Reply To: Custom Authorization check in rules

Splash Forums Rewrite Users Custom Authorization check in rules Reply To: Custom Authorization check in rules

#27421

Hey Craig,

your code looks good. I agree that this kind of authorization checking isn’t very easy to do with Rewrite. And to be honest, I’m actually not sure whether it should be done using Rewrite. I typically do such authorization checks in the JSF page action because it is much simpler to do there.

One thing you could do to make your configuration provider more readable is to extract the creation of the custom HttpCondition to a method.

Something like:

  .addRule()
  .when(Direction.isInbound()
    .and(Path.matches("/unit/edit/{id}").withRequestBinding()
    .and(isAccessAllowed())))
  .perform(Forward.to("/access-denied.xhtml"))

public HttpCondition isAccessAllowed() {
  new HttpCondition() {
    // ...
  }
}