenantIds(Collection<String> theTenantIds) {
|
||||
return null;// TODO: implement method body
|
||||
public IAuthRuleBuilderRuleOpClassifierFinishedWithTenantId notForTenantIds(final Collection<String> theTenantIds) {
|
||||
setTenantApplicabilityChecker(new ITenantApplicabilityChecker() {
|
||||
@Override
|
||||
public boolean applies(RequestDetails theRequest) {
|
||||
return !theTenantIds.contains(theRequest.getTenantId());
|
||||
}
|
||||
});
|
||||
return this;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -609,6 +609,7 @@ public class AuthorizationInterceptorR4Test {
|
|||
*/
|
||||
@Test
|
||||
public void testDenyActionsNotOnTenant() throws Exception {
|
||||
ourServlet.setTenantIdentificationStrategy(new UrlBaseTenantIdentificationStrategy());
|
||||
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.ALLOW) {
|
||||
@Override
|
||||
public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) {
|
||||
|
@ -634,7 +635,7 @@ public class AuthorizationInterceptorR4Test {
|
|||
status = ourClient.execute(httpGet);
|
||||
response = extractResponseAndClose(status);
|
||||
ourLog.info(response);
|
||||
assertThat(response, containsString("Access denied by default policy (no applicable rules)"));
|
||||
assertThat(response, containsString("Access denied by rule: (unnamed rule)"));
|
||||
assertEquals(403, status.getStatusLine().getStatusCode());
|
||||
assertFalse(ourHitMethod);
|
||||
|
||||
|
|
Loading…
Reference in New Issue