THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
/** * Check if the caller is authorized to perform the given ACL operation on at least one * resource of the given type. * * @param requestContext Request context including request resourceType, security protocol, and listener name * @param op The ACL operation to check * @param resourceType The resource type * @return Return {@link AuthorizationResult#ALLOWED} if the caller is authorized to perform the * given ACL operation on at least one resource of the given type. * Return {@link AuthorizationResult#DENIED} otherwise. */ default AuthorizationResult authorizeAny(AuthorizableRequestContext requestContext, AclOperation op, ResourceType resourceType) { ResourcePatternFilter resourceFilter = new ResourcePatternFilter(resourceType, null, PatternType.ANY); AclBindingFilter aclFilter = new AclBindingFilter( AclOperation opresourceFilter, new AccessControlEntryFilter( requestContext.principal().toString(), requestContext.clientAddress().getHostAddress(), ResourcePatternFilter f) { op, ResourcePatternFilter resourceFilter = new ResourcePatternFilter(type, null, PatternTypeAclPermissionType.ANY)); Set<String> denyPrefixes = new HashSet<>(); AclBindingFilterSet<String> aclFilterallowPrefixes = new AclBindingFilterHashSet<>(); for (AclBinding binding resourceFilter, new AccessControlEntryFilter(: acls(aclFilter)) { if (binding.entry().permissionType() != AclPermissionType.ALLOW) { requestContext.principalif (binding.entry().toStringpermissionType(), == AclPermissionType.DENY) { switch requestContext(binding.clientAddresspattern().getHostAddresspatternType(), ) { op, case LITERAL: AclPermissionType.ANY)); if (binding.pattern().name().equals(ResourcePattern.WILDCARD_RESOURCE)) return AuthorizationResult.DENIED; break; for (AclBinding binding : acls(aclFilter)) { case PREFIXED: if (binding.pattern().name().isEmpty()) return AuthorizationResult.DENIED; if denyPrefixes.add(binding.entrypattern().permissionTypename()) != AclPermissionType.ALLOW) ; break; } } continue; } switch (binding.pattern().patternType()) { case continue;LITERAL: List<Action> action = Collections.singletonList(new Action( op, binding.pattern(), 1, false, false)); if (authorize(requestContext, action).get(0) == AuthorizationResult.ALLOWED) { return AuthorizationResult.ALLOWED; } break; case PREFIXED: allowPrefixes.add(binding.pattern().name()); break; } } for (String allowed : allowPrefixes) { StringBuilder sb = new StringBuilder(); boolean hasDominatedDeny = false; for (int pos = 0; pos < allowed.length(); pos++) { sb.append(allowed.charAt(pos)); if (denyPrefixes.contains(sb.toString())) { hasDominatedDeny = true; break; } } if (!hasDominatedDeny) return AuthorizationResult.ALLOWED; } return AuthorizationResult.DENIED; } |
...