com.linkare.zas.aspectj.ZasPointcuts.aj Maven / Gradle / Ivy
package com.linkare.zas.aspectj;
import org.aspectj.lang.annotation.SuppressAjWarnings;
import com.linkare.zas.annotation.AccessControlPolicy;
import com.linkare.zas.annotation.AccessControlled;
import com.linkare.zas.annotation.AccessControls;
import com.linkare.zas.annotation.Forced;
import com.linkare.zas.annotation.NotAccessControlled;
import com.linkare.zas.annotation.Privileged;
/**
*
* @author Paulo Zenida - Linkare TI
*
*/
public final aspect ZasPointcuts {
/**
* It defines which methods executions should be under Zás access controlled. This pointcut states that all non private methods having the
* AccessControlled annotation should be access controlled.
*/
public pointcut accessToControlledMethods(final AccessControlled accessControlled) :
execution(@AccessControlled !private * *..*(..)) &&
@annotation(accessControlled);
public pointcut accessControlsInMethods(final AccessControls accessControls) :
execution(@AccessControls !private * *..*(..)) &&
@annotation(accessControls);
/**
* It defines which constructors executions should be under Zás access controlled. This pointcut states that all non private constructors having the
* AccessControlled annotation should be access controlled.
*/
public pointcut accessToControlledConstructors(final AccessControlled accessControlled) :
execution(@AccessControlled !private *..new(..)) &&
@annotation(accessControlled);
public pointcut accessControlsInConstructors(final AccessControls accessControls) :
execution(@AccessControls !private *..new(..)) &&
@annotation(accessControls);
public pointcut accessToControlledSets(final AccessControlled accessControlled) :
set(@AccessControlled * *) &&
@annotation(accessControlled);
public pointcut accessControlsInSets(final AccessControls accessControls) :
set(@AccessControls * *) &&
@annotation(accessControls);
public pointcut accessToControlledGets(final AccessControlled accessControlled) :
get(@AccessControlled * *) &&
@annotation(accessControlled);
public pointcut accessControlsInGets(final AccessControls accessControls) :
get(@AccessControls * *) &&
@annotation(accessControls);
/**
* The definition of all protected objects accesses that must be captured.
*
* @see accessToControlledMethods()
* @see accessToControlledConstructors()
*/
public pointcut accessToControlledObjects(final AccessControlled accessControlled) :
accessToControlledMethods(accessControlled) ||
accessToControlledConstructors(accessControlled);
public pointcut accessControlsInObjects(final AccessControls accessControls) :
accessControlsInMethods(accessControls) ||
accessControlsInConstructors(accessControls);
/**
* The definition of all protected objects containing the annotation @ForcedRequirement.
*
* @see accessToControlledObjects()
*/
public pointcut forcedProtectedObjects(final AccessControlled accessControlled, final Forced forced) :
accessToControlledObjects(accessControlled) &&
@annotation(forced);
/**
* It defines the privileged accesses, i.e., the points in the code where the access control should be bypassed. This pointcut states that in control flow
* of all executions of methods or constructors having the annotation Privileged, or in the control flow of executions of methods or
* constructors in types having the annotation Privileged should be privileged.
*/
public pointcut privilegedAccess() :
cflowbelow(execution(* (@Privileged *..*).*(..))) ||
cflowbelow(execution((@Privileged *..*).new(..))) ||
cflowbelow(execution(@Privileged * *..*.*(..))) ||
cflowbelow(execution(@Privileged *..*.new(..)));
public pointcut accessToNotControlledMethods() :
execution(@NotAccessControlled * *..*(..));
public pointcut accessToNotControlledConstructors() :
execution(@NotAccessControlled *..new(..));
public pointcut accessToNotControlledSets() :
set(@NotAccessControlled * *);
public pointcut accessToNotControlledGets() :
get(@NotAccessControlled * *);
/**
* It defines all not explicitly defined not protected objects. This pointcut states that all methods or constructors executions, or sets or gets to fields
* having the annotation NotAccessControlled should be not access controlled, which means that no access control rule is required in order to
* access it. This mechanism is useful, when using propagation of access control requirements from a type to its methods, constructors and fields, since it
* states which resources should not inherit the type's requirements.
