gCubeSystem
/
authorization-control-library
16
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
task/23275
master
rolemanaging
v1.1.1
r4.19.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2c7bcd1780'
${ noResults }
authorization-control-library/src/main/java/org/gcube/common/authorization/control/AuthorizationAspect.java

56 lines
2.6 KiB
Java
Raw Blame History

package org.gcube.common.authorization.control;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.aspectj.lang.reflect.MethodSignature;
import org.gcube.common.authorization.control.annotations.AuthorizationControl;
import org.gcube.common.authorization.library.exception.AuthorizationException;
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@Aspect
public class AuthorizationAspect {
Logger log = LoggerFactory.getLogger(AuthorizationAspect.class);
@Pointcut("@annotation(org.gcube.common.authorization.control.annotations.AuthorizationControl)")
public void authorizationEntryPoint() {
}
@Pointcut("execution(* *.*(..))")
public void anyCall() {
}
@Before("authorizationEntryPoint() && anyCall()")
public void before(JoinPoint joinPoint) throws InstantiationException, IllegalAccessException, IllegalArgumentException, InvocationTargetException, NoSuchMethodException, SecurityException {
MethodSignature signature = (MethodSignature) joinPoint.getSignature();
Method method = signature.getMethod();
AuthorizationControl authAnn = (AuthorizationControl) method.getAnnotation(AuthorizationControl.class);
log.info("aspect before with annotation {} with action {}, allowed {} in method {}", authAnn.annotationType(), authAnn.actions(), authAnn.allowedRoles(), authAnn.allowedUsers(), method.getName());
String userId = AuthorizationProvider.instance.get().getClient().getId();
List<String> userRoles = AuthorizationProvider.instance.get().getClient().getRoles();
if (authAnn.allowedUsers().length!=0 && !Arrays.asList(authAnn.allowedUsers()).contains(userId)) {
RuntimeException ex = authAnn.exception().getConstructor(Throwable.class).newInstance(new AuthorizationException(String.format("user %s not allowed to call method %s", userId, method.getName())));
throw ex;
}
List<String> allowedRoles = Arrays.asList(authAnn.allowedRoles());
if (authAnn.allowedRoles().length!=0 && userRoles.stream().filter(i -> allowedRoles.contains(i)).collect(Collectors.toList()).isEmpty()) {
RuntimeException ex = authAnn.exception().getConstructor(Throwable.class).newInstance(new AuthorizationException(String.format("user %s not allowed to call method %s (role non allowed)", userId, method.getName())));
throw ex;
}
}
}
Reference in New Issue View Git Blame Copy Permalink