Issue #24: Annotationen für formularbasierte Berechtigungsprüfung

author: Paul-Christian Volkmer 2023-04-10 14:56:15 +0200
committer: Paul-Christian Volkmer 2023-04-10 14:56:15 +0200
commit: f2dc5b014d68fa61bacd5f9928eedd0c4c882070 (patch)
tree: d55fb3058d5f1b545b28339e65659922c7824de7 /src/main
parent: 5b9b12afc9ed29d005442b3a18a45b9a3104ad84 (diff)
4 files changed, 81 insertions, 2 deletions
diff --git a/src/main/java/DNPM/security/FormBasedSecurityAspects.java b/src/main/java/DNPM/security/FormBasedSecurityAspects.java
new file mode 100644
index 0000000..3dea944
--- /dev/null
+++ b/src/main/java/DNPM/security/FormBasedSecurityAspects.java
@@ -0,0 +1,51 @@
+package DNPM.security;
+
+import de.itc.onkostar.api.Procedure;
+import org.aspectj.lang.JoinPoint;
+import org.aspectj.lang.annotation.AfterReturning;
+import org.aspectj.lang.annotation.Aspect;
+import org.aspectj.lang.annotation.Before;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+
+import java.util.Arrays;
+
+@Component
+@Aspect
+public class FormBasedSecurityAspects {
+
+    private final Logger logger = LoggerFactory.getLogger(this.getClass());
+
+    private final FormBasedPermissionEvaluator permissionEvaluator;
+
+    public FormBasedSecurityAspects(
+            final FormBasedPermissionEvaluator permissionEvaluator
+            ) {
+        this.permissionEvaluator = permissionEvaluator;
+    }
+
+    @AfterReturning(value = "@annotation(FormSecuredResult)", returning = "procedure")
+    public void afterProcedureFormBased(Procedure procedure) {
+        if (
+                null != procedure
+                        && ! permissionEvaluator.hasPermission(SecurityContextHolder.getContext().getAuthentication(), procedure, PermissionType.READ_WRITE)
+        ) {
+            logger.warn("Rückgabe von Prozedur blockiert: {}", procedure.getId());
+            throw new IllegalSecuredObjectAccessException();
+        }
+    }
+
+    @Before(value = "@annotation(FormSecured)")
+    public void beforeProcedureFormBased(JoinPoint jp) {
+        Arrays.stream(jp.getArgs())
+                .filter(arg -> arg instanceof Procedure)
+                .forEach(procedure -> {
+                    if (! permissionEvaluator.hasPermission(SecurityContextHolder.getContext().getAuthentication(), procedure, PermissionType.READ_WRITE)) {
+                        logger.warn("Zugriff auf Prozedur blockiert: {}", ((Procedure)procedure).getId());
+                        throw new IllegalSecuredObjectAccessException();
+                    }
+                });
+    }
+}
diff --git a/src/main/java/DNPM/security/FormSecured.java b/src/main/java/DNPM/security/FormSecured.java
new file mode 100644
index 0000000..2e12667
--- /dev/null
+++ b/src/main/java/DNPM/security/FormSecured.java
@@ -0,0 +1,14 @@
+package DNPM.security;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Target(ElementType.METHOD)
+public @interface FormSecured {
+
+    PermissionType value() default PermissionType.READ_WRITE;
+
+}
diff --git a/src/main/java/DNPM/security/FormSecuredResult.java b/src/main/java/DNPM/security/FormSecuredResult.java
new file mode 100644
index 0000000..ccfbd24
--- /dev/null
+++ b/src/main/java/DNPM/security/FormSecuredResult.java
@@ -0,0 +1,14 @@
+package DNPM.security;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Target(ElementType.METHOD)
+public @interface FormSecuredResult {
+
+    PermissionType value() default PermissionType.READ_WRITE;
+
+}
diff --git a/src/main/java/DNPM/security/SecurityAspects.java b/src/main/java/DNPM/security/PersonPoolBasedSecurityAspects.java
index a1fcd3f..37c313f 100644
--- a/src/main/java/DNPM/security/SecurityAspects.java
+++ b/src/main/java/DNPM/security/PersonPoolBasedSecurityAspects.java
@@ -15,13 +15,13 @@ import java.util.Arrays;
 
 @Component
 @Aspect
-public class SecurityAspects {
+public class PersonPoolBasedSecurityAspects {
 
     private final Logger logger = LoggerFactory.getLogger(this.getClass());
 
     private final PersonPoolBasedPermissionEvaluator permissionEvaluator;
 
-    public SecurityAspects(PersonPoolBasedPermissionEvaluator permissionEvaluator) {
+    public PersonPoolBasedSecurityAspects(PersonPoolBasedPermissionEvaluator permissionEvaluator) {
         this.permissionEvaluator = permissionEvaluator;
     }
author	Paul-Christian Volkmer	2023-04-10 14:56:15 +0200
committer	Paul-Christian Volkmer	2023-04-10 14:56:15 +0200
commit	f2dc5b014d68fa61bacd5f9928eedd0c4c882070 (patch)
tree	d55fb3058d5f1b545b28339e65659922c7824de7 /src/main
parent	5b9b12afc9ed29d005442b3a18a45b9a3104ad84 (diff)