API tools faq
paste
Guest User

Untitled

a guest
May 23rd, 2018
101
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.18 KB | None | 0 0
raw download clone embed print report
  1. package com.captechventures.spring.mvc.portlet.security.aspect;
  2.  
  3. import java.lang.reflect.Method;
  4. import java.util.Arrays;
  5.  
  6. import javax.annotation.security.DenyAll;
  7. import javax.annotation.security.PermitAll;
  8. import javax.annotation.security.RolesAllowed;
  9. import javax.portlet.PortletRequest;
  10. import javax.portlet.PortletSecurityException;
  11.  
  12. import org.aspectj.lang.JoinPoint;
  13. import org.aspectj.lang.annotation.AfterReturning;
  14. import org.aspectj.lang.annotation.Aspect;
  15. import org.aspectj.lang.annotation.Pointcut;
  16.  
  17. /**
  18. * An AspectJ aspect that checks JSR250 security annotations (PermitAll, DenyAll, RolesAllowed)
  19. * against annotation-driven Spring Portlet MVC controllers.
  20. *
  21. * @author apemberton
  22. *
  23. */
  24. @Aspect
  25. public class SpringJSR250SecurityAspect {
  26.  
  27. @Pointcut("execution(java.lang.reflect.Method org.springframework.web.portlet.mvc.annotation..*.resolveHandlerMethod(..)) && args(request,..)")
  28. public void resolveHandlerMethodCall(PortletRequest request) {
  29. }
  30.  
  31. @AfterReturning(pointcut = "resolveHandlerMethodCall(request)", returning = "method")
  32. public void applyAuthorization(JoinPoint joinPoint, Method method, PortletRequest request) throws PortletSecurityException {
  33. if (method != null) {
  34. PermitAll permitAll = method.getAnnotation(PermitAll.class);
  35. DenyAll denyAll = method.getAnnotation(DenyAll.class);
  36. RolesAllowed rolesAllowed = method.getAnnotation(RolesAllowed.class);
  37.  
  38. if (permitAll != null && denyAll != null) {
  39. throw new IllegalStateException(method.toString() + " marked with both DenyAll and PermitAll.");
  40. } else if (denyAll != null) {
  41. throw new PortletSecurityException("Cannot access method: " + method.toString() + "; it is secured with DenyAll.");
  42. } else if (rolesAllowed != null) {
  43. boolean authorized = false;
  44. for (String role : rolesAllowed.value()) {
  45. if (request.isUserInRole(role)) {
  46. authorized = true;
  47. break;
  48. }
  49. }
  50. if (!authorized) { throw new PortletSecurityException("Cannot access: " + method.toString()
  51. + "; it is secured with RolesAllowed and the current user is not in the list of allowed roles: "
  52. + Arrays.toString(rolesAllowed.value())); }
  53. }
  54. }
  55. }
  56. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!