Difference between revisions of "Authorization control library"

From Gcube Wiki
Jump to: navigation, search
Line 128: Line 128:
 
</build>
 
</build>
 
</syntaxhighlight>
 
</syntaxhighlight>
 +
 +
 +
== Code ==
 +
 +
To put a method under authorization control is enough to annotate it with <code>@AuthorizationControl</code>
 +
 +
=== Example ===
 +
 +
<syntaxhighlight lang="java">
 +
@POST
 +
@Path("")
 +
@AuthorizationControl(allowedRoles={INFRASTRUCTURE_MANAGER_ROLE}, exception=MyAuthException.class)
 +
public void myServiceMethod(){
 +
//TODO
 +
}
 +
<syntaxhighlight>
 +
 +
where <code>MyAuthException</code> is
 +
 +
<syntaxhighlight lang="java">
 +
 +
import javax.ws.rs.WebApplicationException;
 +
import javax.ws.rs.core.Response.Status;
 +
 +
public class MyAuthException extends WebApplicationException  {
 +
 +
private static final long serialVersionUID = 1L;
 +
 +
public MyAuthException(Throwable cause) {
 +
super(cause, Status.FORBIDDEN);
 +
}
 +
 +
}
 +
<syntaxhighlight>

Revision as of 17:02, 14 September 2022

Authorization Control Library allows gcube services to automatically filter methods using specific rules based on user roles

How To

pom file

To enable authorization control on your gcube service the pom.xml must be modified in the following way:

  • add the authorization control library dependency
<dependency>
	<groupId>org.gcube.common</groupId>
        <artifactId>authorization-control-library</artifactId>
</dependency>
  • since this library use aspectJ also this dependency must be added
<dependency>
	<groupId>org.aspectj</groupId>
	<artifactId>aspectjrt</artifactId>
	<version>1.8.2</version>
</dependency>
  • the plugin must be declared in the plugins block 
<plugins>
	<plugin>
		<groupId>org.codehaus.mojo</groupId>
		<artifactId>aspectj-maven-plugin</artifactId>
	</plugin>
...
  • and execution added in the build block
<build>
      ...
      <pluginManagement>
        <plugin>
		<groupId>org.codehaus.mojo</groupId>
		<artifactId>aspectj-maven-plugin</artifactId>
			<version>1.7</version>
					<configuration>
				<complianceLevel>1.8</complianceLevel>
				<source>1.8</source>
				<target>1.8</target>
				<aspectLibraries>
					<aspectLibrary>
						<groupId>org.gcube.common</groupId>
						<artifactId>authorization-control-library</artifactId>
					</aspectLibrary>
				</aspectLibraries>
			</configuration>
			<executions>
				<execution>
					<goals>
						<goal>compile</goal>
					</goals>
				</execution>
			</executions>
	</plugin>
...

example

an example pom is the following 

...
<dependencies>
<dependency>
	<groupId>org.gcube.common</groupId>
	<artifactId>authorization-control-library</artifactId>
        <version>[1.0.0-SNAPSHOT, 2.0.0-SNAPSHOT)</version>
</dependency>  
<dependency>
	<groupId>org.aspectj</groupId>
	<artifactId>aspectjrt</artifactId>
	<version>1.8.2</version>
</dependency>
...
</dependencies>
<build>
        <finalName>${project.artifactId}</finalName>
	<pluginManagement>
		<plugins>
			<plugin>
				<groupId>org.codehaus.mojo</groupId>
				<artifactId>aspectj-maven-plugin</artifactId>
				<version>1.7</version>
				<configuration>
					<complianceLevel>1.8</complianceLevel>
					<source>1.8</source>
					<target>1.8</target>
					<aspectLibraries>
						<aspectLibrary>
							<groupId>org.gcube.common</groupId>
							<artifactId>authorization-control-library</artifactId>
						</aspectLibrary>
					</aspectLibraries>
				</configuration>
				<executions>
					<execution>
						<goals>
							<goal>compile</goal>
						</goals>
					</execution>
				</executions>
			</plugin>
		</plugins>
	</pluginManagement>
	<plugins>
		<plugin>
			<groupId>org.codehaus.mojo</groupId>
			<artifactId>aspectj-maven-plugin</artifactId>
		</plugin>
	</plugins>
</build>


Code

To put a method under authorization control is enough to annotate it with @AuthorizationControl

Example

@POST
@Path("")
@AuthorizationControl(allowedRoles={INFRASTRUCTURE_MANAGER_ROLE}, exception=MyAuthException.class)
public void myServiceMethod(){
 //TODO
}
<syntaxhighlight>
 
where <code>MyAuthException</code> is
 
<syntaxhighlight lang="java">
 
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response.Status;
 
public class MyAuthException extends WebApplicationException  {
 
	private static final long serialVersionUID = 1L;
 
	public MyAuthException(Throwable cause) {
		super(cause, Status.FORBIDDEN);
	}
 
}
<syntaxhighlight>
Retrieved from "https://gcube.wiki.gcube-system.org/index.php?title=Authorization_control_library&oldid=34999"