Added PermissionEvaluator

7b97e40b · Spiros Koulouzis · a66267cb · 7b97e40b · 7b97e40b · 7b97e40b
Commit 7b97e40b authored Mar 08, 2017 by Spiros Koulouzis
7 changed files
--- a/drip-api/src/main/java/nl/uva/sne/drip/api/auth/PermissionChecker.java
+++ b/drip-api/src/main/java/nl/uva/sne/drip/api/auth/PermissionChecker.java
@@ -15,23 +15,27 @@
 */
 package nl.uva.sne.drip.api.auth;

-import nl.uva.sne.drip.commons.v1.types.OwnedObject;
-import nl.uva.sne.drip.commons.v1.types.User;
-import org.springframework.stereotype.Component;
+import java.io.Serializable;
+import org.springframework.security.access.PermissionEvaluator;
+import org.springframework.security.core.Authentication;

 /**
 *
 * @author S. Koulouzis
 */
-@Component("PermissionChecker")
-public class PermissionChecker {
+public class PermissionEvaluatorImp implements PermissionEvaluator {

-    public boolean canRead(OwnedObject obj, User user) {
+    @Override
+    public boolean hasPermission(Authentication a, Object o, Object o1) {
+        if (!a.isAuthenticated()) {
+            return false;
+        }
        return false;
    }

-    public boolean isOwner(OwnedObject obj, User user) {
-        String ownerid = obj.getOwner();
-        return user.getId().equals(ownerid);
+    @Override
+    public boolean hasPermission(Authentication a, Serializable srlzbl, String string, Object o) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
    }
+
 }
--- a/drip-api/src/main/java/nl/uva/sne/drip/api/conf/ConverterConfig.java
+++ b/drip-api/src/main/java/nl/uva/sne/drip/api/conf/ConverterConfig.java
@@ -15,18 +15,26 @@
 */
 package nl.uva.sne.drip.api.conf;

-import org.springframework.context.annotation.ComponentScan;
+import nl.uva.sne.drip.api.auth.PermissionEvaluatorImp;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.web.servlet.config.annotation.EnableWebMvc;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
+import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
+import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;

 /**
 *
 * @author alogo
 */
-@EnableWebMvc
 @Configuration
-@ComponentScan({ "nl.uva.sne.drip.api" })
-public class ConverterConfig extends WebMvcConfigurerAdapter {
-    
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
+
+    @Override
+    protected MethodSecurityExpressionHandler createExpressionHandler() {
+        DefaultMethodSecurityExpressionHandler expressionHandler
+                = new DefaultMethodSecurityExpressionHandler();
+        expressionHandler.setPermissionEvaluator(new PermissionEvaluatorImp());
+        return expressionHandler;
+    }
 }
--- a/drip-api/src/main/java/nl/uva/sne/drip/api/conf/SecurityConfig.java
+++ b/drip-api/src/main/java/nl/uva/sne/drip/api/conf/SecurityConfig.java
@@ -21,6 +21,7 @@ import nl.uva.sne.drip.api.service.UserService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -75,5 +76,4 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
        PasswordEncoder encoder = new BCryptPasswordEncoder();
        return encoder;
    }
-
 }
--- a/drip-api/src/main/java/nl/uva/sne/drip/api/conf/WebAppInitializer.java
+++ b/drip-api/src/main/java/nl/uva/sne/drip/api/conf/WebAppInitializer.java
@@ -28,7 +28,7 @@ public class WebAppInitializer implements WebApplicationInitializer {
        ctx.register(MultipartConfig.class);
        ctx.register(MongoConfig.class);
        ctx.register(SecurityConfig.class);
-        ctx.register(ConverterConfig.class);
+        ctx.register(MethodSecurityConfig.class);

        ctx.setServletContext(servletContext);


--- a/drip-api/src/main/java/nl/uva/sne/drip/api/service/CloudCredentialsService.java
+++ b/drip-api/src/main/java/nl/uva/sne/drip/api/service/CloudCredentialsService.java
@@ -15,15 +15,10 @@
 */
 package nl.uva.sne.drip.api.service;

