Make ACL filter configurable for method and path #4776
Conversation
| for (String a: aclKeys) { | ||
| String[] keyParts = a.split(":"); | ||
| if (keyParts[0].equals("*")){ | ||
| acl = aclMap.get(a); |
There was a problem hiding this comment.
Actually it is not needed. In the list we could have an element with "*" and a matching path, followed by an entry with matching method and matching path. If we break here the more specific entry will not be selected.
| String[] aclKeys = aclMap.keySet().stream().filter( key -> { | ||
| String keyRegex = key.replaceFirst("\\*", ".*").replace("\\{\\}", "([A-Za-z0-9_\\-]*)"); | ||
| return aclSearch.matches(keyRegex); | ||
| } ).toArray(String[]::new); |
There was a problem hiding this comment.
Not an expert on streams, is it possible to get the map values directly? Something like:
String[] acls = aclMap.entrySet().stream()
.filter(e -> { ... })
.map(Map.Entry::getValue)
.toArray(String[]::new);
if (acls.length > 0) {
acl = acls[0];
}
There was a problem hiding this comment.
I have modified the stream sorting the keys in reverse order. In this case, the "*" will always be last and it is possible to collect the first element. In this way the loop among the element is not needed.
If the servlet has different ACLs for different HTTP methods or paths
the new implementation allows to define a map to identify the correct
ACL.
The MAP will associate a key with the ACL and the key is made as
<method>:<path>
The method is one of the HTTP defined method (e.g. GET, POST, ...) and
the special value of "*" indicate all methods.
The path is internal of the servlet path and in case of path parameter
these can be identified with "{}". An example of entry could be:
key= PUT:/token/{} value= token.read
|
|
@edewata Thanks! I have done several tests of this code outside of pki. It is not used for the moment. I will do additional tests with the updated TokenService I am working on, which will use the ACL map. |
If the servlet has different ACLs for different HTTP methods or paths the new implementation allows to define a map to identify the correct ACL.
The MAP will associate a key with the ACL and the key is made as
<method>:<path>. The method is one of the HTTP defined method (e.g. GET, POST, ...) and the special value of "*" indicate all methods. The path is internal of the servlet path and in case of path parameter these can be identified with "{}".An example of entry could be: