Difference between revisions of "Authorization control library"
From Gcube Wiki
Lucio.lelii (Talk | contribs) (Created page with "{| align="right" || __TOC__ |} <code>Authorization Control Library</code> allows gcube services to automatically filter methods using specific rules based on ''user roles''") |
Lucio.lelii (Talk | contribs) |
||
| (7 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
|} | |} | ||
<code>Authorization Control Library</code> allows gcube services to automatically filter methods using specific rules based on ''user roles'' | <code>Authorization Control Library</code> allows gcube services to automatically filter methods using specific rules based on ''user roles'' | ||
| + | |||
| + | = How To = | ||
| + | |||
| + | == pom file == | ||
| + | |||
| + | To enable authorization control on your gcube service the ''pom.xml'' must be modified in the following way: | ||
| + | |||
| + | * add the authorization control library dependency | ||
| + | |||
| + | <syntaxhighlight lang="xml"> | ||
| + | <dependency> | ||
| + | <groupId>org.gcube.common</groupId> | ||
| + | <artifactId>authorization-control-library</artifactId> | ||
| + | </dependency> | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | * since this library use ''aspectJ'' also this dependency must be added | ||
| + | |||
| + | <syntaxhighlight lang="xml"> | ||
| + | <dependency> | ||
| + | <groupId>org.aspectj</groupId> | ||
| + | <artifactId>aspectjrt</artifactId> | ||
| + | <version>1.8.2</version> | ||
| + | </dependency> | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | * the plugin must be declared in the ''plugins'' block | ||
| + | |||
| + | <syntaxhighlight lang="xml"> | ||
| + | <plugins> | ||
| + | <plugin> | ||
| + | <groupId>org.codehaus.mojo</groupId> | ||
| + | <artifactId>aspectj-maven-plugin</artifactId> | ||
| + | </plugin> | ||
| + | ... | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | * and execution added in the ''build'' block | ||
| + | |||
| + | <syntaxhighlight lang="xml"> | ||
| + | <build> | ||
| + | ... | ||
| + | <pluginManagement> | ||
| + | <plugin> | ||
| + | <groupId>org.codehaus.mojo</groupId> | ||
| + | <artifactId>aspectj-maven-plugin</artifactId> | ||
| + | <version>1.7</version> | ||
| + | <configuration> | ||
| + | <complianceLevel>1.8</complianceLevel> | ||
| + | <source>1.8</source> | ||
| + | <target>1.8</target> | ||
| + | <aspectLibraries> | ||
| + | <aspectLibrary> | ||
| + | <groupId>org.gcube.common</groupId> | ||
| + | <artifactId>authorization-control-library</artifactId> | ||
| + | </aspectLibrary> | ||
| + | </aspectLibraries> | ||
| + | </configuration> | ||
| + | <executions> | ||
| + | <execution> | ||
| + | <goals> | ||
| + | <goal>compile</goal> | ||
| + | </goals> | ||
| + | </execution> | ||
| + | </executions> | ||
| + | </plugin> | ||
| + | ... | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | === Example === | ||
| + | |||
| + | an example pom is the following | ||
| + | |||
| + | <syntaxhighlight lang="xml"> | ||
| + | ... | ||
| + | <dependencies> | ||
| + | <dependency> | ||
| + | <groupId>org.gcube.common</groupId> | ||
| + | <artifactId>authorization-control-library</artifactId> | ||
| + | <version>[1.0.0-SNAPSHOT, 2.0.0-SNAPSHOT)</version> | ||
| + | </dependency> | ||
| + | <dependency> | ||
| + | <groupId>org.aspectj</groupId> | ||
| + | <artifactId>aspectjrt</artifactId> | ||
| + | <version>1.8.2</version> | ||
| + | </dependency> | ||
| + | ... | ||
| + | </dependencies> | ||
| + | <build> | ||
| + | <finalName>${project.artifactId}</finalName> | ||
| + | <pluginManagement> | ||
| + | <plugins> | ||
| + | <plugin> | ||
| + | <groupId>org.codehaus.mojo</groupId> | ||
| + | <artifactId>aspectj-maven-plugin</artifactId> | ||
| + | <version>1.7</version> | ||
| + | <configuration> | ||
| + | <complianceLevel>1.8</complianceLevel> | ||
| + | <source>1.8</source> | ||
| + | <target>1.8</target> | ||
| + | <aspectLibraries> | ||
| + | <aspectLibrary> | ||
| + | <groupId>org.gcube.common</groupId> | ||
| + | <artifactId>authorization-control-library</artifactId> | ||
| + | </aspectLibrary> | ||
| + | </aspectLibraries> | ||
| + | </configuration> | ||
| + | <executions> | ||
| + | <execution> | ||
| + | <goals> | ||
| + | <goal>compile</goal> | ||
| + | </goals> | ||
| + | </execution> | ||
| + | </executions> | ||
| + | </plugin> | ||
| + | </plugins> | ||
| + | </pluginManagement> | ||
| + | <plugins> | ||
| + | <plugin> | ||
| + | <groupId>org.codehaus.mojo</groupId> | ||
| + | <artifactId>aspectj-maven-plugin</artifactId> | ||
| + | </plugin> | ||
| + | </plugins> | ||
| + | </build> | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | |||
| + | == Code == | ||
| + | |||
| + | To put a method under authorization control is enough to annotate it with <code>@AuthorizationControl</code> | ||
| + | |||
| + | === Example === | ||
| + | |||
| + | <syntaxhighlight lang="java"> | ||
| + | @POST | ||
| + | @Path("") | ||
| + | @AuthorizationControl(allowedRoles={INFRASTRUCTURE_MANAGER_ROLE}, exception=MyAuthException.class) | ||
| + | public void myServiceMethod(){ | ||
| + | //TODO | ||
| + | } | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | where <code>MyAuthException</code> is | ||
| + | |||
| + | <syntaxhighlight lang="java"> | ||
| + | |||
| + | import javax.ws.rs.WebApplicationException; | ||
| + | import javax.ws.rs.core.Response.Status; | ||
| + | |||
| + | public class MyAuthException extends WebApplicationException { | ||
| + | |||
| + | private static final long serialVersionUID = 1L; | ||
| + | |||
| + | public MyAuthException(Throwable cause) { | ||
| + | super(cause, Status.FORBIDDEN); | ||
| + | } | ||
| + | |||
| + | } | ||
| + | </syntaxhighlight> | ||
Latest revision as of 17:03, 14 September 2022
Authorization Control Library allows gcube services to automatically filter methods using specific rules based on user roles
How To
pom file
To enable authorization control on your gcube service the pom.xml must be modified in the following way:
- add the authorization control library dependency
<dependency> <groupId>org.gcube.common</groupId> <artifactId>authorization-control-library</artifactId> </dependency>
- since this library use aspectJ also this dependency must be added
<dependency> <groupId>org.aspectj</groupId> <artifactId>aspectjrt</artifactId> <version>1.8.2</version> </dependency>
- the plugin must be declared in the plugins block
<plugins> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>aspectj-maven-plugin</artifactId> </plugin> ...
- and execution added in the build block
<build> ... <pluginManagement> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>aspectj-maven-plugin</artifactId> <version>1.7</version> <configuration> <complianceLevel>1.8</complianceLevel> <source>1.8</source> <target>1.8</target> <aspectLibraries> <aspectLibrary> <groupId>org.gcube.common</groupId> <artifactId>authorization-control-library</artifactId> </aspectLibrary> </aspectLibraries> </configuration> <executions> <execution> <goals> <goal>compile</goal> </goals> </execution> </executions> </plugin> ...
Example
an example pom is the following
... <dependencies> <dependency> <groupId>org.gcube.common</groupId> <artifactId>authorization-control-library</artifactId> <version>[1.0.0-SNAPSHOT, 2.0.0-SNAPSHOT)</version> </dependency> <dependency> <groupId>org.aspectj</groupId> <artifactId>aspectjrt</artifactId> <version>1.8.2</version> </dependency> ... </dependencies> <build> <finalName>${project.artifactId}</finalName> <pluginManagement> <plugins> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>aspectj-maven-plugin</artifactId> <version>1.7</version> <configuration> <complianceLevel>1.8</complianceLevel> <source>1.8</source> <target>1.8</target> <aspectLibraries> <aspectLibrary> <groupId>org.gcube.common</groupId> <artifactId>authorization-control-library</artifactId> </aspectLibrary> </aspectLibraries> </configuration> <executions> <execution> <goals> <goal>compile</goal> </goals> </execution> </executions> </plugin> </plugins> </pluginManagement> <plugins> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>aspectj-maven-plugin</artifactId> </plugin> </plugins> </build>
Code
To put a method under authorization control is enough to annotate it with @AuthorizationControl
Example
@POST @Path("") @AuthorizationControl(allowedRoles={INFRASTRUCTURE_MANAGER_ROLE}, exception=MyAuthException.class) public void myServiceMethod(){ //TODO }
where MyAuthException is
import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.Response.Status; public class MyAuthException extends WebApplicationException { private static final long serialVersionUID = 1L; public MyAuthException(Throwable cause) { super(cause, Status.FORBIDDEN); } }
