Commit 7b97e40b authored by Spiros Koulouzis's avatar Spiros Koulouzis

Added PermissionEvaluator

parent a66267cb
...@@ -15,23 +15,27 @@ ...@@ -15,23 +15,27 @@
*/ */
package nl.uva.sne.drip.api.auth; package nl.uva.sne.drip.api.auth;
import nl.uva.sne.drip.commons.v1.types.OwnedObject; import java.io.Serializable;
import nl.uva.sne.drip.commons.v1.types.User; import org.springframework.security.access.PermissionEvaluator;
import org.springframework.stereotype.Component; import org.springframework.security.core.Authentication;
/** /**
* *
* @author S. Koulouzis * @author S. Koulouzis
*/ */
@Component("PermissionChecker") public class PermissionEvaluatorImp implements PermissionEvaluator {
public class PermissionChecker {
public boolean canRead(OwnedObject obj, User user) { @Override
public boolean hasPermission(Authentication a, Object o, Object o1) {
if (!a.isAuthenticated()) {
return false;
}
return false; return false;
} }
public boolean isOwner(OwnedObject obj, User user) { @Override
String ownerid = obj.getOwner(); public boolean hasPermission(Authentication a, Serializable srlzbl, String string, Object o) {
return user.getId().equals(ownerid); throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
} }
} }
...@@ -15,18 +15,26 @@ ...@@ -15,18 +15,26 @@
*/ */
package nl.uva.sne.drip.api.conf; package nl.uva.sne.drip.api.conf;
import org.springframework.context.annotation.ComponentScan; import nl.uva.sne.drip.api.auth.PermissionEvaluatorImp;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.EnableWebMvc; import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
/** /**
* *
* @author alogo * @author alogo
*/ */
@EnableWebMvc
@Configuration @Configuration
@ComponentScan({ "nl.uva.sne.drip.api" }) @EnableGlobalMethodSecurity(prePostEnabled = true)
public class ConverterConfig extends WebMvcConfigurerAdapter { public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
DefaultMethodSecurityExpressionHandler expressionHandler
= new DefaultMethodSecurityExpressionHandler();
expressionHandler.setPermissionEvaluator(new PermissionEvaluatorImp());
return expressionHandler;
}
} }
...@@ -21,6 +21,7 @@ import nl.uva.sne.drip.api.service.UserService; ...@@ -21,6 +21,7 @@ import nl.uva.sne.drip.api.service.UserService;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
...@@ -75,5 +76,4 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { ...@@ -75,5 +76,4 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
PasswordEncoder encoder = new BCryptPasswordEncoder(); PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder; return encoder;
} }
} }
...@@ -28,7 +28,7 @@ public class WebAppInitializer implements WebApplicationInitializer { ...@@ -28,7 +28,7 @@ public class WebAppInitializer implements WebApplicationInitializer {
ctx.register(MultipartConfig.class); ctx.register(MultipartConfig.class);
ctx.register(MongoConfig.class); ctx.register(MongoConfig.class);
ctx.register(SecurityConfig.class); ctx.register(SecurityConfig.class);
ctx.register(ConverterConfig.class); ctx.register(MethodSecurityConfig.class);
ctx.setServletContext(servletContext); ctx.setServletContext(servletContext);
......
