• Home
• com.cleverpine
• cp-virava-spring-helper
• 2.1.0
• source code
• BaseViravaSecuredAspect.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.cleverpine.viravaspringhelper.aop.BaseViravaSecuredAspect Maven / Gradle / Ivy

package com.cleverpine.viravaspringhelper.aop;

import com.cleverpine.cpspringerrorutil.exception.AuthorisationException;
import com.cleverpine.viravaspringhelper.core.BaseResource;
import com.cleverpine.viravaspringhelper.core.ViravaPrincipalProvider;
import com.cleverpine.viravaspringhelper.dto.ScopeType;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.reflect.MethodSignature;

public class BaseViravaSecuredAspect {

    private final ViravaPrincipalProvider viravaPrincipalProvider;

    public BaseViravaSecuredAspect(ViravaPrincipalProvider viravaPrincipalProvider) {
        this.viravaPrincipalProvider = viravaPrincipalProvider;
    }

    protected void authorise(
            JoinPoint joinPoint,
            BaseResource resource,
            String resourceIdParamName,
            boolean requireAllResourceIds,
            ScopeType[] scopeList) {
        var authentication = viravaPrincipalProvider.getAuthentication()
                .orElseThrow(() -> new AuthorisationException("Invalid SecurityContextHolder"));
        var principal = authentication.getPrincipal();
        if (principal == null) {
            throw new AuthorisationException("Missing ViravaUserPrincipal on method requiring authorisation");
        }

        Long resourceId = getMethodSuppliedResourceId(joinPoint, resourceIdParamName);

        if (!principal.authorized(resource, resourceId, requireAllResourceIds, scopeList)) {
            throw new AuthorisationException("User doesn't have required permissions");
        }
    }

    private Long getMethodSuppliedResourceId(JoinPoint joinPoint, String resourceIdParamName) {
        if (resourceIdParamName == null || resourceIdParamName.isEmpty()) {
            return null;
        }

        var methodSig = (MethodSignature) joinPoint.getSignature();
        var parameters = methodSig.getParameterNames();
        if (parameters == null) {
            throw new AssertionError("ViravaSecuredAsspect::authorise called on a method without parameters");
        }

        var args = joinPoint.getArgs();
        if (args == null) {
            throw new AssertionError("ViravaSecuredAsspect::authorise called without arguments");
        }

        if (args.length != parameters.length) {
            throw new AssertionError("ViravaSecuredAsspect::authorise parameter count does not match arg count");
        }

        Long resourceId = null;
        for (int i = 0; i < parameters.length; i++) {
            if (parameters[i].equals(resourceIdParamName)) {
                var arg = args[i];
                if (arg instanceof Long) {
                    resourceId = (Long) arg;
                }
                break;
            }
        }

        return resourceId;
    }

}