Example #1
0
 /**
  * Checks if a subject is allowed to call method X on resource Y.
  *
  * @param subjectid subject id
  * @param resourceName resource name (type)
  * @param httpMethod HTTP method name
  * @return true if allowed
  */
 public boolean isAllowedTo(String subjectid, String resourceName, String httpMethod) {
   boolean allow = false;
   if (subjectid != null
       && !StringUtils.isBlank(resourceName)
       && !StringUtils.isBlank(httpMethod)) {
     if (getResourcePermissions().isEmpty()) {
       // Default policy is "deny all". Returning true here would make it "allow all".
       return false;
     }
     if (getResourcePermissions().containsKey(subjectid)
         && getResourcePermissions().get(subjectid).containsKey(resourceName)) {
       // subject-specific permissions have precedence over wildcard permissions
       // i.e. only the permissions for that subjectid are checked, other permissions are ignored
       allow = isAllowed(subjectid, resourceName, httpMethod);
     } else {
       allow =
           isAllowed(subjectid, resourceName, httpMethod)
               || isAllowed(subjectid, ALLOW_ALL, httpMethod)
               || isAllowed(ALLOW_ALL, resourceName, httpMethod)
               || isAllowed(ALLOW_ALL, ALLOW_ALL, httpMethod);
     }
   }
   boolean isRootApp = StringUtils.equals(App.id(Config.APP_NAME_NS), getId());
   boolean isRootAppAccessAllowed =
       Config.getConfigBoolean("clients_can_access_root_app", !Config.IN_PRODUCTION);
   return isRootApp ? (isRootAppAccessAllowed && allow) : allow;
 }
Example #2
0
 /** @return true if asynchronous caching is enabled. */
 private boolean isAsyncEnabled() {
   return Config.getConfigBoolean("hc.async_enabled", false);
 }