Search in sources :

Example 1 with RequiresRoles

use of org.apache.shiro.authz.annotation.RequiresRoles in project shiro by apache.

the class RoleAnnotationHandler method assertAuthorized.

/**
 * Ensures that the calling <code>Subject</code> has the Annotation's specified roles, and if not, throws an
 * <code>AuthorizingException</code> indicating that access is denied.
 *
 * @param a the RequiresRoles annotation to use to check for one or more roles
 * @throws org.apache.shiro.authz.AuthorizationException
 *          if the calling <code>Subject</code> does not have the role(s) necessary to
 *          proceed.
 */
public void assertAuthorized(Annotation a) throws AuthorizationException {
    if (!(a instanceof RequiresRoles))
        return;
    RequiresRoles rrAnnotation = (RequiresRoles) a;
    String[] roles = rrAnnotation.value();
    if (roles.length == 1) {
        getSubject().checkRole(roles[0]);
        return;
    }
    if (Logical.AND.equals(rrAnnotation.logical())) {
        getSubject().checkRoles(Arrays.asList(roles));
        return;
    }
    if (Logical.OR.equals(rrAnnotation.logical())) {
        // Avoid processing exceptions unnecessarily - "delay" throwing the exception by calling hasRole first
        boolean hasAtLeastOneRole = false;
        for (String role : roles) if (getSubject().hasRole(role))
            hasAtLeastOneRole = true;
        // Cause the exception if none of the role match, note that the exception message will be a bit misleading
        if (!hasAtLeastOneRole)
            getSubject().checkRole(roles[0]);
    }
}
Also used : RequiresRoles(org.apache.shiro.authz.annotation.RequiresRoles)

Example 2 with RequiresRoles

use of org.apache.shiro.authz.annotation.RequiresRoles in project shiro by apache.

the class RoleAnnotationHandlerTest method testOneOfTheRolesRequired.

@Test
public void testOneOfTheRolesRequired() throws Throwable {
    subject = createMock(Subject.class);
    expect(subject.hasRole("blah")).andReturn(true);
    expect(subject.hasRole("blah2")).andReturn(false);
    replay(subject);
    RoleAnnotationHandler handler = new RoleAnnotationHandler() {

        @Override
        protected Subject getSubject() {
            return subject;
        }
    };
    Annotation requiresRolesAnnotation = new RequiresRoles() {

        public String[] value() {
            return new String[] { "blah", "blah2" };
        }

        public Class<? extends Annotation> annotationType() {
            return RequiresRoles.class;
        }

        public Logical logical() {
            return Logical.OR;
        }
    };
    handler.assertAuthorized(requiresRolesAnnotation);
}
Also used : RequiresRoles(org.apache.shiro.authz.annotation.RequiresRoles) Subject(org.apache.shiro.subject.Subject) Annotation(java.lang.annotation.Annotation) Test(org.junit.Test)

Example 3 with RequiresRoles

use of org.apache.shiro.authz.annotation.RequiresRoles in project shiro by apache.

the class RoleAnnotationHandlerTest method testGuestSingleRoleAssertion.

// Added to satisfy SHIRO-146
@Test(expected = UnauthenticatedException.class)
public void testGuestSingleRoleAssertion() throws Throwable {
    RoleAnnotationHandler handler = new RoleAnnotationHandler();
    Annotation requiresRolesAnnotation = new RequiresRoles() {

        public String[] value() {
            return new String[] { "blah" };
        }

        public Class<? extends Annotation> annotationType() {
            return RequiresRoles.class;
        }

        public Logical logical() {
            return Logical.AND;
        }
    };
    handler.assertAuthorized(requiresRolesAnnotation);
}
Also used : RequiresRoles(org.apache.shiro.authz.annotation.RequiresRoles) Annotation(java.lang.annotation.Annotation) Test(org.junit.Test)

Example 4 with RequiresRoles

use of org.apache.shiro.authz.annotation.RequiresRoles in project mica2 by obiba.

the class MicaConfigResource method create.

