Authorizers
Authorizers check if the authenticated client can execute the request according to the security policy.
RESTHeart provides two implementations of Authorizer:
-
FileAclAuthorizer that handle the ACL in a configuration file
-
MongoAclAuthorizer that handle the ACL on a MongoDb collection.
Multiple Authorizers can be enabled; an Authorizer can be either a VETOER or an ALLOWER.
|
Important
|
A request is allowed when no VETOER denies it and any ALLOWER allows it.
|
Implementation
The Authorizer implementation class must implement the org.restheart.plugins.security.Authorizer interface.
public interface Authorizer extends ConfigurablePlugin {
/**
*
* @param request
* @return true if request is allowed
*/
boolean isAllowed(final Request request);
/**
*
* @param request
* @return true if not authenticated user won't be allowed
*/
boolean isAuthenticationRequired(final Request request);
}Registering
The Authorizer class must be annotated with @RegisterPlugin:
@RegisterPlugin(name="myAuthorizer",
description = "my custom authorizer",
authorizerType = ALLOWER)
public class MyAuthorizer implements Authorizer {
}Configuration
The Authorizer can receive parameters from the configuration file using the @Inject("config") annotation:
@Inject("config")
private Map<String, Object> config;
@OnInit
public void init() throws ConfigurationException {
// get configuration arguments
int number = argValue(this.config, "number");
String string = argValue(this.config, "string");
}The parameters are defined in the configuration using the name of the authorizer as defined by the @RegisterPlugins annotation:
myAuthorizer:
number: 10
string: a string