JSON serializer generalized

This commit is contained in:
Michael Hoennig 2019-04-18 17:12:24 +02:00
parent bc87739d6f
commit 5287d78fcb
3 changed files with 150 additions and 99 deletions

41
package-lock.json generated
View File

@ -6025,7 +6025,8 @@
"ansi-regex": {
"version": "2.1.1",
"bundled": true,
"dev": true
"dev": true,
"optional": true
},
"aproba": {
"version": "1.2.0",
@ -6046,12 +6047,14 @@
"balanced-match": {
"version": "1.0.0",
"bundled": true,
"dev": true
"dev": true,
"optional": true
},
"brace-expansion": {
"version": "1.1.11",
"bundled": true,
"dev": true,
"optional": true,
"requires": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
@ -6066,17 +6069,20 @@
"code-point-at": {
"version": "1.1.0",
"bundled": true,
"dev": true
"dev": true,
"optional": true
},
"concat-map": {
"version": "0.0.1",
"bundled": true,
"dev": true
"dev": true,
"optional": true
},
"console-control-strings": {
"version": "1.1.0",
"bundled": true,
"dev": true
"dev": true,
"optional": true
},
"core-util-is": {
"version": "1.0.2",
@ -6193,7 +6199,8 @@
"inherits": {
"version": "2.0.3",
"bundled": true,
"dev": true
"dev": true,
"optional": true
},
"ini": {
"version": "1.3.5",
@ -6205,6 +6212,7 @@
"version": "1.0.0",
"bundled": true,
"dev": true,
"optional": true,
"requires": {
"number-is-nan": "^1.0.0"
}
@ -6219,6 +6227,7 @@
"version": "3.0.4",
"bundled": true,
"dev": true,
"optional": true,
"requires": {
"brace-expansion": "^1.1.7"
}
@ -6226,12 +6235,14 @@
"minimist": {
"version": "0.0.8",
"bundled": true,
"dev": true
"dev": true,
"optional": true
},
"minipass": {
"version": "2.3.5",
"bundled": true,
"dev": true,
"optional": true,
"requires": {
"safe-buffer": "^5.1.2",
"yallist": "^3.0.0"
@ -6250,6 +6261,7 @@
"version": "0.5.1",
"bundled": true,
"dev": true,
"optional": true,
"requires": {
"minimist": "0.0.8"
}
@ -6330,7 +6342,8 @@
"number-is-nan": {
"version": "1.0.1",
"bundled": true,
"dev": true
"dev": true,
"optional": true
},
"object-assign": {
"version": "4.1.1",
@ -6342,6 +6355,7 @@
"version": "1.4.0",
"bundled": true,
"dev": true,
"optional": true,
"requires": {
"wrappy": "1"
}
@ -6427,7 +6441,8 @@
"safe-buffer": {
"version": "5.1.2",
"bundled": true,
"dev": true
"dev": true,
"optional": true
},
"safer-buffer": {
"version": "2.1.2",
@ -6463,6 +6478,7 @@
"version": "1.0.2",
"bundled": true,
"dev": true,
"optional": true,
"requires": {
"code-point-at": "^1.0.0",
"is-fullwidth-code-point": "^1.0.0",
@ -6482,6 +6498,7 @@
"version": "3.0.1",
"bundled": true,
"dev": true,
"optional": true,
"requires": {
"ansi-regex": "^2.0.0"
}
@ -6525,12 +6542,14 @@
"wrappy": {
"version": "1.0.2",
"bundled": true,
"dev": true
"dev": true,
"optional": true
},
"yallist": {
"version": "3.0.3",
"bundled": true,
"dev": true
"dev": true,
"optional": true
}
}
},

