Package org.ehrbase.application.abac

Class CustomMethodSecurityExpressionRoot

  • All Implemented Interfaces:
    org.springframework.security.access.expression.method.MethodSecurityExpressionOperations, org.springframework.security.access.expression.SecurityExpressionOperations
    public class CustomMethodSecurityExpressionRoot
extends org.springframework.security.access.expression.SecurityExpressionRoot
implements org.springframework.security.access.expression.method.MethodSecurityExpressionOperations
    Implementation of custom security expression, to be used in e.g. @PreAuthorize(..) to allow ABAC requests.

    • Constructor Detail

      • CustomMethodSecurityExpressionRoot

        public CustomMethodSecurityExpressionRoot​(org.springframework.security.core.Authentication authentication,
                                          AbacConfig abacConfig,
                                          AbacConfig.AbacCheck abacCheck)

    • Method Detail

      • setCompositionService

        public void setCompositionService​(CompositionService compositionService)

      • setContributionService

        public void setContributionService​(ContributionService contributionService)

      • setEhrService

        public void setEhrService​(EhrService ehrService)

      • checkAbacPost

        public boolean checkAbacPost​(String type,
                             String subject,
                             Object payload,
                             String contentType)
                      throws IOException,
                             InterruptedException
        Custom SpEL expression to be used to check if the remote ABAC allows the operation by given data. For @PostAuthorize cases.
        Parameters:
        type - Type of scope's resource
        subject - Subject ID from the current EHR context
        payload - Payload object, either request's input or response's output
        contentType - Content type from the scope
        Returns:
        True if ABAC authorizes given attributes
        Throws:
        IOException - On parsing error
        InterruptedException - On error while communicating with the ABAC server

      • checkAbacPre

        public boolean checkAbacPre​(String type,
                            String subject,
                            Object payload,
                            String contentType)
                     throws IOException,
                            InterruptedException
        Custom SpEL expression to be used to check if the remote ABAC allows the operation by given data. For @PreAuthorize cases.
        Parameters:
        type - Type of scope's resource
        subject - Subject ID from the current EHR context
        payload - Payload object, either request's input or response's output
        contentType - Content type from the scope
        Returns:
        True if ABAC authorizes given attributes
        Throws:
        IOException - On parsing error
        InterruptedException - On error while communicating with the ABAC server

      • getFilterObject

        public Object getFilterObject()
        Specified by:
        getFilterObject in interface org.springframework.security.access.expression.method.MethodSecurityExpressionOperations

      • setFilterObject

        public void setFilterObject​(Object filterObject)
        Specified by:
        setFilterObject in interface org.springframework.security.access.expression.method.MethodSecurityExpressionOperations

      • getReturnObject

        public Object getReturnObject()
        Specified by:
        getReturnObject in interface org.springframework.security.access.expression.method.MethodSecurityExpressionOperations

      • setReturnObject

        public void setReturnObject​(Object returnObject)
        Specified by:
        setReturnObject in interface org.springframework.security.access.expression.method.MethodSecurityExpressionOperations

      • getThis

        public Object getThis()
        Specified by:
        getThis in interface org.springframework.security.access.expression.method.MethodSecurityExpressionOperations