Example 1 with SecurityContext
use of javax.security.enterprise.SecurityContext in project Payara by payara.
the class RolesPermittedInterceptor method checkAccessPermitted.
/**
* Check that the roles allowed by the class or method match the roles
* currently granted to the caller.
*
* @param roles The roles declared within the @Roles annotation.
* @param invocationContext
* @return True if access is allowed, false otherwise
*/
public boolean checkAccessPermitted(RolesPermitted roles, InvocationContext invocationContext) {
authenticate(roles.value());
ELProcessor eLProcessor = null;
if (hasAnyELExpression(roles.value())) {
eLProcessor = getElProcessor(invocationContext);
}
List<String> permittedRoles = asList(roles.value());
final SecurityContext securityContext = lazyProperties.getSecurityContext();
if (OR.equals(roles.semantics())) {
for (String role : permittedRoles) {
if (eLProcessor != null && hasAnyELExpression(role)) {
role = evalELExpression(eLProcessor, role);
}
if (securityContext.isCallerInRole(role)) {
return true;
}
}
} else if (AND.equals(roles.semantics())) {
for (String role : permittedRoles) {
if (eLProcessor != null && hasAnyELExpression(role)) {
role = evalELExpression(eLProcessor, role);
}
if (!securityContext.isCallerInRole(role)) {
return false;
}
}
return true;
}
return false;
}
Also used :
ELProcessor(javax.el.ELProcessor)
SecurityContext(javax.security.enterprise.SecurityContext)
Aggregations
