From 809fe7e5926684257b8f0603e3f72993f48be3cf Mon Sep 17 00:00:00 2001
From: "lucio.lelii" <lucio.lelii@isti.cnr.it>
Date: Thu, 4 Jun 2015 16:50:06 +0000
Subject: [PATCH] git-svn-id:
 http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/Common/authorization-common-library@115226
 82a268e6-3cf1-43bd-a215-b396298e98cf

---
 .../library/AuthorizationEntry.java           | 17 ++++++++
 .../AuthorizationInvocationHandler.java       | 41 +++++++++++--------
 .../authorization/library/BannedService.java  | 36 ++++++++++++++++
 .../authorization/library/BannedServices.java | 30 ++++++++++++++
 .../library/GenericProxyFactory.java          |  1 -
 .../library/provider/Service.java             |  9 ++++
 .../library/provider/UserInfo.java            |  6 ++-
 7 files changed, 122 insertions(+), 18 deletions(-)
 create mode 100644 src/main/java/org/gcube/common/authorization/library/BannedService.java
 create mode 100644 src/main/java/org/gcube/common/authorization/library/BannedServices.java

diff --git a/src/main/java/org/gcube/common/authorization/library/AuthorizationEntry.java b/src/main/java/org/gcube/common/authorization/library/AuthorizationEntry.java
index 602074e..6b9c6f2 100644
--- a/src/main/java/org/gcube/common/authorization/library/AuthorizationEntry.java
+++ b/src/main/java/org/gcube/common/authorization/library/AuthorizationEntry.java
@@ -1,11 +1,14 @@
 package org.gcube.common.authorization.library;
 
+import java.util.ArrayList;
 import java.util.List;
 
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlRootElement;
 
+import org.gcube.common.authorization.library.provider.Service;
+
 @XmlRootElement
 @XmlAccessorType(XmlAccessType.FIELD)
 public class AuthorizationEntry {
@@ -13,6 +16,7 @@ public class AuthorizationEntry {
 	private String userName;
 	private List<String> roles;
 	private String scope;
+	private List<Service> bannedServices = new ArrayList<Service>();
 	
 	protected AuthorizationEntry(){}
 	
@@ -22,6 +26,11 @@ public class AuthorizationEntry {
 		this.roles = roles;
 		this.scope = scope;
 	}
+	
+	public AuthorizationEntry(String userName, List<String> roles, String scope, List<Service> bannedServices) {
+		this(userName, roles, scope);
+		this.bannedServices = bannedServices;
+	}
 
 	public String getUserName() {
 		return userName;
@@ -34,6 +43,14 @@ public class AuthorizationEntry {
 	public String getScope() {
 		return scope;
 	}
+	
+	public List<Service> getBannedServices() {
+		return bannedServices;
+	}
+
+	public void setBannedServices(List<Service> bannedServices) {
+		this.bannedServices = bannedServices;
+	}
 
 	@Override
 	public String toString() {
diff --git a/src/main/java/org/gcube/common/authorization/library/AuthorizationInvocationHandler.java b/src/main/java/org/gcube/common/authorization/library/AuthorizationInvocationHandler.java
index 70b01f2..56bb512 100644
--- a/src/main/java/org/gcube/common/authorization/library/AuthorizationInvocationHandler.java
+++ b/src/main/java/org/gcube/common/authorization/library/AuthorizationInvocationHandler.java
@@ -33,22 +33,8 @@ public class AuthorizationInvocationHandler<T, I extends T> implements Invocatio
 			Object[] args) throws Throwable {
 		log.trace("calling proxed method "+method.getName()+" on "+handledClass);
 		UserInfo info = AuthorizationProvider.instance.get();
-		if(method.isAnnotationPresent(IsAllowedFor.class)){
-			IsAllowedFor allowed = method.getAnnotation(IsAllowedFor.class);
-			if (allowed.roles().length>0 && isOneElementContainedinRoles(info.getRoles(), allowed.roles())){
-				String message = "blocking method "+method.getName()+" for user "+info.getUserName()+": only roles "+Arrays.toString(allowed.roles()) +" can access";
-				log.warn(message);
-				throw new SecurityException(message);
-			}
-		}
-		if(method.isAnnotationPresent(SubjectToQuota.class)){
-			Service service = new Service(resourceAuthorizationProxy.getServiceClass(), resourceAuthorizationProxy.getServiceName());			
-			if (info.getBannedServices().contains(service)){
-				String message = "blocking method "+method.getName()+" for user "+info.getUserName()+": overquota reached";
-				log.warn(message);
-				throw new SecurityException(message);
-			}
-		}
+		checkSubjectToQuota(info, method);
+		checkIsAllowedFor(info, method);
 		return method.invoke(obj, args);
 	}
 
@@ -59,4 +45,27 @@ public class AuthorizationInvocationHandler<T, I extends T> implements Invocatio
 		return false;
 	}
 
