Handling dynamic security constraints

Splash Forums Rewrite Users Handling dynamic security constraints

This topic contains 4 replies, has 3 voices, and was last updated by  arcturus 2 years, 3 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #24646

    giates
    Participant

    Hi,

    I want to restrict a bunch of urls so that they can be accessed from a specific user’s roles and I can’t figure out how to handle this specific behaviour.

    Use case:

    1) I have users with roles guest, user, admin, business, executive, helpdesk, and so on…
    2) I want that when a user accesses this url: /{locale}/ecommerce/{url} if the user is not logged he/she must be redirected to /login url
    3) If a user is logged and has not guest or user role he/she cannot accesses /{locale}/ecommerce/{url} url
    4) If a user is logged and has guest or user role he/she can accesses /{locale}/ecommerce/{url} url

    I start with this configuration:

    
                .addRule()
                .when(Direction.isInbound()
                .and(Path.matches("/{locale}/ecommerce/{url}")))
                .perform(Redirect.temporary(context.getContextPath() + "/{locale}/login")).
                where("locale").matches("[a-z]{2}");
    

    The rule works good, when I access /en/ecommerce/test rewrite redirects the user to /en/login.

    Now I can’t figure out how to restrict the access for users not logged and users that has not guest or user role.

    I’ve tried this:

    
                .addRule()
                .when(Direction.isInbound()
                .and(JAASRoles.required("user", "guest"))
                .and(Path.matches("/{locale}/ecommerce/{url}")))
                .perform(Redirect.temporary(context.getContextPath() + "/{locale}/login")).
                where("locale").matches("[a-z]{2}");
    

    But seems that JAASRoles.required condition requires that user is already logged, I want to redirect to /login when the user is not logged or when the user has not a given role(s).

    Can you help me ?

    Many thanks

    • This topic was modified 2 years, 12 months ago by  giates.
    #24648

    giates
    Participant

    I’m evaluating “custom conditions”, seems that this is the right approach…

    #24651

    A custom condition is the way to go here. You should have a look at the source code of JAASRoles to get a general idea of how it works. It should be easy to adapt for your specific use case:

    https://github.com/ocpsoft/rewrite/blob/master/config-servlet/src/main/java/org/ocpsoft/rewrite/servlet/config/JAASRoles.java#L33

    #24657

    giates
    Participant

    Yes Christian, the custom condition is the way to go, getting the request I can do what I want. This is what I ended up with:

    .addRule()
     .when(new HttpCondition() {
                 @Override
                  public boolean evaluateHttp(HttpServletRewrite event, EvaluationContext context) {
                    boolean userLogged;
                    boolean rolesValid;
                    HttpServletRequest request = event.getRequest();
                    Principal principal = request.getUserPrincipal();
    
                    userLogged = principal != null && principal.getName() != null;
                    rolesValid = userLogged && (request.isUserInRole("guest") || request.isUserInRole("user"));
    
                    return !userLogged || !rolesValid;
                  }
                }
                .and(Path.matches("/{locale}/ecommerce/{url}")))
      .perform(Redirect.temporary(context.getContextPath() + "/{locale}/login"))
      .where("locale").matches("[a-z]{2}");
    

    Thanks.

    • This reply was modified 2 years, 11 months ago by  Lincoln Baxter III. Reason: Added solution
    #26084

    arcturus
    Participant

    Hi, I’m really new with rewriter .
    and this is excatly what i’m looking for. can you please attach any test project to show how its looks ?

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

Comments are closed.