protected virtual string DoExecute(IConfigSectionNode command) { var cname = command.Name.ToLowerInvariant(); var tp = Cmdlets.FirstOrDefault(cmd => cmd.Name.EqualsIgnoreCase(cname)); if (tp == null) { return(Sky.StringConsts.RT_CMDLET_DONTKNOW_ERROR.Args(cname)); } //Check cmdlet security Permission.AuthorizeAndGuardAction(App, tp); Permission.AuthorizeAndGuardAction(App, tp.GetMethod(nameof(Execute))); var cmdlet = Activator.CreateInstance(tp, this, command) as Cmdlet; if (cmdlet == null) { throw new SkyException(Sky.StringConsts.RT_CMDLET_ACTIVATION_ERROR.Args(cname)); } using (cmdlet) { App.DependencyInjector.InjectInto(cmdlet); return(cmdlet.Execute()); } }
private static PropertyInfo findByName(IApplication app, bool isSet, object target, string name, string[] groups) { if (target != null && name.IsNotNullOrWhiteSpace()) { name = name.Trim(); var tp = target.GetType(); var props = suitableProperties(tp); foreach (var prop in props) { var atr = prop.GetCustomAttributes(typeof(ExternalParameterAttribute), false).FirstOrDefault() as ExternalParameterAttribute; if (atr == null) { continue; } if (groups != null && groups.Length > 0) { if (atr.Groups == null) { continue; } if (!atr.Groups.Intersect(groups).Any()) { continue; } } string pname; if (atr.Name.IsNullOrWhiteSpace()) { pname = prop.Name; } else { pname = atr.Name; } if (string.Equals(name, pname, StringComparison.InvariantCultureIgnoreCase)) //MATCH { if ( //check security (isSet && (atr.SecurityCheck & ExternalParameterSecurityCheck.OnSet) != 0) || (!isSet && (atr.SecurityCheck & ExternalParameterSecurityCheck.OnGet) != 0) ) { Permission.AuthorizeAndGuardAction(app, prop); } return(prop); } } } return(null); }
protected override void DoFilterWork(WorkContext work, IList <WorkFilter> filters, int thisFilterIndex) { if (m_Permissions != null && m_Permissions.Any()) { if (!m_BypassMatches.Any(match => match.Make(work) != null)) { work.NeedsSession(); Permission.AuthorizeAndGuardAction(App.SecurityManager, m_Permissions, "{0}({1})".Args(GetType().FullName, this.Name), work.Session); } } this.InvokeNextWorker(work, filters, thisFilterIndex); }
/// <summary> /// Override to process request /// </summary> /// <param name="request"></param> /// <param name="execute">Execute vs Describe</param> /// <returns>Response object or null if request is unmatched/unsupported</returns> protected virtual ExternalCallResponse DoProcessRequest(IConfigSectionNode request, bool execute) { if (request == null || !request.Exists) { return(null); //unknown request } //Find the matching handler type out of SUPPORTED (no type injection possible) var tr = SupportedRequestTypes.FirstOrDefault(t => t.Name.EqualsOrdIgnoreCase(request.Name));// command-name{ ... } if (tr == null) { return(null); //unknown } //Execution MANDATES handler authorization of the calling principal if (execute) { Permission.AuthorizeAndGuardAction(App, tr); } //Create instance of the appropriate handler var handler = (Activator.CreateInstance(tr, Context) as ExternalCallRequest <TContext>).NonNull( "Type reg error for `{0}` is not `{1}`".Args( GetType().DisplayNameWithExpandedGenericArgs(), typeof(ExternalCallRequest <TContext>).DisplayNameWithExpandedGenericArgs())); //perform DI of app container App.InjectInto(handler); //configure handler from request properties handler.Configure(request); //Execute or Describe (which is a form of execution with a different purpose) var response = execute ? handler.Execute() : handler.Describe(); return(response); }
/// <summary> /// Checks the specified permissions in the calling scope security context /// </summary> /// <param name="app">Non-null app context</param> /// <param name="permissions">Permission instances to check</param> /// <param name="caller">The caller name is derived from CallerMemebr compiler info</param> /// <param name="session">The caller session scope or null in which case an ambient caller scope will be used</param> /// <remarks> /// Use case: /// <code> /// app.Authroize(Permission.All(new A(), new B()); /// app.Authorize(new A().And(new B()).And(new C())); /// </code> /// </remarks> public static void Authorize(this IApplication app, IEnumerable <Permission> permissions, [CallerMemberName] string caller = null, Apps.ISession session = null) => Permission.AuthorizeAndGuardAction(app.NonNull(nameof(app)), permissions, caller, session ?? Ambient.CurrentCallSession);
