package eu.vitaliy.testaspectjsecurity;
public class ClassA {
public void mWithoutPermission()
{
System. out .println( "Method ClassA.mWithoutPermission()" );
}
@Allow({ ERole.USER, ERole.ADMIN})
public void mUserAndAdmin()
{
System. out .println( "Method ClassA.mUser()" );
}
@Allow(ERole.ADMIN)
public void mAdmin()
{
System. out .println( "Method ClassA.mAdmin()" );
}
}
An alternative is possible when we annotate the whole class. Then all the methods of the class need appropriate rights, and we can override those methods for the execution of which requires special rights.
package eu.vitaliy.testaspectjsecurity2;
import eu.vitaliy.testaspectjsecurity.ERole;
import eu.vitaliy.testaspectjsecurity.Allow;
@Allow(ERole.USER)
public class ClassB {
public void mUser1()
{
System. out .println( "Method ClassB.mUser1()" );
}
public void mUser2()
{
System. out .println( "Method ClassB.mUser2()" );
}
@Allow(ERole.ADMIN)
private void mAdmin()
{
System. out .println( "Method ClassB.mAdmin()" );
}
}
Here is the definition of annotations:
package eu.vitaliy.testaspectjsecurity;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.METHOD, ElementType.TYPE})
public @ interface Allow {
ERole[] value () default {ERole.USER};
}
package eu.vitaliy.testaspectjsecurity;
public enum ERole {
ADMIN,
USER
}
package eu.vitaliy.testaspectjsecurity;
import java.util.HashSet;
import java.util.Set;
public class PermissionStore {
private static Set<ERole> permissions = new HashSet<ERole>();
public static void addPermission(ERole role)
{
permissions.add(role);
}
public static boolean check(ERole role)
{
return permissions.contains(role);
}
}
package eu.vitaliy.testaspectjsecurity;
import eu.vitaliy.testaspectjsecurity2.ClassB;
public class Main {
public static void main( String [] args)
{
/*
* ,
* MySecurityException
*/
PermissionStore.addPermission(ERole.USER);
PermissionStore.addPermission(ERole.ADMIN);
ClassA a = new ClassA();
a.mUserAndAdmin();
a.mWithoutPermission();
a.mAdmin();
ClassB = new ClassB();
c.mUser1();
c.mUser2();
}
}
package eu.vitaliy.testaspectjsecurity.aspects;
import eu.vitaliy.testaspectjsecurity.Allow;
public aspect SecurityAspect {
private SecurityAspectHelper helper
= new SecurityAspectHelper();
pointcut byMethod() : execution(@Allow * *.*(..));
pointcut byClass() : execution(* @Allow *.*(..))
&& !execution(@Allow * *.*(..));
before() : byMethod(){
helper.beforeMethod(thisJoinPoint);
}
before() : byClass(){
helper.beforeClass(thisJoinPoint);
}
}
package eu.vitaliy.testaspectjsecurity.aspects;
import java.lang.reflect.Method;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.reflect.MethodSignature;
import eu.vitaliy.testaspectjsecurity.Allow;
import eu.vitaliy.testaspectjsecurity.ERole;
import eu.vitaliy.testaspectjsecurity.PermissionStore;
import eu.vitaliy.testaspectjsecurity.MySecurityException;
enum ESecurytyType
{
CLASS, METHOD
}
public class SecurityAspectHelper {
void beforeMethod(JoinPoint pointcut)
{
before(pointcut, ESecurytyType.METHOD);
}
void beforeClass(JoinPoint pointcut)
{
before(pointcut, ESecurytyType.CLASS);
}
@SuppressWarnings( "unchecked" )
void before(JoinPoint pointcut, ESecurytyType securytyType)
{
MethodSignature methodSignature = (MethodSignature) pointcut.getSignature();
Method method = methodSignature.getMethod();
Class clazz = pointcut.getTarget().getClass();
Allow allow = null ;
if (securytyType == ESecurytyType.CLASS)
{
allow = (Allow) clazz.getAnnotation(Allow. class );
} else {
allow = method.getAnnotation(Allow. class );
}
ERole[] role = allow. value ();
for (ERole r : role)
{
if (!PermissionStore.check(r))
{
throw new MySecurityException( clazz.getName(), method.getName(), r);
}
}
}
}
* This source code was highlighted with Source Code Highlighter .
Source: https://habr.com/ru/post/95920/