Example 31 with MethodSignature
use of org.aspectj.lang.reflect.MethodSignature in project herd by FINRAOS.
the class NamespaceSecurityAdviceTest method checkPermissionAssertAccessDeniedWhenCurrentUserHasNoAnyRequiredPermissions.
@Test
public void checkPermissionAssertAccessDeniedWhenCurrentUserHasNoAnyRequiredPermissions() throws Exception {
// Mock a join point of the method call
// mockMethod("foo");
JoinPoint joinPoint = mock(JoinPoint.class);
MethodSignature methodSignature = mock(MethodSignature.class);
Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethodMultiplePermissions", String.class);
when(methodSignature.getParameterNames()).thenReturn(new String[] { "namespace" });
when(methodSignature.getMethod()).thenReturn(method);
when(joinPoint.getSignature()).thenReturn(methodSignature);
when(joinPoint.getArgs()).thenReturn(new Object[] { "foo" });
String userId = "userId";
ApplicationUser applicationUser = new ApplicationUser(getClass());
applicationUser.setUserId(userId);
applicationUser.setNamespaceAuthorizations(new HashSet<>());
applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("foo", Arrays.asList(NamespacePermissionEnum.WRITE_DESCRIPTIVE_CONTENT)));
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(userId, "", false, false, false, false, Arrays.asList(), applicationUser), null));
try {
namespaceSecurityAdvice.checkPermission(joinPoint);
fail();
} catch (Exception e) {
assertEquals(AccessDeniedException.class, e.getClass());
assertEquals(String.format("User \"%s\" does not have \"[READ OR WRITE]\" permission(s) to the namespace \"foo\"", userId), e.getMessage());
}
}
Also used :
ApplicationUser(org.finra.herd.model.dto.ApplicationUser)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
MethodSignature(org.aspectj.lang.reflect.MethodSignature)
SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper)
NamespaceAuthorization(org.finra.herd.model.api.xml.NamespaceAuthorization)
Method(java.lang.reflect.Method)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
JoinPoint(org.aspectj.lang.JoinPoint)
AbstractServiceTest(org.finra.herd.service.AbstractServiceTest)
Test(org.junit.Test)
Example 32 with MethodSignature
use of org.aspectj.lang.reflect.MethodSignature in project herd by FINRAOS.
the class NamespaceSecurityAdviceTest method checkPermissionAssertMultipleAccessDeniedExceptionsAreGatheredIntoSingleMessageWhenMultipleAnnotations.
@Test
public void checkPermissionAssertMultipleAccessDeniedExceptionsAreGatheredIntoSingleMessageWhenMultipleAnnotations() throws Exception {
// Mock a join point of the method call
// mockMethodMultipleAnnotations("namespace1", "namespace2");
JoinPoint joinPoint = mock(JoinPoint.class);
MethodSignature methodSignature = mock(MethodSignature.class);
Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethodMultipleAnnotations", String.class, String.class);
when(methodSignature.getParameterNames()).thenReturn(new String[] { "namespace1", "namespace2" });
when(methodSignature.getMethod()).thenReturn(method);
when(joinPoint.getSignature()).thenReturn(methodSignature);
when(joinPoint.getArgs()).thenReturn(new Object[] { "foo", "bar" });
String userId = "userId";
ApplicationUser applicationUser = new ApplicationUser(getClass());
applicationUser.setUserId(userId);
applicationUser.setNamespaceAuthorizations(new HashSet<>());
// User has no permissions
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(userId, "", false, false, false, false, Arrays.asList(), applicationUser), null));
try {
namespaceSecurityAdvice.checkPermission(joinPoint);
fail();
} catch (Exception e) {
assertEquals(AccessDeniedException.class, e.getClass());
assertEquals(String.format("User \"%s\" does not have \"[READ]\" permission(s) to the namespace \"foo\"%n" + "User \"%s\" does not have \"[WRITE]\" permission(s) to the namespace \"bar\"", userId, userId), e.getMessage());
}
}
Also used :
ApplicationUser(org.finra.herd.model.dto.ApplicationUser)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
MethodSignature(org.aspectj.lang.reflect.MethodSignature)
SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper)
Method(java.lang.reflect.Method)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
JoinPoint(org.aspectj.lang.JoinPoint)
AbstractServiceTest(org.finra.herd.service.AbstractServiceTest)
Test(org.junit.Test)
Example 33 with MethodSignature
use of org.aspectj.lang.reflect.MethodSignature in project herd by FINRAOS.
the class NamespaceSecurityAdviceTest method checkPermissionAssertNoErrorWhenUserHasMultiplePermissions.
@Test
public void checkPermissionAssertNoErrorWhenUserHasMultiplePermissions() throws Exception {
// Mock a join point of the method call
// mockMethod("foo");
JoinPoint joinPoint = mock(JoinPoint.class);
MethodSignature methodSignature = mock(MethodSignature.class);
Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethod", String.class);
when(methodSignature.getMethod()).thenReturn(method);
when(methodSignature.getParameterNames()).thenReturn(new String[] { "namespace" });
when(joinPoint.getSignature()).thenReturn(methodSignature);
when(joinPoint.getArgs()).thenReturn(new Object[] { "foo" });
String userId = "userId";
ApplicationUser applicationUser = new ApplicationUser(getClass());
applicationUser.setUserId(userId);
applicationUser.setNamespaceAuthorizations(new HashSet<>());
applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("foo", Arrays.asList(NamespacePermissionEnum.READ, NamespacePermissionEnum.WRITE)));
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(userId, "", false, false, false, false, Arrays.asList(), applicationUser), null));
try {
namespaceSecurityAdvice.checkPermission(joinPoint);
} catch (AccessDeniedException e) {
fail();
}
}
Also used :
ApplicationUser(org.finra.herd.model.dto.ApplicationUser)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
MethodSignature(org.aspectj.lang.reflect.MethodSignature)
SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper)
NamespaceAuthorization(org.finra.herd.model.api.xml.NamespaceAuthorization)
Method(java.lang.reflect.Method)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
JoinPoint(org.aspectj.lang.JoinPoint)
AbstractServiceTest(org.finra.herd.service.AbstractServiceTest)
Test(org.junit.Test)
Example 34 with MethodSignature
use of org.aspectj.lang.reflect.MethodSignature in project herd by FINRAOS.
the class NamespaceSecurityAdviceTest method checkPermissionAssertNoExceptionWhenNull.