@PUT
@Timed
@RequiresRoles(Roles.MICA_ADMIN)
public Response create(@SuppressWarnings("TypeMayBeWeakened") Mica.MicaConfigDto dto) {
    MicaConfig micaConfig = dtos.fromDto(dto);
    taxonomyService.refreshTaxonomyTaxonomyIfNeeded(micaConfigService.getConfig(), micaConfig);
    micaConfigService.save(micaConfig);
    return Response.noContent().build();
}
Also used : MicaConfig(org.obiba.mica.micaConfig.domain.MicaConfig) Timed(com.codahale.metrics.annotation.Timed) RequiresRoles(org.apache.shiro.authz.annotation.RequiresRoles)

Example 5 with RequiresRoles

use of org.apache.shiro.authz.annotation.RequiresRoles in project ART-TIME by Artezio.

the class ShiroSecuredInterceptor method interceptShiroSecurity.

@AroundInvoke
public Object interceptShiroSecurity(InvocationContext context) throws Exception {
    Subject subject = SecurityUtils.getSubject();
    Class<?> clas = context.getTarget().getClass();
    Method method = context.getMethod();
    if (!subject.isAuthenticated() && hasAnnotation(clas, method, RequiresAuthentication.class)) {
        throw new UnauthenticatedException("Authentication required");
    }
    if (subject.getPrincipal() != null && hasAnnotation(clas, method, RequiresGuest.class)) {
        throw new UnauthenticatedException("Guest required");
    }
    if (subject.getPrincipal() == null && hasAnnotation(clas, method, RequiresUser.class)) {
        throw new UnauthenticatedException("User required");
    }
    RequiresRoles roles = getAnnotation(clas, method, RequiresRoles.class);
    if (roles != null) {
        subject.checkRoles(Arrays.asList(roles.value()));
    }
    RequiresPermissions permissions = getAnnotation(clas, method, RequiresPermissions.class);
    if (permissions != null) {
        subject.checkPermissions(permissions.value());
    }
    return context.proceed();
}
Also used : RequiresGuest(org.apache.shiro.authz.annotation.RequiresGuest) RequiresUser(org.apache.shiro.authz.annotation.RequiresUser) RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions) UnauthenticatedException(org.apache.shiro.authz.UnauthenticatedException) RequiresAuthentication(org.apache.shiro.authz.annotation.RequiresAuthentication) Method(java.lang.reflect.Method) RequiresRoles(org.apache.shiro.authz.annotation.RequiresRoles) Subject(org.apache.shiro.subject.Subject) AroundInvoke(javax.interceptor.AroundInvoke)

Aggregations

RequiresRoles (org.apache.shiro.authz.annotation.RequiresRoles)13 Path (javax.ws.rs.Path)4 Timed (com.codahale.metrics.annotation.Timed)3 Annotation (java.lang.annotation.Annotation)3 Subject (org.apache.shiro.subject.Subject)3 Test (org.junit.Test)3 SubjectAclResource (org.obiba.mica.security.rest.SubjectAclResource)3 TaxonomiesUpdatedEvent (org.obiba.mica.micaConfig.event.TaxonomiesUpdatedEvent)2 JsonPath (com.jayway.jsonpath.JsonPath)1 Method (java.lang.reflect.Method)1 AroundInvoke (javax.interceptor.AroundInvoke)1 PUT (javax.ws.rs.PUT)1 UnauthenticatedException (org.apache.shiro.authz.UnauthenticatedException)1 RequiresAuthentication (org.apache.shiro.authz.annotation.RequiresAuthentication)1 RequiresGuest (org.apache.shiro.authz.annotation.RequiresGuest)1 RequiresPermissions (org.apache.shiro.authz.annotation.RequiresPermissions)1 RequiresUser (org.apache.shiro.authz.annotation.RequiresUser)1 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)1 IndexContactsEvent (org.obiba.mica.contact.event.IndexContactsEvent)1 IndexDatasetsEvent (org.obiba.mica.dataset.event.IndexDatasetsEvent)1