I implemented Resful application using dropwizard framework. I use dropwizard-auth-jwt for my authentication with maven package:
<dependency>
<groupId>com.github.toastshaman</groupId>
<artifactId>dropwizard-auth-jwt</artifactId>
<version>1.0.2-0 </version>
</dependency>
for adding authentication for resources, I implemented sampleAuthenticator which is implemented Authenticator class that uses Principal class for it's authentication check.
public class UserAuthenticate implements Authenticator <JwtContext, MyUser> {
#Override
public Optional<MyUser> authenticate(JwtContext context) {
try {
final String subject = context.getJwtClaims().getSubject();
if ("authentication".equals(subject)) {
return Optional.of(new MyUser("admin", "pass"));
}
return Optional.empty();
}
catch (MalformedClaimException e) { return Optional.empty(); }
}
}
when MyUser implemented Principal:
public class MyUser implements Principal {
private String pass;
private String name;
public MyUser(String name, String pass) {
this.pass = pass;
this.name = name;
}
public MyUser( String name){
this.name = name;
}
public MyUser(){}
public String getPass() {
return pass;
}
#Override
public String getName() {
return name;
}
#Override
public String toString() {
return "MyUser{" +
"pass='" + pass + '\'' +
", name='" + name + '\'' +
'}';
}
#Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
final MyUser myUser = (MyUser) o;
return Objects.equals(pass, myUser.pass) && Objects.equals(name, myUser.name);
}
#Override
public int hashCode() {
return Objects.hash(pass, name);
}
}
with this configurations, I needed add resource for crud operations. for get and delete there is no probelm. but when I add post or put when needs to add new object for body of request, I have error.
post:
#POST
#Path("/")
public Response create(#Auth MyUser admin, Body body) {
return Response
.status(Response.Status.OK)
.type(MediaType.APPLICATION_JSON)
.entity(true)
.build();
}
error:
Caused by: org.glassfish.jersey.server.model.ModelValidationException:
Validation of the application resource model has failed during
application initialization. [[FATAL] No injection source found for a
parameter of type public javax.ws.rs.core.Response
myGroup.resources.BodyResource.create(myGroup.api.MyUser,myGroup.api.Body)
at index 0.; source='ResourceMethod{httpMethod=POST,
consumedTypes=[application/json], producedTypes=[application/json],
suspended=false, suspendTimeout=0, suspendTimeoutUnit=MILLISECONDS,
invocable=Invocable{handler=ClassBasedMethodHandler{handlerClass=class
myGroup.resources.BodyResource,
handlerConstructors=[org.glassfish.jersey.server.model.HandlerConstructor#20411320]},
definitionMethod=public javax.ws.rs.core.Response
myGroup.resources.BodyResource.create(myGroup.api.MyUser,myGroup.api.Body),
parameters=[Parameter [type=class myGroup.api.MyUser, source=null,
defaultValue=null], Parameter [type=class myGroup.api.Body,
source=null, defaultValue=null]], responseType=class
javax.ws.rs.core.Response}, nameBindings=[]}', [WARNING] The
(sub)resource method create in myGroup.resources.BodyResource contains
empty path annotation.; source='public javax.ws.rs.core.Response
myGroup.resources.BodyResource.create(myGroup.api.MyUser,myGroup.api.Body)'
Jersey wants the #Path annotation to be at class level. See my answer here: Parse request parameters without writing wrapper class
I don't know which version of dropwizard you are using but I couldn't
make the combination of #POST and #Path("/something") annotation to
behave when a method is annotated. I'm getting HTTP ERROR 404.
Related
My project is based on Grail 2.5.6 and Spring plugins. I'm trying to create a custom auth provider, filter and token extending their respective basic classes.
this.getAuthenticationManager().authenticate(authRequest)
In my filter the authentication manager is always null. So, it throws cannot invoke authenticate() on a null object. When I debug on the authenticationManager, it lists other provider names but my custom one.
