From 7d312ae9d0a69c9b6a36fb5002a5923b8e3492ff Mon Sep 17 00:00:00 2001
From: Yannick Lecaillez <yannick.lecaillez@forgerock.com>
Date: Mon, 23 May 2016 11:19:35 +0000
Subject: [PATCH] Rest2ldap: let the last authorization filter formulate an implementation specific error message.

---
 opendj-rest2ldap/src/main/java/org/forgerock/opendj/rest2ldap/authz/Authorizations.java |   16 ++++++++++++++++
 1 files changed, 16 insertions(+), 0 deletions(-)

diff --git a/opendj-rest2ldap/src/main/java/org/forgerock/opendj/rest2ldap/authz/Authorizations.java b/opendj-rest2ldap/src/main/java/org/forgerock/opendj/rest2ldap/authz/Authorizations.java
index 471c03e..96a7d36 100644
--- a/opendj-rest2ldap/src/main/java/org/forgerock/opendj/rest2ldap/authz/Authorizations.java
+++ b/opendj-rest2ldap/src/main/java/org/forgerock/opendj/rest2ldap/authz/Authorizations.java
@@ -18,6 +18,8 @@
 import static org.forgerock.opendj.rest2ldap.authz.ConditionalFilters.asConditionalFilter;
 import static org.forgerock.opendj.rest2ldap.authz.ConditionalFilters.newConditionalFilter;
 
+import java.util.List;
+
 import org.forgerock.http.Filter;
 import org.forgerock.http.protocol.Headers;
 import org.forgerock.http.protocol.Request;
@@ -42,6 +44,20 @@
     }
 
     /**
+     * Creates a new {@link Filter} in charge of injecting an {@link AuthenticatedConnectionContext}. This
+     * {@link Filter} tries each of the provided filters until one can apply. If no filter can be applied, the last
+     * filter in the list will be applied allowing it to formulate a valid, implementation specific, error response.
+     *
+     * @param filters
+     *            List of authorization {@link ConditionalFilters} to try. If empty, the returned filter will always
+     *            respond with 403 Forbidden.
+     * @return A new authorization {@link Filter}
+     */
+    public static Filter newAuthorizationFilter(List<ConditionalFilter> filters) {
+        return new AuthorizationFilter(filters);
+    }
+
+    /**
      * Creates a new {@link ConditionalFilter} performing authentication. If authentication succeed, it injects a
      * {@link SecurityContext} with the authenticationId provided by the user. Otherwise, returns a HTTP 401 -
      * Unauthorized response. The condition of this {@link ConditionalFilter} will return true if the supplied requests

--
Gitblit v1.10.0