DefaultWoNAccessDecisionVoter.java example

Explorer
webofneeds-master
- webofneeds
/*
 * Copyright 2012  Research Studios Austria Forschungsges.m.b.H.
 *
 *    Licensed under the Apache License, Version 2.0 (the "License");
 *    you may not use this file except in compliance with the License.
 *    You may obtain a copy of the License at
 *
 *        http://www.apache.org/licenses/LICENSE-2.0
 *
 *    Unless required by applicable law or agreed to in writing, software
 *    distributed under the License is distributed on an "AS IS" BASIS,
 *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *    See the License for the specific language governing permissions and
 *    limitations under the License.
 */

package won.cryptography.webid.springsecurity;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.util.StopWatch;
import won.cryptography.webid.AccessControlRules;
import won.cryptography.webid.WonDefaultAccessControlRules;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;

/**
 * Created by fkleedorfer on 28.11.2016.
 */
public class DefaultWoNAccessDecisionVoter implements AccessDecisionVoter
{
  private final Logger logger = LoggerFactory.getLogger(getClass());

  @Autowired
  AccessControlRules defaultAccessControlRules;

  public DefaultWoNAccessDecisionVoter() {
  }

  @Override
  public boolean supports(final ConfigAttribute attribute) {
    return true;
  }

  @Override
  public boolean supports(final Class clazz) {
    return FilterInvocation.class.equals(clazz);
  }

  @Override
  public int vote(final Authentication authentication, final Object object, final Collection collection) {
    StopWatch stopWatch = new StopWatch();
    stopWatch.start();
    if (! (authentication instanceof PreAuthenticatedAuthenticationToken)) return ACCESS_ABSTAIN;
    Object principal = authentication.getPrincipal();
    if (! (principal instanceof WebIdUserDetails)) return ACCESS_ABSTAIN;
    WebIdUserDetails userDetails = (WebIdUserDetails) principal;
    if (! (object instanceof FilterInvocation)) return ACCESS_ABSTAIN;
    String webId = userDetails.getUsername();
    String resource = ((FilterInvocation)object).getRequest().getRequestURL().toString();
    if (authentication.getAuthorities().stream()
                      .map(GrantedAuthority::getAuthority)
                      .filter(r -> "ROLE_WEBID".equals(r))
                      .findAny().isPresent()) {
      //perform our hard coded access control checks
      List<String> webIDs = new ArrayList<>(1);
      webIDs.add(webId);
      if (defaultAccessControlRules.isAccessPermitted(resource, webIDs)){
        stopWatch.stop();
        logger.debug("access control check took " + stopWatch.getLastTaskTimeMillis() + " millis");
        return ACCESS_GRANTED;
      }
      return ACCESS_DENIED;
    }
    return ACCESS_DENIED;
  }

  public void setDefaultAccessControlRules(final WonDefaultAccessControlRules defaultAccessControlRules) {
    this.defaultAccessControlRules = defaultAccessControlRules;
  }
}