Here is my custom web security config
#Configuration
#EnableGlobalMethodSecurity(securedEnabled=true)
public class CustomWebSecurityConfig extends WebSecurityConfigurerAdapter {
OrbisAuthenticationProvider orbisAuthenticationProvider
public CustomWebSecurityConfig() {
super()
log.debug "configure custom security"
print("configure custom security")
}
#Autowired
protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
print("configure method 1")
log.debug "configure method 1"
auth.authenticationProvider(orbisAuthenticationProvider)
}
#Bean(name= BeanIds.AUTHENTICATION_MANAGER)
#Override
AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean()
}
#Bean
OrbisAuthenticationFilter orbisAuthenticationProvider() throws Exception {
log.debug "orbis Authentication provider"
OrbisAuthenticationProvider orbisAuthenticationProvider = new OrbisAuthenticationProvider(authenticationManagerBean())
return orbisAuthenticationProvider
}
#Bean
#Autowired
public OrbisAuthenticationFilter orbisAuthenticationFilter() throws Exception {
print("configure orbis filtr")
OrbisAuthenticationFilter oaf = new OrbisAuthenticationFilter()
oaf.setAuthenticationManager(authenticationManagerBean())
oaf.setFilterProcessesUrl("j_orbis_security_check")
oaf.setUsernameParameter("email")
oaf.setPasswordParameter("password")
oaf.setAuthenticationSuccessHandler(new SavedRequestAwareAuthenticationSuccessHandler()
.setDefaultTargetUrl("/oauth/authorize"))
oaf.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler()
.setDefaultFailureUrl("/loginWithOrbis"))
oaf.afterPropertiesSet()
return oaf
}
}
On debugging, it doesn't look like any of these methods are getting called. The annotations don't seem enough to get picked up. I had tried #ComponentScan too.
Do I have to inject this security config somewhere? How do I get authManager to be available in my filter?
OrbisAuthFilter
class OrbisAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
// #Autowired
OrbisAuthenticationProvider orbisAuthenticationProvider
OrbisAuthenticationFilter() {
super("/j_orbis_security_check")
orbisAuthenticationProvider = new OrbisAuthenticationProvider()
}
void afterPropertiesSet() {
assert authenticationManager != null, 'authenticationManager must be specified'
}
#Override
Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
String username = request.getParameter("email")
String password = request.getParameter("password")
String accessCode = request.getParameter("accessCode")
OrbisAuthenticationToken authRequestForAuthentication = new OrbisAuthenticationToken(username, password, accessCode)
// This throws error because getAuthenticationManager returns null
// authRequestForAuthentication = this.getAuthenticationManager.authenticate(authRequestForAuthentication)
//This works if I instantiate the orbis provider object in the constructor
authRequestForAuthentication = this.orbisAuthenticationProvider.authenticate(authRequestForAuthentication)
SecurityContextHolder.getContext().setAuthentication(authRequestForAuthentication)
return authRequestForAuthentication
}
protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {
authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
}
#Override
#Autowired
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
super.setAuthenticationManager(authenticationManager);
}
}
OrbisAuthProvider
class OrbisAuthenticationProvider implements AuthenticationProvider {
#Override
Authentication authenticate(Authentication authentication) throws AuthenticationException {
OrbisAuthenticationToken orbisAuth = (OrbisAuthenticationToken) authentication
String username = orbisAuth.principal
String password = orbisAuth.credentials
String orbisAccessCode = orbisAuth.orbisAccessCode
def urlToUse = 'https://coopstatus.neu.edu/sail_api/full.aspx?' + 'ac=' + orbisAccessCode + '&e='+ username + '&p=' + password
HttpClient httpClient = DefaultHttpClient.newInstance()
HttpGet getRequest = new HttpGet(urlToUse)