View File

@ -14,60 +14,55 @@ import org.apache.commons.lang3.NotImplementedException;
import org.hostsharing.hsadminng.security.SecurityUtils;
import org.springframework.boot.jackson.JsonComponent;
import javax.annotation.PostConstruct;
import javax.validation.constraints.*;
import java.beans.IntrospectionException;
import java.beans.Introspector;
import java.beans.PropertyDescriptor;
import java.io.IOException;
import java.io.Serializable;
import java.lang.annotation.*;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.Objects;
import java.util.Optional;
/**
* A DTO for the Customer entity.
*/
@ReadableFor(Role.ANY_CUSTOMER_USER)
@WritableFor(Role.SUPPORTER)
public class CustomerDTO implements Serializable {
@WritableFor(Role.NOBODY)
@AccessFor(read = Role.ANY_CUSTOMER_USER)
private Long id;
@NotNull
@Min(value = 10000)
@Max(value = 99999)
@AccessFor(init = Role.ADMIN, read = Role.ANY_CUSTOMER_USER)
private Integer number;
@NotNull
@Pattern(regexp = "[a-z][a-z0-9]+")
@AccessFor(init = Role.ADMIN, read = Role.ANY_CUSTOMER_USER)
private String prefix;
@NotNull
@Size(max = 80)
@AccessFor(init = Role.ADMIN, read = Role.ANY_CUSTOMER_USER)
private String name;
@NotNull
@Size(max = 400)
@ReadableFor(Role.CONTRACTUAL_CONTACT)
@AccessFor(init = Role.ADMIN, update = Role.ADMIN, read = Role.CONTRACTUAL_CONTACT)
private String contractualAddress;
@Size(max = 80)
@ReadableFor(Role.CONTRACTUAL_CONTACT)
@WritableFor(Role.CONTRACTUAL_CONTACT)
@AccessFor(init = Role.ADMIN, update = Role.CONTRACTUAL_CONTACT, read = Role.ANY_CUSTOMER_CONTACT)
private String contractualSalutation;
@Size(max = 400)
@ReadableFor(Role.CONTRACTUAL_CONTACT)
@AccessFor(init = Role.ADMIN, update = Role.ADMIN, read = Role.CONTRACTUAL_CONTACT)
private String billingAddress;
@Size(max = 80)
@ReadableFor(Role.CONTRACTUAL_CONTACT)
@WritableFor(Role.CONTRACTUAL_CONTACT)
@AccessFor(init = Role.ADMIN, update = {Role.CONTRACTUAL_CONTACT, Role.FINANCIAL_CONTACT}, read = Role.CONTRACTUAL_CONTACT)
private String billingSalutation;
public Long getId() {
@ -172,81 +167,56 @@ public class CustomerDTO implements Serializable {
@JsonComponent
public static class CustomerJsonSerializer extends JsonSerializer<CustomerDTO> {
private Optional<String> login;
@PostConstruct
public void getLoginUser() {
this.login = SecurityUtils.getCurrentUserLogin();
}
@Override
public void serialize(CustomerDTO dto, JsonGenerator jsonGenerator,
SerializerProvider serializerProvider) throws IOException {
jsonGenerator.writeStartObject();
try {
for (PropertyDescriptor prop : Introspector.getBeanInfo(CustomerDTO.class).getPropertyDescriptors()) {
if (isRealProprety(prop)) {
for (Field prop : CustomerDTO.class.getDeclaredFields()) {
toJSon(dto, jsonGenerator, prop);
}
}
} catch (IntrospectionException e) {
throw new RuntimeException(e);
}
//
// jsonGenerator.writeNumberField("number", dto.getNumber());
// jsonGenerator.writeStringField("prefix", dto.getPrefix());
// jsonGenerator.writeStringField("name", dto.getName());
// toJSonString(dto, jsonGenerator,"contractualAddress");
// jsonGenerator.writeStringField("contractualSalutation", dto.getContractualSalutation());
// jsonGenerator.writeStringField("billingAddress", dto.getBillingAddress());
// jsonGenerator.writeStringField("billingSalutation", dto.getBillingSalutation());
jsonGenerator.writeEndObject();
}
private boolean isRealProprety(PropertyDescriptor prop) {
return prop.getWriteMethod() != null;
}
private void toJSonString(CustomerDTO user, JsonGenerator jsonGenerator, String fieldName) throws IOException {
if (isReadAllowed(fieldName)) {
jsonGenerator.writeStringField(fieldName, user.getContractualAddress());
}
}
private void toJSon(CustomerDTO dto, JsonGenerator jsonGenerator, PropertyDescriptor prop) throws IOException {
private void toJSon(CustomerDTO dto, JsonGenerator jsonGenerator, Field prop) throws IOException {
if (getLoginUserRole().isAllowedToRead(prop)) {
final String fieldName = prop.getName();
