Mercurial > hg > thermostat-ng > web-gateway
view common/core/src/main/java/com/redhat/thermostat/gateway/common/core/auth/RealmAuthorizer.java @ 247:236e08b6fb0d
Make KeycloakRealmAuthorizer servlet request independent.
Reviewed-by: jkang
Review-thread: http://icedtea.classpath.org/pipermail/thermostat/2017-September/024837.html
| author | Severin Gehwolf <sgehwolf@redhat.com> |
|---|---|
| date | Tue, 05 Sep 2017 19:33:20 +0200 |
| parents | eb87674844fd |
| children |
line wrap: on
line source
/* * Copyright 2012-2017 Red Hat, Inc. * * This file is part of Thermostat. * * Thermostat is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published * by the Free Software Foundation; either version 2, or (at your * option) any later version. * * Thermostat is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with Thermostat; see the file COPYING. If not see * <http://www.gnu.org/licenses/>. * * Linking this code with other modules is making a combined work * based on this code. Thus, the terms and conditions of the GNU * General Public License cover the whole combination. * * As a special exception, the copyright holders of this code give * you permission to link this code with independent modules to * produce an executable, regardless of the license terms of these * independent modules, and to copy and distribute the resulting * executable under terms of your choice, provided that you also * meet, for each linked independent module, the terms and conditions * of the license of that module. An independent module is a module * which is not derived from or based on this code. If you modify * this code, you may extend this exception to your version of the * library, but you are not obligated to do so. If you do not wish * to do so, delete this exception statement from your version. */ package com.redhat.thermostat.gateway.common.core.auth; import java.util.Collections; import java.util.HashSet; import java.util.Set; import com.redhat.thermostat.gateway.common.core.auth.keycloak.Action; public abstract class RealmAuthorizer { /** * A RealmAuthorizer that will deny any request. */ public static final RealmAuthorizer DENY_ALL_AUTHORIZER = new RealmAuthorizer(Collections.<Role>emptySet()) {}; protected final Set<Role> clientRoles; protected RealmAuthorizer(Set<Role> clientRoles) { this.clientRoles = clientRoles; } public boolean readable() { return checkActionExists(Action.READ); } public boolean writable() { return checkActionExists(Action.WRITE); } public boolean updatable() { return checkActionExists(Action.UPDATE); } public boolean deletable() { return checkActionExists(Action.DELETE); } public boolean checkActionExists(String action) { for (Role role : clientRoles) { if (role.containsAction(action)) { return true; } } return false; } public Set<String> getReadableRealms() { return getRealmsWithAction(Action.READ); } public Set<String> getWritableRealms() { return getRealmsWithAction(Action.WRITE); } public Set<String> getUpdatableRealms() { return getRealmsWithAction(Action.UPDATE); } public Set<String> getDeletableRealms() { return getRealmsWithAction(Action.DELETE); } public Set<String> getRealmsWithAction(String action) { Set<String> realms = new HashSet<>(); for (Role role : clientRoles) { if (role.containsAction(action)) { realms.add(role.getRealm()); } } return Collections.unmodifiableSet(realms); } }