HttpResponse httpResponse = httpClient.execute(getRequest)
JSONObject orbisResponse = new JSONObject(httpResponse.getEntity().getContent().getText())
// if(orbisResponse.get("IsFound")) {
// //Return error not authenticated
// }
Collection<GrantedAuthority> orbisUserGrantedAuthorities = getLDAPUserAuthorities(orbisResponse.get("Email"))
orbisAuth = new OrbisAuthenticationToken(username, password, orbisAccessCode, orbisUserGrantedAuthorities)
return orbisAuth
}
private Collection<GrantedAuthority> getLDAPUserAuthorities(String username) {
LDAPUserDetails currentLdapUserDetails
try {
currentLdapUserDetails = new LDAPUserDetailsService().loadUserByOrbisUsername(username)
log.debug currentLdapUserDetails
} catch(org.springframework.security.core.userdetails.UsernameNotFoundException e) {
log.error("User " + username + " not found in ldap", e)
}
Collection<GrantedAuthority> authorities = new ArrayList<>()
for (String authority : currentLdapUserDetails.authorities) {
authorities.add(new SimpleGrantedAuthority(authority))
}
return authorities
}
#Override
public boolean supports(Class<?> authentication) {
return (OrbisAuthenticationToken.class
.isAssignableFrom(authentication));
}
}
Resources.groovy
import edu.neu.security.OrbisAuthenticationFilter
import edu.neu.security.OrbisAuthenticationProvider
beans = {
userDetailsService(edu.neu.security.LDAPUserDetailsService)
orbisAuthenticationProvider(OrbisAuthenticationProvider)
orbisAuthenticationFilter(OrbisAuthenticationFilter) {
orbisAuthenticationProvider = ref("orbisAuthenticationProvider")
requiresAuthenticationRequestMatcher = ref('filterProcessUrlRequestMatcher')
// This throws error during startup. Unable to init bean
// authenicationManager = ref("authenicationManager")
}
myOAuth2ProviderFilter(OAuth2ProviderFilters) {
//grailsApplication = ref('grailsApplication')
// properties
}
}
I followed some of the concepts from this project: https://github.com/ppazos/cabolabs-ehrserver/
Even if the whole process is executed and securityContext is set with authenticated, when I hit oauth/authorize to get Authorization_Code, it redirects back to '/login/auth'. It still doesn't know that a user is already authenticated.
When you add an authentication provider to the AuthenticationManagerBuilder bean (which comes from AuthenticationConfiguration), the authentication manager bean you declare is not used.
Try:
#Configuration
#EnableGlobalMethodSecurity(securedEnabled=true)
public class CustomWebSecurityConfig {
OrbisAuthenticationProvider lwoAuthProvider;
public CustomWebSecurityConfig() {
//
}
#Bean(name= BeanIds.AUTHENTICATION_MANAGER)
AuthenticationManager authenticationManagerBean() throws Exception {
return new ProviderManager(Arrays.asList(lwoAuthProvider));
}
Your AuthenticationManager bean should get picked up and will be used for method security. You can also #Autowire it in your filter if it is being managed by Spring, or #Autowire it in the #Configuration class that instantiates your filter.
NOTE: the above class WILL NOT create any of the Spring Security filters.
(The filter chain wasn't being created anyway - you didn't annotate your class with #EnableWebSecurity)
I have following configuration to use with Rest Docs:
webTestClient = buildWebClient().mutate()
.filter(documentationConfiguration(restDocumentation))
.baseUrl("https://api.my-domain.com/")
.build()
In my case I use path prefix to my service - service/foo since I use k8s ingress and my service is served on path offset.
Is there a way to insert such prefix without modifying production code?
Related documentation fragment:
https://docs.spring.io/spring-restdocs/docs/current/reference/html5/#configuration-uris-webtestclient
To document another URI than the one called to generate documentation, you have to write your own OperationPreprocessor. There are some predefined like Preprocessors.modifyUris but it does not allow to modify the request path.
