use of org.apache.deltaspike.security.api.authorization.SecurityDefinitionException in project deltaspike by apache.
the class SecurityExtension method validateBindings.
public void validateBindings(@Observes AfterBeanDiscovery event, BeanManager beanManager) {
if (!isActivated) {
return;
}
SecurityMetaDataStorage metaDataStorage = getMetaDataStorage();
SecurityExtension parentExtension = ParentExtensionStorage.getParentExtension(this);
if (parentExtension != null) {
// also add the authorizers from the parent extension
Set<Authorizer> parentAuthorizers = parentExtension.getMetaDataStorage().getAuthorizers();
for (Authorizer parentAuthorizer : parentAuthorizers) {
metaDataStorage.addAuthorizer(parentAuthorizer);
}
}
metaDataStorage.registerSecuredMethods();
for (final AnnotatedMethod<?> method : metaDataStorage.getSecuredMethods()) {
// Here we simply want to validate that each method that is annotated with
// one or more security bindings has a valid authorizer for each binding
Class<?> targetClass = method.getDeclaringType().getJavaClass();
Method targetMethod = method.getJavaMember();
for (final Annotation annotation : SecurityUtils.getSecurityBindingTypes(targetClass, targetMethod)) {
boolean found = false;
Set<AuthorizationParameter> authorizationParameters = new HashSet<AuthorizationParameter>();
for (AnnotatedParameter<?> parameter : (List<AnnotatedParameter<?>>) (List<?>) method.getParameters()) {
Set<Annotation> securityParameterBindings = null;
for (Annotation a : parameter.getAnnotations()) {
if (SecurityUtils.isMetaAnnotatedWithSecurityParameterBinding(a)) {
if (securityParameterBindings == null) {
securityParameterBindings = new HashSet<Annotation>();
}
securityParameterBindings.add(a);
}
}
if (securityParameterBindings != null) {
AuthorizationParameter authorizationParameter = new AuthorizationParameter(parameter.getBaseType(), securityParameterBindings);
authorizationParameters.add(authorizationParameter);
}
}
// Validate the authorizer
for (Authorizer auth : metaDataStorage.getAuthorizers()) {
if (auth.matchesBindings(annotation, authorizationParameters, targetMethod.getReturnType())) {
found = true;
break;
}
}
if (!found) {
event.addDefinitionError(new SecurityDefinitionException("Secured type " + method.getDeclaringType().getJavaClass().getName() + " has no matching authorizer method for security binding @" + annotation.annotationType().getName()));
}
}
for (final Annotation annotation : method.getAnnotations()) {
if (SecurityUtils.isMetaAnnotatedWithSecurityBindingType(annotation)) {
metaDataStorage.registerSecuredMethod(targetClass, targetMethod);
break;
}
}
}
// Clear securedTypes, we don't require it any more
metaDataStorage.resetSecuredMethods();
}
use of org.apache.deltaspike.security.api.authorization.SecurityDefinitionException in project deltaspike by apache.
the class SecurityExtension method registerAuthorizer.
/**
* Registers the specified authorizer method (i.e. a method annotated with
* the @Secures annotation)
*
* @throws SecurityDefinitionException
*/
private void registerAuthorizer(AnnotatedMethod<?> annotatedMethod) {
if (!annotatedMethod.getJavaMember().getReturnType().equals(Boolean.class) && !annotatedMethod.getJavaMember().getReturnType().equals(Boolean.TYPE)) {
throw new SecurityDefinitionException("Invalid authorizer method [" + annotatedMethod.getJavaMember().getDeclaringClass().getName() + "." + annotatedMethod.getJavaMember().getName() + "] - does not return a boolean.");
}
// Locate the binding type
Annotation binding = null;
for (Annotation annotation : annotatedMethod.getAnnotations()) {
if (SecurityUtils.isMetaAnnotatedWithSecurityBindingType(annotation)) {
if (binding != null) {
throw new SecurityDefinitionException("Invalid authorizer method [" + annotatedMethod.getJavaMember().getDeclaringClass().getName() + "." + annotatedMethod.getJavaMember().getName() + "] - declares multiple security binding types");
}
binding = annotation;
}
}
Authorizer authorizer = new Authorizer(binding, annotatedMethod);
getMetaDataStorage().addAuthorizer(authorizer);
}
use of org.apache.deltaspike.security.api.authorization.SecurityDefinitionException in project deltaspike by apache.
the class SecurityMetaDataStorage method registerSecuredMethod.
synchronized <T> void registerSecuredMethod(Class<T> targetClass, Method targetMethod) {
ensureInitializedAuthorizersForClass(targetClass);
if (!containsMethodAuthorizers(targetClass, targetMethod)) {
Set<AuthorizationParameter> parameterBindings = new HashSet<AuthorizationParameter>();
Class<?>[] parameterTypes = targetMethod.getParameterTypes();
Annotation[][] parameterAnnotations = targetMethod.getParameterAnnotations();
for (int i = 0; i < parameterTypes.length; i++) {
Set<Annotation> securityBindings = null;
for (final Annotation parameterAnnotation : parameterAnnotations[i]) {
if (SecurityUtils.isMetaAnnotatedWithSecurityParameterBinding(parameterAnnotation)) {
if (securityBindings == null) {
securityBindings = new HashSet<Annotation>();
}
securityBindings.add(parameterAnnotation);
}
}
if (securityBindings != null) {
parameterBindings.add(new AuthorizationParameter(parameterTypes[i], securityBindings));
}
}
Set<Authorizer> authorizerStack = new HashSet<Authorizer>();
for (Annotation binding : SecurityUtils.getSecurityBindingTypes(targetClass, targetMethod)) {
boolean found = false;
// For each security binding, find a valid authorizer
for (Authorizer authorizer : authorizers) {
if (authorizer.matchesBindings(binding, parameterBindings, targetMethod.getReturnType())) {
if (found) {
StringBuilder sb = new StringBuilder();
sb.append("Matching authorizer methods found: [");
sb.append(authorizer.getBoundAuthorizerMethod().getDeclaringClass().getName());
sb.append(".");
sb.append(authorizer.getBoundAuthorizerMethod().getName());
sb.append("]");
for (Authorizer a : authorizerStack) {
if (a.matchesBindings(binding, parameterBindings, targetMethod.getReturnType())) {
sb.append(", [");
sb.append(a.getBoundAuthorizerMethod().getDeclaringClass().getName());
sb.append(".");
sb.append(a.getBoundAuthorizerMethod().getName());
sb.append("]");
}
}
throw new SecurityDefinitionException("Ambiguous authorizers found for security binding type [@" + binding.annotationType().getName() + "] on method [" + targetMethod.getDeclaringClass().getName() + "." + targetMethod.getName() + "]. " + sb.toString());
}
authorizerStack.add(authorizer);
found = true;
}
}
if (!found) {
throw new SecurityDefinitionException("No matching authorizer found for security binding type [@" + binding.annotationType().getName() + "] on method [" + targetMethod.getDeclaringClass().getName() + "." + targetMethod.getName() + "].");
}
}
addMethodAuthorizer(targetClass, targetMethod, authorizerStack);
}
}
Aggregations