Examples with RolesAllowed javax.annotation.security.RolesAllowed used on opensource projects

Search in sources :

Example 6 with RolesAllowed

use of javax.annotation.security.RolesAllowed in project jersey by jersey.

the class FlightsResource method updateStatus.

@POST
@Path("{id}/status")
@Consumes(APPLICATION_FORM_URLENCODED)
@Produces(TEXT_PLAIN)
@RolesAllowed("admin")
public String updateStatus(@ValidFlightId @PathParam("id") String flightId, @FormParam("status") String newStatus) {
    Flight.Status status;
    try {
        status = Flight.Status.valueOf(newStatus);
    } catch (IllegalArgumentException e) {
        throw new BadRequestException("Unknown status.");
    }
    final Flight flight = DataStore.selectFlight(flightId);
    flight.setStatus(status);
    return status.name();
}
Also used : Flight(org.glassfish.jersey.examples.flight.model.Flight) BadRequestException(javax.ws.rs.BadRequestException) Path(javax.ws.rs.Path) RolesAllowed(javax.annotation.security.RolesAllowed) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces)

Example 7 with RolesAllowed

use of javax.annotation.security.RolesAllowed in project jersey by jersey.

the class FlightsResource method create.

@POST
@Consumes(APPLICATION_FORM_URLENCODED)
@RolesAllowed("admin")
@Detail
public Flight create(@ValidAircraftId @FormParam("aircraftId") Integer aircraftId) {
    final Aircraft aircraft = DataStore.selectAircraft(aircraftId);
    if (!aircraft.marAssigned()) {
        throw new BadRequestException("Aircraft already assigned.");
    }
    Flight flight = new Flight(null, aircraft);
    if (!DataStore.addFlight(flight)) {
        aircraft.marAvailable();
        throw new BadRequestException("Flight already exists.");
    }
    return flight;
}
Also used : Flight(org.glassfish.jersey.examples.flight.model.Flight) BadRequestException(javax.ws.rs.BadRequestException) Aircraft(org.glassfish.jersey.examples.flight.model.Aircraft) RolesAllowed(javax.annotation.security.RolesAllowed) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Detail(org.glassfish.jersey.examples.flight.filtering.Detail)

Example 8 with RolesAllowed

use of javax.annotation.security.RolesAllowed in project jersey by jersey.

the class FlightsResource method delete.

@DELETE
@Path("{id}")
@Produces(TEXT_PLAIN)
@RolesAllowed("admin")
public String delete(@ValidFlightId @PathParam("id") String flightId) {
    Flight flight = DataStore.removeFlight(flightId);
    flight.getAircraft().marAvailable();
    return flight.getId();
}
Also used : Flight(org.glassfish.jersey.examples.flight.model.Flight) Path(javax.ws.rs.Path) DELETE(javax.ws.rs.DELETE) RolesAllowed(javax.annotation.security.RolesAllowed) Produces(javax.ws.rs.Produces)

Example 9 with RolesAllowed

use of javax.annotation.security.RolesAllowed in project spring-security by spring-projects.

the class Jsr250MethodSecurityMetadataSource method processAnnotations.

private List<ConfigAttribute> processAnnotations(Annotation[] annotations) {
    if (annotations == null || annotations.length == 0) {
        return null;
    }
    List<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>();
    for (Annotation a : annotations) {
        if (a instanceof DenyAll) {
            attributes.add(Jsr250SecurityConfig.DENY_ALL_ATTRIBUTE);
            return attributes;
        }
        if (a instanceof PermitAll) {
            attributes.add(Jsr250SecurityConfig.PERMIT_ALL_ATTRIBUTE);
            return attributes;
        }
        if (a instanceof RolesAllowed) {
            RolesAllowed ra = (RolesAllowed) a;
            for (String allowed : ra.value()) {
                String defaultedAllowed = getRoleWithDefaultPrefix(allowed);
                attributes.add(new Jsr250SecurityConfig(defaultedAllowed));
            }
            return attributes;
        }
    }
    return null;
}
Also used : DenyAll(javax.annotation.security.DenyAll) RolesAllowed(javax.annotation.security.RolesAllowed) ConfigAttribute(org.springframework.security.access.ConfigAttribute) ArrayList(java.util.ArrayList) PermitAll(javax.annotation.security.PermitAll) Annotation(java.lang.annotation.Annotation)

Example 10 with RolesAllowed

use of javax.annotation.security.RolesAllowed in project aries by apache.

the class AuthorizationInterceptor method preCall.

public Object preCall(ComponentMetadata cm, Method m, Object... parameters) throws Throwable {
    Annotation ann = new SecurityAnotationParser().getEffectiveAnnotation(beanClass, m);
    if (ann instanceof PermitAll) {
        return null;
    }
    // Also applies for @DenyAll
    String[] rolesAr = new String[] {};
    if (ann instanceof RolesAllowed) {
        rolesAr = ((RolesAllowed) ann).value();
    }
    Set<String> roles = new HashSet<String>(Arrays.asList(rolesAr));
    AccessControlContext acc = AccessController.getContext();
    Subject subject = Subject.getSubject(acc);
    if (subject == null) {
        throw new AccessControlException("Method call " + m.getDeclaringClass() + "." + m.getName() + " denied. No JAAS login present");
    }
    Set<Principal> principals = subject.getPrincipals();
    for (Principal principal : principals) {
        if (roles.contains(principal.getName())) {
            LOGGER.debug("Granting access to Method: {} for {}.", m, principal);
            return null;
        }
    }
    String msg = String.format("Method call %s.%s denied. Roles allowed are %s. Your principals are %s.", m.getDeclaringClass(), m.getName(), roles, getNames(principals));
    throw new AccessControlException(msg);
}
Also used : AccessControlException(java.security.AccessControlException) Annotation(java.lang.annotation.Annotation) Subject(javax.security.auth.Subject) RolesAllowed(javax.annotation.security.RolesAllowed) AccessControlContext(java.security.AccessControlContext) PermitAll(javax.annotation.security.PermitAll) Principal(java.security.Principal) HashSet(java.util.HashSet)

Aggregations

RolesAllowed (javax.annotation.security.RolesAllowed)11 BadRequestException (javax.ws.rs.BadRequestException)4 Flight (org.glassfish.jersey.examples.flight.model.Flight)4 Annotation (java.lang.annotation.Annotation)3 Consumes (javax.ws.rs.Consumes)3 POST (javax.ws.rs.POST)3 Path (javax.ws.rs.Path)3 Produces (javax.ws.rs.Produces)3 Aircraft (org.glassfish.jersey.examples.flight.model.Aircraft)3 PermitAll (javax.annotation.security.PermitAll)2 DELETE (javax.ws.rs.DELETE)2 Detail (org.glassfish.jersey.examples.flight.filtering.Detail)2 AnnotatedMethod (org.glassfish.jersey.server.model.AnnotatedMethod)2 AccessControlContext (java.security.AccessControlContext)1 AccessControlException (java.security.AccessControlException)1 Principal (java.security.Principal)1 ArrayList (java.util.ArrayList)1 HashSet (java.util.HashSet)1 CountDownLatch (java.util.concurrent.CountDownLatch)1 DenyAll (javax.annotation.security.DenyAll)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial