porting to smartgears 4
This commit is contained in:
parent
3b509279a0
commit
6cf84fe511
21
pom.xml
21
pom.xml
|
|
@ -1,4 +1,6 @@
|
||||||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||||
<modelVersion>4.0.0</modelVersion>
|
<modelVersion>4.0.0</modelVersion>
|
||||||
<groupId>org.gcube.common</groupId>
|
<groupId>org.gcube.common</groupId>
|
||||||
<artifactId>authorization-control-library</artifactId>
|
<artifactId>authorization-control-library</artifactId>
|
||||||
|
|
@ -16,11 +18,23 @@
|
||||||
<developerConnection>scm:git:https://code-repo.d4science.org/gCubeSystem/authorization-control-library.git</developerConnection>
|
<developerConnection>scm:git:https://code-repo.d4science.org/gCubeSystem/authorization-control-library.git</developerConnection>
|
||||||
<url>https://code-repo.d4science.org/gCubeSystem/authorization-control-library</url>
|
<url>https://code-repo.d4science.org/gCubeSystem/authorization-control-library</url>
|
||||||
</scm>
|
</scm>
|
||||||
|
|
||||||
|
<dependencyManagement>
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.gcube.distribution</groupId>
|
||||||
|
<artifactId>gcube-bom</artifactId>
|
||||||
|
<version>3.0.0-SNAPSHOT</version>
|
||||||
|
<type>pom</type>
|
||||||
|
<scope>import</scope>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
</dependencyManagement>
|
||||||
|
|
||||||
<dependencies>
|
<dependencies>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.gcube.common</groupId>
|
<groupId>org.gcube.common</groupId>
|
||||||
<artifactId>common-authorization</artifactId>
|
<artifactId>common-security</artifactId>
|
||||||
<version>[3.0.0-SNAPSHOT, 4.0.0-SNAPSHOT)</version>
|
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.aspectj</groupId>
|
<groupId>org.aspectj</groupId>
|
||||||
|
|
@ -31,7 +45,6 @@
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.slf4j</groupId>
|
<groupId>org.slf4j</groupId>
|
||||||
<artifactId>slf4j-api</artifactId>
|
<artifactId>slf4j-api</artifactId>
|
||||||
<version>1.7.5</version>
|
|
||||||
</dependency>
|
</dependency>
|
||||||
</dependencies>
|
</dependencies>
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -14,9 +14,8 @@ import org.aspectj.lang.annotation.Before;
|
||||||
import org.aspectj.lang.annotation.Pointcut;
|
import org.aspectj.lang.annotation.Pointcut;
|
||||||
import org.aspectj.lang.reflect.MethodSignature;
|
import org.aspectj.lang.reflect.MethodSignature;
|
||||||
import org.gcube.common.authorization.control.annotations.AuthorizationControl;
|
import org.gcube.common.authorization.control.annotations.AuthorizationControl;
|
||||||
import org.gcube.common.authorization.library.exception.AuthorizationException;
|
import org.gcube.common.security.Owner;
|
||||||
import org.gcube.common.authorization.utils.manager.SecretManagerProvider;
|
import org.gcube.common.security.providers.SecretManagerProvider;
|
||||||
import org.gcube.common.authorization.utils.user.User;
|
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
|
|
@ -41,18 +40,18 @@ public class AuthorizationAspect {
|
||||||
AuthorizationControl authAnn = (AuthorizationControl) method.getAnnotation(AuthorizationControl.class);
|
AuthorizationControl authAnn = (AuthorizationControl) method.getAnnotation(AuthorizationControl.class);
|
||||||
log.info("aspect before with annotation {} with action {}, allowed {} in method {}", authAnn.annotationType(), authAnn.actions(), authAnn.allowedRoles(), authAnn.allowedUsers(), method.getName());
|
log.info("aspect before with annotation {} with action {}, allowed {} in method {}", authAnn.annotationType(), authAnn.actions(), authAnn.allowedRoles(), authAnn.allowedUsers(), method.getName());
|
||||||
|
|
||||||
User user = SecretManagerProvider.instance.get().getUser();
|
Owner user = SecretManagerProvider.instance.get().getOwner();
|
||||||
|
|
||||||
String userId = user.getUsername();
|
String userId = user.getId();
|
||||||
Collection<String> userRoles = user.getRoles();
|
Collection<String> userRoles = user.getRoles();
|
||||||
log.info("user role is {} and user {}", userRoles, userId );
|
log.info("user role is {} and user {}", userRoles, userId );
|
||||||
if (authAnn.allowedUsers().length!=0 && !Arrays.asList(authAnn.allowedUsers()).contains(userId)) {
|
if (authAnn.allowedUsers().length!=0 && !Arrays.asList(authAnn.allowedUsers()).contains(userId)) {
|
||||||
RuntimeException ex = authAnn.exception().getConstructor(Throwable.class).newInstance(new AuthorizationException(String.format("user %s not allowed to call method %s", userId, method.getName())));
|
RuntimeException ex = authAnn.exception().getConstructor(Throwable.class).newInstance(new SecurityException(String.format("user %s not allowed to call method %s", userId, method.getName())));
|
||||||
throw ex;
|
throw ex;
|
||||||
}
|
}
|
||||||
List<String> allowedRoles = Arrays.asList(authAnn.allowedRoles());
|
List<String> allowedRoles = Arrays.asList(authAnn.allowedRoles());
|
||||||
if (authAnn.allowedRoles().length!=0 && userRoles.stream().filter(i -> allowedRoles.contains(i)).collect(Collectors.toList()).isEmpty()) {
|
if (authAnn.allowedRoles().length!=0 && userRoles.stream().filter(i -> allowedRoles.contains(i)).collect(Collectors.toList()).isEmpty()) {
|
||||||
RuntimeException ex = authAnn.exception().getConstructor(Throwable.class).newInstance(new AuthorizationException(String.format("user %s not allowed to call method %s (role not valid)", userId, method.getName())));
|
RuntimeException ex = authAnn.exception().getConstructor(Throwable.class).newInstance(new SecurityException(String.format("user %s not allowed to call method %s (role not valid)", userId, method.getName())));
|
||||||
throw ex;
|
throw ex;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -6,14 +6,13 @@ import java.lang.annotation.Retention;
|
||||||
import java.lang.annotation.RetentionPolicy;
|
import java.lang.annotation.RetentionPolicy;
|
||||||
import java.lang.annotation.Target;
|
import java.lang.annotation.Target;
|
||||||
|
|
||||||
import org.gcube.common.authorization.library.policies.Action;
|
|
||||||
|
|
||||||
@Inherited
|
@Inherited
|
||||||
@Retention(RetentionPolicy.RUNTIME)
|
@Retention(RetentionPolicy.RUNTIME)
|
||||||
@Target(ElementType.METHOD)
|
@Target(ElementType.METHOD)
|
||||||
public @interface AuthorizationControl {
|
public @interface AuthorizationControl {
|
||||||
|
|
||||||
Action[] actions() default {};
|
String[] actions() default {};
|
||||||
String[] allowedUsers() default {};
|
String[] allowedUsers() default {};
|
||||||
String[] allowedRoles() default {};
|
String[] allowedRoles() default {};
|
||||||
Class<? extends RuntimeException> exception();
|
Class<? extends RuntimeException> exception();
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue