2017-05-17 18:15:15 +02:00
package org.gcube.common.authorization.library.aspect ;
import java.lang.reflect.Method ;
2018-11-29 19:17:29 +01:00
import java.util.Arrays ;
2017-05-17 18:15:15 +02:00
import org.aspectj.lang.JoinPoint ;
import org.aspectj.lang.annotation.Aspect ;
import org.aspectj.lang.annotation.Before ;
import org.aspectj.lang.annotation.Pointcut ;
import org.aspectj.lang.reflect.MethodSignature ;
import org.gcube.common.authorization.library.annotations.AuthorizationControl ;
2018-11-29 19:17:29 +01:00
import org.gcube.common.authorization.library.provider.AuthorizationProvider ;
2017-05-17 18:15:15 +02:00
import org.slf4j.Logger ;
import org.slf4j.LoggerFactory ;
@Aspect
public class AuthorizationAspect {
Logger log = LoggerFactory . getLogger ( AuthorizationAspect . class ) ;
2018-11-30 12:42:36 +01:00
2017-05-17 18:15:15 +02:00
@Pointcut ( " @annotation(org.gcube.common.authorization.library.annotations.AuthorizationControl) " )
2018-11-30 12:42:36 +01:00
public void authorizationEntryPoint ( ) {
2017-05-17 18:15:15 +02:00
}
2018-11-30 12:42:36 +01:00
@Pointcut ( " execution(* *.*(..)) " )
public void anyCall ( ) {
2017-05-17 18:15:15 +02:00
}
2018-11-30 12:42:36 +01:00
@Before ( " authorizationEntryPoint() && anyCall() " )
2017-05-17 18:15:15 +02:00
public void before ( JoinPoint joinPoint ) {
MethodSignature signature = ( MethodSignature ) joinPoint . getSignature ( ) ;
Method method = signature . getMethod ( ) ;
AuthorizationControl authAnn = ( AuthorizationControl ) method . getAnnotation ( AuthorizationControl . class ) ;
2018-11-30 17:06:43 +01:00
log . info ( " aspect before with annotation {} with action {}, allowed {} in method {} " , authAnn . annotationType ( ) , authAnn . actions ( ) , authAnn . allowed ( ) , method . getName ( ) ) ;
2018-11-29 19:17:29 +01:00
String userId = AuthorizationProvider . instance . get ( ) . getClient ( ) . getId ( ) ;
if ( authAnn . allowed ( ) . length ! = 0 & & ! Arrays . asList ( authAnn . allowed ( ) ) . contains ( userId ) )
throw new RuntimeException ( " user not allowed to call method " + method . getName ( ) ) ;
2017-05-17 18:15:15 +02:00
}
}