Check below the webTestClient configuration and the URIUpdaterOperationRequest class. Code is available on GitHub: https://github.com/Query-Interface/SO-Answers/blob/master/java/spring/rest-docs-modify-uripath/src/test/java/com/example/demo/DemoApplicationTests.java
public void init() throws Exception {
final URIUpdaterPreprocessor preprocessor = new URIUpdaterPreprocessor();
webTestClient = webTestClient.mutate()
.filter((documentationConfiguration(this.restDocumentation)
.operationPreprocessors()
.withRequestDefaults(preprocessor)
.withResponseDefaults(prettyPrint()))
)
.build();
}
private static final class URIUpdaterPreprocessor
implements OperationPreprocessor {
#Override
public OperationRequest preprocess(OperationRequest request) {
return new URIUpdaterOperationRequest(request);
}
#Override
public OperationResponse preprocess(OperationResponse response) {
return response;
}
}
private static final class URIUpdaterOperationRequest
implements OperationRequest {
private OperationRequest delegate;
public URIUpdaterOperationRequest(OperationRequest request) {
delegate = request;
}
public byte[] getContent() {
return delegate.getContent();
}
public String getContentAsString() {
return delegate.getContentAsString();
}
public HttpHeaders getHeaders() {
return delegate.getHeaders();
}
public HttpMethod getMethod() {
return delegate.getMethod();
}
public Parameters getParameters() {
return delegate.getParameters();
}
public Collection<OperationRequestPart> getParts() {
return delegate.getParts();
}
public URI getUri() {
URI sourceUri = delegate.getUri();
UriComponentsBuilder builder = UriComponentsBuilder.fromUri(sourceUri);
return builder
.host(sourceUri.getHost())
.replacePath("/service/foo"+sourceUri.getPath())
.build().toUri();
}
public Collection<RequestCookie> getCookies() {
return delegate.getCookies();
}
}
I think another possibilty is to update the mustache templates so as to add a prefix before all request path references. The default templates are located here on github.
background:
I build a class diagram for shopping on the net.
For creating a user interface with tow type (golden-User and silver-User) I use the factory pattern.
But the User class become to be very complex.
How can I create this class by bulider and on the other hand the ability to specify the user type such as the factory will remain on the class name
(will help me to recognize which type is by polymorphism and not by if&else)
The Decorator pattern is a simple solution:
public class Main {
public static void main(String[] args) {
User silverUser = new UserDecorator(new SilverUser("Kyriakos", "Georgiopoulos"));
User goldenUser = new UserDecorator(new GoldenUser("GoldenUser firstName", "GoldenUser lastName"));
User nullUser = new UserDecorator(null);
System.out.println(silverUser.firstName() + " " + silverUser.lastName() + " is " + silverUser.type());
System.out.println(goldenUser.firstName() + " " + goldenUser.lastName() + " is " + goldenUser.type());
System.out.println(nullUser.firstName() + " " + nullUser.lastName() + " is " + nullUser.type());
}
}
interface User {
String firstName();
String lastName();
String type();
}
class SilverUser implements User {
private final String firstName;
private final String lastName;
SilverUser(String firstName, String lastName) {
this.firstName = firstName;
this.lastName = lastName;
}
public String firstName() {
return firstName;
}
public String lastName() {
return lastName;
}
public String type() {
return "SilverUser ";
}
}
class GoldenUser implements User {
private final String firstName;
private final String lastName;
GoldenUser(String firstName, String lastName) {
this.firstName = firstName;
this.lastName = lastName;
}
public String firstName() {
return firstName;
}
public String lastName() {
return lastName;
}
public String type() {
return "GoldenUser ";
}
}
class UserDecorator implements User {
private final User user;
UserDecorator(User user){
this.user = user;
}
public String firstName() {
return user != null && user.firstName() != null && user.firstName().length() > 0 ?
user.firstName() : "";
}
public String lastName() {
return user != null && user.lastName() != null && user.lastName().length() > 0 ?
user.lastName() : "";
}
public String type() {
return user != null ? user.type() : "NullPointerException";
}
}
The intent of the two patterns are different: while Factory creates an object instance (which can hold more other class instances) the Builder's goal is to create object step-by-step and reduce overloaded constructors.
