Hymir is a Java based IIIF Server. It is based on "IIIF Image API Java Libraries" and "IIIF Presentation API Java Libraries" projects (see https://github.com/dbmdz)
MIT License
27
stars
7
forks
source link
Add new *SecurityService API that can decide based on incoming HTTP request #249
This was a use case that came up during development:
Until now, the API assumed that decisions concerning the access to resources could be made only based on the identity of the resource.
However, there are use cases where additional user-supplied parameters must be taken into account (e.g. an Authorization header, the source IP address, etc).
To enable these use cases with Hymir, this PR adds a new isAccessAllowed(String identifier, HttpServletRequest req) API to ImageSecurityService and PresentationSecurityService, with a default implementation that simply delegates to the existing isAccessAllowed(String identifier) API, i.e. disregards the passed request.
This was a use case that came up during development: Until now, the API assumed that decisions concerning the access to resources could be made only based on the identity of the resource. However, there are use cases where additional user-supplied parameters must be taken into account (e.g. an
Authorization
header, the source IP address, etc). To enable these use cases with Hymir, this PR adds a newisAccessAllowed(String identifier, HttpServletRequest req)
API toImageSecurityService
andPresentationSecurityService
, with a default implementation that simply delegates to the existingisAccessAllowed(String identifier)
API, i.e. disregards the passed request.