From 6ec4679aee83371a44915cc09854f3546848657b Mon Sep 17 00:00:00 2001 From: jeepee12 Date: Sat, 24 Mar 2018 15:36:26 -0400 Subject: [PATCH 1/2] Require a rank one higher to send a message --- .../controller/MessageController.java | 46 ++++++++++++++++--- 1 file changed, 39 insertions(+), 7 deletions(-) diff --git a/communication/src/main/java/com/ship/communication/controller/MessageController.java b/communication/src/main/java/com/ship/communication/controller/MessageController.java index 1d3d87a..192ec46 100644 --- a/communication/src/main/java/com/ship/communication/controller/MessageController.java +++ b/communication/src/main/java/com/ship/communication/controller/MessageController.java @@ -22,7 +22,14 @@ @RestController public class MessageController { - + const String admiral = "ADMIRAL"; + const String vice_admiral = "VICE_ADMIRAL"; + const String captain = "CAPTAIN"; + const String commander = "COMMANDER"; + const String lieutenant ="LIEUTENANT"; + const String ensign = "ENSIGN"; + const String crewman = "CREWMAN"; + const String[] ranks = {admiral, vice_admiral, captain, commander, lieutenant, ensign, crewman}; @Autowired private DiscoveryClient discoveryClient; @@ -54,13 +61,38 @@ private void checkAccess(ActionDto actionDto, String session) { ServiceInstance service = discoveryClient.getInstances("authorization").get(0); String url = "http://" + service.getHost() + ":" + service.getPort() + "/" + "checkAccess"; - String requestJson = "{\"recipient\":\"" + actionDto.getRecipient() + "\"}"; - HttpHeaders headers = new HttpHeaders(); - headers.setContentType(MediaType.APPLICATION_JSON); - headers.add("Cookie", "SESSION=" + session); + String sender = actionDto.getSender(); + if (RankDifference(sender, actionDto.getRecipient()) + 1 >= 0) { + String requestJson = "{\"recipient\":\"" + actionDto.getRecipient() + "\"}"; + HttpHeaders headers = new HttpHeaders(); + headers.setContentType(MediaType.APPLICATION_JSON); + headers.add("Cookie", "SESSION=" + session); - HttpEntity entity = new HttpEntity(requestJson,headers); - restTemplate.postForObject(url, entity, String.class); + HttpEntity entity = new HttpEntity(requestJson, headers); + restTemplate.postForObject(url, entity, String.class); + // TODO envoyer notif au recipient + } + else + { + // TODO Access denied + } } + private int RankDifference(String rank1, String rank2) + { + int rank1Level = 0; + int rank2Level = 0; + for (int i = 0; i < ranks.length; ++i) + { + if (ranks[i] == rank1) + { + rank1Level = i; + } + if (ranks[i] == rank2) + { + rank2Level = i; + } + } + return rank1Level - rank2Level; + } } From 9783dcc908164f9bb1b7c47dc7fce826dd9fc731 Mon Sep 17 00:00:00 2001 From: jeepee12 Date: Sat, 24 Mar 2018 15:47:06 -0400 Subject: [PATCH 2/2] Move les autorize dans AuthorizationController --- .../controller/AuthorizationController.java | 34 ++++++++++++++ .../controller/MessageController.java | 46 +++---------------- 2 files changed, 41 insertions(+), 39 deletions(-) diff --git a/authorization/src/main/java/com/ship/authorization/controller/AuthorizationController.java b/authorization/src/main/java/com/ship/authorization/controller/AuthorizationController.java index dbfa0d8..29ba319 100644 --- a/authorization/src/main/java/com/ship/authorization/controller/AuthorizationController.java +++ b/authorization/src/main/java/com/ship/authorization/controller/AuthorizationController.java @@ -26,6 +26,16 @@ @RestController public class AuthorizationController { + + const String admiral = "ADMIRAL"; + const String vice_admiral = "VICE_ADMIRAL"; + const String