This commit is contained in:
Lucio Lelii 2016-02-25 11:33:24 +00:00
parent a5e111495a
commit 6c28e4233a
2 changed files with 0 additions and 109 deletions

View File

@ -1,8 +0,0 @@
package org.gcube.common.authorization.client.helper;
public interface Authorizable {
String getServiceName();
String getServiceClass();
}

View File

@ -1,101 +0,0 @@
package org.gcube.common.authorization.client.helper;
import static org.gcube.common.authorization.client.Constants.authorizationService;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javassist.util.proxy.MethodHandler;
import javassist.util.proxy.ProxyFactory;
import javassist.util.proxy.ProxyObject;
import org.gcube.common.authorization.client.exceptions.UnauthorizedAccessException;
import org.gcube.common.authorization.library.AuthorizationEntry;
import org.gcube.common.authorization.library.PolicyUtils;
import org.gcube.common.authorization.library.annotations.AuthorizationControl;
import org.gcube.common.authorization.library.policies.Action;
import org.gcube.common.authorization.library.policies.Policy;
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
import org.gcube.common.authorization.library.provider.ServiceIdentifier;
/**
* enables authorization control on classes using proxies
*
* when a user in not allowed to call a method annotated with {@link AuthorizationControl}
* an {@link UnauthorizedAccessException} is thrown
*
* @author lucio lelii
*
*/
public class Authorization {
private static Map<Class<?>, Class<?>> proxyClassMap = new HashMap<Class<?>, Class<?>>();
private static ProxyFactory proxyfactory = new ProxyFactory();
private static Class<?> getProxied(Class<?> proxyClass){
if (proxyClassMap.containsKey(proxyClass))
return proxyClassMap.get(proxyClass);
proxyfactory.setSuperclass(proxyClass);
Class<?> proxied=proxyfactory.createClass();
proxyClassMap.put(proxyClass, proxied);
return proxied;
}
public static <T extends Authorizable> T getAuthorizedInstance(Class<T> proxyClass){
Class<?> proxied = getProxied(proxyClass);
Object obj;
try {
obj = proxied.newInstance();
MethodHandler handler = new MethodHandler() {
public Object invoke(Object self, Method thisMethod, Method proceed,
Object[] args) throws Throwable {
if (thisMethod.isAnnotationPresent(AuthorizationControl.class) && !thisMethod.getName().equals("getServiceName")
&& !thisMethod.getName().equals("getServiceClass")){
if (SecurityTokenProvider.instance.get()==null)
throw new RuntimeException("the Security token is not set");
Authorizable obj = (Authorizable) self;
Action[] modes = null;
if (thisMethod.isAnnotationPresent(AuthorizationControl.class))
modes = thisMethod.getAnnotation(AuthorizationControl.class).check();
checkAuthorization(obj.getServiceClass(), obj.getServiceName(), modes);
}
return proceed.invoke(self, args);
}
};
((ProxyObject)obj).setHandler(handler);
return proxyClass.cast(obj);
} catch (InstantiationException | IllegalAccessException e) {
throw new RuntimeException(e);
}
}
public static void checkAuthorization(String serviceClass, String serviceName, Action ... modes) throws Exception{
if (modes==null || modes.length==0) return;
if (SecurityTokenProvider.instance.get()==null)
throw new UnauthorizedAccessException("the Security token is not set");
List<Action> modesList = Arrays.asList(modes);
AuthorizationEntry entry = authorizationService().get(SecurityTokenProvider.instance.get());
if (entry.getPolicies()!=null){
//DO we need a library identifier ??
ServiceIdentifier serviceIdentifier = new ServiceIdentifier(serviceClass, serviceName, "*");
for (Policy policy: entry.getPolicies())
if (PolicyUtils.isPolicyValidForClient(policy.getServiceAccess(), serviceIdentifier))
if (modesList.contains(policy.getMode()) || policy.getMode()==Action.ALL)
throw new UnauthorizedAccessException("the invoked method is protected by the Authorization system, cannot be invoked by "+entry.getClientInfo().getId());
}
}
}