For example (with java snippets):
Factory method
interface for user:
public interface User {
}
GoldUser class:
class GoldUser implements User {
// ... field declarations
// Ctor
GoldUser(fields...){}
// ... methods
}
SilverUser class:
class SilverUser implement User {
// ... field declarations
// Ctor
SilverUser(fields...){}
// ... methods
}
User Factory Class:
public class UserFactory {
// ... user versions
public static int GoldUser = 0;
public static int SilverUser = 1;
// ... private Ctor because we don't want to instantiate this class - only in this example
private UserFactory (){}
// ... creating appropriate User instance
public static User createUser(int userType){
switch (userType){
case GoldUser: return new GoldUser;
case SilverUser: return new SilverUser;
default throw new WrongUserTypeException("Wrong User Type");
}
}
}
in your other class:
// ... code stuff here
User user=UserFactory.createUser(1); // will return new SilverUser instance
// ... other code stuff here
Builder pattern
If you have many fields in your class and only some of them are compulsory, you don't have to create many constructors, a builder will enough:
class UserBuilder{
private static Service_A serviceA; // required
private static Service_B serviceB; // required
private static Service_C serviceC;
private static Service_D serviceD;
private static Service_E serviceE;
// since this builder is singleton
private static UserBuilder builderInstance = new UserBuilder();
private UserBuilder () {};
public static UserBuilder getBuilderInstance (Service_A service_A, Service_B service_B){
serviceA = service_A;
serviceB = service_B;
serviceC = null;
serviceD = null;
serviceE = null;
return builderInstance;
}
public static UserBuilder addServiceC (Service_C service_C) {
serviceC = service_C;
return builderInstance;
}
public static UserBuilder addServiceD (Service_D service_D) {
serviceC = service_D;
return builderInstance;
}
public static UserBuilder addServiceE (Service_E service_E) {
serviceE = service_E;
return builderInstance;
}
public static User build(){
return new User (serviceA, ServiceB, ServiceC, ServiceD, ServiceE);
}
And later you can build a customized User:
UserBuilder aUserBuilder = UserBuilder.getBuilderInstance(aServiceA, aServiceB);
// ... other stuff
aUserBuilder.addServiceE(aServiceE);
///... more stuff
User aUser= aUSerBuilder.addServiceC(aServiceC)
.build(); // will return the fresh built User instance
Hope I could help you!
Regards,
Cs
In this particular case you're not supposed to use Factory to create different instances of the same class. It can be used to create different implementations of one common abstraction. Try implementing IUser interface. Then implement this interface by two classes: GoldenUser and SilverUser. Your Factory will create instance of either GoldenUser or SilverUser and return it as IUser. Also instead of interface IUser you could probably create User abstract class, that will be inherited by GoldenUser and SilverUser.
I have created a custom authentication provider that checks if a user exists in a datasource and allows it to login or not.
Now I also have to check the roles of that user, but I don't understand if the same provider can take care of Authentication and Role mapping or if I have to do another provider.
I had tried to created another provider, for the role mapping, but I can't find it, or not looking in the right place to configurate it, but my MBean type also doesn't any configs to be inserted.
Can anyone help me with this?
I tried to find examples of role mapping, with no luck.
Thanks
Have a look at the Oracle Guide: How to Develop a Custom Role Mapping Provider
The process is very similiar to creating an authentication Provider, the only difference are the interfaces you have to implement.
Now for my Implementation (I assume knowledge about MBean Provider Creation using the WebLogicMBeanMaker, since you already created an Authentication Provider):
You need 3 Files, a XML File with the configuration, the Provider and the Implementation of a Role.
