SecuredEndpoint (restcomm-connect.http 8.0.0.1093 API)

java.lang.Object
- org.restcomm.connect.http.AbstractEndpoint
- - org.restcomm.connect.http.SecuredEndpoint

Direct Known Subclasses:

AccountsEndpoint, AnnouncementsEndpoint, ApplicationsEndpoint, AvailablePhoneNumbersEndpoint, CallsEndpoint, ClientsEndpoint, ConferencesEndpoint, EmailMessagesEndpoint, ExtensionsConfigurationEndpoint, GatewaysEndpoint, IncomingPhoneNumbersEndpoint, NotificationsEndpoint, OutboundProxyEndpoint, OutgoingCallerIdsEndpoint, ParticipantsEndpoint, RecordingsEndpoint, SmsMessagesEndpoint, SupervisorEndpoint, TranscriptionsEndpoint, UsageEndpoint, UssdPushEndpoint, VersionEndpoint
```
public abstract class SecuredEndpoint
extends AbstractEndpoint
```
Security layer endpoint. It will scan the request for security related assets and populate the UserIdentityContext accordingly. Extend the class and use checkAuthenticatedAccount*() methods to apply security rules to your endpoint. How to use it: - use checkAuthenticatedAccount() method to check that a user (any user) is authenticated. - use checkAuthenticatedAccount(permission) method to check that an authenticated user has the required permission according to his roles - use checkAuthenticatedAccount(account,permission) method to check that besides permission a user also has ownership over an account

Author:

orestis.tsakiridis@telestax.com (Orestis Tsakiridis)

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

static class SecuredEndpoint.SecuredType

Nested Classes
Modifier and Type	Class and Description
`static class`	`SecuredEndpoint.SecuredType`

Field Summary

Fields
Modifier and Type	Field and Description
`protected AccountsDao`	`accountsDao`
`protected javax.servlet.ServletContext`	`context`
`protected List<RestcommExtensionGeneric>`	`extensions`
`protected IdentityContext`	`identityContext`
`protected org.apache.log4j.Logger`	`logger`
`protected UserIdentityContext`	`userIdentityContext`

Fields inherited from class org.restcomm.connect.http.AbstractEndpoint
baseRecordingsPath, configuration

Constructor Summary

Constructors
Constructor and Description

SecuredEndpoint()

SecuredEndpoint(javax.servlet.ServletContext context, javax.servlet.http.HttpServletRequest request)

Constructors
Constructor and Description
`SecuredEndpoint()`
`SecuredEndpoint(javax.servlet.ServletContext context, javax.servlet.http.HttpServletRequest request)`

Method Summary

Methods
Modifier and Type	Method and Description
`protected void`	`checkAuthenticatedAccount()` Grants general purpose access if any valid token exists in the request
`protected void`	`checkPermission(String permission)` Grants access by permission.
`protected boolean`	`executePostApiAction(ApiRequest apiRequest)`
`protected boolean`	`executePreApiAction(ApiRequest apiRequest)`
`protected String`	`getAdministratorRole()` Returns the string literal for the administrator role.
`protected boolean`	`hasAccountRole(String role)` Checks is the effective account has the specified role.
`protected void`	`init(org.apache.commons.configuration.Configuration configuration)`
`protected boolean`	`isSecuredByPermission(String permission)`
`protected boolean`	`isSuperAdmin()` Checks if the effective account is a super account (top level account)
`protected void`	`secure(Account operatedAccount, Sid resourceAccountSid, SecuredEndpoint.SecuredType type)`
`protected void`	`secure(Account operatedAccount, String permission)` Personalized type of grant.
`protected void`	`secure(Account operatedAccount, String permission, SecuredEndpoint.SecuredType type)`

Methods inherited from class org.restcomm.connect.http.AbstractEndpoint
getApiVersion, getHasVoiceCallerIdLookup, getMethod, getPhoneNumber, getSid, getUrl, isEmpty

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - logger
```
protected org.apache.log4j.Logger logger
```
  - userIdentityContext
```
protected UserIdentityContext userIdentityContext
```
  - accountsDao
```
protected AccountsDao accountsDao
```
  - identityContext
```
protected IdentityContext identityContext
```
  - context
```
@Context
protected javax.servlet.ServletContext context
```
  - extensions
```
protected List<RestcommExtensionGeneric> extensions
```
- Constructor Detail
  - SecuredEndpoint
```
public SecuredEndpoint()
```
  - SecuredEndpoint
```
public SecuredEndpoint(javax.servlet.ServletContext context,
               javax.servlet.http.HttpServletRequest request)
```
- Method Detail
  - init
```
protected void init(org.apache.commons.configuration.Configuration configuration)
```
    Overrides:
    
    init in class AbstractEndpoint
  - checkAuthenticatedAccount
```
protected void checkAuthenticatedAccount()
```
    Grants general purpose access if any valid token exists in the request
  - isSuperAdmin
```
protected boolean isSuperAdmin()
```
    Checks if the effective account is a super account (top level account)
    
    Returns:
  - checkPermission
```
protected void checkPermission(String permission)
```
    Grants access by permission. If the effective account has a role that resolves to the specified permission (accoording to mappings of restcomm.xml) access is granted. Administrator is granted access regardless of permissions.
    
    Parameters:
    permission - - e.g. 'RestComm:Create:Accounts'
  - isSecuredByPermission
```
protected boolean isSecuredByPermission(String permission)
```
  - secure
```
protected void secure(Account operatedAccount,
          String permission)
               throws AuthorizationException
```
    Personalized type of grant. Besides checking 'permission' the effective account should have some sort of ownership over the operatedAccount. The exact type of ownership is defined in secureAccount()
    
    Parameters:
    operatedAccount -
    permission -
    
    Throws:
    
    AuthorizationException
  - secure
```
protected void secure(Account operatedAccount,
          String permission,
          SecuredEndpoint.SecuredType type)
               throws AuthorizationException
```
    Throws:
    
    AuthorizationException
  - secure
```
protected void secure(Account operatedAccount,
          Sid resourceAccountSid,
          SecuredEndpoint.SecuredType type)
               throws AuthorizationException
```
    Throws:
    
    AuthorizationException
  - hasAccountRole
```
protected boolean hasAccountRole(String role)
```
    Checks is the effective account has the specified role. Only role values contained in the Restcomm Account are take into account.
    
    Parameters:
    role -
    
    Returns:
    true if the role exists in the Account. Otherwise it returns false.
  - getAdministratorRole
```
protected String getAdministratorRole()
```
    Returns the string literal for the administrator role. This role is granted implicitly access from checkAuthenticatedAccount() method. No need to explicitly apply it at each protected resource .
    
    Returns:
    the administrator role as string
  - executePreApiAction
```
protected boolean executePreApiAction(ApiRequest apiRequest)
```
  - executePostApiAction
```
protected boolean executePostApiAction(ApiRequest apiRequest)
```

Class SecuredEndpoint

Nested Class Summary

Field Summary

Fields inherited from class org.restcomm.connect.http.AbstractEndpoint

Constructor Summary

Method Summary

Methods inherited from class org.restcomm.connect.http.AbstractEndpoint

Methods inherited from class java.lang.Object

Field Detail

logger

userIdentityContext

accountsDao

identityContext

context

extensions

Constructor Detail

SecuredEndpoint

SecuredEndpoint

Method Detail

init

checkAuthenticatedAccount

isSuperAdmin

checkPermission

isSecuredByPermission

secure

secure

secure

hasAccountRole

getAdministratorRole

executePreApiAction

executePostApiAction