+	private void checkSubjectToQuota(UserInfo info,  Method method){
+		if(method.isAnnotationPresent(SubjectToQuota.class)){
+			Service service = new Service(resourceAuthorizationProxy.getServiceClass(), resourceAuthorizationProxy.getServiceName());			
+			log.debug("subjectToQuota annotation present, checking for service {} in bannedServices {}",service, info.getBannedServices());
+			if (info.getBannedServices().contains(service)){
+				String message = "blocking method "+method.getName()+" for user "+info.getUserName()+": overquota reached";
+				log.warn(message);
+				throw new SecurityException(message);
+			}
+		} else log.debug("is subjectToQuota not present in "+method.getName());
+	}
+	
+	private void checkIsAllowedFor(UserInfo info,  Method method){
+		if(method.isAnnotationPresent(IsAllowedFor.class)){
+			IsAllowedFor allowed = method.getAnnotation(IsAllowedFor.class);
+			if (allowed.roles().length>0 && !isOneElementContainedinRoles(info.getRoles(), allowed.roles())){
+				String message = "blocking method "+method.getName()+" for user "+info.getUserName()+": only roles "+Arrays.toString(allowed.roles()) +" can access";
+				log.warn(message);
+				throw new SecurityException(message);
+			}
+		} else log.debug("is allowedFor not present in "+method.getName());
+	}
+	
 }
diff --git a/src/main/java/org/gcube/common/authorization/library/BannedService.java b/src/main/java/org/gcube/common/authorization/library/BannedService.java
new file mode 100644
index 0000000..7634d68
--- /dev/null
+++ b/src/main/java/org/gcube/common/authorization/library/BannedService.java
@@ -0,0 +1,36 @@
+package org.gcube.common.authorization.library;
+
+import java.util.Calendar;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.gcube.common.authorization.library.provider.Service;
+
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class BannedService {
+
+	private Service service;
+	private Calendar banTime;
+		
+	protected BannedService() {
+		super();
+	}
+	
+	public BannedService(Service service, Calendar banTime) {
+		super();
+		this.service = service;
+		this.banTime = banTime;
+	}
+	public Service getService() {
+		return service;
+	}
+	public Calendar getCreationTime() {
+		return banTime;
+	}
+	
+	
+	
+}
diff --git a/src/main/java/org/gcube/common/authorization/library/BannedServices.java b/src/main/java/org/gcube/common/authorization/library/BannedServices.java
new file mode 100644
index 0000000..1e2ce55
--- /dev/null
+++ b/src/main/java/org/gcube/common/authorization/library/BannedServices.java
@@ -0,0 +1,30 @@
+package org.gcube.common.authorization.library;
+
+import java.util.List;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class BannedServices {
+
+	private List<BannedService> services;
+
+	protected BannedServices(){}
+	
+	public BannedServices(List<BannedService> services) {
+		super();
+		this.services = services;
+	}
+
+
+
+	public List<BannedService> get() {
+		return services;
+	}
+	
+	
+	
+}
diff --git a/src/main/java/org/gcube/common/authorization/library/GenericProxyFactory.java b/src/main/java/org/gcube/common/authorization/library/GenericProxyFactory.java
index 2b80274..3fef4e1 100644
--- a/src/main/java/org/gcube/common/authorization/library/GenericProxyFactory.java
+++ b/src/main/java/org/gcube/common/authorization/library/GenericProxyFactory.java
@@ -3,7 +3,6 @@ package org.gcube.common.authorization.library;
 import java.lang.reflect.Proxy;
 
 public class GenericProxyFactory {
-
 	
 	@SuppressWarnings("unchecked")
 	public static  <T, I extends T>  T getProxy(Class<T> intf, 
diff --git a/src/main/java/org/gcube/common/authorization/library/provider/Service.java b/src/main/java/org/gcube/common/authorization/library/provider/Service.java
index cc2209b..f12a3a2 100644
--- a/src/main/java/org/gcube/common/authorization/library/provider/Service.java
+++ b/src/main/java/org/gcube/common/authorization/library/provider/Service.java
@@ -11,6 +11,8 @@ public class Service {
 	private String serviceClass;
 	private String serviceName;
 	
+	protected Service(){}
+	
 	public Service(String serviceClass, String serviceName) {
 		super();
 		this.serviceClass = serviceClass;
@@ -56,6 +58,13 @@ public class Service {
 			return false;
 		return true;
 	}
+
+	@Override
+	public String toString() {
+		return "Service [serviceClass=" + serviceClass + ", serviceName="
+				+ serviceName + "]";
+	}
+	
 	
 	
 }
diff --git a/src/main/java/org/gcube/common/authorization/library/provider/UserInfo.java b/src/main/java/org/gcube/common/authorization/library/provider/UserInfo.java
index 7c251fc..75f06f7 100644
--- a/src/main/java/org/gcube/common/authorization/library/provider/UserInfo.java
+++ b/src/main/java/org/gcube/common/authorization/library/provider/UserInfo.java
@@ -35,6 +35,10 @@ public class UserInfo {
 		return bannedServices;
 	}
 
+	public boolean isTokenBannedForService(Service service){
+		return (bannedServices.contains(service));
+	}
+	
 	@Override
 	public int hashCode() {
 		final int prime = 31;
@@ -44,7 +48,7 @@ public class UserInfo {
 				+ ((userName == null) ? 0 : userName.hashCode());
 		return result;
 	}
-
+		
 	@Override
 	public boolean equals(Object obj) {
 		if (this == obj)