search

NeilMadden / apisecurityinaction

Source code that accompanies the book API Security in Action
MIT License
147 stars 97 forks source link

DroolsAccessController can be simplified #11

Closed NeilMadden closed 3 years ago

NeilMadden commented 3 years ago

The StatelessKieSession is a better fit for the example in chapter 8. The checkPermitted method can be simplified using this class (and probably with better performance):

        var session = kieContainer.newStatelessKieSession();
        var decision = new Decision();
        session.setGlobal("decision", decision);

        session.execute(List.of(
                new Subject(subject),
                new Resource(resource),
                new Action(action),
                new Environment(env)));

        return decision.isPermitted();

If there's ever a second edition, this should be considered.

NeilMadden commented 3 years ago

An implementation of this approach is available from branch https://github.com/NeilMadden/apisecurityinaction/blob/chapter08-stateless/natter-api/src/main/java/com/manning/apisecurityinaction/controller/DroolsAccessController.java