Rev 2009 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
2009 | es | 1 | package pt.estgp.es.exemplos.hibernate.security.logic; |
2 | |||
3 | import org.apache.log4j.Logger; |
||
4 | import org.aspectj.lang.ProceedingJoinPoint; |
||
5 | import org.aspectj.lang.annotation.Around; |
||
6 | import org.aspectj.lang.annotation.Aspect; |
||
7 | import org.aspectj.lang.annotation.Pointcut; |
||
8 | import pt.estgp.es.exemplos.hibernate.HibernateUtils; |
||
9 | import pt.estgp.es.exemplos.hibernate.UserSession; |
||
10 | import pt.estgp.es.exemplos.hibernate.security.SecurityContextProvider; |
||
11 | |||
2049 | es | 12 | import java.util.Arrays; |
2009 | es | 13 | |
2049 | es | 14 | |
2009 | es | 15 | /** |
16 | * Created by jorgemachado on 18/10/18. |
||
17 | */ |
||
18 | @Aspect |
||
19 | public class SecurityAspects |
||
20 | { |
||
21 | |||
2049 | es | 22 | private static final 1.5.0/docs/api/java/util/logging/Logger.html">Logger logger = 1.5.0/docs/api/java/util/logging/Logger.html">Logger.getLogger(SecurityAspects.class); |
2009 | es | 23 | //Defines a pointcut that we can use in the @Before,@After, @AfterThrowing, @AfterReturning,@Around specifications |
24 | //The pointcut will look for the @YourAnnotation |
||
25 | @Pointcut("@annotation(Transaction)") |
||
26 | public void serviceTransactionPointCutDefinition(){} |
||
27 | |||
2049 | es | 28 | |
2009 | es | 29 | @Pointcut("@annotation(IsAuthenticated)") |
30 | public void isAuthenticatedPointCut(){} |
||
31 | |||
32 | @Pointcut("@annotation(hasRole)") |
||
33 | public void hasRolePointCut(HasRole hasRole){} |
||
34 | |||
35 | @Pointcut("@annotation(printParameterExample)") |
||
36 | public void printParameterExamplePointCut(PrintParameterExample printParameterExample){} |
||
37 | |||
38 | @Pointcut("execution(* *(..))") |
||
39 | public void executionPointCut(){} |
||
40 | |||
2049 | es | 41 | |
2009 | es | 42 | @Around("serviceTransactionPointCutDefinition() && executionPointCut()") |
43 | public 5+0%2Fdocs%2Fapi+Object">Object envolventeServico(ProceedingJoinPoint pjp) throws 1.5.0/docs/api/java/lang/Throwable.html">Throwable |
||
44 | { |
||
45 | HibernateUtils.getCurrentSession().beginTransaction(); |
||
46 | //Sugestão: um motor de serviços poderia neste ponto abrir a transação na base de dados |
||
2049 | es | 47 | logger.info("Iniciando chamada do servico:" + pjp.getSignature().getName() + |
2009 | es | 48 | " na classe " + pjp.getSourceLocation().getClass().getName()); |
49 | try { |
||
50 | 5+0%2Fdocs%2Fapi+Object">Object returnObj = pjp.proceed(); |
||
51 | //Sugestão: um motor de serviços poderia neste ponto fazer commit da transação na base de dados |
||
2049 | es | 52 | logger.info("Terminado chamada do servico"); |
2009 | es | 53 | HibernateUtils.getCurrentSession().getTransaction().commit(); |
54 | return returnObj; |
||
55 | } catch (1.5.0/docs/api/java/lang/Exception.html">Exception e) { |
||
56 | HibernateUtils.getCurrentSession().getTransaction().rollback(); |
||
57 | //Sugestão: um motor de serviços poderia neste ponto fazer rollback da transação na base de dados |
||
2049 | es | 58 | logger.error("Excepcao no Servico",e); |
2009 | es | 59 | throw e; |
60 | } |
||
61 | } |
||
62 | |||
2049 | es | 63 | |
2009 | es | 64 | @Around("isAuthenticatedPointCut() && executionPointCut()") |
65 | public 5+0%2Fdocs%2Fapi+Object">Object isAuthenticatedAdvise(ProceedingJoinPoint pjp) throws 1.5.0/docs/api/java/lang/Throwable.html">Throwable |