*/
public pointcut notAccessControlledAccess() :
accessToNotControlledMethods() ||
accessToNotControlledConstructors() ||
accessToNotControlledSets() ||
accessToNotControlledGets();
/**
* It defines the context in which the access control checking must be always checked, no matter what has been defined in previous layers of the execution
* stack.
*/
@SuppressAjWarnings("adviceDidNotMatch")
public pointcut forcedContext() :
execution(@Forced * *..*(..)) ||
execution(@Forced *..*.new(..)) ||
get(@Forced * *..*.*) ||
set(@Forced * *..*.*);
/**
* It defines the types which have the annotation AccessControlled
*
* @param accessControlled
* The accessControlled annotation defined in this type.
*/
public pointcut accessControlledTypes(final AccessControlled accessControlled) :
within(@AccessControlled *) &&
@this(accessControlled);
public pointcut accessControlsInTypes(final AccessControls accessControls) :
within(@AccessControls *) &&
@this(accessControls);
public pointcut accessControlledInheritedAccess() :
execution(@AccessControlled(isInherited = true) * *..*(..)) ||
execution(@AccessControlled(isInherited = true) *..*.new(..)) ||
get(@AccessControlled(isInherited = true) * *..*.*) ||
set(@AccessControlled(isInherited = true) * *..*.*);
public pointcut accessControlsInheritedAccess() :
execution(@AccessControls(isInherited = true) * *..*(..)) ||
execution(@AccessControls(isInherited = true) *..*.new(..)) ||
get(@AccessControls(isInherited = true) * *..*.*) ||
set(@AccessControls(isInherited = true) * *..*.*);
// Violation pointcuts
public pointcut accessControlledAndNotAccessControlledJoinpoints() :
execution(@AccessControlled @NotAccessControlled * *..*(..)) ||
execution(@AccessControlled @NotAccessControlled *..new(..)) ||
set(@AccessControlled @NotAccessControlled * *..*) ||
get(@AccessControlled @NotAccessControlled * *..*);
public pointcut accessControlsWithAccessControlled() :
execution(@AccessControls @AccessControlled * *..*(..)) ||
execution(@AccessControls @AccessControlled *..new(..)) ||
set(@AccessControls @AccessControlled * *..*) ||
get(@AccessControls @AccessControlled * *..*);
public pointcut accessControlledAndNotAccessControlledTypes() :
within(@AccessControlled @NotAccessControlled *);
public pointcut accessControlsAndNotAccessControlledTypes() :
within(@AccessControls @NotAccessControlled *);
public pointcut accessControlledInheritedWithoutAccessControlledType() :
!within(@AccessControlled *) &&
(execution(@AccessControlled(isInherited = true) * *..*(..)) ||
execution(@AccessControlled(isInherited = true) *..*.new(..)) ||
set(@AccessControlled(isInherited = true) * *..*) ||
get(@AccessControlled(isInherited = true) * *..*));
public pointcut accessControlsInheritedWithoutAccessControlledType() :
!within(@AccessControls *) &&
(execution(@AccessControls(isInherited = true) * *..*(..)) ||
execution(@AccessControls(isInherited = true) *..*.new(..)) ||
set(@AccessControls(isInherited = true) * *..*) ||
get(@AccessControls(isInherited = true) * *..*));
public pointcut accessControlPolicyWithNoAccessControlled() :
execution(@AccessControlPolicy !@AccessControlled * *..*.*(..)) ||
execution(@AccessControlPolicy !@AccessControlled *..*.new(..)) ||
set(@AccessControlPolicy !@AccessControlled * *..*) ||
get(@AccessControlPolicy !@AccessControlled * *..*);
}