The Config File:
<?xml version="1.0" ?>
<!DOCTYPE MBeanType SYSTEM "commo.dtd">
<MBeanType
Name = "MYRoleMapper"
DisplayName = "MYRoleMapper"
Package = "MY.security"
Extends = "weblogic.management.security. authorization.RoleMapper"
PersistPolicy = "OnUpdate"
>
<MBeanAttribute
Name = "ProviderClassName"
Type = "java.lang.String"
Writeable = "false"
Preprocessor = "weblogic.management.configuration.LegalHelper.checkClassName(value)"
Default = ""MY.security.MYRoleMapperProviderImpl""
/>
<MBeanAttribute
Name = "Description"
Type = "java.lang.String"
Writeable = "false"
Default = ""MY RM provider ""
/>
<MBeanAttribute
Name = "Version"
Type = "java.lang.String"
Writeable = "false"
Default = ""1.2""
/>
</MBeanType>
The Actual Provider MYRoleMapperProviderImpl.java:
public class MYRoleMapperProviderImpl implements RoleProvider, RoleMapper {
private String description;
private static final Map<String, SecurityRole> NO_ROLES = Collections.unmodifiableMap(new HashMap<String, SecurityRole>(1));
private final static String RESSOURCE_URL = "<url>";
private final static String RESSOURCE_EJB = "<ejb>";
private enum rollen {
READER;
}
#Override
public void initialize(ProviderMBean mbean, SecurityServices services) {
description = mbean.getDescription() + "\n" + mbean.getVersion();
}
#Override
public String getDescription() {
return description;
}
#Override
public void shutdown() {
}
#Override
public RoleMapper getRoleMapper() {
return this;
}
#Override
public Map<String, SecurityRole> getRoles(Subject subject, Resource resource, ContextHandler handler) {
Map<String, SecurityRole> roles = new HashMap<String, SecurityRole>();
Set<Principal> principals = subject.getPrincipals();
for (Resource res = resource; res != null; res = res.getParentResource()) {
getRoles(res, principals, roles);
}
if (roles.isEmpty()) {
return NO_ROLES;
}
return roles;
}
private void getRoles(Resource resource, Set<Principal> principals, Map<String, SecurityRole> roles) {
if (resource.getType() == RESSOURCE_URL || resource.getType() == RESSOURCE_EJB) {
roles.put(rollen.READER.toString(), new MYSecurityRoleImpl(rollen.READER.toString(), "READER Rolle"));
}
}
}
And an absolute simple Role Implementation:
package MY.security;
import weblogic.security.service.SecurityRole;
public class MYSecurityRoleImpl implements SecurityRole {
private String _roleName;
private String _description;
private int _hashCode;
public MYSecurityRoleImpl(String roleName, String description)
{
_roleName = roleName;
_description = description;
_hashCode = roleName.hashCode() + 17;
}
public boolean equals(Object secRole)
{
if (secRole == null)
{
return false;
}
if (this == secRole)
{
return true;
}
if (!(secRole instanceof MYSecurityRoleImpl))
{
return false;
}
MYSecurityRoleImpl anotherSecRole = (MYSecurityRoleImpl)secRole;
if (!_roleName.equals(anotherSecRole.getName()))
{
return false;
}
return true;
}
public String toString () { return _roleName; }
public int hashCode () { return _hashCode; }
public String getName () { return _roleName; }
public String getDescription () { return _description; }
}
I want to have multiples implementation of the IUserRepository each implementation will work with a database type either MongoDB or any SQL database. To do this I have ITenant interface that have a connection string and other tenant configuration. The tenant is been injected into IUserRepository either MongoDB or any SQLDB implementation. What I need to know is how properly change the injected repository to choose the database base on the tenant.