-import java.util.HashSet;
 import java.util.List;
-import java.util.Set;
 import nl.uva.sne.drip.api.dao.CloudCredentialsDao;
 import nl.uva.sne.drip.commons.v1.types.CloudCredentials;
-import nl.uva.sne.drip.commons.v1.types.Permissions;
-import nl.uva.sne.drip.commons.v1.types.User;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.access.prepost.PostAuthorize;
 import org.springframework.security.access.prepost.PostFilter;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.access.prepost.PreFilter;
@@ -39,21 +34,17 @@ public class CloudCredentialsService {
    @Autowired
    private CloudCredentialsDao dao;

-    @PreFilter("(filterObject.owner == authentication.name) or (hasRole('ROLE_ADMIN'))")
+//    @PreFilter("(filterObject.owner == authentication.name) or (hasRole('ROLE_ADMIN'))")
    public CloudCredentials save(CloudCredentials cloudCredentials) {
-        Permissions permissions = new Permissions();
+
 //        String owner = user.getUsername();
 //        cloudCredentials.setOwner(owner);
        System.err.println(cloudCredentials.getOwner());
-        Set<String> read = new HashSet<>();
-        permissions.setRead(read);
-        Set<String> write = new HashSet<>();
-        permissions.setWrite(write);
-        cloudCredentials.setPermissions(permissions);
        return dao.save(cloudCredentials);
    }

-    @PreAuthorize("(returnObject.owner == authentication.name) or (hasRole('ROLE_ADMIN'))")
+//    @PreAuthorize("(returnObject.owner == authentication.name) or (hasRole('ROLE_ADMIN'))")
+    @PreAuthorize("hasPermission(#returnObject, 'read')")
    public CloudCredentials findOne(String id) {
        CloudCredentials creds = dao.findOne(id);
        return creds;
@@ -63,8 +54,8 @@ public class CloudCredentialsService {
        dao.delete(id);
    }

-    @PreAuthorize(" (hasRole('ROLE_ADMIN')) or (hasRole('ROLE_USER'))")
-    @PostFilter("(filterObject.owner == authentication.name)")
+//    @PreAuthorize(" (hasRole('ROLE_ADMIN')) or (hasRole('ROLE_USER'))")
+//    @PostFilter("(filterObject.owner == authentication.name)")
    public List<CloudCredentials> findAll() {
        return dao.findAll();
    }

--- a/drip-api/src/main/java/nl/uva/sne/drip/commons/v1/types/OwnedObject.java
+++ b/drip-api/src/main/java/nl/uva/sne/drip/commons/v1/types/OwnedObject.java
@@ -17,7 +17,6 @@ package nl.uva.sne.drip.commons.v1.types;

 import javax.validation.constraints.NotNull;
 import org.springframework.data.mongodb.core.mapping.Document;
-import org.springframework.stereotype.Component;

 /**
 *
@@ -29,23 +28,6 @@ public class OwnedObject {
    @NotNull
    private String owner;

-    @NotNull
-    private Permissions permissions;
-
-    /**
-     * @return the permissions
-     */
-    public Permissions getPermissions() {
-        return permissions;
-    }
-
-    /**
-     * @param permissions the permissions to set
-     */
-    public void setPermissions(Permissions permissions) {
-        this.permissions = permissions;
-    }
-
    /**
     * @return the owner
     */

--- a/drip-api/src/main/java/nl/uva/sne/drip/commons/v1/types/Permissions.java
+++ b/drip-api/src/main/java/nl/uva/sne/drip/commons/v1/types/Permissions.java
-/*
- * Copyright 2017 S. Koulouzis, Wang Junchao, Huan Zhou, Yang Hu 
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package nl.uva.sne.drip.commons.v1.types;
-
-import java.util.Set;
-import javax.validation.constraints.NotNull;
-import org.springframework.data.mongodb.core.mapping.Document;
-
-/**
- *
- * @author S. Koulouzis
- */
-@Document
-public class Permissions {
-
-    private Set<String> read;
-    private Set<String> write;
-
-    /**
-     * @return the read
-     */
-    public Set<String> getRead() {
-        return read;
-    }
-
-    /**
-     * @param read the read to set
-     */
-    public void setRead(Set<String> read) {
-        this.read = read;
-    }
-
-    /**
-     * @return the write
-     */
-    public Set<String> getWrite() {
-        return write;
-    }
-
-    /**
-     * @param write the write to set
-     */
-    public void setWrite(Set<String> write) {
-        this.write = write;
-    }
-
- 
-}