Examples with UnauthenticatedException org.apache.shiro.authz.UnauthenticatedException used on opensource projects

Example 1 with UnauthenticatedException

use of org.apache.shiro.authz.UnauthenticatedException in project ART-TIME by Artezio.

the class ShiroSecuredInterceptor method interceptShiroSecurity.

@AroundInvoke
public Object interceptShiroSecurity(InvocationContext context) throws Exception {
    Subject subject = SecurityUtils.getSubject();
    Class<?> clas = context.getTarget().getClass();
    Method method = context.getMethod();
    if (!subject.isAuthenticated() && hasAnnotation(clas, method, RequiresAuthentication.class)) {
        throw new UnauthenticatedException("Authentication required");
    }
    if (subject.getPrincipal() != null && hasAnnotation(clas, method, RequiresGuest.class)) {
        throw new UnauthenticatedException("Guest required");
    }
    if (subject.getPrincipal() == null && hasAnnotation(clas, method, RequiresUser.class)) {
        throw new UnauthenticatedException("User required");
    }
    RequiresRoles roles = getAnnotation(clas, method, RequiresRoles.class);
    if (roles != null) {
        subject.checkRoles(Arrays.asList(roles.value()));
    }
    RequiresPermissions permissions = getAnnotation(clas, method, RequiresPermissions.class);
    if (permissions != null) {
        subject.checkPermissions(permissions.value());
    }
    return context.proceed();
}

Example 2 with UnauthenticatedException

use of org.apache.shiro.authz.UnauthenticatedException in project fruit-manage by liuzhaozhao.

the class ShiroInterceptor method intercept.

public void intercept(Invocation ai) {
    AuthzHandler ah = ShiroKit.getAuthzHandler(ai.getActionKey());
    // 存在访问控制处理器。
    if (ah != null) {
        Controller c = ai.getController();
        try {
            // 执行权限检查。
            ah.assertAuthorized();
        } catch (UnauthenticatedException lae) {
            // 如果没有进行身份验证，返回HTTP401状态码,或者跳转到默认登录页面
            if (StrKit.notBlank(this.loginUrl)) {
                // 保存登录前的页面信息,只保存GET请求。其他请求不处理。
                if (c.getRequest().getMethod().equalsIgnoreCase("GET")) {
                    // SecurityUtils.getSubject().getSession().setAttribute(this.savedRequestKey, ai.getControllerKey()+"/" + ai.getMethodName() + this.extName);
                    if (c.getSessionAttr(this.savedRequestKey) == null) {
                        /*getRequestURL: http://localhost:10086/dafei/index.do
								getRequestURI: /dafei/index.do
								getQueryString: tt=121212&32323*/
                        HttpServletRequest req = c.getRequest();
                        String saveUrl = req.getRequestURI().substring(req.getContextPath().length());
                        String saveQs = req.getQueryString();
                        if (StrKit.notBlank(saveQs)) {
                            saveUrl = saveUrl + "?" + saveQs;
                        }
                        if (StrKit.notBlank(saveUrl)) {
                            c.setSessionAttr(this.savedRequestKey, saveUrl);
                        }
                    }
                }
                c.redirect(this.loginUrl);
            } else {
                ai.getController().renderError(401);
            }
            return;
        } catch (AuthorizationException ae) {
            // 如果没有权限访问对应的资源，返回HTTP状态码403，或者调转到为授权页面
            if (StrKit.notBlank(this.unauthorizedUrl)) {
                c.redirect(this.unauthorizedUrl);
            } else {
                c.renderError(403);
            }
            return;
        }
    }
    // 执行正常逻辑
    ai.invoke();
}