Interfaces
public interface IUserRepository
{
string Login(string username, string password);
string Logoff(Guid id);
}
public class User
{
public Guid Id { get; set; }
public string Username { get; set; }
public string Password { get; set; }
public string LastName { get; set; }
public string FirstName { get; set; }
}
public interface ITenant
{
string CompanyName { get; }
string ConnectionString { get; }
string DataBaseName { get; }
string EncriptionKey { get; }
}
Is important to know that the tenant id is been pass to an API via header request
StartUp.cs
// set inject httpcontet to the tenant implemantion
services.AddTransient<IHttpContextAccessor, HttpContextAccessor>();
// inject tenant
services.AddTransient<ITenant, Tenant>();
// inject mongo repository but I want this to be programmatically
services.AddTransient<IUserRepository, UserMongoRepository>();
Sample Mongo Implementation
public class UserMongoRepository : IUserRepository
{
protected ITenant Tenant
public UserMongoRepository(ITenant tenant) :
base(tenant)
{
this.Tenant = tenant;
}
public string Login(string username, string password)
{
var query = new QueryBuilder<User>().Where(x => x.Username == username);
var client = new MongoClient(this.Tenant.ConnectionString);var server = client.GetServer();
var database = client.GetServer().GetDatabase(this.Tenant.DataBaseName);
var user = database.GetCollection<User>.FindAs<User>(query).AsQueryable().FirstOrDefault();
if (user == null)
throw new Exception("invalid username or password");
if (user.Password != password)
throw new Exception("invalid username or password");
return "Sample Token";
}
public string Logoff(Guid id)
{
throw new NotImplementedException();
}
}
Tenant
public class Tenant : ITenant
{
protected IHttpContextAccessor Accesor;
protected IConfiguration Configuration;
public Tenant(IHttpContextAccessor accesor, IDBConfiguration config)
{
this.Accesor = accesor;
this.Configuration = new Configuration().AddEnvironmentVariables();
if (!config.IsConfigure)
config.ConfigureDataBase();
}
private string _CompanyName;
public string CompanyName
{
get
{
if (string.IsNullOrWhiteSpace(_CompanyName))
{
_CompanyName = this.Accesor.Value.Request.Headers["Company"];
if (string.IsNullOrWhiteSpace(_CompanyName))
throw new Exception("Invalid Company");
}
return _CompanyName;
}
}
private string _ConnectionString;
public string ConnectionString
{
get
{
if (string.IsNullOrWhiteSpace(_ConnectionString))
{
_ConnectionString = this.Configuration.Get(this.CompanyName + "_" + "ConnectionString");
if (string.IsNullOrWhiteSpace(_ConnectionString))
throw new Exception("Invalid ConnectionString Setup");
}
return _ConnectionString;
}
}
private string _EncriptionKey;
public string EncriptionKey
{
get
{
if (string.IsNullOrWhiteSpace(_EncriptionKey))
{
_EncriptionKey = this.Configuration.Get(this.CompanyName + "_" + "EncriptionKey");
if (string.IsNullOrWhiteSpace(_EncriptionKey))
throw new Exception("Invalid Company Setup");
}
return _EncriptionKey;
}
}
private string _DataBaseName;
public string DataBaseName
{
get
{
if (string.IsNullOrWhiteSpace(_DataBaseName))
{
_DataBaseName = this.Configuration.Get(this.CompanyName + "_" + "DataBaseName");
if (string.IsNullOrWhiteSpace(_DataBaseName))
throw new Exception("Invalid Company Setup");
}
return _DataBaseName;
}
}
}
Controller
public class UsersController : Controller
{
protected IUserRepository DataService;
public UsersController(IUserRepository dataService)
{
this.DataService = dataService;
}
// the controller implematation
}
You should define a proxy implementation for IUserRepository and hide the actual implementations behind this proxy and at runtime decide which repository to forward the call to. For instance:
public class UserRepositoryDispatcher : IUserRepository
{
private readonly Func<bool> selector;
private readonly IUserRepository trueRepository;
private readonly IUserRepository falseRepository;
public UserRepositoryDispatcher(Func<bool> selector,
IUserRepository trueRepository, IUserRepository falseRepository) {
this.selector = selector;
this.trueRepository = trueRepository;
this.falseRepository = falseRepository;
}
public string Login(string username, string password) {
return this.CurrentRepository.Login(username, password);
}
public string Logoff(Guid id) {
return this.CurrentRepository.Logoff(id);
}
private IRepository CurrentRepository {
get { return selector() ? this.trueRepository : this.falseRepository;
}
}
Using this proxy class you can easily create a runtime predicate that decides which repository to use. For instance:
services.AddTransient<IUserRepository>(c =>
new UserRepositoryDispatcher(
() => c.GetRequiredService<ITenant>().DataBaseName.Contains("Mongo"),
trueRepository: c.GetRequiredService<UserMongoRepository>()
falseRepository: c.GetRequiredService<UserSqlRepository>()));
You can try injecting a factory rather than the actual repository. The factory will be responsible for building the correct repository based on the current user identity.
It might require a little more boiler plate code but it can achieve what you want. A little bit of inheritance might even make the controller code simpler.