Subversion Repositories bacoAlunos

package pt.estgp.es.exemplos.hibernate.security.logic;

import org.apache.log4j.Logger;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import pt.estgp.es.exemplos.hibernate.HibernateUtils;
import pt.estgp.es.exemplos.hibernate.UserSession;
import pt.estgp.es.exemplos.hibernate.security.SecurityContextProvider;

import java.util.Arrays;


/**
 * Created by jorgemachado on 18/10/18.
 */
@Aspect
public class SecurityAspects
{

    private static final 1.5.0/docs/api/java/util/logging/Logger.html">Logger logger = 1.5.0/docs/api/java/util/logging/Logger.html">Logger.getLogger(SecurityAspects.class);
    //Defines a pointcut that we can use in the @Before,@After, @AfterThrowing, @AfterReturning,@Around specifications
    //The pointcut will look for the @YourAnnotation
    @Pointcut("@annotation(Transaction)")
    public void serviceTransactionPointCutDefinition(){}


    @Pointcut("@annotation(IsAuthenticated)")
    public void isAuthenticatedPointCut(){}

    @Pointcut("@annotation(hasRole)")
    public void hasRolePointCut(HasRole hasRole){}

    @Pointcut("@annotation(printParameterExample)")
    public void printParameterExamplePointCut(PrintParameterExample printParameterExample){}

    @Pointcut("execution(* *(..))")
    public void executionPointCut(){}


    @Around("serviceTransactionPointCutDefinition() && executionPointCut()")
    public 5+0%2Fdocs%2Fapi+Object">Object envolventeServico(ProceedingJoinPoint pjp) throws 1.5.0/docs/api/java/lang/Throwable.html">Throwable
    {
        HibernateUtils.getCurrentSession().beginTransaction();
        //Sugestão: um motor de serviços poderia neste ponto abrir a transação na base de dados
        logger.info("Iniciando chamada do servico:" + pjp.getSignature().getName() +
                " na classe " + pjp.getSourceLocation().getClass().getName());
        try {
            5+0%2Fdocs%2Fapi+Object">Object returnObj = pjp.proceed();
            //Sugestão: um motor de serviços poderia neste ponto fazer commit da transação na base de dados
            logger.info("Terminado chamada do servico");
            HibernateUtils.getCurrentSession().getTransaction().commit();
            return returnObj;
        } catch (1.5.0/docs/api/java/lang/Exception.html">Exception e) {
            HibernateUtils.getCurrentSession().getTransaction().rollback();
            //Sugestão: um motor de serviços poderia neste ponto fazer rollback da transação na base de dados
            logger.error("Excepcao no Servico",e);
            throw e;
        }
    }


    @Around("isAuthenticatedPointCut() && executionPointCut()")
    public 5+0%2Fdocs%2Fapi+Object">Object isAuthenticatedAdvise(ProceedingJoinPoint pjp) throws 1.5.0/docs/api/java/lang/Throwable.html">Throwable
    {
        logger.info("Is Authenticated Aspect");
        1.5.0/docs/api/java/lang/String.html">String cookie = SecurityContextProvider.getInstance().getSecuritySessionContext().getRequester();
        UserSession session = (UserSession) HibernateUtils.getCurrentSession().load(UserSession.class,cookie);

        if(session.getUser() != null)
            return pjp.proceed();
        //Com o cookie ir buscar a sessao e seguidamente o User e ver se esta logado


        throw new NotAuthenticatedException("Access Denied, not authenticated at " + pjp.getSourceLocation().getFileName() + " " + pjp.getSourceLocation().getLine() + " service: " + pjp.getSignature().getName());
    }

    @Around("hasRolePointCut(hasRole) && executionPointCut()")
    public 5+0%2Fdocs%2Fapi+Object">Object hasRoleAdvise(ProceedingJoinPoint pjp, HasRole hasRole) throws 1.5.0/docs/api/java/lang/Throwable.html">Throwable
    {
        logger.info("Has Role Aspect");
        1.5.0/docs/api/java/lang/String.html">String cookie = SecurityContextProvider.getInstance().getSecuritySessionContext().getRequester();
        UserSession session = (UserSession) HibernateUtils.getCurrentSession().load(UserSession.class,cookie);

        1.5.0/docs/api/java/lang/String.html">String[] rolesIn = hasRole.role().split(",");
        if(session.getUser() == null)
            throw new NotAuthenticatedException("Access Denied, not authenticated at " + pjp.getSourceLocation().getFileName() + " " + pjp.getSourceLocation().getLine() + " service: " + pjp.getSignature().getName());
        //session.getUser().get
        //verificar se o username é um user com o role que está em hasRole.role()
        if(session.getUser().getRoles() == null)
            throw new NotAuthenticatedException("Access Denied, missing role at " + pjp.getSourceLocation().getFileName() + " " + pjp.getSourceLocation().getLine() + " service: " + pjp.getSignature().getName());

        1.5.0/docs/api/java/lang/String.html">String[] roles = session.getUser().getRoles().split(",");
        for(1.5.0/docs/api/java/lang/String.html">String checkRole: rolesIn)
        {
            if(1.5.0/docs/api/java/util/Arrays.html">Arrays.asList(roles).contains(checkRole))
            {
                return pjp.proceed();
            }
        }


        throw new FailRoleException("Access Denied, does not have role " + hasRole.role() + " at " + pjp.getSourceLocation().getFileName() + " " + pjp.getSourceLocation().getLine() + " service: " + pjp.getSignature().getName());
    }

    @Around("printParameterExamplePointCut(printParameterExample) && executionPointCut()")
    public 5+0%2Fdocs%2Fapi+Object">Object printParameterExampleAdvise(ProceedingJoinPoint pjp, PrintParameterExample printParameterExample) throws 1.5.0/docs/api/java/lang/Throwable.html">Throwable
    {
        1.5.0/docs/api/java/lang/System.html">System.out.println("PARAMETRO: " + JointPointUtils.getParameter(pjp,printParameterExample.paramName()));
        return pjp.proceed();
    }



}