Auth0RolerFilter skeleton

author: Jon Marius Venstad <jvenstad@yahoo-inc.com> 2019-04-03 17:37:12 +0200
committer: Jon Marius Venstad <venstad@gmail.com> 2019-04-04 09:48:01 +0200
commit: 7cdbaaf2100f83eb1e574a1bb75f6e8232e3b494 (patch)
tree: 0f7797a53d8d8b7e58c492bcde88af5454c5a1f1 /controller-server/src
parent: 4757b61f2fa9801a08bc06994de4b3945e31468d (diff)
2 files changed, 43 insertions, 2 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java
index 798036c1c42..fb98070295a 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java
@@ -38,7 +38,7 @@ import static java.util.Objects.requireNonNull;
  *
  * @author jonmv
  */
-public class AthenzRoleFilter extends CorsRequestFilterBase {
+public class AthenzRoleFilter extends CorsRequestFilterBase { // TODO: No need for this super anyway.
 
     private static final Logger logger = Logger.getLogger(AthenzRoleFilter.class.getName());
 
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/Auth0RoleFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/Auth0RoleFilter.java
index b3264c0f51a..d96edd57e33 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/Auth0RoleFilter.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/Auth0RoleFilter.java
@@ -1,5 +1,46 @@
 package com.yahoo.vespa.hosted.controller.restapi.filter;
 
-public class Auth0RoleFilter {
+import com.yahoo.jdisc.http.filter.DiscFilterRequest;
+import com.yahoo.jdisc.http.filter.security.base.JsonSecurityRequestFilterBase;
+import com.yahoo.vespa.hosted.controller.role.RoleMembership;
+
+import java.util.Objects;
+import java.util.Optional;
+
+/**
+ * Enriches the request principal with roles from Athenz.
+ *
+ * @author jonmv
+ */
+public class Auth0RoleFilter extends JsonSecurityRequestFilterBase {
+
+    @Override
+    protected Optional<ErrorResponse> filter(DiscFilterRequest request) {
+        return Optional.empty();
+    }
+
+
+    private static class Auth0RolePrincipal implements RolePrincipal {
+
+        private final String name;
+        private final RoleMembership roles;
+
+        public Auth0RolePrincipal(String name, RoleMembership roles) {
+            if (name.isBlank()) throw new IllegalArgumentException("Name may not be blank.");
+            this.name = name;
+            this.roles = Objects.requireNonNull(roles);
+        }
+
+        @Override
+        public String getName() {
+            return name;
+        }
+
+        @Override
+        public RoleMembership roles() {
+            return roles;
+        }
+
+    }
 
 }
author	Jon Marius Venstad <jvenstad@yahoo-inc.com>	2019-04-03 17:37:12 +0200
committer	Jon Marius Venstad <venstad@gmail.com>	2019-04-04 09:48:01 +0200
commit	7cdbaaf2100f83eb1e574a1bb75f6e8232e3b494 (patch)
tree	0f7797a53d8d8b7e58c492bcde88af5454c5a1f1 /controller-server/src
parent	4757b61f2fa9801a08bc06994de4b3945e31468d (diff)