use of org.aspectj.lang.reflect.MethodSignature in project herd by FINRAOS.
the class NamespaceSecurityAdviceTest method checkPermissionAssertAccessDeniedWhenPrincipalIsNotSecurityUserWrapper.
@Test
public void checkPermissionAssertAccessDeniedWhenPrincipalIsNotSecurityUserWrapper() throws Exception {
// Mock a join point of the method call
// mockMethod("foo");
JoinPoint joinPoint = mock(JoinPoint.class);
MethodSignature methodSignature = mock(MethodSignature.class);
Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethod", String.class);
when(methodSignature.getParameterNames()).thenReturn(new String[] { "namespace" });
when(methodSignature.getMethod()).thenReturn(method);
when(joinPoint.getSignature()).thenReturn(methodSignature);
when(joinPoint.getArgs()).thenReturn(new Object[] { "foo" });
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("streetcreds", null));
try {
namespaceSecurityAdvice.checkPermission(joinPoint);
fail();
} catch (Exception e) {
assertEquals(AccessDeniedException.class, e.getClass());
assertEquals("Current user does not have \"[READ]\" permission(s) to the namespace \"foo\"", e.getMessage());
}
}
use of org.aspectj.lang.reflect.MethodSignature in project herd by FINRAOS.
the class NamespaceSecurityAdviceTest method checkPermissionAssertAccessDeniedWhenCurrentUserHasNullPermissions.
@Test
public void checkPermissionAssertAccessDeniedWhenCurrentUserHasNullPermissions() throws Exception {
// Mock a join point of the method call
// mockMethod("foo");
JoinPoint joinPoint = mock(JoinPoint.class);
MethodSignature methodSignature = mock(MethodSignature.class);
Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethod", String.class);
when(methodSignature.getParameterNames()).thenReturn(new String[] { "namespace" });
when(methodSignature.getMethod()).thenReturn(method);
when(joinPoint.getSignature()).thenReturn(methodSignature);
when(joinPoint.getArgs()).thenReturn(new Object[] { "foo" });
String userId = "userId";
ApplicationUser applicationUser = new ApplicationUser(getClass());
applicationUser.setUserId(userId);
applicationUser.setNamespaceAuthorizations(new HashSet<>());
applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("foo", null));
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(userId, "", false, false, false, false, Arrays.asList(), applicationUser), null));
try {
namespaceSecurityAdvice.checkPermission(joinPoint);
fail();
} catch (Exception e) {
assertEquals(AccessDeniedException.class, e.getClass());
assertEquals(String.format("User \"%s\" does not have \"[READ]\" permission(s) to the namespace \"foo\"", userId), e.getMessage());
}
}
use of org.aspectj.lang.reflect.MethodSignature in project herd by FINRAOS.
the class NamespaceSecurityAdviceTest method checkPermissionAssertAccessDeniedWhenCurrentUserHasWrongPermissionType.
/**
* Test the case where user has the namespace but does not have the permission
*/
@Test
public void checkPermissionAssertAccessDeniedWhenCurrentUserHasWrongPermissionType() throws Exception {
// Mock a join point of the method call
// mockMethod("foo");
JoinPoint joinPoint = mock(JoinPoint.class);
MethodSignature methodSignature = mock(MethodSignature.class);
Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethod", String.class);
when(methodSignature.getParameterNames()).thenReturn(new String[] { "namespace" });
when(methodSignature.getMethod()).thenReturn(method);
when(joinPoint.getSignature()).thenReturn(methodSignature);
when(joinPoint.getArgs()).thenReturn(new Object[] { "foo" });
String userId = "userId";
ApplicationUser applicationUser = new ApplicationUser(getClass());
applicationUser.setUserId(userId);
applicationUser.setNamespaceAuthorizations(new HashSet<>());
// User has WRITE permissions, but the method requires READ
applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("foo", Arrays.asList(NamespacePermissionEnum.WRITE)));
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(userId, "", false, false, false, false, Arrays.asList(), applicationUser), null));
try {
namespaceSecurityAdvice.checkPermission(joinPoint);
fail();
} catch (Exception e) {
assertEquals(AccessDeniedException.class, e.getClass());
assertEquals(String.format("User \"%s\" does not have \"[READ]\" permission(s) to the namespace \"foo\"", userId), e.getMessage());
}
}
use of org.aspectj.lang.reflect.MethodSignature in project herd by FINRAOS.
the class NamespaceSecurityAdvice method checkPermission.
/**
* Check permission on the service methods before the execution. The method is expected to throw AccessDeniedException if current user does not have the
* permissions.
*
* @param joinPoint The join point
*/
@Before("serviceMethods()")
public void checkPermission(JoinPoint joinPoint) {
MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature();
Method method = methodSignature.getMethod();
List<NamespacePermission> namespacePermissions = new ArrayList<>();
if (method.isAnnotationPresent(NamespacePermissions.class)) {
namespacePermissions.addAll(Arrays.asList(method.getAnnotation(NamespacePermissions.class).value()));
} else if (method.isAnnotationPresent(NamespacePermission.class)) {
namespacePermissions.add(method.getAnnotation(NamespacePermission.class));
}
if (!namespacePermissions.isEmpty()) {
String[] parameterNames = methodSignature.getParameterNames();
Object[] args = joinPoint.getArgs();
Map<String, Object> variables = new HashMap<>();
for (int i = 0; i < parameterNames.length; i++) {
variables.put(parameterNames[i], args[i]);
}
List<AccessDeniedException> accessDeniedExceptions = new ArrayList<>();
for (NamespacePermission namespacePermission : namespacePermissions) {
for (String field : namespacePermission.fields()) {
try {
namespaceSecurityHelper.checkPermission(spelExpressionHelper.evaluate(field, Object.class, variables), namespacePermission.permissions());
} catch (AccessDeniedException accessDeniedException) {
accessDeniedExceptions.add(accessDeniedException);
}
}
}
if (!accessDeniedExceptions.isEmpty()) {
throw namespaceSecurityHelper.getAccessDeniedException(accessDeniedExceptions);
}
}
}
use of org.aspectj.lang.reflect.MethodSignature in project herd by FINRAOS.
the class CheckAllowedMethodAdvice method checkNotAllowedMethods.
/**
* Checks whether the requested operation is permitted.
*
* @param pjp the join point.
*
* @return the return value of the method at the join point.
* @throws Throwable if any errors were encountered.
*/
@SuppressWarnings("rawtypes")
public Object checkNotAllowedMethods(ProceedingJoinPoint pjp) throws Throwable {
// Get the method name being invoked.
Class targetClass = pjp.getTarget().getClass();
MethodSignature targetMethodSignature = (MethodSignature) pjp.getSignature();
String methodName = targetClass.getName() + "." + targetMethodSignature.getName();
configurationDaoHelper.checkNotAllowedMethod(methodName);
return pjp.proceed();
}
Aggregations