Search in sources :

Example 91 with MethodSignature

use of org.aspectj.lang.reflect.MethodSignature in project herd by FINRAOS.

the class NamespaceSecurityAdviceTest method checkPermissionAssertAccessDeniedWhenPrincipalIsNotSecurityUserWrapper.

@Test
public void checkPermissionAssertAccessDeniedWhenPrincipalIsNotSecurityUserWrapper() throws Exception {
    // Mock a join point of the method call
    // mockMethod("foo");
    JoinPoint joinPoint = mock(JoinPoint.class);
    MethodSignature methodSignature = mock(MethodSignature.class);
    Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethod", String.class);
    when(methodSignature.getParameterNames()).thenReturn(new String[] { "namespace" });
    when(methodSignature.getMethod()).thenReturn(method);
    when(joinPoint.getSignature()).thenReturn(methodSignature);
    when(joinPoint.getArgs()).thenReturn(new Object[] { "foo" });
    SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("streetcreds", null));
    try {
        namespaceSecurityAdvice.checkPermission(joinPoint);
        fail();
    } catch (Exception e) {
        assertEquals(AccessDeniedException.class, e.getClass());
        assertEquals("Current user does not have \"[READ]\" permission(s) to the namespace \"foo\"", e.getMessage());
    }
}
Also used : AccessDeniedException(org.springframework.security.access.AccessDeniedException) MethodSignature(org.aspectj.lang.reflect.MethodSignature) Method(java.lang.reflect.Method) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) AccessDeniedException(org.springframework.security.access.AccessDeniedException) JoinPoint(org.aspectj.lang.JoinPoint) AbstractServiceTest(org.finra.herd.service.AbstractServiceTest) Test(org.junit.Test)

Example 92 with MethodSignature

use of org.aspectj.lang.reflect.MethodSignature in project herd by FINRAOS.

the class NamespaceSecurityAdviceTest method checkPermissionAssertAccessDeniedWhenCurrentUserHasNullPermissions.

@Test
public void checkPermissionAssertAccessDeniedWhenCurrentUserHasNullPermissions() throws Exception {
    // Mock a join point of the method call
    // mockMethod("foo");
    JoinPoint joinPoint = mock(JoinPoint.class);
    MethodSignature methodSignature = mock(MethodSignature.class);
    Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethod", String.class);
    when(methodSignature.getParameterNames()).thenReturn(new String[] { "namespace" });
    when(methodSignature.getMethod()).thenReturn(method);
    when(joinPoint.getSignature()).thenReturn(methodSignature);
    when(joinPoint.getArgs()).thenReturn(new Object[] { "foo" });
    String userId = "userId";
    ApplicationUser applicationUser = new ApplicationUser(getClass());
    applicationUser.setUserId(userId);
    applicationUser.setNamespaceAuthorizations(new HashSet<>());
    applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("foo", null));
    SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(userId, "", false, false, false, false, Arrays.asList(), applicationUser), null));
    try {
        namespaceSecurityAdvice.checkPermission(joinPoint);
        fail();
    } catch (Exception e) {
        assertEquals(AccessDeniedException.class, e.getClass());
        assertEquals(String.format("User \"%s\" does not have \"[READ]\" permission(s) to the namespace \"foo\"", userId), e.getMessage());
    }
}
Also used : ApplicationUser(org.finra.herd.model.dto.ApplicationUser) AccessDeniedException(org.springframework.security.access.AccessDeniedException) MethodSignature(org.aspectj.lang.reflect.MethodSignature) SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper) NamespaceAuthorization(org.finra.herd.model.api.xml.NamespaceAuthorization) Method(java.lang.reflect.Method) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) AccessDeniedException(org.springframework.security.access.AccessDeniedException) JoinPoint(org.aspectj.lang.JoinPoint) AbstractServiceTest(org.finra.herd.service.AbstractServiceTest) Test(org.junit.Test)

Example 93 with MethodSignature

use of org.aspectj.lang.reflect.MethodSignature in project herd by FINRAOS.

the class NamespaceSecurityAdviceTest method checkPermissionAssertAccessDeniedWhenCurrentUserHasWrongPermissionType.

/**
 * Test the case where user has the namespace but does not have the permission
 */
@Test
public void checkPermissionAssertAccessDeniedWhenCurrentUserHasWrongPermissionType() throws Exception {
    // Mock a join point of the method call
    // mockMethod("foo");
    JoinPoint joinPoint = mock(JoinPoint.class);
    MethodSignature methodSignature = mock(MethodSignature.class);
    Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethod", String.class);
    when(methodSignature.getParameterNames()).thenReturn(new String[] { "namespace" });
    when(methodSignature.getMethod()).thenReturn(method);
    when(joinPoint.getSignature()).thenReturn(methodSignature);
    when(joinPoint.getArgs()).thenReturn(new Object[] { "foo" });
    String userId = "userId";
    ApplicationUser applicationUser = new ApplicationUser(getClass());
    applicationUser.setUserId(userId);
    applicationUser.setNamespaceAuthorizations(new HashSet<>());
    // User has WRITE permissions, but the method requires READ
    applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("foo", Arrays.asList(NamespacePermissionEnum.WRITE)));
    SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(userId, "", false, false, false, false, Arrays.asList(), applicationUser), null));
    try {
        namespaceSecurityAdvice.checkPermission(joinPoint);
        fail();
    } catch (Exception e) {
        assertEquals(AccessDeniedException.class, e.getClass());
        assertEquals(String.format("User \"%s\" does not have \"[READ]\" permission(s) to the namespace \"foo\"", userId), e.getMessage());
    }
}
Also used : ApplicationUser(org.finra.herd.model.dto.ApplicationUser) AccessDeniedException(org.springframework.security.access.AccessDeniedException) MethodSignature(org.aspectj.lang.reflect.MethodSignature) SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper) NamespaceAuthorization(org.finra.herd.model.api.xml.NamespaceAuthorization) Method(java.lang.reflect.Method) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) AccessDeniedException(org.springframework.security.access.AccessDeniedException) JoinPoint(org.aspectj.lang.JoinPoint) AbstractServiceTest(org.finra.herd.service.AbstractServiceTest) Test(org.junit.Test)

Example 94 with MethodSignature

use of org.aspectj.lang.reflect.MethodSignature in project herd by FINRAOS.

the class NamespaceSecurityAdvice method checkPermission.

/**
 * Check permission on the service methods before the execution. The method is expected to throw AccessDeniedException if current user does not have the
 * permissions.
 *
 * @param joinPoint The join point
 */
@Before("serviceMethods()")
public void checkPermission(JoinPoint joinPoint) {
    MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature();
    Method method = methodSignature.getMethod();
    List<NamespacePermission> namespacePermissions = new ArrayList<>();
    if (method.isAnnotationPresent(NamespacePermissions.class)) {
        namespacePermissions.addAll(Arrays.asList(method.getAnnotation(NamespacePermissions.class).value()));
    } else if (method.isAnnotationPresent(NamespacePermission.class)) {
        namespacePermissions.add(method.getAnnotation(NamespacePermission.class));
    }
    if (!namespacePermissions.isEmpty()) {
        String[] parameterNames = methodSignature.getParameterNames();
        Object[] args = joinPoint.getArgs();
        Map<String, Object> variables = new HashMap<>();
        for (int i = 0; i < parameterNames.length; i++) {
            variables.put(parameterNames[i], args[i]);
        }
        List<AccessDeniedException> accessDeniedExceptions = new ArrayList<>();
        for (NamespacePermission namespacePermission : namespacePermissions) {
            for (String field : namespacePermission.fields()) {
                try {
                    namespaceSecurityHelper.checkPermission(spelExpressionHelper.evaluate(field, Object.class, variables), namespacePermission.permissions());
                } catch (AccessDeniedException accessDeniedException) {
                    accessDeniedExceptions.add(accessDeniedException);
                }
            }
        }
        if (!accessDeniedExceptions.isEmpty()) {
            throw namespaceSecurityHelper.getAccessDeniedException(accessDeniedExceptions);
        }
    }
}
Also used : AccessDeniedException(org.springframework.security.access.AccessDeniedException) MethodSignature(org.aspectj.lang.reflect.MethodSignature) NamespacePermissions(org.finra.herd.model.annotation.NamespacePermissions) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) Method(java.lang.reflect.Method) JoinPoint(org.aspectj.lang.JoinPoint) NamespacePermission(org.finra.herd.model.annotation.NamespacePermission) Before(org.aspectj.lang.annotation.Before)

Example 95 with MethodSignature

use of org.aspectj.lang.reflect.MethodSignature in project herd by FINRAOS.

the class CheckAllowedMethodAdvice method checkNotAllowedMethods.

/**
 * Checks whether the requested operation is permitted.
 *
 * @param pjp the join point.
 *
 * @return the return value of the method at the join point.
 * @throws Throwable if any errors were encountered.
 */
@SuppressWarnings("rawtypes")
public Object checkNotAllowedMethods(ProceedingJoinPoint pjp) throws Throwable {
    // Get the method name being invoked.
    Class targetClass = pjp.getTarget().getClass();
    MethodSignature targetMethodSignature = (MethodSignature) pjp.getSignature();
    String methodName = targetClass.getName() + "." + targetMethodSignature.getName();
    configurationDaoHelper.checkNotAllowedMethod(methodName);
    return pjp.proceed();
}
Also used : MethodSignature(org.aspectj.lang.reflect.MethodSignature)

Aggregations

MethodSignature (org.aspectj.lang.reflect.MethodSignature)116 Method (java.lang.reflect.Method)95 Around (org.aspectj.lang.annotation.Around)43 JoinPoint (org.aspectj.lang.JoinPoint)30 AccessDeniedException (org.springframework.security.access.AccessDeniedException)26 AbstractServiceTest (org.finra.herd.service.AbstractServiceTest)25 Test (org.junit.Test)25 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)24 SecurityUserWrapper (org.finra.herd.model.dto.SecurityUserWrapper)22 ApplicationUser (org.finra.herd.model.dto.ApplicationUser)21 NamespaceAuthorization (org.finra.herd.model.api.xml.NamespaceAuthorization)14 ProceedingJoinPoint (org.aspectj.lang.ProceedingJoinPoint)13 Signature (org.aspectj.lang.Signature)13 Annotation (java.lang.annotation.Annotation)10 ArrayList (java.util.ArrayList)3 HashMap (java.util.HashMap)3 ApsSystemException (com.agiletec.aps.system.exception.ApsSystemException)2 List (java.util.List)2 Tick (mysh.util.Tick)2 Ignite (org.apache.ignite.Ignite)2