Jump to content
Bjørn Larsen

Master switch for use of tokens

Recommended Posts

Hi,

 

I need to implement a solution where the administrator must be able to specify if the apis requires use of tokens or if its publicly available.

 

Can someone give me a hint on how to solve this with MARS? Is it possible to specify different attribues depending on a setting? Or how to solve this?

 

Best regards

Bjørn

Share this post


Link to post

Hi, MARS core mechanisms, including authentication and authorization, take place inside TMARSActivation class.

The default implementation is attribute-driven and it is hard to have such dynamic behavior through them.

 

But you can easily inherit your own TMARSActivation descendant and tweak some of the internals.

For example, in order to fullfil your request about bypassing RBAC, you can override the ReadAuthorizationInfo method (that determines if a resource/method is public, is forbidden to everybody or has a list of allowed roles defined through attributes) and fix the result at your will (for example making every request allowed or implementing some strategy of your own based on the request, the application or the specific resource invoked.... whatever).

 

Here attached there is a unit Server.MyActivation that implements a total override of RBAC depending on a parameter of your engine (you can set this parameter in your ini file or by code in the Server.Ignition unit).

 

Some code from the attachment, comment out CodeSite if you are not using it (it's free and you can install it from GetIt, I use it often).

  TMyActivation = class(TMARSActivation)
  protected
    procedure ReadAuthorizationInfo; override;
  end;
 
 procedure TMyActivation.ReadAuthorizationInfo;
begin
  inherited;
  CodeSite.SendMsg('[STANDARD] Authent.: ' + BoolToStr(FAuthorizationInfo.NeedsAuthentication, True)
    + ' Author.: ' + BoolToStr(FAuthorizationInfo.NeedsAuthorization, True));

  if Engine.Parameters.ByName('DisableRBAC', False).AsBoolean then
  begin
    FAuthorizationInfo.PermitAll := True;
    FAuthorizationInfo.DenyAll := False;
    FAuthorizationInfo.AllowedRoles := [];
    CodeSite.SendMsg('[OVERRIDE] Authent.: ' + BoolToStr(FAuthorizationInfo.NeedsAuthentication, True)
      + ' Author.: ' + BoolToStr(FAuthorizationInfo.NeedsAuthorization, True));
  end;
end;

initialization
  TMARSActivation.CreateActivationFunc := function (const AEngine: TMARSEngine;
    const AApplication: TMARSApplication;
    const ARequest: TWebRequest; const AResponse: TWebResponse;
    const AURL: TMARSURL
  ): IMARSActivation
  begin
    Result := TMyActivation.Create(AEngine, AApplication, ARequest, AResponse, AURL);
  end;

 

The initialization section is there to set the TMARSActivation.CreateActivationFunc variable, that acts like a poor-man factory for IMARSActivation.

The library will call this function, if set, to instantiate the specific TMARSActivation descendant (TMyActivation in our case).

 

You can set the parameter in the ini file of your server:

[DefaultEngine]
ThreadPoolSize=100
DisableRBAC=True

 

or setting it by code for example in the Server.Ignition file (after the FEngine.Parameters.LoadFromIniFile call):

    FEngine.Parameters.Values['DisableRBAC'] := True;

 

Let me know if this solves your problem.

Sincerely

Server.MyActivation.pas

Share this post


Link to post

Hi Andrea, 

 

Thank you for quick feedback and a perfect solution!

Always nice to get first class feedback from the author 🙂

 

Best regards, 

Bjørn

  • Like 1

Share this post


Link to post
4 hours ago, Bjørn Larsen said:

Hi Andrea, 

Thank you for quick feedback and a perfect solution!

Always nice to get first class feedback from the author 🙂

Thank you for using MARS and please feel free to provide some feedback or ask questions (if needed) and I will be happy to help!

Many features of my library came as users asked for this or that thing and I managed to implement it

 

There's nothing better for a library author than seeing developers using it 🙂

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×