/** * Default no-argument constructor that ensures this interceptor looks for * {@link RequiresRoles RequiresRoles} annotations in a method declaration. */ public RoleAnnotationMethodInterceptor() { super( new RoleAnnotationHandler() ); }
@Test(expected = UnauthenticatedException.class) public void testGuestMultipleRolesAssertion() throws Throwable { RoleAnnotationHandler handler = new RoleAnnotationHandler(); Annotation requiresRolesAnnotation = new RequiresRoles() { public String[] value() { return new String[]{"blah", "blah2"}; } public Class<? extends Annotation> annotationType() { return RequiresRoles.class; } public Logical logical() { return Logical.AND; } }; handler.assertAuthorized(requiresRolesAnnotation); }
/** * Ensures that the calling <code>Subject</code> has the Annotation's specified roles, and if not, throws an * <code>AuthorizingException</code> indicating that access is denied. * * @param a the RequiresRoles annotation to use to check for one or more roles * @throws org.apache.shiro.authz.AuthorizationException * if the calling <code>Subject</code> does not have the role(s) necessary to * proceed. */ public void assertAuthorized(Annotation a) throws AuthorizationException { if (!(a instanceof RequiresRoles)) return; RequiresRoles rrAnnotation = (RequiresRoles) a; String[] roles = rrAnnotation.value(); if (roles.length == 1) { getSubject().checkRole(roles[0]); return; } if (Logical.AND.equals(rrAnnotation.logical())) { getSubject().checkRoles(Arrays.asList(roles)); return; } if (Logical.OR.equals(rrAnnotation.logical())) { // Avoid processing exceptions unnecessarily - "delay" throwing the exception by calling hasRole first boolean hasAtLeastOneRole = false; for (String role : roles) if (getSubject().hasRole(role)) hasAtLeastOneRole = true; // Cause the exception if none of the role match, note that the exception message will be a bit misleading if (!hasAtLeastOneRole) getSubject().checkRole(roles[0]); } }
@Test public void testOneOfTheRolesRequired() throws Throwable { subject = createMock(Subject.class); expect(subject.hasRole("blah")).andReturn(true); expect(subject.hasRole("blah2")).andReturn(false); replay(subject); RoleAnnotationHandler handler = new RoleAnnotationHandler() { @Override protected Subject getSubject() { return subject; } }; Annotation requiresRolesAnnotation = new RequiresRoles() { public String[] value() { return new String[]{"blah", "blah2"}; } public Class<? extends Annotation> annotationType() { return RequiresRoles.class; } public Logical logical() { return Logical.OR; } }; handler.assertAuthorized(requiresRolesAnnotation); } }
/** * Ensures that the calling <code>Subject</code> has the Annotation's specified roles, and if not, throws an * <code>AuthorizingException</code> indicating that access is denied. * * @param a the RequiresRoles annotation to use to check for one or more roles * @throws org.apache.shiro.authz.AuthorizationException * if the calling <code>Subject</code> does not have the role(s) necessary to * proceed. */ public void assertAuthorized(Annotation a) throws AuthorizationException { if (!(a instanceof RequiresRoles)) return; RequiresRoles rrAnnotation = (RequiresRoles) a; String[] roles = rrAnnotation.value(); if (roles.length == 1) { getSubject().checkRole(roles[0]); return; } if (Logical.AND.equals(rrAnnotation.logical())) { getSubject().checkRoles(Arrays.asList(roles)); return; } if (Logical.OR.equals(rrAnnotation.logical())) { // Avoid processing exceptions unnecessarily - "delay" throwing the exception by calling hasRole first boolean hasAtLeastOneRole = false; for (String role : roles) if (getSubject().hasRole(role)) hasAtLeastOneRole = true; // Cause the exception if none of the role match, note that the exception message will be a bit misleading if (!hasAtLeastOneRole) getSubject().checkRole(roles[0]); } }
