

Resource access control

Once the request is validated against BDRC auth policies, there is still the possibility of having the accessed endpoint (wether it is secured or not) delivering resources whose access types are limited. Therefore, we have a second security level inside the service offered by a given endpoint.

Here, we will have to check BDRC policies to determine if the user profile is compliant or not with the requested resource access type.

Basic usage

A basic usage of this auth feature consist of calling the hasResourceAcess(String accessType) of the Access object made available in the request context by the Auth filter.

Extended usage

BDRC auth library feature can also be associated with other security mechanisms, not depending upon user profile. For instance, BDRC restricts access to some resources on the basis of the geo location of the requester.

This kind of implementation uses a "wrapper" that extend the basic "Access" object provided by the BDRC Auth library, by adding to it geo location services.

A good example of such a "wrapper" can be found here: ResourceAccessValidation

where the geo location based access restriction is implemented as follows:

public boolean isAccessible(HttpServletRequest request) {

    if (access == null) {
        access = new Access();
    }
    boolean accessible = true;
    if (accessType.equals(RdfConstants.RESTRICTED_CHINA)) {
        if (CHINA.equalsIgnoreCase(GeoLocation.getCountryName(request.getRemoteAddr()))) {
            // if Geolocation country name is null (i.e throws -for instance- an IP parsing
            // exception)
            // then access is denied
            accessible = false;
        }
    }
    return (accessible && access.hasResourceAccess(accessType) || fairUse);
}