diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..1c2d5cb --- /dev/null +++ b/Dockerfile @@ -0,0 +1,5 @@ +FROM openjdk:8-jdk-alpine +VOLUME /tmp +ARG JAR_FILE +ADD ${JAR_FILE} app.jar +ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"] \ No newline at end of file diff --git a/authorization/src/main/java/com/ship/authorization/ActionDto.java b/authorization/src/main/java/com/ship/authorization/ActionDto.java index 128e05b..40842b5 100644 --- a/authorization/src/main/java/com/ship/authorization/ActionDto.java +++ b/authorization/src/main/java/com/ship/authorization/ActionDto.java @@ -2,6 +2,7 @@ public class ActionDto { private String recipient; + private boolean authorization; public ActionDto() { } @@ -17,5 +18,9 @@ public String getRecipient() { public void setRecipient(String recipient) { this.recipient = recipient; } + + public boolean getAuthorization() { + return authorization; + } } diff --git a/authorization/src/main/java/com/ship/authorization/controller/AuthorizationController.java b/authorization/src/main/java/com/ship/authorization/controller/AuthorizationController.java index dbfa0d8..d22555e 100644 --- a/authorization/src/main/java/com/ship/authorization/controller/AuthorizationController.java +++ b/authorization/src/main/java/com/ship/authorization/controller/AuthorizationController.java @@ -9,20 +9,17 @@ import org.springframework.http.HttpEntity; import org.springframework.http.HttpHeaders; import org.springframework.http.MediaType; +import org.springframework.security.access.method.P; import org.springframework.security.authentication.ProviderManager; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.bind.annotation.*; import org.springframework.web.client.RestTemplate; -import static com.ship.authorization.service.UsersService.ROLE_ADMIRAL; -import static com.ship.authorization.service.UsersService.ROLE_CREWMAN; +import static com.ship.authorization.service.UsersService.*; @RestController public class AuthorizationController { @@ -36,14 +33,65 @@ public void checkAccess(Authentication authentication, @RequestBody ActionDto ac System.out.println("User has authorities: " + userDetails.getAuthorities()); System.out.println("Recipient: " + actionDto.getRecipient()); String recipientRole = usersService.loadUserRole(actionDto.getRecipient()); + String recipientDepartment = usersService.getUserDepartment(actionDto.getRecipient()); System.out.println("Role: " + recipientRole); + System.out.println("Department: " + recipientDepartment); for (GrantedAuthority grantedAuthority : userDetails.getAuthorities()){ - if (grantedAuthority.getAuthority().equals(ROLE_CREWMAN)) { - if (recipientRole.contains(ROLE_ADMIRAL)) { + switch (grantedAuthority.getAuthority()) { + case ROLE_CREWMAN: + if (recipientRole.contains(ROLE_ADMIRAL) || recipientRole.contains(ROLE_VICE_ADMIRAL) || recipientRole.contains(ROLE_CAPTAIN) + || recipientRole.contains(ROLE_COMMANDER) || recipientRole.contains(ROLE_LIEUTENANT)) { + throw new ForbiddenAccessException(); + } + break; + case ROLE_ENSIGN: + if (recipientRole.contains(ROLE_ADMIRAL) || recipientRole.contains(ROLE_VICE_ADMIRAL) || recipientRole.contains(ROLE_CAPTAIN) + || recipientRole.contains(ROLE_COMMANDER)) { + throw new ForbiddenAccessException(); + } + break; + case ROLE_LIEUTENANT: + if (recipientRole.contains(ROLE_ADMIRAL) || recipientRole.contains(ROLE_VICE_ADMIRAL) || recipientRole.contains(ROLE_CAPTAIN)) { + throw new ForbiddenAccessException(); + } + break; + case ROLE_COMMANDER: + if (recipientRole.contains(ROLE_ADMIRAL) || recipientRole.contains(ROLE_VICE_ADMIRAL)) { + throw new ForbiddenAccessException(); + } + break; + case ROLE_CAPTAIN: + if (recipientRole.contains(ROLE_ADMIRAL)) { + throw new ForbiddenAccessException(); + } + break; + } + } + } + + @RequestMapping(value = "/sendAndRequestAuth", method = RequestMethod.POST) + public void sendAndRequestAuth(Authentication authentication, @RequestBody ActionDto actionDto) { + UserDetails userDetails = (UserDetails) authentication.getPrincipal(); + System.out.println("User: " + authentication.getName()); + System.out.println("User has authorities: " + userDetails.getAuthorities()); + System.out.println("Recipient: " + actionDto.getRecipient()); + String recipientRole = usersService.loadUserRole(actionDto.getRecipient()); + System.out.println("Role: " + recipientRole); + + for (GrantedAuthority grantedAuthority : userDetails.getAuthorities()){ + String role = grantedAuthority.getAuthority(); + + if (usersService.getUserRank(recipientRole) - usersService.getUserRank(role) == 2) { + if (!requestAuth(authentication, actionDto)) { throw new ForbiddenAccessException(); } } } } + + @RequestMapping(value = "/requestAuth", method = RequestMethod.POST) + public boolean requestAuth(Authentication authentication, @RequestBody ActionDto actionDto) { + return actionDto.getAuthorization(); + } } \ No newline at end of file diff --git a/authorization/src/main/java/com/ship/authorization/service/UsersService.java b/authorization/src/main/java/com/ship/authorization/service/UsersService.java index 66615d5..a3550a3 100644 --- a/authorization/src/main/java/com/ship/authorization/service/UsersService.java +++ b/authorization/src/main/java/com/ship/authorization/service/UsersService.java @@ -15,9 +15,17 @@ public class UsersService { public static final String ROLE_LIEUTENANT = "ROLE_LIEUTENANT"; public static final String ROLE_ENSIGN = "ROLE_ENSIGN"; public static final String ROLE_CREWMAN = "ROLE_CREWMAN"; + public static final String DEPARTMENT_OPERATIONS = "DEPARTMENT_OPERATIONS"; + public static final String DEPARTMENT_MEDICAL = "DEPARTMENT_MEDICAL"; + public static final String DEPARTMENT_SCIENCE = "DEPARTMENT_SCIENCE"; + public static final String DEPARTMENT_COMMAND = "DEPARTMENT_COMMAND"; private Map users = new HashMap<>(); + private Map userRanks = new HashMap<>(); + + private Map userDepartment = new HashMap<>(); + public UsersService() { users.put("admiral", ROLE_ADMIRAL); users.put("viceAdmiral", ROLE_VICE_ADMIRAL); @@ -26,9 +34,29 @@ public UsersService() { users.put("lieutenant", ROLE_LIEUTENANT); users.put("ensign", ROLE_ENSIGN); users.put("crewman", ROLE_CREWMAN); + + userRanks.put(ROLE_ADMIRAL, 1); + userRanks.put(ROLE_VICE_ADMIRAL, 2); + userRanks.put(ROLE_CAPTAIN, 3); + userRanks.put(ROLE_COMMANDER, 4); + userRanks.put(ROLE_LIEUTENANT, 5); + userRanks.put(ROLE_ENSIGN, 6); + userRanks.put(ROLE_CREWMAN, 7); + + userDepartment.put("operations", DEPARTMENT_OPERATIONS); + userDepartment.put("medical", DEPARTMENT_MEDICAL); + userDepartment.put("science", DEPARTMENT_SCIENCE); + userDepartment.put("command", DEPARTMENT_COMMAND); + } public String loadUserRole(String username) { return users.get(username); } + + public String getUserDepartment(String username) { return userDepartment.get(username); } + + public int getUserRank(String userRole) { + return userRanks.get(userRole); + } } \ No newline at end of file diff --git a/config-server/src/main/resources/application.yml b/config-server/src/main/resources/application.yml index 8a7b0bc..b5d8c10 100644 --- a/config-server/src/main/resources/application.yml +++ b/config-server/src/main/resources/application.yml @@ -18,7 +18,7 @@ security.user: --- spring: profiles: native - cloud.config.server.native.search-locations: file:///${user.home}/Documents/wilau2/cs-games-2018-relay-cloud/config-server/config + cloud.config.server.native.search-locations: file:///${user.home}/cs-games-2018-relay-cloud/config-server/config eureka: client: