From cb0c9161969c80fe851b24ea709fbbb903ce0519 Mon Sep 17 00:00:00 2001 From: SebClem Date: Fri, 10 Jun 2022 16:54:52 +0200 Subject: [PATCH] :lock: Add security expression for guild --- ...CustomMethodSecurityExpressionHandler.java | 26 +++++++++ .../CustomMethodSecurityExpressionRoot.java | 56 +++++++++++++++++++ .../Api/Security/MethodSecurityConfig.java | 16 ++++++ 3 files changed, 98 insertions(+) create mode 100644 src/main/java/net/Broken/Api/Security/Expression/CustomMethodSecurityExpressionHandler.java create mode 100644 src/main/java/net/Broken/Api/Security/Expression/CustomMethodSecurityExpressionRoot.java create mode 100644 src/main/java/net/Broken/Api/Security/MethodSecurityConfig.java diff --git a/src/main/java/net/Broken/Api/Security/Expression/CustomMethodSecurityExpressionHandler.java b/src/main/java/net/Broken/Api/Security/Expression/CustomMethodSecurityExpressionHandler.java new file mode 100644 index 0000000..6799caa --- /dev/null +++ b/src/main/java/net/Broken/Api/Security/Expression/CustomMethodSecurityExpressionHandler.java @@ -0,0 +1,26 @@ +package net.Broken.Api.Security.Expression; + +import net.Broken.Api.Security.Expression.CustomMethodSecurityExpressionRoot; +import org.aopalliance.intercept.MethodInvocation; +import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler; +import org.springframework.security.access.expression.method.MethodSecurityExpressionOperations; +import org.springframework.security.authentication.AuthenticationTrustResolver; +import org.springframework.security.authentication.AuthenticationTrustResolverImpl; +import org.springframework.security.core.Authentication; + +public class CustomMethodSecurityExpressionHandler + extends DefaultMethodSecurityExpressionHandler { + private AuthenticationTrustResolver trustResolver = + new AuthenticationTrustResolverImpl(); + + @Override + protected MethodSecurityExpressionOperations createSecurityExpressionRoot( + Authentication authentication, MethodInvocation invocation) { + CustomMethodSecurityExpressionRoot root = + new CustomMethodSecurityExpressionRoot(authentication); + root.setPermissionEvaluator(getPermissionEvaluator()); + root.setTrustResolver(this.trustResolver); + root.setRoleHierarchy(getRoleHierarchy()); + return root; + } +} \ No newline at end of file diff --git a/src/main/java/net/Broken/Api/Security/Expression/CustomMethodSecurityExpressionRoot.java b/src/main/java/net/Broken/Api/Security/Expression/CustomMethodSecurityExpressionRoot.java new file mode 100644 index 0000000..c130e7d --- /dev/null +++ b/src/main/java/net/Broken/Api/Security/Expression/CustomMethodSecurityExpressionRoot.java @@ -0,0 +1,56 @@ +package net.Broken.Api.Security.Expression; + +import net.Broken.Api.Security.Data.JwtPrincipal; +import net.Broken.MainBot; +import net.Broken.Tools.CacheTools; +import net.dv8tion.jda.api.entities.Guild; +import okhttp3.Cache; +import org.springframework.security.access.expression.SecurityExpressionRoot; +import org.springframework.security.access.expression.method.MethodSecurityExpressionOperations; +import org.springframework.security.core.Authentication; + +public class CustomMethodSecurityExpressionRoot + extends SecurityExpressionRoot + implements MethodSecurityExpressionOperations { + private Object filterObject; + private Object returnObject; + /** + * Creates a new instance + * + * @param authentication the {@link Authentication} to use. Cannot be null. + */ + public CustomMethodSecurityExpressionRoot(Authentication authentication) { + super(authentication); + } + + public boolean isInGuild(String guildId){ + JwtPrincipal jwtPrincipal = (JwtPrincipal) authentication.getPrincipal(); + Guild guild = MainBot.jda.getGuildById(guildId); + return CacheTools.getJdaUser(jwtPrincipal.user()).getMutualGuilds().contains(guild); + } + + @Override + public void setFilterObject(Object filterObject) { + this.filterObject = filterObject; + } + + @Override + public Object getFilterObject() { + return this.filterObject; + } + + @Override + public void setReturnObject(Object returnObject) { + this.returnObject = returnObject; + } + + @Override + public Object getReturnObject() { + return this.returnObject; + } + + @Override + public Object getThis() { + return this; + } +} diff --git a/src/main/java/net/Broken/Api/Security/MethodSecurityConfig.java b/src/main/java/net/Broken/Api/Security/MethodSecurityConfig.java new file mode 100644 index 0000000..129bfc4 --- /dev/null +++ b/src/main/java/net/Broken/Api/Security/MethodSecurityConfig.java @@ -0,0 +1,16 @@ +package net.Broken.Api.Security; + +import net.Broken.Api.Security.Expression.CustomMethodSecurityExpressionHandler; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler; +import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; +import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration; + +@Configuration +@EnableGlobalMethodSecurity(prePostEnabled = true) +public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration { + @Override + protected MethodSecurityExpressionHandler createExpressionHandler() { + return new CustomMethodSecurityExpressionHandler(); + } +}