if (isReadAllowed(fieldName)) {
if (Integer.class.isAssignableFrom(prop.getPropertyType()) || int.class.isAssignableFrom(prop.getPropertyType())) {
jsonGenerator.writeNumberField(fieldName, (int) invoke(dto, prop.getReadMethod()));
} else if (Long.class.isAssignableFrom(prop.getPropertyType()) || long.class.isAssignableFrom(prop.getPropertyType())) {
jsonGenerator.writeNumberField(fieldName, (long) invoke(dto, prop.getReadMethod()));
} else if (String.class.isAssignableFrom(prop.getPropertyType())) {
jsonGenerator.writeStringField(fieldName, (String) invoke(dto, prop.getReadMethod()));
if (Integer.class.isAssignableFrom(prop.getType()) || int.class.isAssignableFrom(prop.getType())) {
jsonGenerator.writeNumberField(fieldName, (int) get(dto, prop));
} else if (Long.class.isAssignableFrom(prop.getType()) || long.class.isAssignableFrom(prop.getType())) {
jsonGenerator.writeNumberField(fieldName, (long) get(dto, prop));
} else if (String.class.isAssignableFrom(prop.getType())) {
jsonGenerator.writeStringField(fieldName, (String) get(dto, prop));
} else {
throw new NotImplementedException("property type not yet implemented" + prop);
}
}
}
private Object invoke(Object dto, Method method) {
private Object get(CustomerDTO dto, Field field) {
try {
return method.invoke(dto);
} catch (IllegalAccessException|InvocationTargetException e) {
field.setAccessible(true);
return field.get(dto);
} catch (IllegalAccessException e) {
throw new RuntimeException(e);
}
}
private boolean isReadAllowed(String fieldName) {
if ( fieldName.equals("contractualAddress") ) {
return login.map(user -> user.equals("admin")).orElse(false);
private Role getLoginUserRole() {
return SecurityUtils.getCurrentUserLogin().map(u -> Role.valueOf(u.toUpperCase())).orElse(Role.ANYBODY);
}
return true;
private Object invoke(Object dto, Method method) {
try {
return method.invoke(dto);
} catch (IllegalAccessException | InvocationTargetException e) {
throw new RuntimeException(e);
}
}
}
@JsonComponent
public static class UserJsonDeserializer extends JsonDeserializer<CustomerDTO> {
@ -274,27 +244,73 @@ public class CustomerDTO implements Serializable {
enum Role {
NOBODY(0), HOSTMASTER(1), ADMIN(2), SUPPORTER(3),
ANY_CUSTOMER_CONTACT(10), CONTRACTUAL_CONTACT(11),
ANY_CUSTOMER_USER(30);
ANY_CUSTOMER_CONTACT(20), CONTRACTUAL_CONTACT(21), FINANCIAL_CONTACT(22), TECHNICAL_CONTACT(22),
ANY_CUSTOMER_USER(80),
ANYBODY(99);
private final int level;
Role(final int level) {
this.level = level;
}
boolean covers(final Role role) {
return this == role || this.level < role.level;
}
public boolean isAllowedToInit(Field field) {
final AccessFor accessFor = field.getAnnotation(AccessFor.class);
if (accessFor == null) {
return false;
}
return isRoleCovered(accessFor.init());
}
public boolean isAllowedToUpdate(Field field) {
final Role loginUserRole = SecurityUtils.getCurrentUserLogin().map(u -> Role.valueOf(u.toUpperCase())).orElse(Role.ANYBODY);
final AccessFor accessFor = field.getAnnotation(AccessFor.class);
if (accessFor == null) {
return false;
}
return isRoleCovered(accessFor.update());
}
public boolean isAllowedToRead(Field field) {
final Role loginUserRole = SecurityUtils.getCurrentUserLogin().map(u -> Role.valueOf(u.toUpperCase())).orElse(Role.ANYBODY);
final AccessFor accessFor = field.getAnnotation(AccessFor.class);
if (accessFor == null) {
return false;
}
return isRoleCovered(accessFor.read());
}
private boolean isRoleCovered(Role[] requiredRoles) {
for (Role accessAllowedForRole : requiredRoles) {
if (this.covers(accessAllowedForRole)) {
return true;
}
}
return false;
}
}
@Target({ElementType.FIELD, ElementType.TYPE_USE})
@Retention(RetentionPolicy.RUNTIME)
@Documented
@interface ReadableFor {
@interface AccessFor {
Role[] init() default Role.NOBODY;
Role[] update() default Role.NOBODY;
Role[] read() default Role.NOBODY;
}
@Target({ElementType.FIELD, ElementType.TYPE_USE})
@Retention(RetentionPolicy.RUNTIME)
@Documented
@interface WritableFor {
}