captain = "CAPTAIN"; + const String commander = "COMMANDER"; + const String lieutenant ="LIEUTENANT"; + const String ensign = "ENSIGN"; + const String crewman = "CREWMAN"; + const String[] ranks = {admiral, vice_admiral, captain, commander, lieutenant, ensign, crewman}; + @Autowired private UsersService usersService; @@ -38,7 +48,12 @@ public void checkAccess(Authentication authentication, @RequestBody ActionDto ac String recipientRole = usersService.loadUserRole(actionDto.getRecipient()); System.out.println("Role: " + recipientRole); + for (GrantedAuthority grantedAuthority : userDetails.getAuthorities()){ + + if (RankDifference(grantedAuthority.getAuthority(), recipientRole) + 1 < 0) { + throw new ForbiddenAccessException(); + } if (grantedAuthority.getAuthority().equals(ROLE_CREWMAN)) { if (recipientRole.contains(ROLE_ADMIRAL)) { throw new ForbiddenAccessException(); @@ -46,4 +61,23 @@ public void checkAccess(Authentication authentication, @RequestBody ActionDto ac } } } + + + private int RankDifference(String rank1, String rank2) + { + int rank1Level = 0; + int rank2Level = 0; + for (int i = 0; i < ranks.length; ++i) + { + if (ranks[i] == rank1) + { + rank1Level = i; + } + if (ranks[i] == rank2) + { + rank2Level = i; + } + } + return rank1Level - rank2Level; + } } \ No newline at end of file diff --git a/communication/src/main/java/com/ship/communication/controller/MessageController.java b/communication/src/main/java/com/ship/communication/controller/MessageController.java index 192ec46..c2e4e4a 100644 --- a/communication/src/main/java/com/ship/communication/controller/MessageController.java +++ b/communication/src/main/java/com/ship/communication/controller/MessageController.java @@ -22,14 +22,6 @@ @RestController public class MessageController { - const String admiral = "ADMIRAL"; - const String vice_admiral = "VICE_ADMIRAL"; - const String captain = "CAPTAIN"; - const String commander = "COMMANDER"; - const String lieutenant ="LIEUTENANT"; - const String ensign = "ENSIGN"; - const String crewman = "CREWMAN"; - const String[] ranks = {admiral, vice_admiral, captain, commander, lieutenant, ensign, crewman}; @Autowired private DiscoveryClient discoveryClient; @@ -62,37 +54,13 @@ private void checkAccess(ActionDto actionDto, String session) { String url = "http://" + service.getHost() + ":" + service.getPort() + "/" + "checkAccess"; String sender = actionDto.getSender(); - if (RankDifference(sender, actionDto.getRecipient()) + 1 >= 0) { - String requestJson = "{\"recipient\":\"" + actionDto.getRecipient() + "\"}"; - HttpHeaders headers = new HttpHeaders(); - headers.setContentType(MediaType.APPLICATION_JSON); - headers.add("Cookie", "SESSION=" + session); + String requestJson = "{\"recipient\":\"" + actionDto.getRecipient() + "\"}"; + HttpHeaders headers = new HttpHeaders(); + headers.setContentType(MediaType.APPLICATION_JSON); + headers.add("Cookie", "SESSION=" + session); - HttpEntity entity = new HttpEntity(requestJson, headers); - restTemplate.postForObject(url, entity, String.class); - // TODO envoyer notif au recipient - } - else - { - // TODO Access denied - } - } - - private int RankDifference(String rank1, String rank2) - { - int rank1Level = 0; - int rank2Level = 0; - for (int i = 0; i < ranks.length; ++i) - { - if (ranks[i] == rank1) - { - rank1Level = i; - } - if (ranks[i] == rank2) - { - rank2Level = i; - } - } - return rank1Level - rank2Level; + HttpEntity entity = new HttpEntity(requestJson, headers); + restTemplate.postForObject(url, entity, String.class); + // TODO envoyer notif au recipient } }