Facilities/Security/Castle.Facilities.SecurityManagement/SecurityInterceptor.cs

   1 // Copyright 2004-2008 Castle Project - http://www.castleproject.org/
   2 //
   3 // Licensed under the Apache License, Version 2.0 (the "License");
   4 // you may not use this file except in compliance with the License.
   5 // You may obtain a copy of the License at
   6 //
   7 //     http://www.apache.org/licenses/LICENSE-2.0
   8 //
   9 // Unless required by applicable law or agreed to in writing, software
  10 // distributed under the License is distributed on an "AS IS" BASIS,
  11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12 // See the License for the specific language governing permissions and
  13 // limitations under the License.
  14
  15 namespace Castle.Facilities.SecurityManagement
  16 {
  17     using System.Reflection;
  18     using System.Security;
  19     using System.Threading;
  20     using Castle.MicroKernel;
  21     using Castle.Core.Interceptor;
  22     using Castle.Services.Security;
  23
  24     /// <summary>
  25         /// Summary description for SecurityInterceptor.
  26         /// </summary>
  27         public class SecurityInterceptor : IMethodInterceptor
  28         {
  29         private IKernel _kernel;
  30
  31         public SecurityInterceptor(IKernel kernel)
  32         {
  33             _kernel = kernel;
  34         }
  35
  36         public object Intercept(IMethodInvocation invocation, params object[] args)
  37         {
  38             MethodInfo methodInfo = invocation.MethodInvocationTarget;
  39
  40             if (!methodInfo.IsDefined( typeof(PermissionAttribute), true ))
  41             {
  42                 return invocation.Proceed(args);
  43             }
  44             else
  45             {
  46                 object[] attrs = methodInfo.GetCustomAttributes( typeof(PermissionAttribute), true );
  47
  48                 PermissionAttribute permissionAtt = (PermissionAttribute) attrs[0];
  49
  50                 ISecurityManager manager = (ISecurityManager) _kernel[ typeof(ISecurityManager) ];
  51
  52                 IPolicy policy =
  53                     manager.Generate(
  54                     permissionAtt, Thread.CurrentPrincipal );
  55
  56                 if (policy == null)
  57                 {
  58                     return invocation.Proceed(args);
  59                 }
  60
  61                 object value = null;
  62
  63                 if(policy.Evaluate())
  64                 {
  65                     value = invocation.Proceed(args);
  66                 }
  67                 else
  68                 {
  69                     throw new SecurityException("Not Allowed");
  70                 }
  71
  72                 return value;
  73             }
  74         }
  75         }
  76 }