View File

@ -27,26 +27,42 @@ public class CustomerDTOUnitTest {
private ObjectMapper objectMapper;
@Test
public void testSerializationAsCustomer() throws JsonProcessingException {
public void testSerializationAsContractualCustomerContact() throws JsonProcessingException {
// given
CustomerDTO given = createSomeCustomerDTO();
givenLoginUser("customer");
givenLoginUserWithRole("ANY_CUSTOMER_USER");
// when
String actual = objectMapper.writeValueAsString(given);
// then
given.setContractualAddress(null);
//given.setContractualSalutation(null);
given.setContractualSalutation(null);
given.setBillingAddress(null);
given.setBillingSalutation(null);
assertEquals(createExpectedJSon(given), actual);
}
@Test
public void testDeserializeAsCustomer() throws IOException {
public void testSerializationAsSupporter() throws JsonProcessingException {
// given
CustomerDTO given = createSomeCustomerDTO();
givenLoginUserWithRole("SUPPORTER");
// when
String actual = objectMapper.writeValueAsString(given);
// then
assertEquals(createExpectedJSon(given), actual);
}
@Test
public void testDeserializeAsContractualCustomerContact() throws IOException {
// given
String json = "{\"id\":1234,\"number\":10001,\"prefix\":\"abc\",\"name\":\"Mein Name\",\"contractualAddress\":\"Eine Adresse\",\"contractualSalutation\":\"Hallo\",\"billingAddress\":\"Noch eine Adresse\",\"billingSalutation\":\"Moin\"}";
givenLoginUser("customer");
givenLoginUserWithRole("CONTRACTUAL_CONTACT");
// when
CustomerDTO actual = objectMapper.readValue(json, CustomerDTO.class);
@ -66,14 +82,14 @@ public class CustomerDTOUnitTest {
private String createExpectedJSon(CustomerDTO dto) {
String json = // the fields in alphanumeric order:
toJSonFieldDefinitionIfPresent("billingAddress", dto.getBillingAddress()) +
toJSonFieldDefinitionIfPresent("billingSalutation", dto.getBillingSalutation()) +
toJSonFieldDefinitionIfPresent("id", dto.getId()) +
toJSonFieldDefinitionIfPresent("number", dto.getNumber()) +
toJSonFieldDefinitionIfPresent("prefix", dto.getPrefix()) +
toJSonFieldDefinitionIfPresent("name", dto.getName()) +
toJSonFieldDefinitionIfPresent("contractualAddress", dto.getContractualAddress()) +
toJSonFieldDefinitionIfPresent("contractualSalutation", dto.getContractualSalutation()) +
toJSonFieldDefinitionIfPresent("id", dto.getId()) +
toJSonFieldDefinitionIfPresent("name", dto.getName()) +
toJSonFieldDefinitionIfPresent("number", dto.getNumber()) +
toJSonFieldDefinitionIfPresent("prefix", dto.getPrefix());
toJSonFieldDefinitionIfPresent("billingAddress", dto.getBillingAddress()) +
toJSonFieldDefinitionIfPresent("billingSalutation", dto.getBillingSalutation());
return "{" + json.substring(0, json.length() - 1) + "}";
}
@ -99,11 +115,11 @@ public class CustomerDTOUnitTest {
given.setContractualSalutation("Hallo");
given.setBillingAddress("Noch eine Adresse");
given.setBillingSalutation("Moin");
givenLoginUser("admin");
givenLoginUserWithRole("admin");
return given;
}
private void givenLoginUser(String userName) {
private void givenLoginUserWithRole(String userName) {
SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
securityContext.setAuthentication(new UsernamePasswordAuthenticationToken(userName, userName));
SecurityContextHolder.setContext(securityContext);