||
66 | { |
||
2049 | es | 67 | logger.info("Is Authenticated Aspect"); |
2009 | es | 68 | 1.5.0/docs/api/java/lang/String.html">String cookie = SecurityContextProvider.getInstance().getSecuritySessionContext().getRequester(); |
2049 | es | 69 | UserSession session = (UserSession) HibernateUtils.getCurrentSession().load(UserSession.class,cookie); |
2009 | es | 70 | |
2049 | es | 71 | if(session.getUser() != null) |
72 | return pjp.proceed(); |
||
2009 | es | 73 | //Com o cookie ir buscar a sessao e seguidamente o User e ver se esta logado |
2049 | es | 74 | |
75 | |||
2009 | es | 76 | throw new NotAuthenticatedException("Access Denied, not authenticated at " + pjp.getSourceLocation().getFileName() + " " + pjp.getSourceLocation().getLine() + " service: " + pjp.getSignature().getName()); |
77 | } |
||
78 | |||
79 | @Around("hasRolePointCut(hasRole) && executionPointCut()") |
||
80 | public 5+0%2Fdocs%2Fapi+Object">Object hasRoleAdvise(ProceedingJoinPoint pjp, HasRole hasRole) throws 1.5.0/docs/api/java/lang/Throwable.html">Throwable |
||
81 | { |
||
2049 | es | 82 | logger.info("Has Role Aspect"); |
2009 | es | 83 | 1.5.0/docs/api/java/lang/String.html">String cookie = SecurityContextProvider.getInstance().getSecuritySessionContext().getRequester(); |
2049 | es | 84 | UserSession session = (UserSession) HibernateUtils.getCurrentSession().load(UserSession.class,cookie); |
85 | |||
86 | 1.5.0/docs/api/java/lang/String.html">String[] rolesIn = hasRole.role().split(","); |
||
87 | if(session.getUser() == null) |
||
88 | throw new NotAuthenticatedException("Access Denied, not authenticated at " + pjp.getSourceLocation().getFileName() + " " + pjp.getSourceLocation().getLine() + " service: " + pjp.getSignature().getName()); |
||
89 | //session.getUser().get |
||
2009 | es | 90 | //verificar se o username é um user com o role que está em hasRole.role() |
2049 | es | 91 | if(session.getUser().getRoles() == null) |
92 | throw new NotAuthenticatedException("Access Denied, missing role at " + pjp.getSourceLocation().getFileName() + " " + pjp.getSourceLocation().getLine() + " service: " + pjp.getSignature().getName()); |
||
93 | |||
94 | 1.5.0/docs/api/java/lang/String.html">String[] roles = session.getUser().getRoles().split(","); |
||
95 | for(1.5.0/docs/api/java/lang/String.html">String checkRole: rolesIn) |
||
96 | { |
||
97 | if(1.5.0/docs/api/java/util/Arrays.html">Arrays.asList(roles).contains(checkRole)) |
||
98 | { |
||
99 | return pjp.proceed(); |
||
100 | } |
||
101 | } |
||
102 | |||
103 | |||
2009 | es | 104 | throw new FailRoleException("Access Denied, does not have role " + hasRole.role() + " at " + pjp.getSourceLocation().getFileName() + " " + pjp.getSourceLocation().getLine() + " service: " + pjp.getSignature().getName()); |
105 | } |
||
106 | |||
107 | @Around("printParameterExamplePointCut(printParameterExample) && executionPointCut()") |
||
108 | public 5+0%2Fdocs%2Fapi+Object">Object printParameterExampleAdvise(ProceedingJoinPoint pjp, PrintParameterExample printParameterExample) throws 1.5.0/docs/api/java/lang/Throwable.html">Throwable |
||
109 | { |
||
110 | 1.5.0/docs/api/java/lang/System.html">System.out.println("PARAMETRO: " + JointPointUtils.getParameter(pjp,printParameterExample.paramName())); |
||
111 | return pjp.proceed(); |
||
112 | } |
||
2049 | es | 113 | |
114 | |||
115 | |||
2009 | es | 116 | } |