daily pastebin goal
69%
SHARE
TWEET

Untitled

a guest May 23rd, 2018 65 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. package com.captechventures.spring.mvc.portlet.security.aspect;
  2.  
  3. import java.lang.reflect.Method;
  4. import java.util.Arrays;
  5.  
  6. import javax.annotation.security.DenyAll;
  7. import javax.annotation.security.PermitAll;
  8. import javax.annotation.security.RolesAllowed;
  9. import javax.portlet.PortletRequest;
  10. import javax.portlet.PortletSecurityException;
  11.  
  12. import org.aspectj.lang.JoinPoint;
  13. import org.aspectj.lang.annotation.AfterReturning;
  14. import org.aspectj.lang.annotation.Aspect;
  15. import org.aspectj.lang.annotation.Pointcut;
  16.  
  17. /**
  18.  * An AspectJ aspect that checks JSR250 security annotations (PermitAll, DenyAll, RolesAllowed)
  19.  * against annotation-driven Spring Portlet MVC controllers.
  20.  *
  21.  * @author apemberton
  22.  *
  23.  */
  24. @Aspect
  25. public class SpringJSR250SecurityAspect {
  26.  
  27.     @Pointcut("execution(java.lang.reflect.Method org.springframework.web.portlet.mvc.annotation..*.resolveHandlerMethod(..)) && args(request,..)")
  28.     public void resolveHandlerMethodCall(PortletRequest request) {
  29.     }
  30.  
  31.     @AfterReturning(pointcut = "resolveHandlerMethodCall(request)", returning = "method")
  32.     public void applyAuthorization(JoinPoint joinPoint, Method method, PortletRequest request) throws PortletSecurityException {
  33.         if (method != null) {
  34.             PermitAll permitAll = method.getAnnotation(PermitAll.class);
  35.             DenyAll denyAll = method.getAnnotation(DenyAll.class);
  36.             RolesAllowed rolesAllowed = method.getAnnotation(RolesAllowed.class);
  37.  
  38.             if (permitAll != null && denyAll != null) {
  39.                 throw new IllegalStateException(method.toString() + " marked with both DenyAll and PermitAll.");
  40.             } else if (denyAll != null) {
  41.                 throw new PortletSecurityException("Cannot access method: " + method.toString() + "; it is secured with DenyAll.");
  42.             } else if (rolesAllowed != null) {
  43.                 boolean authorized = false;
  44.                 for (String role : rolesAllowed.value()) {
  45.                     if (request.isUserInRole(role)) {
  46.                         authorized = true;
  47.                         break;
  48.                     }
  49.                 }
  50.                 if (!authorized) { throw new PortletSecurityException("Cannot access: " + method.toString()
  51.                         + "; it is secured with RolesAllowed and the current user is not in the list of allowed roles: "
  52.                         + Arrays.toString(rolesAllowed.value())); }
  53.             }
  54.         }
  55.     }
  56. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top