private ResponseMsg doWork(RequestMsg request) { var contract = request.Contract; //this throws when contract can't be found var server = getServerImplementer(request.ServerTransport.ServerEndpoint, contract); //throws when no implementor match found if (server.AuthenticationSupport) { interpretAuthenticationHeader(request); } //Authorizes user to the whole server contract and implementing class Permission.AuthorizeAndGuardAction(App, server.Contract); Permission.AuthorizeAndGuardAction(App, server.Implementation); serverImplementer.mapping mapped = server.SpecToMethodInfos(request.Method); Permission.AuthorizeAndGuardAction(App, mapped.miContract); Permission.AuthorizeAndGuardAction(App, mapped.miImplementation); Guid?checkedOutID; bool lockTaken; var instance = getServerInstance(server, request, out checkedOutID, out lockTaken); //throws when instance expired or cant be locked try { Guid?instanceID = null; bool isCtor = false; bool isDctor = false; if (server.InstanceMode == ServerInstanceMode.Stateful || server.InstanceMode == ServerInstanceMode.AutoConstructedStateful) { instanceID = request.RemoteInstance; isCtor = Attribute.IsDefined(mapped.miContract, typeof(ConstructorAttribute)); isDctor = Attribute.IsDefined(mapped.miContract, typeof(DestructorAttribute)); if (isCtor && isDctor) { throw new ServerMethodInvocationException(StringConsts.GLUE_AMBIGUOUS_CTOR_DCTOR_DEFINITION_ERROR .Args(contract.FullName, request.MethodName)); } if (server.InstanceMode != ServerInstanceMode.AutoConstructedStateful && !instanceID.HasValue && !isCtor) { throw new ServerMethodInvocationException(StringConsts.GLUE_NO_SERVER_INSTANCE_ERROR .Args(contract.FullName, request.MethodName)); } } //======================================================================================================== object result; try { var any = request as RequestAnyMsg; if (any != null) { result = mapped.miContract.Invoke(instance, any.Arguments); //do actual contract-implementing method work } else { //call functor using typed RequestMsg derivative if (mapped.fBody == null) { throw new ServerMethodInvocationException(StringConsts.GLUE_NO_ARGS_MARSHAL_LAMBDA_ERROR .Args(contract.FullName, request.MethodName)); } result = mapped.fBody(instance, request); //do actual contract-implementing method work via Lambda } } catch (Exception bodyError) { Exception err = bodyError; if (err is TargetInvocationException) //unwrap the inner error which is wrapped by Invoke() { if (err.InnerException != null) { err = err.InnerException; } } throw new ServerMethodInvocationException(StringConsts.GLUE_SERVER_CONTRACT_METHOD_INVOCATION_ERROR .Args(contract.FullName, request.MethodName, err.ToMessageWithType()), err); } //======================================================================================================== if (server.InstanceMode == ServerInstanceMode.Stateful || server.InstanceMode == ServerInstanceMode.AutoConstructedStateful) { if (isCtor || (server.InstanceMode == ServerInstanceMode.AutoConstructedStateful && !isDctor && !instanceID.HasValue)) { instanceID = Guid.NewGuid(); App.ObjectStore.CheckIn(instanceID.Value, instance, server.InstanceTimeoutMs); } else if (isDctor) { if (instanceID.HasValue) { App.ObjectStore.Delete(instanceID.Value); instanceID = null; checkedOutID = null; } } } if (request.OneWay) { return(null); } var response = new ResponseMsg(request.RequestID, instanceID, result); response.__SetBindingSpecificContext(request); return(response); } finally { if (lockTaken) { Monitor.Exit(instance); } if (checkedOutID.HasValue) { App.ObjectStore.CheckIn(checkedOutID.Value, server.InstanceTimeoutMs); } } }
/// <summary> /// Checks a single specified permission in the calling scope security context /// </summary> /// <param name="app">Non-null app context</param> /// <param name="permission">Permission instance to check</param> /// <param name="caller">The caller name is derived from CallerMemebr compiler info</param> /// <param name="session">The caller session scope or null in which case an ambient caller scope will be used</param> /// <remarks> /// Use case: /// <code> /// app.Authroize(new A()); /// </code> /// </remarks> public static void Authorize(this IApplication app, Permission permission, [CallerMemberName] string caller = null, Apps.ISession session = null) => Permission.AuthorizeAndGuardAction(app.NonNull(nameof(app)).SecurityManager, permission, caller, session ?? Ambient.CurrentCallSession);