git-svn-id: http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/Common/authorization-common-client@122871 82a268e6-3cf1-43bd-a215-b396298e98cf
This commit is contained in:
parent
ce089c4f5c
commit
276947bdd8
|
@ -16,7 +16,7 @@ import org.gcube.common.authorization.client.exceptions.UnauthorizedAccessExcept
|
||||||
import org.gcube.common.authorization.library.AuthorizationEntry;
|
import org.gcube.common.authorization.library.AuthorizationEntry;
|
||||||
import org.gcube.common.authorization.library.PolicyUtils;
|
import org.gcube.common.authorization.library.PolicyUtils;
|
||||||
import org.gcube.common.authorization.library.annotations.AuthorizationControl;
|
import org.gcube.common.authorization.library.annotations.AuthorizationControl;
|
||||||
import org.gcube.common.authorization.library.policies.Mode;
|
import org.gcube.common.authorization.library.policies.Action;
|
||||||
import org.gcube.common.authorization.library.policies.Policy;
|
import org.gcube.common.authorization.library.policies.Policy;
|
||||||
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||||
import org.gcube.common.authorization.library.provider.ServiceIdentifier;
|
import org.gcube.common.authorization.library.provider.ServiceIdentifier;
|
||||||
|
@ -62,7 +62,7 @@ public class Authorization {
|
||||||
if (SecurityTokenProvider.instance.get()==null)
|
if (SecurityTokenProvider.instance.get()==null)
|
||||||
throw new RuntimeException("the Security token is not set");
|
throw new RuntimeException("the Security token is not set");
|
||||||
Authorizable obj = (Authorizable) self;
|
Authorizable obj = (Authorizable) self;
|
||||||
Mode[] modes = null;
|
Action[] modes = null;
|
||||||
if (thisMethod.isAnnotationPresent(AuthorizationControl.class))
|
if (thisMethod.isAnnotationPresent(AuthorizationControl.class))
|
||||||
modes = thisMethod.getAnnotation(AuthorizationControl.class).check();
|
modes = thisMethod.getAnnotation(AuthorizationControl.class).check();
|
||||||
checkAuthorization(obj.getServiceClass(), obj.getServiceName(), modes);
|
checkAuthorization(obj.getServiceClass(), obj.getServiceName(), modes);
|
||||||
|
@ -77,12 +77,12 @@ public class Authorization {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void checkAuthorization(String serviceClass, String serviceName, Mode ... modes) throws Exception{
|
public static void checkAuthorization(String serviceClass, String serviceName, Action ... modes) throws Exception{
|
||||||
if (modes==null || modes.length==0) return;
|
if (modes==null || modes.length==0) return;
|
||||||
if (SecurityTokenProvider.instance.get()==null)
|
if (SecurityTokenProvider.instance.get()==null)
|
||||||
throw new UnauthorizedAccessException("the Security token is not set");
|
throw new UnauthorizedAccessException("the Security token is not set");
|
||||||
|
|
||||||
List<Mode> modesList = Arrays.asList(modes);
|
List<Action> modesList = Arrays.asList(modes);
|
||||||
|
|
||||||
AuthorizationEntry entry = authorizationService().get(SecurityTokenProvider.instance.get());
|
AuthorizationEntry entry = authorizationService().get(SecurityTokenProvider.instance.get());
|
||||||
|
|
||||||
|
@ -91,7 +91,7 @@ public class Authorization {
|
||||||
ServiceIdentifier serviceIdentifier = new ServiceIdentifier(serviceClass, serviceName, "*");
|
ServiceIdentifier serviceIdentifier = new ServiceIdentifier(serviceClass, serviceName, "*");
|
||||||
for (Policy policy: entry.getPolicies())
|
for (Policy policy: entry.getPolicies())
|
||||||
if (PolicyUtils.isPolicyValidForClient(policy.getServiceAccess(), serviceIdentifier))
|
if (PolicyUtils.isPolicyValidForClient(policy.getServiceAccess(), serviceIdentifier))
|
||||||
if (modesList.contains(policy.getMode()) || policy.getMode()==Mode.ALL)
|
if (modesList.contains(policy.getMode()) || policy.getMode()==Action.ALL)
|
||||||
throw new UnauthorizedAccessException("the invoked method is protected by the Authorization system, cannot be invoked by "+entry.getClientInfo().getId());
|
throw new UnauthorizedAccessException("the invoked method is protected by the Authorization system, cannot be invoked by "+entry.getClientInfo().getId());
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,11 +6,11 @@ import java.util.ArrayList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
|
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
|
||||||
import org.gcube.common.authorization.library.policies.Mode;
|
import org.gcube.common.authorization.library.policies.Action;
|
||||||
import org.gcube.common.authorization.library.policies.Policy;
|
import org.gcube.common.authorization.library.policies.Policy;
|
||||||
import org.gcube.common.authorization.library.policies.ServiceAccess;
|
import org.gcube.common.authorization.library.policies.ServiceAccess;
|
||||||
import org.gcube.common.authorization.library.policies.User;
|
|
||||||
import org.gcube.common.authorization.library.policies.User2ServicePolicy;
|
import org.gcube.common.authorization.library.policies.User2ServicePolicy;
|
||||||
|
import org.gcube.common.authorization.library.policies.Users;
|
||||||
import org.gcube.common.authorization.library.provider.UserInfo;
|
import org.gcube.common.authorization.library.provider.UserInfo;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
public class CallTest {
|
public class CallTest {
|
||||||
|
@ -29,7 +29,7 @@ public class CallTest {
|
||||||
public void requestToken() throws Exception {
|
public void requestToken() throws Exception {
|
||||||
|
|
||||||
//ScopeProvider.instance.set("/gcube/devsec");
|
//ScopeProvider.instance.set("/gcube/devsec");
|
||||||
String token = authorizationService().generateToken(new UserInfo("luca.frosini", new ArrayList<String>()), "/gcube/devsec");
|
String token = authorizationService().generateToken(new UserInfo("costantino", new ArrayList<String>()), "/gcube");
|
||||||
System.out.println("token is: "+token);
|
System.out.println("token is: "+token);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -37,7 +37,7 @@ public class CallTest {
|
||||||
@Test
|
@Test
|
||||||
public void addPolicy() throws Exception {
|
public void addPolicy() throws Exception {
|
||||||
List<Policy> policies = new ArrayList<Policy>();
|
List<Policy> policies = new ArrayList<Policy>();
|
||||||
policies.add(new User2ServicePolicy("/gcube/devsec", new ServiceAccess(), new User("lucio.lelii"), Mode.ACCESS ));
|
policies.add(new User2ServicePolicy("/gcube/devsec", new ServiceAccess(), Users.one("lucio.lelii"), Action.ACCESS ));
|
||||||
authorizationService().addPolicies(policies);
|
authorizationService().addPolicies(policies);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue