com.linkare.zas.aspectj.SharedSecurityContext Maven / Gradle / Ivy
package com.linkare.zas.aspectj;
import java.util.Stack;
import com.linkare.commons.utils.Pair;
import com.linkare.zas.api.IJoinPoint;
import com.linkare.zas.api.ISignature;
/**
* This class is used to store shared security variables among the security aspects within Zás. Aspects Truster and InvokerController
* register the results of their validations for each join point within a thread local variable, which are later used by >Enforcer to decide about
* the access attempt. If the join point being accessed trusts in the class or the method that is trying to access it, then the access control verification
* based on the subject privileges is bypassed.
*
* @author Paulo Zenida - Linkare TI
*
*/
public final class SharedSecurityContext {
private static InheritableThreadLocal currentThreadForJoinPointTrusts = new InheritableThreadLocal();
private static InheritableThreadLocal currentThreadForJoinPointInvokers = new InheritableThreadLocal();
private static InheritableThreadLocal> currentThreadDepthAccessStack = new InheritableThreadLocal>();
private static InheritableThreadLocal> currentThreadJoinPointForced = new InheritableThreadLocal>();
private SharedSecurityContext() {
}
static CurrentJoinPointBooleanResult getCurrentJoinPointTrustResult() {
return currentThreadForJoinPointTrusts.get();
}
static void setCurrentJoinPointTrustResult(final CurrentJoinPointBooleanResult currentJoinPointBooleanResult) {
currentThreadForJoinPointTrusts.set(currentJoinPointBooleanResult);
}
static CurrentJoinPointBooleanResult getCurrentJoinPointAllowedInvokersResult() {
return currentThreadForJoinPointInvokers.get();
}
static void setCurrentJoinPointAllowedInvokersResult(final CurrentJoinPointBooleanResult currentJoinPointBooleanResult) {
currentThreadForJoinPointInvokers.set(currentJoinPointBooleanResult);
}
static Stack getCurrentThreadDepthAccessStack() {
return currentThreadDepthAccessStack.get();
}
static void setCurrentThreadDepthAccessStack(final Stack depthAccessStack) {
currentThreadDepthAccessStack.set(depthAccessStack);
}
static void createAndInitializeDepthAccess() {
Stack depthAccessStack = new Stack();
depthAccessStack.push(new DepthForJoinpoint(Boolean.FALSE, null));
currentThreadDepthAccessStack.set(depthAccessStack);
}
static void addElementToStackDepthAccess(final Boolean element, final IJoinPoint joinPoint) {
if (currentThreadDepthAccessStack.get() == null || currentThreadDepthAccessStack.get().isEmpty()) {
currentThreadDepthAccessStack.set(new Stack());
}
currentThreadDepthAccessStack.get().push(new DepthForJoinpoint(element, joinPoint));
}
static void removeElementFromStackDepthAccess(final IJoinPoint joinPoint) {
if (currentThreadDepthAccessStack.get() != null && !currentThreadDepthAccessStack.get().isEmpty()
&& currentThreadDepthAccessStack.get().peek().getJoinPoint() != null) {
if (joinPoint != null && currentThreadDepthAccessStack.get().peek().getJoinPoint().equals(joinPoint)) {
currentThreadDepthAccessStack.get().pop();
} else {
// if(isDebugActive()) {
// printMessageToStream(Level.INFO, "It did not remove from the
// depth access stack for join point " + joinPoint);
// }
}
}
}
static CurrentJoinPointBooleanResult buildCurrentJoinPointBooleanResult(final ISignature currentJoinPointSignature, final boolean result) {
return new CurrentJoinPointBooleanResult(currentJoinPointSignature, result);
}
static boolean isTrustResultTrueForJoinPointSignature(final ISignature joinPointSignature) {
final CurrentJoinPointBooleanResult currentJoinPointBooleanResult = currentThreadForJoinPointTrusts.get();
if (currentJoinPointBooleanResult != null && currentJoinPointBooleanResult.getSignature().equals(joinPointSignature)) {
return currentJoinPointBooleanResult.getBooleanResult();
}
return false;
}
static boolean isAllowedInvokerResultTrueForJoinPointSignature(final ISignature joinPointSignature) {
final CurrentJoinPointBooleanResult currentJoinPointBooleanResult = currentThreadForJoinPointInvokers.get();
if (currentJoinPointBooleanResult != null && currentJoinPointBooleanResult.getSignature().equals(joinPointSignature)) {
return currentJoinPointBooleanResult.getBooleanResult();
}
return false;
}
static boolean shouldBeShallowlyVerified() {
if (currentThreadDepthAccessStack.get() != null && !currentThreadDepthAccessStack.get().isEmpty()) {
return currentThreadDepthAccessStack.get().peek().isShallow();
}
return false;
}
static void registerForcedJoinPoint(final IJoinPoint joinPoint) {
currentThreadJoinPointForced.set(new Pair(joinPoint, Boolean.TRUE));
}
static void unregisterForcedJoinPoint(final IJoinPoint joinPoint) {
if (currentThreadJoinPointForced.get() != null && currentThreadJoinPointForced.get().getKey().equals(joinPoint)) {
currentThreadJoinPointForced.remove();
}
}
/**
*
* @param joinPoint
* @return Returns true if in the pair having the information about forced accesses, the key is the value passed in as parameter, and the value is true. It
* returns false otherwise.
*/
static boolean isForced(final IJoinPoint joinPoint) {
if (currentThreadJoinPointForced.get() != null && currentThreadJoinPointForced.get().getKey().equals(joinPoint)) {
return currentThreadJoinPointForced.get().getValue();
}
return false;
}
static class CurrentJoinPointBooleanResult {
private ISignature signature;
private boolean booleanResult;
/**
* @param signature
* @param trustResult
*/
public CurrentJoinPointBooleanResult(final ISignature signature, final boolean booleanResult) {
super();
this.signature = signature;
this.booleanResult = booleanResult;
}
/**
* @return the signature
*/
public ISignature getSignature() {
return signature;
}
/**
* @param signature
* the signature to set
*/
public void setSignature(ISignature signature) {
this.signature = signature;
}
/**
* @return the booleanResult
*/
boolean getBooleanResult() {
return booleanResult;
}
/**
* @param booleanResult
* the booleanResult to set
*/
void setBooleanResult(final boolean booleanResult) {
this.booleanResult = booleanResult;
}
}
}