...@@ -15,15 +15,10 @@ ...@@ -15,15 +15,10 @@
*/ */
package nl.uva.sne.drip.api.service; package nl.uva.sne.drip.api.service;
import java.util.HashSet;
import java.util.List; import java.util.List;
import java.util.Set;
import nl.uva.sne.drip.api.dao.CloudCredentialsDao; import nl.uva.sne.drip.api.dao.CloudCredentialsDao;
import nl.uva.sne.drip.commons.v1.types.CloudCredentials; import nl.uva.sne.drip.commons.v1.types.CloudCredentials;
import nl.uva.sne.drip.commons.v1.types.Permissions;
import nl.uva.sne.drip.commons.v1.types.User;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PostFilter; import org.springframework.security.access.prepost.PostFilter;
import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.access.prepost.PreFilter; import org.springframework.security.access.prepost.PreFilter;
...@@ -39,21 +34,17 @@ public class CloudCredentialsService { ...@@ -39,21 +34,17 @@ public class CloudCredentialsService {
@Autowired @Autowired
private CloudCredentialsDao dao; private CloudCredentialsDao dao;
@PreFilter("(filterObject.owner == authentication.name) or (hasRole('ROLE_ADMIN'))") // @PreFilter("(filterObject.owner == authentication.name) or (hasRole('ROLE_ADMIN'))")
public CloudCredentials save(CloudCredentials cloudCredentials) { public CloudCredentials save(CloudCredentials cloudCredentials) {
Permissions permissions = new Permissions();
// String owner = user.getUsername(); // String owner = user.getUsername();
// cloudCredentials.setOwner(owner); // cloudCredentials.setOwner(owner);
System.err.println(cloudCredentials.getOwner()); System.err.println(cloudCredentials.getOwner());
Set<String> read = new HashSet<>();
permissions.setRead(read);
Set<String> write = new HashSet<>();
permissions.setWrite(write);
cloudCredentials.setPermissions(permissions);
return dao.save(cloudCredentials); return dao.save(cloudCredentials);
} }
@PreAuthorize("(returnObject.owner == authentication.name) or (hasRole('ROLE_ADMIN'))") // @PreAuthorize("(returnObject.owner == authentication.name) or (hasRole('ROLE_ADMIN'))")
@PreAuthorize("hasPermission(#returnObject, 'read')")
public CloudCredentials findOne(String id) { public CloudCredentials findOne(String id) {
CloudCredentials creds = dao.findOne(id); CloudCredentials creds = dao.findOne(id);
return creds; return creds;
...@@ -63,8 +54,8 @@ public class CloudCredentialsService { ...@@ -63,8 +54,8 @@ public class CloudCredentialsService {
dao.delete(id); dao.delete(id);
} }
@PreAuthorize(" (hasRole('ROLE_ADMIN')) or (hasRole('ROLE_USER'))") // @PreAuthorize(" (hasRole('ROLE_ADMIN')) or (hasRole('ROLE_USER'))")
@PostFilter("(filterObject.owner == authentication.name)") // @PostFilter("(filterObject.owner == authentication.name)")
public List<CloudCredentials> findAll() { public List<CloudCredentials> findAll() {
return dao.findAll(); return dao.findAll();
} }
......
...@@ -17,7 +17,6 @@ package nl.uva.sne.drip.commons.v1.types; ...@@ -17,7 +17,6 @@ package nl.uva.sne.drip.commons.v1.types;
import javax.validation.constraints.NotNull; import javax.validation.constraints.NotNull;
import org.springframework.data.mongodb.core.mapping.Document; import org.springframework.data.mongodb.core.mapping.Document;
import org.springframework.stereotype.Component;
/** /**
* *
...@@ -29,23 +28,6 @@ public class OwnedObject { ...@@ -29,23 +28,6 @@ public class OwnedObject {
@NotNull @NotNull
private String owner; private String owner;
@NotNull
private Permissions permissions;
/**
* @return the permissions
*/
public Permissions getPermissions() {
return permissions;
}
/**
* @param permissions the permissions to set
*/
public void setPermissions(Permissions permissions) {
this.permissions = permissions;
}
/** /**
* @return the owner * @return the owner
*/ */
......
/*
* Copyright 2017 S. Koulouzis, Wang Junchao, Huan Zhou, Yang Hu
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package nl.uva.sne.drip.commons.v1.types;
import java.util.Set;
import javax.validation.constraints.NotNull;
import org.springframework.data.mongodb.core.mapping.Document;
/**
*
* @author S. Koulouzis
*/
@Document
public class Permissions {
private Set<String> read;
private Set<String> write;
/**
* @return the read
*/
public Set<String> getRead() {
return read;
}
/**
* @param read the read to set
*/
public void setRead(Set<String> read) {
this.read = read;
}
/**
* @return the write
*/
public Set<String> getWrite() {
return write;
}
/**
* @param write the write to set
*/
public void setWrite(Set<String> write) {
this.write = write;
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment