[GitHub] [brooklyn-server] ahgittin commented on a change in pull request #1202: Adds an attributes map on WebEntitlementContext to handle user roles

Fri, 16 Jul 2021 04:08:50 -0700 


ahgittin commented on a change in pull request #1202:
URL: https://github.com/apache/brooklyn-server/pull/1202#discussion_r671161208



##########
File path: 
rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/EntitlementContextFilter.java
##########
@@ -55,30 +58,44 @@ public void filter(ContainerRequestContext requestContext) 
throws IOException {
         } else {
 
             // now look in session attribute - because principals hard to set 
from javax filter
-            if (request!=null) {
-                MultiSessionAttributeAdapter s = 
MultiSessionAttributeAdapter.of(request, false);
-                if (s!=null) {
-                    userName = Strings.toString(s.getAttribute(
-                            
BrooklynSecurityProviderFilterHelper.AUTHENTICATED_USER_SESSION_ATTRIBUTE));
-                }
-            }
+            userName = 
Strings.toString(getAttributeFromSession(BrooklynSecurityProviderFilterHelper.AUTHENTICATED_USER_SESSION_ATTRIBUTE));
         }
 
         if (userName != null) {
             EntitlementContext oldEntitlement = 
Entitlements.getEntitlementContext();
-            if (oldEntitlement!=null && 
!userName.equals(oldEntitlement.user())) {
-                throw new IllegalStateException("Illegal entitement context 
switch, from user "+oldEntitlement.user()+" to "+userName);
+            if (oldEntitlement != null && 
!userName.equals(oldEntitlement.user())) {
+                throw new IllegalStateException("Illegal entitlement context 
switch, from user " + oldEntitlement.user() + " to " + userName);
             }
 
             String uri = request.getRequestURI();
             String remoteAddr = request.getRemoteAddr();
 
             String uid = RequestTaggingRsFilter.getTag();
-            WebEntitlementContext entitlementContext = new 
WebEntitlementContext(userName, remoteAddr, uri, uid);
+            List<String> userRoles = (List<String>) 
getAttributeFromSession(WebEntitlementContext.USER_ROLES);
+            Map<String, Object> entitlementAttributes = null;
+            if (userRoles != null) {
+                entitlementAttributes = ImmutableMap.of(
+                        WebEntitlementContext.ENTITLEMENTS_ATTRIBUTES,
+                        ImmutableMap.of(
+                                WebEntitlementContext.USER_ROLES,
+                                userRoles));
+            }
+
+            WebEntitlementContext entitlementContext = new 
WebEntitlementContext(userName, remoteAddr, uri, uid, entitlementAttributes);

Review comment:
       why the map in a map?  also note `MutableMap.addIfNotNull(...)` -- 
entire logic can be done replacing `entitlementAttributes` with
   
       MutableMap.of().addIfNotNull(WebEntitlementContext.USER_GROUPS, 
getAttributeFromSession(WebEntitlementContext.USER_GROUPS))




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to