@Around("execution(* com.oberasoftware.jasdb.engine.StorageService.removeEntity(..)) && args(context, entity) && target(storageService)") public void removeEntity(ProceedingJoinPoint jp, RequestContext context, SimpleEntity entity, StorageService storageService) throws Throwable { if(securityEnabled) { LOG.debug("Remove aspect invoked with context: {}", context); userManager.authorize(context.getUserSession(), getObjectName(storageService), AccessMode.DELETE); LOG.debug("Authorization done on remove of: {}, proceeding for context: {}", entity, context); } jp.proceed(); }
@Around("execution(* com.oberasoftware.jasdb.engine.StorageService.insertEntity(..)) && args(context, entity) && target(storageService)") public void insertEntity(ProceedingJoinPoint jp, RequestContext context, SimpleEntity entity, StorageService storageService) throws Throwable { if(securityEnabled) { LOG.debug("Insert aspect invoked with context: {}", context); userManager.authorize(context.getUserSession(), getObjectName(storageService), AccessMode.WRITE); LOG.debug("Authorization done on insert of: {}, proceeding for context: {}", entity, context); } jp.proceed(); }
@Around("execution(* com.oberasoftware.jasdb.engine.StorageService.removeEntity(..)) && args(context, internalId) && target(storageService)") public void removeEntity(ProceedingJoinPoint jp, RequestContext context, String internalId, StorageService storageService) throws Throwable { if(securityEnabled) { LOG.debug("Remove aspect invoked with context: {}", context); userManager.authorize(context.getUserSession(), getObjectName(storageService), AccessMode.DELETE); LOG.debug("Authorization done on remove of: {}, proceeding for context: {}", internalId, context); } jp.proceed(); }
@Around("execution(* com.oberasoftware.jasdb.engine.StorageService.updateEntity(..)) && args(context, entity) && target(storageService)") public void updateEntity(ProceedingJoinPoint jp, RequestContext context, SimpleEntity entity, StorageService storageService) throws Throwable { if(securityEnabled) { LOG.debug("Update aspect invoked with context: {}", context); userManager.authorize(context.getUserSession(), getObjectName(storageService), AccessMode.UPDATE); LOG.debug("Authorization done on update of: {}, proceeding for context: {}", entity, context); } jp.proceed(); }
private Object doReadCheck(RequestContext requestContext, StorageService storageService, ProceedingJoinPoint jp) throws Throwable { if(securityEnabled) { LOG.debug("Read aspect invoked with context: {}", requestContext); userManager.authorize(requestContext.getUserSession(), getObjectName(storageService), AccessMode.READ); LOG.debug("Authorization done on find operation, proceeding for context: {}", requestContext); } return jp.proceed(); } }
@Override public UserSession startSession(Credentials credentials) throws JasDBStorageException { User user = userManager.authenticate(credentials); String sessionId = UUID.randomUUID().toString(); String token = UUID.randomUUID().toString(); CryptoEngine userEncryptionEngine = CryptoFactory.getEngine(user.getEncryptionEngine()); String encryptedContentKey = user.getEncryptedContentKey(); String contentKey = userEncryptionEngine.decrypt(user.getPasswordSalt(), credentials.getPassword(), encryptedContentKey); encryptedContentKey = userEncryptionEngine.encrypt(user.getPasswordSalt(), token, contentKey); UserSession session = new UserSessionImpl(sessionId, token, encryptedContentKey, user); userManager.authorize(session, "/", AccessMode.CONNECT); secureUserSessionMap.put(sessionId, new SecureUserSession(session)); return session; }