X-Git-Url: https://gerrit.onap.org/r/gitweb?p=aaf%2Fcadi.git;a=blobdiff_plain;f=sidecar%2Frproxy%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Fsidecar%2Frproxy%2FReverseProxyAuthorizationFilter.java;fp=sidecar%2Frproxy%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Fsidecar%2Frproxy%2FReverseProxyAuthorizationFilter.java;h=5a09f6e44d758fd8e8914251ac13b69e2cabe753;hp=2ef4cc0c17e6d07c077e7bf6863a8e7ca220731b;hb=8832889f5707d5983c729753968919bb3aa38b8a;hpb=a2798182d222dad96af88ff486f7c3536c12a6a1

diff --git a/sidecar/rproxy/src/main/java/org/onap/aaf/cadi/sidecar/rproxy/ReverseProxyAuthorizationFilter.java b/sidecar/rproxy/src/main/java/org/onap/aaf/cadi/sidecar/rproxy/ReverseProxyAuthorizationFilter.java
index 2ef4cc0..5a09f6e 100644
--- a/sidecar/rproxy/src/main/java/org/onap/aaf/cadi/sidecar/rproxy/ReverseProxyAuthorizationFilter.java
+++ b/sidecar/rproxy/src/main/java/org/onap/aaf/cadi/sidecar/rproxy/ReverseProxyAuthorizationFilter.java
@@ -98,13 +98,15 @@ public class ReverseProxyAuthorizationFilter implements Filter {
         }
 
         String requestPath;
+        String requestMethod;
         try {
             requestPath = new URI(((HttpServletRequest) servletRequest).getRequestURI()).getPath();
+            requestMethod = ((HttpServletRequest)servletRequest).getMethod();
         } catch (URISyntaxException e) {
             throw new ServletException("Request URI not valid", e);
         }
 
-        if (authorizeRequest(grantedPermissions, requestPath)) {
+        if (authorizeRequest(grantedPermissions, requestPath, requestMethod)) {
             LOGGER.info("Authorized");
             filterChain.doFilter(servletRequest, servletResponse);
         } else {
@@ -121,12 +123,14 @@ public class ReverseProxyAuthorizationFilter implements Filter {
      * 
      * @param grantedPermissions The granted permissions for the request path
      * @param requestPath The request path
+     * @param requestMethod The request method i.e. HTTP verb e.g. GET, PUT, POST etc
      * @return true if permissions match
      */
-    private boolean authorizeRequest(List<Permission> grantedPermissions, String requestPath) {
+    private boolean authorizeRequest(List<Permission> grantedPermissions, String requestPath, String requestMethod) {
         boolean authorized = false;
         for (ReverseProxyAuthorization reverseProxyAuthorization : reverseProxyAuthorizations) {
-            if (requestPath.matches(reverseProxyAuthorization.getUri())) {
+            if (requestPath.matches(reverseProxyAuthorization.getUri()) &&
+            	requestMethod.matches(reverseProxyAuthorization.getMethod())) {
                 LOGGER.debug("The URI:{}  matches:{}", requestPath, reverseProxyAuthorization.getUri());
                 if (checkPermissionsMatch(grantedPermissions, reverseProxyAuthorization)) {
                     authorized = true;