Examples with DenyAll - javax.annotation.security.DenyAll

Example 1 with DenyAll

use of javax.annotation.security.DenyAll in project tomee by apache.

the class MPJWTSecurityAnnotationsInterceptorsFeature method processSecurityAnnotations.

private boolean processSecurityAnnotations(final Class clazz, final Method method) {
    final List<Class<? extends Annotation>[]> classSecurityAnnotations = hasClassLevelAnnotations(clazz, RolesAllowed.class, PermitAll.class, DenyAll.class);
    final List<Class<? extends Annotation>[]> methodSecurityAnnotations = hasMethodLevelAnnotations(method, RolesAllowed.class, PermitAll.class, DenyAll.class);
    if (classSecurityAnnotations.isEmpty() && methodSecurityAnnotations.isEmpty()) {
        // nothing to do
        return false;
    }
    /*
         * Process annotations at the class level
         */
    if (classSecurityAnnotations.size() > 1) {
        throw new IllegalStateException(clazz.getName() + " has more than one security annotation (RolesAllowed, PermitAll, DenyAll).");
    }
    if (methodSecurityAnnotations.size() > 1) {
        throw new IllegalStateException(method.toString() + " has more than one security annotation (RolesAllowed, PermitAll, DenyAll).");
    }
    if (methodSecurityAnnotations.isEmpty()) {
        // no need to deal with class level annotations if the method has some
        final RolesAllowed classRolesAllowed = (RolesAllowed) clazz.getAnnotation(RolesAllowed.class);
        final PermitAll classPermitAll = (PermitAll) clazz.getAnnotation(PermitAll.class);
        final DenyAll classDenyAll = (DenyAll) clazz.getAnnotation(DenyAll.class);
        if (classRolesAllowed != null) {
            Set<String> roles = new HashSet<>();
            final Set<String> previous = rolesAllowed.putIfAbsent(method, roles);
            if (previous != null) {
                roles = previous;
            }
            roles.addAll(Arrays.asList(classRolesAllowed.value()));
        }
        if (classPermitAll != null) {
            permitAll.add(method);
        }
        if (classDenyAll != null) {
            denyAll.add(method);
        }
    }
    final RolesAllowed mthdRolesAllowed = method.getAnnotation(RolesAllowed.class);
    final PermitAll mthdPermitAll = method.getAnnotation(PermitAll.class);
    final DenyAll mthdDenyAll = method.getAnnotation(DenyAll.class);
    if (mthdRolesAllowed != null) {
        Set<String> roles = new HashSet<>();
        final Set<String> previous = rolesAllowed.putIfAbsent(method, roles);
        if (previous != null) {
            roles = previous;
        }
        roles.addAll(Arrays.asList(mthdRolesAllowed.value()));
    }
    if (mthdPermitAll != null) {
        permitAll.add(method);
    }
    if (mthdDenyAll != null) {
        denyAll.add(method);
    }
    return true;
}

Also used : RolesAllowed(javax.annotation.security.RolesAllowed) DenyAll(javax.annotation.security.DenyAll) PermitAll(javax.annotation.security.PermitAll) HashSet(java.util.HashSet)

Aggregations

HashSet (java.util.HashSet)1 DenyAll (javax.annotation.security.DenyAll)1 PermitAll (javax.annotation.security.PermitAll)1 RolesAllowed (javax.annotation.security.RolesAllowed)1