I'm on 2.1-RC3 and seeing some weirdness that I can't explain. I've setup
roles for my various endpoints and hooked them in via the RoleAuthorizer. I've
got an enroler that adds the users roles into the ClientInfo much like the
Security example. However, when I make a request to the system, the
RoleAuthorizer.authorize method is not authorizing. AFAICT, from debugging the
code, the problem is stemming from:
for (Role authorizedRole : getAuthorizedRoles()) {
authorized = authorized
|| request.getClientInfo().getRoles().contains(
authorizedRole);
}
Namely, it appears that request.getClientInfo().getRoles() is returning a
CopyOnWriteArrayList containing a LinkedHashMap (at least that is what the
debugger is telling me) such that the contains() method there returns false,
since the authorizedRole is a Role instance. Now, this seems really weird b/c
first off getRoles() returns List<Role>. I can see that the LinkedHashMap has
3 properties on it which look like what is on a Role: childRoles, description
and name and I can see that the values match up with the value of the
authorizedRole variable.
I'm creating the RoleAuthorizer as:
RoleAuthorizer ra = new RoleAuthorizer();
ra.getAuthorizedRoles().addAll(Arrays.asList(roles));
ra.setNext(restlet);
My Enroler does:
List<Role> clientRoles = clientInfo.getRoles();
log.info("Adding roles " + retrieve + " for " +
clientInfo.getUser().getIdentifier());
clientRoles.addAll(theRoles);
The problem is exacerbated by the fact that, when trying to build the source
from the master branch, I get failures on RestletTestSuite, such that I can't
build a local package to make sure I am absolutely in sync library wise.
Also, is there somewhere that explains the Github branch/tag structure? When I
checkout the 2.1rc3 tag, it doesn't mirror the master code.
------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2940001
