Ivan Brko
05/02/2020, 5:52 AMauthenticate{
minimalRoleAllowed(Role.Admin) { //this is the call to my custom feature for authorization
get{
...
}
}
}
So what I would expect here to happen is have authentication called, and then if it passes have authorization called. But it seems, somehow, that when all the pipelines are merged authorization gets called before authentication, which is of course wrong, because I can't authorize the user if I they are not authenticated.
This is the implementation for my minimalRouteAllowed
extension method:
fun Route.minimalRoleAllowed(role: Role, build: Route.() -> Unit): Route {
val authorisedRoute = createChild(AuthorisedRouteSelector()) //AuthorisedRouteSelector just returns a selector which evaluates to RouteSelectorEvaluation.Const
application.feature(RoleAuthorization).interceptPipeline(authorisedRoute, role)
authorisedRoute.build()
return authorisedRoute
}
And this is how I'm inserting phase and intercepting in the RoleAuthorization.interceptPipeline
called above (the pipeline
here is authorizedRoute
I sent in method above):
pipeline.insertPhaseAfter(ApplicationCallPipeline.Features, authorizationPhase)
pipeline.intercept(authorizationPhase) {...
Ivan Brko
05/02/2020, 6:44 AM