Example 1 with SecurityParameterValueRedefiner
use of org.apache.deltaspike.security.impl.authorization.SecurityParameterValueRedefiner in project deltaspike by apache.
the class Authorizer method authorize.
void authorize(final InvocationContext ic, final Object returnValue, BeanManager beanManager) throws IllegalAccessException, IllegalArgumentException {
if (boundAuthorizerBean == null) {
lazyInitTargetBean(beanManager);
}
final CreationalContext<?> creationalContext = beanManager.createCreationalContext(boundAuthorizerBean);
Object reference = beanManager.getReference(boundAuthorizerBean, boundAuthorizerMethod.getJavaMember().getDeclaringClass(), creationalContext);
Object result = boundAuthorizerMethodProxy.invoke(reference, creationalContext, new SecurityParameterValueRedefiner(creationalContext, ic, returnValue));
if (Boolean.FALSE.equals(result)) {
Set<SecurityViolation> violations = new HashSet<SecurityViolation>();
violations.add(new SecurityViolation() {
private static final long serialVersionUID = 2358753444038521129L;
@Override
public String getReason() {
return "Authorization check failed";
}
});
throw new AccessDeniedException(violations);
}
}
Also used :
AccessDeniedException(org.apache.deltaspike.security.api.authorization.AccessDeniedException)
SecurityViolation(org.apache.deltaspike.security.api.authorization.SecurityViolation)
SecurityParameterValueRedefiner(org.apache.deltaspike.security.impl.authorization.SecurityParameterValueRedefiner)
HashSet(java.util.HashSet)
Aggregations
HashSet (java.util.HashSet)1
AccessDeniedException (org.apache.deltaspike.security.api.authorization.AccessDeniedException)1
SecurityViolation (org.apache.deltaspike.security.api.authorization.SecurityViolation)1
SecurityParameterValueRedefiner (org.apache.deltaspike.security.impl.authorization.SecurityParameterValueRedefiner)1