/**
* Assert no access denied exception when parameter value is null.
*/
@Test
public void checkPermissionAssertNoExceptionWhenNull() throws Exception {
// Mock a join point of the method call
// mockMethod(null);
JoinPoint joinPoint = mock(JoinPoint.class);
MethodSignature methodSignature = mock(MethodSignature.class);
Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethod", String.class);
when(methodSignature.getParameterNames()).thenReturn(new String[] { "namespace" });
when(methodSignature.getMethod()).thenReturn(method);
when(joinPoint.getSignature()).thenReturn(methodSignature);
when(joinPoint.getArgs()).thenReturn(new Object[] { null });
String userId = "userId";
ApplicationUser applicationUser = new ApplicationUser(getClass());
applicationUser.setUserId(userId);
applicationUser.setNamespaceAuthorizations(new HashSet<>());
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(userId, "", false, false, false, false, Arrays.asList(), applicationUser), null));
try {
namespaceSecurityAdvice.checkPermission(joinPoint);
} catch (AccessDeniedException e) {
fail();
}
}
Also used :
ApplicationUser(org.finra.herd.model.dto.ApplicationUser)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
MethodSignature(org.aspectj.lang.reflect.MethodSignature)
SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper)
Method(java.lang.reflect.Method)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
JoinPoint(org.aspectj.lang.JoinPoint)
AbstractServiceTest(org.finra.herd.service.AbstractServiceTest)
Test(org.junit.Test)
Example 35 with MethodSignature
use of org.aspectj.lang.reflect.MethodSignature in project vip by guangdada.
the class LogAop method handle.
private void handle(ProceedingJoinPoint point) throws Exception {
// 获取拦截的方法名
Signature sig = point.getSignature();
MethodSignature msig = null;
if (!(sig instanceof MethodSignature)) {
throw new IllegalArgumentException("该注解只能用于方法");
}
msig = (MethodSignature) sig;
Object target = point.getTarget();
Method currentMethod = target.getClass().getMethod(msig.getName(), msig.getParameterTypes());
String methodName = currentMethod.getName();
// 如果当前用户未登录,不做日志
ShiroUser user = ShiroKit.getUser();
if (null == user) {
return;
}
// 获取拦截方法的参数
String className = point.getTarget().getClass().getName();
Object[] params = point.getArgs();
// 获取操作名称
BussinessLog annotation = currentMethod.getAnnotation(BussinessLog.class);
String bussinessName = annotation.value();
String key = annotation.key();
String dictClass = annotation.dict();
StringBuilder sb = new StringBuilder();
for (Object param : params) {
sb.append(param);
sb.append(" & ");
}
// 如果涉及到修改,比对变化
String msg;
if (bussinessName.indexOf("修改") != -1 || bussinessName.indexOf("编辑") != -1) {
Object obj1 = LogObjectHolder.me().get();
Map<String, String> obj2 = HttpKit.getRequestParameters();
msg = Contrast.contrastObj(dictClass, key, obj1, obj2);
} else {
Map<String, String> parameters = HttpKit.getRequestParameters();
AbstractDictMap dictMap = DictMapFactory.createDictMap(dictClass);
msg = Contrast.parseMutiKey(dictMap, key, parameters);
}
LogManager.me().executeLog(LogTaskFactory.bussinessLog(user.getId(), bussinessName, className, methodName, msg));
}
Also used :
MethodSignature(org.aspectj.lang.reflect.MethodSignature)
AbstractDictMap(com.ikoori.vip.common.constant.dictmap.base.AbstractDictMap)
Signature(org.aspectj.lang.Signature)
MethodSignature(org.aspectj.lang.reflect.MethodSignature)
ShiroUser(com.ikoori.vip.server.core.shiro.ShiroUser)
Method(java.lang.reflect.Method)
BussinessLog(com.ikoori.vip.common.annotion.log.BussinessLog)
Aggregations
MethodSignature (org.aspectj.lang.reflect.MethodSignature)116
Method (java.lang.reflect.Method)95
Around (org.aspectj.lang.annotation.Around)43
JoinPoint (org.aspectj.lang.JoinPoint)30
AccessDeniedException (org.springframework.security.access.AccessDeniedException)26
AbstractServiceTest (org.finra.herd.service.AbstractServiceTest)25
Test (org.junit.Test)25
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)24
SecurityUserWrapper (org.finra.herd.model.dto.SecurityUserWrapper)22
ApplicationUser (org.finra.herd.model.dto.ApplicationUser)21
NamespaceAuthorization (org.finra.herd.model.api.xml.NamespaceAuthorization)14
ProceedingJoinPoint (org.aspectj.lang.ProceedingJoinPoint)13
Signature (org.aspectj.lang.Signature)13
Annotation (java.lang.annotation.Annotation)10
ArrayList (java.util.ArrayList)3
HashMap (java.util.HashMap)3
ApsSystemException (com.agiletec.aps.system.exception.ApsSystemException)2
List (java.util.List)2
Tick (mysh.util.Tick)2
Ignite (org.apache.ignite.Ignite)2
