ahgittin commented on a change in pull request #1202: URL: https://github.com/apache/brooklyn-server/pull/1202#discussion_r671161208
########## File path: rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/EntitlementContextFilter.java ########## @@ -55,30 +58,44 @@ public void filter(ContainerRequestContext requestContext) throws IOException { } else { // now look in session attribute - because principals hard to set from javax filter - if (request!=null) { - MultiSessionAttributeAdapter s = MultiSessionAttributeAdapter.of(request, false); - if (s!=null) { - userName = Strings.toString(s.getAttribute( - BrooklynSecurityProviderFilterHelper.AUTHENTICATED_USER_SESSION_ATTRIBUTE)); - } - } + userName = Strings.toString(getAttributeFromSession(BrooklynSecurityProviderFilterHelper.AUTHENTICATED_USER_SESSION_ATTRIBUTE)); } if (userName != null) { EntitlementContext oldEntitlement = Entitlements.getEntitlementContext(); - if (oldEntitlement!=null && !userName.equals(oldEntitlement.user())) { - throw new IllegalStateException("Illegal entitement context switch, from user "+oldEntitlement.user()+" to "+userName); + if (oldEntitlement != null && !userName.equals(oldEntitlement.user())) { + throw new IllegalStateException("Illegal entitlement context switch, from user " + oldEntitlement.user() + " to " + userName); } String uri = request.getRequestURI(); String remoteAddr = request.getRemoteAddr(); String uid = RequestTaggingRsFilter.getTag(); - WebEntitlementContext entitlementContext = new WebEntitlementContext(userName, remoteAddr, uri, uid); + List<String> userRoles = (List<String>) getAttributeFromSession(WebEntitlementContext.USER_ROLES); + Map<String, Object> entitlementAttributes = null; + if (userRoles != null) { + entitlementAttributes = ImmutableMap.of( + WebEntitlementContext.ENTITLEMENTS_ATTRIBUTES, + ImmutableMap.of( + WebEntitlementContext.USER_ROLES, + userRoles)); + } + + WebEntitlementContext entitlementContext = new WebEntitlementContext(userName, remoteAddr, uri, uid, entitlementAttributes); Review comment: why the map in a map? also note `MutableMap.addIfNotNull(...)` -- entire logic can be done replacing `entitlementAttributes` with MutableMap.of().addIfNotNull(WebEntitlementContext.USER_GROUPS, getAttributeFromSession(WebEntitlementContext.USER_GROUPS)) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@brooklyn.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org