use of org.apache.shiro.authz.annotation.RequiresRoles in project shiro by apache.
the class RoleAnnotationHandler method assertAuthorized.
/**
* Ensures that the calling <code>Subject</code> has the Annotation's specified roles, and if not, throws an
* <code>AuthorizingException</code> indicating that access is denied.
*
* @param a the RequiresRoles annotation to use to check for one or more roles
* @throws org.apache.shiro.authz.AuthorizationException
* if the calling <code>Subject</code> does not have the role(s) necessary to
* proceed.
*/
public void assertAuthorized(Annotation a) throws AuthorizationException {
if (!(a instanceof RequiresRoles))
return;
RequiresRoles rrAnnotation = (RequiresRoles) a;
String[] roles = rrAnnotation.value();
if (roles.length == 1) {
getSubject().checkRole(roles[0]);
return;
}
if (Logical.AND.equals(rrAnnotation.logical())) {
getSubject().checkRoles(Arrays.asList(roles));
return;
}
if (Logical.OR.equals(rrAnnotation.logical())) {
// Avoid processing exceptions unnecessarily - "delay" throwing the exception by calling hasRole first
boolean hasAtLeastOneRole = false;
for (String role : roles) if (getSubject().hasRole(role))
hasAtLeastOneRole = true;
// Cause the exception if none of the role match, note that the exception message will be a bit misleading
if (!hasAtLeastOneRole)
getSubject().checkRole(roles[0]);
}
}
use of org.apache.shiro.authz.annotation.RequiresRoles in project shiro by apache.
the class RoleAnnotationHandlerTest method testOneOfTheRolesRequired.
@Test
public void testOneOfTheRolesRequired() throws Throwable {
subject = createMock(Subject.class);
expect(subject.hasRole("blah")).andReturn(true);
expect(subject.hasRole("blah2")).andReturn(false);
replay(subject);
RoleAnnotationHandler handler = new RoleAnnotationHandler() {
@Override
protected Subject getSubject() {
return subject;
}
};
Annotation requiresRolesAnnotation = new RequiresRoles() {
public String[] value() {
return new String[] { "blah", "blah2" };
}
public Class<? extends Annotation> annotationType() {
return RequiresRoles.class;
}
public Logical logical() {
return Logical.OR;
}
};
handler.assertAuthorized(requiresRolesAnnotation);
}
use of org.apache.shiro.authz.annotation.RequiresRoles in project shiro by apache.
the class RoleAnnotationHandlerTest method testGuestSingleRoleAssertion.
// Added to satisfy SHIRO-146
@Test(expected = UnauthenticatedException.class)
public void testGuestSingleRoleAssertion() throws Throwable {
RoleAnnotationHandler handler = new RoleAnnotationHandler();
Annotation requiresRolesAnnotation = new RequiresRoles() {
public String[] value() {
return new String[] { "blah" };
}
public Class<? extends Annotation> annotationType() {
return RequiresRoles.class;
}
public Logical logical() {
return Logical.AND;
}
};
handler.assertAuthorized(requiresRolesAnnotation);
}
use of org.apache.shiro.authz.annotation.RequiresRoles in project mica2 by obiba.
the class MicaConfigResource method create.
@PUT
@Timed
@RequiresRoles(Roles.MICA_ADMIN)
public Response create(@SuppressWarnings("TypeMayBeWeakened") Mica.MicaConfigDto dto) {
MicaConfig micaConfig = dtos.fromDto(dto);
taxonomyService.refreshTaxonomyTaxonomyIfNeeded(micaConfigService.getConfig(), micaConfig);
micaConfigService.save(micaConfig);
return Response.noContent().build();
}
use of org.apache.shiro.authz.annotation.RequiresRoles in project ART-TIME by Artezio.
the class ShiroSecuredInterceptor method interceptShiroSecurity.
@AroundInvoke
public Object interceptShiroSecurity(InvocationContext context) throws Exception {
Subject subject = SecurityUtils.getSubject();
Class<?> clas = context.getTarget().getClass();
Method method = context.getMethod();
if (!subject.isAuthenticated() && hasAnnotation(clas, method, RequiresAuthentication.class)) {
throw new UnauthenticatedException("Authentication required");
}
if (subject.getPrincipal() != null && hasAnnotation(clas, method, RequiresGuest.class)) {
throw new UnauthenticatedException("Guest required");
}
if (subject.getPrincipal() == null && hasAnnotation(clas, method, RequiresUser.class)) {
throw new UnauthenticatedException("User required");
}
RequiresRoles roles = getAnnotation(clas, method, RequiresRoles.class);
if (roles != null) {
subject.checkRoles(Arrays.asList(roles.value()));
}
RequiresPermissions permissions = getAnnotation(clas, method, RequiresPermissions.class);
if (permissions != null) {
subject.checkPermissions(permissions.value());
}
return context.proceed();
}
Aggregations