summaryrefslogtreecommitdiff
path: root/src/main/java/DNPM/security/FormBasedSecurityAspects.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/DNPM/security/FormBasedSecurityAspects.java')
-rw-r--r--src/main/java/DNPM/security/FormBasedSecurityAspects.java51
1 files changed, 0 insertions, 51 deletions
diff --git a/src/main/java/DNPM/security/FormBasedSecurityAspects.java b/src/main/java/DNPM/security/FormBasedSecurityAspects.java
deleted file mode 100644
index 306c062..0000000
--- a/src/main/java/DNPM/security/FormBasedSecurityAspects.java
+++ /dev/null
@@ -1,51 +0,0 @@
-package DNPM.security;
-
-import de.itc.onkostar.api.Procedure;
-import org.aspectj.lang.JoinPoint;
-import org.aspectj.lang.annotation.AfterReturning;
-import org.aspectj.lang.annotation.Aspect;
-import org.aspectj.lang.annotation.Before;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.core.context.SecurityContextHolder;
-
-import java.util.Arrays;
-
-// TODO Disabled for now - check bytecode reported incompatibility for older OS installations
-//@Component
-@Aspect
-public class FormBasedSecurityAspects {
-
- private final Logger logger = LoggerFactory.getLogger(this.getClass());
-
- private final FormBasedPermissionEvaluator permissionEvaluator;
-
- public FormBasedSecurityAspects(
- final FormBasedPermissionEvaluator permissionEvaluator
- ) {
- this.permissionEvaluator = permissionEvaluator;
- }
-
- @AfterReturning(value = "@annotation(FormSecuredResult)", returning = "procedure")
- public void afterProcedureFormBased(Procedure procedure) {
- if (
- null != procedure
- && ! permissionEvaluator.hasPermission(SecurityContextHolder.getContext().getAuthentication(), procedure, PermissionType.READ_WRITE)
- ) {
- logger.warn("Rückgabe von Prozedur blockiert: {}", procedure.getId());
- throw new IllegalSecuredObjectAccessException();
- }
- }
-
- @Before(value = "@annotation(FormSecured)")
- public void beforeProcedureFormBased(JoinPoint jp) {
- Arrays.stream(jp.getArgs())
- .filter(arg -> arg instanceof Procedure)
- .forEach(procedure -> {
- if (! permissionEvaluator.hasPermission(SecurityContextHolder.getContext().getAuthentication(), procedure, PermissionType.READ_WRITE)) {
- logger.warn("Zugriff auf Prozedur blockiert: {}", ((Procedure)procedure).getId());
- throw new IllegalSecuredObjectAccessException();
- }
- });
- }
-}
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-01 21:00:02 +0000