@Override public Object invoke(MethodInvocation invocation) throws Throwable { Method method = invocation.getMethod(); Account account = checkRequireToken(method); checkRequirePermissions(account, method); checkRequireRoles(account, method); checkRequireAdministrator(account, method); checkRequireAuthenticated(account, method); checkRequireGuest(account, method); return invocation.proceed(); }
@Override protected void setup() { bind(BasicAuthenticationHandler.class); bind(FormAuthenticationHandler.class); Matcher<Class> controllers = subclassesOf(Controller.class); Matcher<Class> notControllers = not(controllers); /* * The grand ControllerInterceptor. */ ControllerInterceptor controllerInterceptor = new ControllerInterceptor(getProvider(SecurityManager.class)); bindInterceptor(controllers, any(), controllerInterceptor); /* * Individual method interceptors for annotating non-controllers. */ RequireTokenInterceptor tokenInterceptor = new RequireTokenInterceptor(getProvider(SecurityManager.class)); bindInterceptor(notControllers, annotatedWith(RequireToken.class), tokenInterceptor); RequireAuthenticatedInterceptor authenticatedInterceptor = new RequireAuthenticatedInterceptor(); bindInterceptor(notControllers, annotatedWith(RequireAuthenticated.class), authenticatedInterceptor); RequireAdministratorInterceptor administratorInterceptor = new RequireAdministratorInterceptor(); bindInterceptor(notControllers, annotatedWith(RequireAdministrator.class), administratorInterceptor); RequireRoleInterceptor roleInterceptor = new RequireRoleInterceptor(); bindInterceptor(notControllers, annotatedWith(RequireRole.class), roleInterceptor); RequirePermissionInterceptor permissionInterceptor = new RequirePermissionInterceptor(); bindInterceptor(notControllers, annotatedWith(RequirePermission.class), permissionInterceptor); RequireRolesInterceptor rolesInterceptor = new RequireRolesInterceptor(); bindInterceptor(notControllers, annotatedWith(RequireRoles.class), rolesInterceptor); RequirePermissionsInterceptor permissionsInterceptor = new RequirePermissionsInterceptor(); bindInterceptor(notControllers, annotatedWith(RequirePermissions.class), permissionsInterceptor); }
protected Account checkRequireToken(Method method) { Account account = getAccount(); RequireToken requireToken = ClassUtil.getAnnotation(method, RequireToken.class); if (requireToken != null) { String tokenName = requireToken.value(); Context context = RouteDispatcher.getRouteContext(); // extract the named token from a header or a query parameter String token = Strings.emptyToNull(context.getRequest().getHeader(tokenName)); token = Optional.fromNullable(token).or(context.getParameter(tokenName).toString("")); if (Strings.isNullOrEmpty(token)) { throw new AuthorizationException("Missing '{}' token", tokenName); } if (account.isGuest()) { // authenticate by token TokenCredentials credentials = new TokenCredentials(token); account = securityManager.get().authenticate(credentials); if (account == null) { throw new AuthorizationException("Invalid '{}' value '{}'", tokenName, token); } context.setLocal(AuthConstants.ACCOUNT_ATTRIBUTE, account); log.debug("'{}' account authenticated by token '{}'", account.getUsername(), token); } else { // validate token account.checkToken(token); } } return account; }
@Override protected void setup() { bind(BasicAuthenticationHandler.class); bind(FormAuthenticationHandler.class); Matcher<Class> controllers = subclassesOf(Controller.class); Matcher<Class> notControllers = not(controllers); /* * The grand ControllerInterceptor. */ ControllerInterceptor controllerInterceptor = new ControllerInterceptor(getProvider(SecurityManager.class)); bindInterceptor(controllers, any(), controllerInterceptor); /* * Individual method interceptors for annotating non-controllers. */ RequireTokenInterceptor tokenInterceptor = new RequireTokenInterceptor(getProvider(SecurityManager.class)); bindInterceptor(notControllers, annotatedWith(RequireToken.class), tokenInterceptor); RequireAuthenticatedInterceptor authenticatedInterceptor = new RequireAuthenticatedInterceptor(); bindInterceptor(notControllers, annotatedWith(RequireAuthenticated.class), authenticatedInterceptor); RequireAdministratorInterceptor administratorInterceptor = new RequireAdministratorInterceptor(); bindInterceptor(notControllers, annotatedWith(RequireAdministrator.class), administratorInterceptor); RequireRoleInterceptor roleInterceptor = new RequireRoleInterceptor(); bindInterceptor(notControllers, annotatedWith(RequireRole.class), roleInterceptor); RequirePermissionInterceptor permissionInterceptor = new RequirePermissionInterceptor(); bindInterceptor(notControllers, annotatedWith(RequirePermission.class), permissionInterceptor); RequireRolesInterceptor rolesInterceptor = new RequireRolesInterceptor(); bindInterceptor(notControllers, annotatedWith(RequireRoles.class), rolesInterceptor); RequirePermissionsInterceptor permissionsInterceptor = new RequirePermissionsInterceptor(); bindInterceptor(notControllers, annotatedWith(RequirePermissions.class), permissionsInterceptor); }
protected Account checkRequireToken(Method method) { Account account = getAccount(); RequireToken requireToken = ClassUtil.getAnnotation(method, RequireToken.class); if (requireToken != null) { String tokenName = requireToken.value(); Context context = RouteDispatcher.getRouteContext(); // extract the named token from a header or a query parameter String token = Strings.emptyToNull(context.getRequest().getHeader(tokenName)); token = Optional.fromNullable(token).or(context.getParameter(tokenName).toString("")); if (Strings.isNullOrEmpty(token)) { throw new AuthorizationException("Missing '{}' token", tokenName); } if (account.isGuest()) { // authenticate by token TokenCredentials credentials = new TokenCredentials(token); account = securityManager.get().authenticate(credentials); if (account == null) { throw new AuthorizationException("Invalid '{}' value '{}'", tokenName, token); } context.setLocal(AuthConstants.ACCOUNT_ATTRIBUTE, account); log.debug("'{}' account authenticated by token '{}'", account.getUsername(), token); } else { // validate token account.checkToken(token); } } return account; }
@Override public Object invoke(MethodInvocation invocation) throws Throwable { Method method = invocation.getMethod(); Account account = checkRequireToken(method); checkRequirePermissions(account, method); checkRequireRoles(account, method); checkRequireAdministrator(account, method); checkRequireAuthenticated(account, method); checkRequireGuest(account, method); return invocation.proceed(); }