argos/dmp-backend/src/main/java/eu/eudat/handlers/PrincipalArgumentResolver.java

package eu.eudat.handlers;

import eu.eudat.exceptions.security.UnauthorisedException;
import eu.eudat.models.security.Principal;
import eu.eudat.security.claims.ClaimedAuthorities;
import eu.eudat.services.operations.AuthenticationService;
import eu.eudat.services.operations.AuthenticationServiceImpl;
import eu.eudat.types.Authorities;
import org.springframework.core.MethodParameter;
import org.springframework.web.bind.support.WebDataBinderFactory;
import org.springframework.web.context.request.NativeWebRequest;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.method.support.ModelAndViewContainer;

import java.lang.annotation.Annotation;
import java.util.Arrays;
import java.util.List;
import java.util.Optional;
import java.util.UUID;


public final class PrincipalArgumentResolver implements HandlerMethodArgumentResolver {

    private AuthenticationService authenticationService;

    @Override
    public boolean supportsParameter(MethodParameter methodParameter) {
        return methodParameter.getParameterType().equals(Principal.class);
    }

    @Override
    public Object resolveArgument(MethodParameter methodParameter, ModelAndViewContainer modelAndViewContainer, NativeWebRequest nativeWebRequest, WebDataBinderFactory webDataBinderFactory) throws Exception {
        String token = nativeWebRequest.getHeader("AuthToken");
        Optional<Annotation> claimsAnnotation = Arrays.stream(methodParameter.getParameterAnnotations()).filter(annotation -> annotation.annotationType().equals(ClaimedAuthorities.class)).findAny();
        List<Authorities> claimList = claimsAnnotation.map(annotation -> Arrays.asList(((ClaimedAuthorities) annotation).claims())).orElse(Authorities.all());
        if (token == null) throw new UnauthorisedException("Authentication Information Is Missing");
        UUID authToken;
        try {
            authToken = UUID.fromString(token);
        } catch (IllegalArgumentException ex) {
            throw new UnauthorisedException("Authentication Information Is Missing");
        }

        Principal principal = this.authenticationService.Touch(authToken);
        if (principal == null) throw new UnauthorisedException("Authentication Information Missing");
        if (!principal.isAuthorized(claimList))
            throw new UnauthorisedException("You are not Authorized For this Action");
        return principal;
    }

    public PrincipalArgumentResolver(AuthenticationService authenticationService) {
        this.authenticationService = authenticationService;
    }

}
no message 2017-12-15 17:57:41 +01:00			`package eu.eudat.handlers;`

no message 2018-02-07 10:56:30 +01:00			`import eu.eudat.exceptions.security.UnauthorisedException;`
no message 2017-12-15 17:57:41 +01:00			`import eu.eudat.models.security.Principal;`
no message 2018-01-31 16:39:16 +01:00			`import eu.eudat.security.claims.ClaimedAuthorities;`
no message 2018-03-05 17:18:45 +01:00			`import eu.eudat.services.operations.AuthenticationService;`
			`import eu.eudat.services.operations.AuthenticationServiceImpl;`
no message 2018-01-31 16:39:16 +01:00			`import eu.eudat.types.Authorities;`
no message 2017-12-15 17:57:41 +01:00			`import org.springframework.core.MethodParameter;`
			`import org.springframework.web.bind.support.WebDataBinderFactory;`
			`import org.springframework.web.context.request.NativeWebRequest;`
			`import org.springframework.web.method.support.HandlerMethodArgumentResolver;`
			`import org.springframework.web.method.support.ModelAndViewContainer;`

no message 2018-01-31 16:39:16 +01:00			`import java.lang.annotation.Annotation;`
no message 2018-02-16 11:34:02 +01:00			`import java.util.Arrays;`
			`import java.util.List;`
			`import java.util.Optional;`
			`import java.util.UUID;`
no message 2018-01-31 16:39:16 +01:00
no message 2018-02-01 10:08:06 +01:00
no message 2017-12-15 17:57:41 +01:00			`public final class PrincipalArgumentResolver implements HandlerMethodArgumentResolver {`

no message 2017-12-18 16:55:12 +01:00			`private AuthenticationService authenticationService;`
no message 2018-01-10 17:05:23 +01:00
no message 2017-12-15 17:57:41 +01:00			`@Override`
			`public boolean supportsParameter(MethodParameter methodParameter) {`
			`return methodParameter.getParameterType().equals(Principal.class);`
			`}`

			`@Override`
no message 2018-01-10 17:05:23 +01:00			`public Object resolveArgument(MethodParameter methodParameter, ModelAndViewContainer modelAndViewContainer, NativeWebRequest nativeWebRequest, WebDataBinderFactory webDataBinderFactory) throws Exception {`
no message 2017-12-18 16:55:12 +01:00			`String token = nativeWebRequest.getHeader("AuthToken");`
no message 2018-01-31 16:39:16 +01:00			`Optional<Annotation> claimsAnnotation = Arrays.stream(methodParameter.getParameterAnnotations()).filter(annotation -> annotation.annotationType().equals(ClaimedAuthorities.class)).findAny();`
			`List<Authorities> claimList = claimsAnnotation.map(annotation -> Arrays.asList(((ClaimedAuthorities) annotation).claims())).orElse(Authorities.all());`
no message 2018-01-10 17:05:23 +01:00			`if (token == null) throw new UnauthorisedException("Authentication Information Is Missing");`
no message 2017-12-18 16:55:12 +01:00			`UUID authToken;`
no message 2018-01-10 17:05:23 +01:00			`try {`
no message 2017-12-18 16:55:12 +01:00			`authToken = UUID.fromString(token);`
no message 2018-01-10 17:05:23 +01:00			`} catch (IllegalArgumentException ex) {`
no message 2017-12-18 16:55:12 +01:00			`throw new UnauthorisedException("Authentication Information Is Missing");`
			`}`

			`Principal principal = this.authenticationService.Touch(authToken);`
no message 2018-01-10 17:05:23 +01:00			`if (principal == null) throw new UnauthorisedException("Authentication Information Missing");`
no message 2018-02-16 11:34:02 +01:00			`if (!principal.isAuthorized(claimList))`
			`throw new UnauthorisedException("You are not Authorized For this Action");`
no message 2017-12-15 17:57:41 +01:00			`return principal;`
			`}`

no message 2018-01-10 17:05:23 +01:00			`public PrincipalArgumentResolver(AuthenticationService authenticationService) {`
no message 2017-12-18 16:55:12 +01:00			`this.authenticationService = authenticationService;`
			`}`

no message 2017-12-15 17:57:41 +01:00			`}`