package pt.estgp.es.exemplos.hibernate.security.logic;
import org.apache.log4j.Logger;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import pt.estgp.es.exemplos.hibernate.HibernateUtils;
import pt.estgp.es.exemplos.hibernate.UserSession;
import pt.estgp.es.exemplos.hibernate.security.SecurityContextProvider;
import java.util.Arrays;
/**
* Created by jorgemachado on 18/10/18.
*/
@Aspect
public class SecurityAspects
{
private static final 1.5.0/docs/api/java/util/logging/Logger.html">Logger logger =
1.5.0/docs/api/java/util/logging/Logger.html">Logger.
getLogger(SecurityAspects.
class);
//Defines a pointcut that we can use in the @Before,@After, @AfterThrowing, @AfterReturning,@Around specifications
//The pointcut will look for the @YourAnnotation
@Pointcut
("@annotation(Transaction)")
public void serviceTransactionPointCutDefinition
(){}
@Pointcut
("@annotation(IsAuthenticated)")
public void isAuthenticatedPointCut
(){}
@Pointcut
("@annotation(hasRole)")
public void hasRolePointCut
(HasRole hasRole
){}
@Pointcut
("@annotation(printParameterExample)")
public void printParameterExamplePointCut
(PrintParameterExample printParameterExample
){}
@Pointcut
("execution(* *(..))")
public void executionPointCut
(){}
@Around
("serviceTransactionPointCutDefinition() && executionPointCut()")
public 5+0%2Fdocs%2Fapi+Object">Object envolventeServico
(ProceedingJoinPoint pjp
) throws 1.5.0/docs/api/java/lang/Throwable.html">Throwable
{
HibernateUtils.
getCurrentSession().
beginTransaction();
//Sugestão: um motor de serviços poderia neste ponto abrir a transação na base de dados
logger.
info("Iniciando chamada do servico:" + pjp.
getSignature().
getName() +
" na classe " + pjp.
getSourceLocation().
getClass().
getName());
try {
5+0%2Fdocs%2Fapi+Object">Object returnObj = pjp.
proceed();
//Sugestão: um motor de serviços poderia neste ponto fazer commit da transação na base de dados
logger.
info("Terminado chamada do servico");
HibernateUtils.
getCurrentSession().
getTransaction().
commit();
return returnObj
;
} catch (1.5.0/docs/api/java/lang/Exception.html">Exception e
) {
HibernateUtils.
getCurrentSession().
getTransaction().
rollback();
//Sugestão: um motor de serviços poderia neste ponto fazer rollback da transação na base de dados
logger.
error("Excepcao no Servico",e
);
throw e
;
}
}
@Around
("isAuthenticatedPointCut() && executionPointCut()")
public 5+0%2Fdocs%2Fapi+Object">Object isAuthenticatedAdvise
(ProceedingJoinPoint pjp
) throws 1.5.0/docs/api/java/lang/Throwable.html">Throwable
{
logger.
info("Is Authenticated Aspect");
1.5.0/docs/api/java/lang/String.html">String cookie = SecurityContextProvider.
getInstance().
getSecuritySessionContext().
getRequester();
UserSession session =
(UserSession
) HibernateUtils.
getCurrentSession().
load(UserSession.
class,cookie
);
if(session.
getUser() !=
null)
return pjp.
proceed();
//Com o cookie ir buscar a sessao e seguidamente o User e ver se esta logado
throw new NotAuthenticatedException
("Access Denied, not authenticated at " + pjp.
getSourceLocation().
getFileName() +
" " + pjp.
getSourceLocation().
getLine() +
" service: " + pjp.
getSignature().
getName());
}
@Around
("hasRolePointCut(hasRole) && executionPointCut()")
public 5+0%2Fdocs%2Fapi+Object">Object hasRoleAdvise
(ProceedingJoinPoint pjp, HasRole hasRole
) throws 1.5.0/docs/api/java/lang/Throwable.html">Throwable
{
logger.
info("Has Role Aspect");
1.5.0/docs/api/java/lang/String.html">String cookie = SecurityContextProvider.
getInstance().
getSecuritySessionContext().
getRequester();
UserSession session =
(UserSession
) HibernateUtils.
getCurrentSession().
load(UserSession.
class,cookie
);
1.5.0/docs/api/java/lang/String.html">String[] rolesIn = hasRole.
role().
split(",");
if(session.
getUser() ==
null)
throw new NotAuthenticatedException
("Access Denied, not authenticated at " + pjp.
getSourceLocation().
getFileName() +
" " + pjp.
getSourceLocation().
getLine() +
" service: " + pjp.
getSignature().
getName());
//session.getUser().get
//verificar se o username é um user com o role que está em hasRole.role()
if(session.
getUser().
getRoles() ==
null)
throw new NotAuthenticatedException
("Access Denied, missing role at " + pjp.
getSourceLocation().
getFileName() +
" " + pjp.
getSourceLocation().
getLine() +
" service: " + pjp.
getSignature().
getName());
1.5.0/docs/api/java/lang/String.html">String[] roles = session.
getUser().
getRoles().
split(",");
for(1.5.0/docs/api/java/lang/String.html">String checkRole: rolesIn
)
{
if(1.5.0/docs/api/java/util/Arrays.html">Arrays.
asList(roles
).
contains(checkRole
))
{
return pjp.
proceed();
}
}
throw new FailRoleException
("Access Denied, does not have role " + hasRole.
role() +
" at " + pjp.
getSourceLocation().
getFileName() +
" " + pjp.
getSourceLocation().
getLine() +
" service: " + pjp.
getSignature().
getName());
}
@Around
("printParameterExamplePointCut(printParameterExample) && executionPointCut()")
public 5+0%2Fdocs%2Fapi+Object">Object printParameterExampleAdvise
(ProceedingJoinPoint pjp, PrintParameterExample printParameterExample
) throws 1.5.0/docs/api/java/lang/Throwable.html">Throwable
{
1.5.0/docs/api/java/lang/System.html">System.
out.
println("PARAMETRO: " + JointPointUtils.
getParameter(pjp,printParameterExample.
paramName()));
return pjp.
proceed();
}
}