Inject ContainerRequestContext / UriInfo into Authorizer
108 views
Skip to first unread message
Matthias Müller
Jul 17, 2020, 3:27:03 AM7/17/20
to dropwiz...@googlegroups.com
How can I access ContainerRequestContext / UriInfo from an Authorizer implementation?
To not work against Dropwizard, I tried to stick to the usual procedure for role-based authentication, e.g.:
final JWTAuthenticationFilter jwtAuthFilter = new JWTAuthenticationFilter.Builder()
.setAuthenticator(new JWTAuthenticator(server, realm))
.setAuthorizer(new ContentAuthorizer(permissionsConfig().accessPermissions()))
.setPrefix("Bearer")
.setRealm(realm)
.buildAuthFilter();
However, my Authorizer implementation (ContentAuthorizer) needs to consider the execution context, in particular the path parameters. I found that DW/Jersey do inject that Context into Authorizers. So is there a preferred way to do this?
-Matthias
Peter Stackle
Aug 13, 2020, 12:45:02 AM8/13/20
to dropwizard-user
Hi Matthias,
Starting with version 2.0, the Authorizer interface now has the ability to have an authorize() method that includes the ContainerRequestContext as a parameter.
https://github.com/dropwizard/dropwizard/blob/master/dropwizard-auth/src/main/java/io/dropwizard/auth/Authorizer.java#L24-L36
https://github.com/dropwizard/dropwizard/blob/master/dropwizard-auth/src/main/java/io/dropwizard/auth/Authorizer.java#L24-L36
Matthias Mueller
Aug 13, 2020, 9:50:31 AM8/13/20
to dropwiz...@googlegroups.com
Very helpful, thanks! As you can see, we’re still happily running on 1.3 but incentives for switching to 2.x are about to get the upper hand.
Reply all
Reply to author
Forward
0 new messages