Commit 7b97e40b authored by Spiros Koulouzis's avatar Spiros Koulouzis

Added PermissionEvaluator

parent a66267cb
......@@ -15,23 +15,27 @@
*/
package nl.uva.sne.drip.api.auth;
import nl.uva.sne.drip.commons.v1.types.OwnedObject;
import nl.uva.sne.drip.commons.v1.types.User;
import org.springframework.stereotype.Component;
import java.io.Serializable;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.core.Authentication;
/**
*
* @author S. Koulouzis
*/
@Component("PermissionChecker")
public class PermissionChecker {
public class PermissionEvaluatorImp implements PermissionEvaluator {
public boolean canRead(OwnedObject obj, User user) {
@Override
public boolean hasPermission(Authentication a, Object o, Object o1) {
if (!a.isAuthenticated()) {
return false;
}
return false;
}
public boolean isOwner(OwnedObject obj, User user) {
String ownerid = obj.getOwner();
return user.getId().equals(ownerid);
@Override
public boolean hasPermission(Authentication a, Serializable srlzbl, String string, Object o) {
throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
}
}
......@@ -15,18 +15,26 @@
*/
package nl.uva.sne.drip.api.conf;
import org.springframework.context.annotation.ComponentScan;
import nl.uva.sne.drip.api.auth.PermissionEvaluatorImp;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
/**
*
* @author alogo
*/
@EnableWebMvc
@Configuration
@ComponentScan({ "nl.uva.sne.drip.api" })
public class ConverterConfig extends WebMvcConfigurerAdapter {
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
DefaultMethodSecurityExpressionHandler expressionHandler
= new DefaultMethodSecurityExpressionHandler();
expressionHandler.setPermissionEvaluator(new PermissionEvaluatorImp());
return expressionHandler;
}
}
......@@ -21,6 +21,7 @@ import nl.uva.sne.drip.api.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
......@@ -75,5 +76,4 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
}
......@@ -28,7 +28,7 @@ public class WebAppInitializer implements WebApplicationInitializer {
ctx.register(MultipartConfig.class);
ctx.register(MongoConfig.class);
ctx.register(SecurityConfig.class);
ctx.register(ConverterConfig.class);
ctx.register(MethodSecurityConfig.class);
ctx.setServletContext(servletContext);
......
......@@ -15,15 +15,10 @@
*/
package nl.uva.sne.drip.api.service;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import nl.uva.sne.drip.api.dao.CloudCredentialsDao;
import nl.uva.sne.drip.commons.v1.types.CloudCredentials;
import nl.uva.sne.drip.commons.v1.types.Permissions;
import nl.uva.sne.drip.commons.v1.types.User;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PostFilter;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.access.prepost.PreFilter;
......@@ -39,21 +34,17 @@ public class CloudCredentialsService {
@Autowired
private CloudCredentialsDao dao;
@PreFilter("(filterObject.owner == authentication.name) or (hasRole('ROLE_ADMIN'))")
// @PreFilter("(filterObject.owner == authentication.name) or (hasRole('ROLE_ADMIN'))")
public CloudCredentials save(CloudCredentials cloudCredentials) {
Permissions permissions = new Permissions();
// String owner = user.getUsername();
// cloudCredentials.setOwner(owner);
System.err.println(cloudCredentials.getOwner());
Set<String> read = new HashSet<>();
permissions.setRead(read);
Set<String> write = new HashSet<>();
permissions.setWrite(write);
cloudCredentials.setPermissions(permissions);
return dao.save(cloudCredentials);
}
@PreAuthorize("(returnObject.owner == authentication.name) or (hasRole('ROLE_ADMIN'))")
// @PreAuthorize("(returnObject.owner == authentication.name) or (hasRole('ROLE_ADMIN'))")
@PreAuthorize("hasPermission(#returnObject, 'read')")
public CloudCredentials findOne(String id) {
CloudCredentials creds = dao.findOne(id);
return creds;
......@@ -63,8 +54,8 @@ public class CloudCredentialsService {
dao.delete(id);
}
@PreAuthorize(" (hasRole('ROLE_ADMIN')) or (hasRole('ROLE_USER'))")
@PostFilter("(filterObject.owner == authentication.name)")
// @PreAuthorize(" (hasRole('ROLE_ADMIN')) or (hasRole('ROLE_USER'))")
// @PostFilter("(filterObject.owner == authentication.name)")
public List<CloudCredentials> findAll() {
return dao.findAll();
}
......
......@@ -17,7 +17,6 @@ package nl.uva.sne.drip.commons.v1.types;
import javax.validation.constraints.NotNull;
import org.springframework.data.mongodb.core.mapping.Document;
import org.springframework.stereotype.Component;
/**
*
......@@ -29,23 +28,6 @@ public class OwnedObject {
@NotNull
private String owner;
@NotNull
private Permissions permissions;
/**
* @return the permissions
*/
public Permissions getPermissions() {
return permissions;
}
/**
* @param permissions the permissions to set
*/
public void setPermissions(Permissions permissions) {
this.permissions = permissions;
}
/**
* @return the owner
*/
......
/*
* Copyright 2017 S. Koulouzis, Wang Junchao, Huan Zhou, Yang Hu
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package nl.uva.sne.drip.commons.v1.types;
import java.util.Set;
import javax.validation.constraints.NotNull;
import org.springframework.data.mongodb.core.mapping.Document;
/**
*
* @author S. Koulouzis
*/
@Document
public class Permissions {
private Set<String> read;
private Set<String> write;
/**
* @return the read
*/
public Set<String> getRead() {
return read;
}
/**
* @param read the read to set
*/
public void setRead(Set<String> read) {
this.read = read;
}
/**
* @return the write
*/
public Set<String> getWrite() {
return write;
}
/**
* @param write the write to set
*/
public void setWrite(Set<String> write) {
this.write = write;
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment