Package org.ehrbase.application.abac

Class CustomMethodSecurityExpressionRoot

java.lang.Object
org.springframework.security.access.expression.SecurityExpressionRoot
org.ehrbase.application.abac.CustomMethodSecurityExpressionRoot
All Implemented Interfaces:
org.springframework.security.access.expression.method.MethodSecurityExpressionOperations, org.springframework.security.access.expression.SecurityExpressionOperations
public class CustomMethodSecurityExpressionRoot extends org.springframework.security.access.expression.SecurityExpressionRoot implements org.springframework.security.access.expression.method.MethodSecurityExpressionOperations
Implementation of custom security expression, to be used in e.g. @PreAuthorize(..) to allow ABAC requests.
Since:
1.0
Author:
Jake Smolka

  • Constructor Details

    • CustomMethodSecurityExpressionRoot

      public CustomMethodSecurityExpressionRoot(org.springframework.security.core.Authentication authentication, AbacConfig abacConfig, AbacConfig.AbacCheck abacCheck)

  • Method Details

    • setCompositionService

      public void setCompositionService(CompositionService compositionService)

    • setContributionService

      public void setContributionService(ContributionService contributionService)

    • setEhrService

      public void setEhrService(EhrService ehrService)

    • checkAbacPost

      public boolean checkAbacPost(String type, String subject, Object payload, String contentType) throws IOException
      Custom SpEL expression to be used to check if the remote ABAC allows the operation by given data. For @PostAuthorize cases.
      Parameters:
      type - Type of scope's resource
      subject - Subject ID from the current EHR context
      payload - Payload object, either request's input or response's output
      contentType - Content type from the scope
      Returns:
      True if ABAC authorizes given attributes
      Throws:
      IOException - On parsing error

    • checkAbacPostQuery

      public boolean checkAbacPostQuery(Object payload) throws IOException
      Throws:
      IOException

    • checkAbacPre

      public boolean checkAbacPre(String type, String subject, Object payload, String contentType) throws IOException
      Custom SpEL expression to be used to check if the remote ABAC allows the operation by given data. For @PreAuthorize cases.
      Parameters:
      type - Type of scope's resource
      subject - Subject ID from the current EHR context
      payload - Payload object, either request's input or response's output
      contentType - Content type from the scope
      Returns:
      True if ABAC authorizes given attributes
      Throws:
      IOException - On parsing error

    • checkAbacPre

      public boolean checkAbacPre(String type, String subject) throws IOException
      Throws:
      IOException

    • getFilterObject

      public Object getFilterObject()
      Specified by:
      getFilterObject in interface org.springframework.security.access.expression.method.MethodSecurityExpressionOperations

    • setFilterObject

      public void setFilterObject(Object filterObject)
      Specified by:
      setFilterObject in interface org.springframework.security.access.expression.method.MethodSecurityExpressionOperations

    • getReturnObject

      public Object getReturnObject()
      Specified by:
      getReturnObject in interface org.springframework.security.access.expression.method.MethodSecurityExpressionOperations

    • setReturnObject

      public void setReturnObject(Object returnObject)
      Specified by:
      setReturnObject in interface org.springframework.security.access.expression.method.MethodSecurityExpressionOperations

    • getThis

      public Object getThis()
      Specified by:
      getThis in interface org.springframework.security.access.expression.method.MethodSecurityExpressionOperations