allowedRoles added to AuthorizationControl annotation

rolemanaging
lucio 5 years ago
parent 29d4d196ab
commit 2c7bcd1780

@ -24,7 +24,7 @@
</fileSets>
<files>
<file>
<source>target/${build.finalName}.war</source>
<source>target/${build.finalName}.jar</source>
<outputDirectory>/${artifactId}</outputDirectory>
</file>
</files>

@ -11,11 +11,7 @@
<groupId>org.gcube.tools</groupId>
<version>1.1.0</version>
</parent>
<properties>
<distroDirectory>distro</distroDirectory>
</properties>
<dependencies>
<dependency>
<groupId>org.gcube.common</groupId>

@ -4,6 +4,8 @@ package org.gcube.common.authorization.control;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
@ -35,13 +37,19 @@ public class AuthorizationAspect {
MethodSignature signature = (MethodSignature) joinPoint.getSignature();
Method method = signature.getMethod();
AuthorizationControl authAnn = (AuthorizationControl) method.getAnnotation(AuthorizationControl.class);
log.info("aspect before with annotation {} with action {}, allowed {} in method {}", authAnn.annotationType(), authAnn.actions(), authAnn.allowed(), method.getName());
log.info("aspect before with annotation {} with action {}, allowed {} in method {}", authAnn.annotationType(), authAnn.actions(), authAnn.allowedRoles(), authAnn.allowedUsers(), method.getName());
String userId = AuthorizationProvider.instance.get().getClient().getId();
List<String> userRoles = AuthorizationProvider.instance.get().getClient().getRoles();
if (authAnn.allowed().length!=0 && !Arrays.asList(authAnn.allowed()).contains(userId)) {
if (authAnn.allowedUsers().length!=0 && !Arrays.asList(authAnn.allowedUsers()).contains(userId)) {
RuntimeException ex = authAnn.exception().getConstructor(Throwable.class).newInstance(new AuthorizationException(String.format("user %s not allowed to call method %s", userId, method.getName())));
throw ex;
}
List<String> allowedRoles = Arrays.asList(authAnn.allowedRoles());
if (authAnn.allowedRoles().length!=0 && userRoles.stream().filter(i -> allowedRoles.contains(i)).collect(Collectors.toList()).isEmpty()) {
RuntimeException ex = authAnn.exception().getConstructor(Throwable.class).newInstance(new AuthorizationException(String.format("user %s not allowed to call method %s (role non allowed)", userId, method.getName())));
throw ex;
}
}
}

@ -14,6 +14,7 @@ import org.gcube.common.authorization.library.policies.Action;
public @interface AuthorizationControl {
Action[] actions() default {};
String[] allowed() default {};
String[] allowedUsers() default {};
String[] allowedRoles() default {};
Class<? extends RuntimeException> exception();
}

Loading…
Cancel
Save