Class: UU::OS::Util::CastBasedAuthorizer
- Inherits:
-
Object
- Object
- UU::OS::Util::CastBasedAuthorizer
- Defined in:
- uu_os_application-server-2.7.3/lib/uu/os/util/cast_based_authorizer.rb
Overview
Component used for authorization based on cast to particular role(s).
Constant Summary
Instance Method Summary (collapse)
-
- (void) authorize(ctx, pass_through = false)
Authorizes request.
-
- (CastBasedAuthorizer) initialize(opts = {})
constructor
Creates new instance of authorization component.
Constructor Details
- (CastBasedAuthorizer) initialize(opts = {})
Creates new instance of authorization component.
38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 |
# File 'uu_os_application-server-2.7.3/lib/uu/os/util/cast_based_authorizer.rb', line 38 def initialize(opts = {}) @authorized_roles = [*opts[:authorized_roles]].compact @error_class = opts[:error_class] || AuthorizationError cache_size = opts[:cast_cache_size] || 1000 cache_ttl = opts[:cast_cache_ttl] || (15 * 60) @cast_cache = LruRedux::TTL::ThreadSafeCache.new(cache_size, cache_ttl) # Invoke UESCast.exists via generic CommandClient # (we must not depend on uu_os which provides artifact client) cfg = UU::OS::CMD::CommandClient.const_get(:EXTERNAL_CONFIGURATION) path_prefix = cfg.get('server-path-prefix', SERVICE_PATH) @service_path = concat_path(path_prefix, SERVICE_PATH) @service_opts = {} @service_opts[:default_action] = '' @service_opts[:main_object_uri_parameter_name] = :uesuri @service_opts[:parameters_parameter_name] = '' @service_opts[:use_legacy_config] = true @service_opts[:append_routing_data] = false end |
Instance Method Details
- (void) authorize(ctx, pass_through = false)
This method returns an undefined value.
Authorizes request.
65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 |
# File 'uu_os_application-server-2.7.3/lib/uu/os/util/cast_based_authorizer.rb', line 65 def (ctx, pass_through = false) if @authorized_roles.empty? log_error(@@logger, "No authorized role defined. Unable to authorize access to #{ctx.request.url}.") pass_through ? return : raise(@error_class, 'Access not allowed') end = false cast_client = UU::OS::CMD::CommandClient.new(@service_path, ctx.session, @service_opts) cast_params = {invocation_method: :get} parameters = (cast_params[:parameters] = {}) @authorized_roles.each do |role| # Get access role for which to check cast. access_role_uri = ctx.session.get_access_role(role) if !access_role_uri log_debug(@@logger, "User has no access to territory of authorized role #{role}.") next end cached_value = @cast_cache[access_role_uri.to_s] if cached_value.nil? # TODO To be replaced by checking cast via uuID # Then we can store uuID in cache instead of access role parameters[:castedSubjectUri] = access_role_uri # Check cast result = nil begin result = cast_client.invoke(:exists, role, cast_params) rescue => e log_debug(@@logger, "Unable to check cast to authorized role #{role}.", e) end if result =~ /"?true"?/i = true @cast_cache[access_role_uri.to_s] = true break else @cast_cache[access_role_uri.to_s] = false end elsif cached_value = true break end end if ! log_error(@@logger, "User is not authorized to access #{ctx.request.url}.") pass_through ? return : raise(@error_class, 'User is not authorized') end end |