use of io.vertx.ext.auth.authorization.AuthorizationProvider in project vertx-web by vert-x3.
the class AuthorizationHandlerImpl method checkOrFetchAuthorizations.
/**
* this method checks that the specified authorization match the current content.
* It doesn't fetch all providers at once in order to do early-out, but rather tries to be smart and fetch authorizations one provider at a time
*
* @param ctx the current routing context
* @param authorizationContext the current authorization context
* @param providers the providers iterator
*/
private void checkOrFetchAuthorizations(RoutingContext ctx, boolean parseEnded, AuthorizationContext authorizationContext, Iterator<AuthorizationProvider> providers) {
if (authorization.match(authorizationContext)) {
// resume the processing of the request
resume(ctx.request(), parseEnded);
ctx.next();
return;
}
final User user = ctx.user();
if (user == null || !providers.hasNext()) {
// resume as the error handler may allow this request to become valid again
resume(ctx.request(), parseEnded);
ctx.fail(FORBIDDEN_CODE, FORBIDDEN_EXCEPTION);
return;
}
// 2) if there is a match, get out right away otherwise repeat 1)
do {
AuthorizationProvider provider = providers.next();
// we haven't fetched authorization from this provider yet
if (!user.authorizations().getProviderIds().contains(provider.getId())) {
provider.getAuthorizations(ctx.user(), authorizationResult -> {
if (authorizationResult.failed()) {
LOG.warn("An error occurred getting authorization - providerId: " + provider.getId(), authorizationResult.cause());
// note that we don't 'record' the fact that we tried to fetch the authorization provider. therefore, it will be re-fetched later-on
}
checkOrFetchAuthorizations(ctx, parseEnded, authorizationContext, providers);
});
// get out right now as the callback will decide what to do next
return;
}
} while (providers.hasNext());
// reached the end of the iterator
// resume as the error handler may allow this request to become valid again, yet mark the request as forbidden
resume(ctx.request(), parseEnded);
ctx.fail(FORBIDDEN_CODE, FORBIDDEN_EXCEPTION);
}
use of io.vertx.ext.auth.authorization.AuthorizationProvider in project vertx-web by vert-x3.
the class AuthHandlerTestBase method testAuthorization.
protected void testAuthorization(String username, boolean fail, Authorization authority) throws Exception {
if (requiresSession()) {
router.route().handler(BodyHandler.create());
SessionStore store = getSessionStore();
router.route().handler(SessionHandler.create(store));
}
AuthenticationProvider authNProvider = PropertyFileAuthentication.create(vertx, "login/loginusers.properties");
AuthorizationProvider authZProvider = PropertyFileAuthorization.create(vertx, "login/loginusers.properties");
AuthenticationHandler authNHandler = createAuthHandler(authNProvider);
router.route().handler(rc -> {
// we need to be logged in
if (rc.user() == null) {
UsernamePasswordCredentials authInfo = new UsernamePasswordCredentials(username, "delicious:sausages");
authNProvider.authenticate(authInfo, res -> {
if (res.succeeded()) {
rc.setUser(res.result());
rc.next();
} else {
rc.fail(res.cause());
}
});
}
});
router.route().handler(authNHandler);
if (authority != null) {
router.route().handler(AuthorizationHandler.create(authority).addAuthorizationProvider(authZProvider));
}
router.route().handler(rc -> rc.response().end());
testRequest(HttpMethod.GET, "/", fail ? 403 : 200, fail ? "Forbidden" : "OK");
}
Aggregations