diff --git a/.classpath b/.classpath
index e43402f..fae1a2b 100644
--- a/.classpath
+++ b/.classpath
@@ -22,7 +22,7 @@
-
+
diff --git a/.settings/org.eclipse.jdt.core.prefs b/.settings/org.eclipse.jdt.core.prefs
index 6249222..672496e 100644
--- a/.settings/org.eclipse.jdt.core.prefs
+++ b/.settings/org.eclipse.jdt.core.prefs
@@ -1,12 +1,12 @@
eclipse.preferences.version=1
org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.7
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve
-org.eclipse.jdt.core.compiler.compliance=1.7
+org.eclipse.jdt.core.compiler.compliance=1.8
org.eclipse.jdt.core.compiler.debug.lineNumber=generate
org.eclipse.jdt.core.compiler.debug.localVariable=generate
org.eclipse.jdt.core.compiler.debug.sourceFile=generate
org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
-org.eclipse.jdt.core.compiler.source=1.7
+org.eclipse.jdt.core.compiler.source=1.8
diff --git a/pom.xml b/pom.xml
index 8db2f29..480d2be 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
4.0.0
org.gcube.common
common-authorization
- 2.1.1-SNAPSHOT
+ 2.1.3-SNAPSHOT
authorization service common library
diff --git a/src/main/java/org/gcube/common/authorization/library/annotations/AuthorizationControl.java b/src/main/java/org/gcube/common/authorization/library/annotations/AuthorizationControl.java
index f9cfeb2..6f35b31 100644
--- a/src/main/java/org/gcube/common/authorization/library/annotations/AuthorizationControl.java
+++ b/src/main/java/org/gcube/common/authorization/library/annotations/AuthorizationControl.java
@@ -13,5 +13,6 @@ import org.gcube.common.authorization.library.policies.Action;
@Target(ElementType.METHOD)
public @interface AuthorizationControl {
- Action[] check() default {Action.ALL};
+ Action[] actions() default {Action.ALL};
+ String[] allowed() default {};
}
diff --git a/src/main/java/org/gcube/common/authorization/library/aspect/AuthorizationAspect.java b/src/main/java/org/gcube/common/authorization/library/aspect/AuthorizationAspect.java
index 018b6ea..738e0d8 100644
--- a/src/main/java/org/gcube/common/authorization/library/aspect/AuthorizationAspect.java
+++ b/src/main/java/org/gcube/common/authorization/library/aspect/AuthorizationAspect.java
@@ -2,6 +2,7 @@
package org.gcube.common.authorization.library.aspect;
import java.lang.reflect.Method;
+import java.util.Arrays;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
@@ -9,6 +10,7 @@ import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.aspectj.lang.reflect.MethodSignature;
import org.gcube.common.authorization.library.annotations.AuthorizationControl;
+import org.gcube.common.authorization.library.provider.AuthorizationProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -16,7 +18,7 @@ import org.slf4j.LoggerFactory;
public class AuthorizationAspect {
Logger log = LoggerFactory.getLogger(AuthorizationAspect.class);
-
+
@Pointcut("@annotation(org.gcube.common.authorization.library.annotations.AuthorizationControl)")
public void authorizationEntyPoint() {
}
@@ -30,7 +32,10 @@ public class AuthorizationAspect {
MethodSignature signature = (MethodSignature) joinPoint.getSignature();
Method method = signature.getMethod();
AuthorizationControl authAnn = (AuthorizationControl) method.getAnnotation(AuthorizationControl.class);
- log.info("aspect before with annotation {} and value {} in method {}", authAnn.annotationType(), authAnn.check(), method.getName());
+ log.info("aspect before with annotation {} and value {} in method {}", authAnn.annotationType(), authAnn.actions(), authAnn.allowed(), method.getName());
+ String userId = AuthorizationProvider.instance.get().getClient().getId();
+ if (authAnn.allowed().length!=0 && !Arrays.asList(authAnn.allowed()).contains(userId))
+ throw new RuntimeException("user not allowed to call method "+method.getName());
}
}