Implement tenant ID checking in authorizationinterceptor

This commit is contained in:
James Agnew 2018-01-23 11:32:35 -05:00
parent 16038ece26
commit 0677f35847
2 changed files with 17 additions and 6 deletions

View File

@ -131,19 +131,23 @@ public class RuleBuilder implements IAuthRuleBuilder {
@Override
public IAuthRuleBuilderRuleOpClassifierFinishedWithTenantId forTenantIds(final Collection<String> theTenantIds) {
myTenantApplicabilityChecker = new ITenantApplicabilityChecker(){
setTenantApplicabilityChecker(new ITenantApplicabilityChecker() {
@Override
public boolean applies(RequestDetails theRequest) {
return theTenantIds.contains(theRequest.getTenantId());
}
};
});
return this;
}
private void setTenantApplicabilityChecker(ITenantApplicabilityChecker theTenantApplicabilityChecker) {
myTenantApplicabilityChecker = theTenantApplicabilityChecker;
if (myOpRule != null) {
myOpRule.setTenantApplicabilityChecker(myTenantApplicabilityChecker);
}
if (myOperationRule != null) {
myOperationRule.setTenentApplicabilityChecker(myTenantApplicabilityChecker);
}
return this;
}
@Override
@ -152,8 +156,14 @@ public class RuleBuilder implements IAuthRuleBuilder {
}
@Override
public IAuthRuleBuilderRuleOpClassifierFinishedWithTenantId notForTenantIds(Collection<String> theTenantIds) {
return null;// TODO: implement method body
public IAuthRuleBuilderRuleOpClassifierFinishedWithTenantId notForTenantIds(final Collection<String> theTenantIds) {
setTenantApplicabilityChecker(new ITenantApplicabilityChecker() {
@Override
public boolean applies(RequestDetails theRequest) {
return !theTenantIds.contains(theRequest.getTenantId());
}
});
return this;
}
}

View File

@ -609,6 +609,7 @@ public class AuthorizationInterceptorR4Test {
*/
@Test
public void testDenyActionsNotOnTenant() throws Exception {
ourServlet.setTenantIdentificationStrategy(new UrlBaseTenantIdentificationStrategy());
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.ALLOW) {
@Override
public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) {
@ -634,7 +635,7 @@ public class AuthorizationInterceptorR4Test {
status = ourClient.execute(httpGet);
response = extractResponseAndClose(status);
ourLog.info(response);
assertThat(response, containsString("Access denied by default policy (no applicable rules)"));
assertThat(response, containsString("Access denied by rule: (unnamed rule)"));
assertEquals(403, status.getStatusLine().getStatusCode());
assertFalse(ourHitMethod);