allowedRoles added to AuthorizationControl annotation

2019-10-10 12:35:41 +02:00 · 2019-10-10 12:35:41 +02:00 · 2c7bcd1780
parent 29d4d196ab
commit 2c7bcd1780
4 changed files with 14 additions and 9 deletions
--- a/descriptor.xml
+++ b/descriptor.xml
@ -24,7 +24,7 @@
 	</fileSets>
 	<files>
 		<file>
-			<source>target/${build.finalName}.war</source>
+			<source>target/${build.finalName}.jar</source>
 			<outputDirectory>/${artifactId}</outputDirectory>
 		</file>
 	</files>
--- a/pom.xml
+++ b/pom.xml
@ -11,11 +11,7 @@
 		<groupId>org.gcube.tools</groupId>
 		<version>1.1.0</version>
 	</parent>
-
-	<properties>
-		<distroDirectory>distro</distroDirectory>
-	</properties>
-  	
+	  	
  	<dependencies>
  		<dependency>
 	  		<groupId>org.gcube.common</groupId>
--- a/src/main/java/org/gcube/common/authorization/control/AuthorizationAspect.java
+++ b/src/main/java/org/gcube/common/authorization/control/AuthorizationAspect.java
@ -4,6 +4,8 @@ package org.gcube.common.authorization.control;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.util.Arrays;
+import java.util.List;
+import java.util.stream.Collectors;

 import org.aspectj.lang.JoinPoint;
 import org.aspectj.lang.annotation.Aspect;
@ -35,13 +37,19 @@ public class AuthorizationAspect {
 		MethodSignature signature = (MethodSignature) joinPoint.getSignature();
 	    Method method = signature.getMethod();
 		AuthorizationControl authAnn = (AuthorizationControl) method.getAnnotation(AuthorizationControl.class);
-		log.info("aspect before with annotation {} with action {}, allowed {} in method {}", authAnn.annotationType(), authAnn.actions(), authAnn.allowed(), method.getName());
+		log.info("aspect before with annotation {} with action {}, allowed {} in method {}", authAnn.annotationType(), authAnn.actions(), authAnn.allowedRoles(), authAnn.allowedUsers(), method.getName());
 		String userId = AuthorizationProvider.instance.get().getClient().getId();
+		List<String> userRoles = AuthorizationProvider.instance.get().getClient().getRoles();
 		
-		if (authAnn.allowed().length!=0 && !Arrays.asList(authAnn.allowed()).contains(userId)) {
+		if (authAnn.allowedUsers().length!=0 && !Arrays.asList(authAnn.allowedUsers()).contains(userId)) {
 			RuntimeException ex = authAnn.exception().getConstructor(Throwable.class).newInstance(new AuthorizationException(String.format("user %s not allowed to call method %s", userId, method.getName())));
 			throw ex;	
 		}
+		List<String> allowedRoles = Arrays.asList(authAnn.allowedRoles());
+		if (authAnn.allowedRoles().length!=0 && userRoles.stream().filter(i -> allowedRoles.contains(i)).collect(Collectors.toList()).isEmpty()) {
+			RuntimeException ex = authAnn.exception().getConstructor(Throwable.class).newInstance(new AuthorizationException(String.format("user %s not allowed to call method %s (role non allowed)", userId, method.getName())));
+			throw ex;	
+		}
 	}
 	
 }
--- a/src/main/java/org/gcube/common/authorization/control/annotations/AuthorizationControl.java
+++ b/src/main/java/org/gcube/common/authorization/control/annotations/AuthorizationControl.java
@ -14,6 +14,7 @@ import org.gcube.common.authorization.library.policies.Action;
 public @interface AuthorizationControl {
 	
 	Action[] actions() default {}; 
-	String[] allowed() default {};
+	String[] allowedUsers() default {};
+	String[] allowedRoles() default {};
 	Class<? extends RuntimeException> exception();
 }