/** * @param resolver * @since 1.1 */ public RoleAnnotationMethodInterceptor(AnnotationResolver resolver) { super(new RoleAnnotationHandler(), resolver); } }
@Test(expected = UnauthenticatedException.class) public void testGuestSingleRoleAssertion() throws Throwable { RoleAnnotationHandler handler = new RoleAnnotationHandler(); Annotation requiresRolesAnnotation = new RequiresRoles() { public String[] value() { return new String[]{"blah"}; } public Class<? extends Annotation> annotationType() { return RequiresRoles.class; } public Logical logical() { return Logical.AND; } }; handler.assertAuthorized(requiresRolesAnnotation); }
/** * Ensures that the calling <code>Subject</code> has the Annotation's specified roles, and if not, throws an * <code>AuthorizingException</code> indicating that access is denied. * * @param a the RequiresRoles annotation to use to check for one or more roles * @throws org.apache.shiro.authz.AuthorizationException * if the calling <code>Subject</code> does not have the role(s) necessary to * proceed. */ public void assertAuthorized(Annotation a) throws AuthorizationException { if (!(a instanceof RequiresRoles)) return; RequiresRoles rrAnnotation = (RequiresRoles) a; String[] roles = rrAnnotation.value(); if (roles.length == 1) { getSubject().checkRole(roles[0]); return; } if (Logical.AND.equals(rrAnnotation.logical())) { getSubject().checkRoles(Arrays.asList(roles)); return; } if (Logical.OR.equals(rrAnnotation.logical())) { // Avoid processing exceptions unnecessarily - "delay" throwing the exception by calling hasRole first boolean hasAtLeastOneRole = false; for (String role : roles) if (getSubject().hasRole(role)) hasAtLeastOneRole = true; // Cause the exception if none of the role match, note that the exception message will be a bit misleading if (!hasAtLeastOneRole) getSubject().checkRole(roles[0]); } }
private static AuthorizingAnnotationHandler createHandler(Annotation annotation) { Class<?> t = annotation.annotationType(); if (RequiresPermissions.class.equals(t)) return new PermissionAnnotationHandler(); else if (RequiresRoles.class.equals(t)) return new RoleAnnotationHandler(); else if (RequiresUser.class.equals(t)) return new UserAnnotationHandler(); else if (RequiresGuest.class.equals(t)) return new GuestAnnotationHandler(); else if (RequiresAuthentication.class.equals(t)) return new AuthenticatedAnnotationHandler(); else throw new IllegalArgumentException("Cannot create a handler for the unknown for annotation " + t); }
/** * @param resolver * @since 1.1 */ public RoleAnnotationMethodInterceptor(AnnotationResolver resolver) { super(new RoleAnnotationHandler(), resolver); } }
/** * Default no-argument constructor that ensures this interceptor looks for * {@link RequiresRoles RequiresRoles} annotations in a method declaration. */ public RoleAnnotationMethodInterceptor() { super( new RoleAnnotationHandler() ); }
/** * Default no-argument constructor that ensures this interceptor looks for * {@link RequiresRoles RequiresRoles} annotations in a method declaration. */ public RoleAnnotationMethodInterceptor() { super( new RoleAnnotationHandler() ); }
/** * @param resolver * @since 1.1 */ public RoleAnnotationMethodInterceptor(AnnotationResolver resolver) { super(new RoleAnnotationHandler(), resolver); } }
private static AuthorizingAnnotationHandler createHandler(Annotation annotation) { Class<?> t = annotation.annotationType(); if (RequiresPermissions.class.equals(t)) return new PermissionAnnotationHandler(); else if (RequiresRoles.class.equals(t)) return new RoleAnnotationHandler(); else if (RequiresUser.class.equals(t)) return new UserAnnotationHandler(); else if (RequiresGuest.class.equals(t)) return new GuestAnnotationHandler(); else if (RequiresAuthentication.class.equals(t)) return new AuthenticatedAnnotationHandler(); else throw new IllegalArgumentException("Cannot create a handler for the unknown for annotation " + t); }