@Override public void checkCurrentUserPermissions(final List<Permission> permissions, final Logical logical, final TenantContext context) throws SecurityApiException { final String[] permissionsString = Lists.<Permission, String>transform(permissions, Functions.toStringFunction()).toArray(new String[permissions.size()]); try { final Subject subject = SecurityUtils.getSubject(); if (permissionsString.length == 1) { subject.checkPermission(permissionsString[0]); } else if (Logical.AND.equals(logical)) { subject.checkPermissions(permissionsString); } else if (Logical.OR.equals(logical)) { boolean hasAtLeastOnePermission = false; for (final String permission : permissionsString) { if (subject.isPermitted(permission)) { hasAtLeastOnePermission = true; break; } } // Cause the exception if none match if (!hasAtLeastOnePermission) { subject.checkPermission(permissionsString[0]); } } } catch (final AuthorizationException e) { throw new SecurityApiException(e, ErrorCode.SECURITY_NOT_ENOUGH_PERMISSIONS); } }
getSubject().checkPermissions(perms); return;
getSubject().checkPermissions(perms); return;
/** * Ensure subject has given permissions. * * @throws AuthorizationException */ public void ensurePermitted(final Subject subject, final Permission... permissions) { checkNotNull(subject); checkNotNull(permissions); checkArgument(permissions.length != 0); if (log.isTraceEnabled()) { log.trace("Ensuring subject '{}' has permissions: {}", subject.getPrincipal(), Arrays.toString(permissions)); } subject.checkPermissions(Arrays.asList(permissions)); }
@Override public void checkPermissions(String... stringPermissions) { Collection<org.apache.shiro.authz.Permission> permissions = new ArrayList<>(); for (String stringPermission : stringPermissions) { permissions.add(new ScopePermission(stringPermission)); } try { SecurityUtils.getSubject().checkPermissions(permissions); } catch (org.apache.shiro.authz.AuthorizationException e) { throw new AuthorizationException("Subject doesn't have permissions " + Arrays.toString(stringPermissions), e); } }
@Override public void checkCurrentUserPermissions(final List<Permission> permissions, final Logical logical, final TenantContext context) throws SecurityApiException { final String[] permissionsString = Lists.<Permission, String>transform(permissions, Functions.toStringFunction()).toArray(new String[permissions.size()]); try { final Subject subject = SecurityUtils.getSubject(); if (permissionsString.length == 1) { subject.checkPermission(permissionsString[0]); } else if (Logical.AND.equals(logical)) { subject.checkPermissions(permissionsString); } else if (Logical.OR.equals(logical)) { boolean hasAtLeastOnePermission = false; for (final String permission : permissionsString) { if (subject.isPermitted(permission)) { hasAtLeastOnePermission = true; break; } } // Cause the exception if none match if (!hasAtLeastOnePermission) { subject.checkPermission(permissionsString[0]); } } } catch (final AuthorizationException e) { throw new SecurityApiException(e, ErrorCode.SECURITY_NOT_ENOUGH_PERMISSIONS); } }
@Override public void checkCurrentUserPermissions(final List<Permission> permissions, final Logical logical, final TenantContext context) throws SecurityApiException { final String[] permissionsString = Lists.<Permission, String>transform(permissions, Functions.toStringFunction()).toArray(new String[permissions.size()]); try { final Subject subject = SecurityUtils.getSubject(); if (permissionsString.length == 1) { subject.checkPermission(permissionsString[0]); } else if (Logical.AND.equals(logical)) { subject.checkPermissions(permissionsString); } else if (Logical.OR.equals(logical)) { boolean hasAtLeastOnePermission = false; for (final String permission : permissionsString) { if (subject.isPermitted(permission)) { hasAtLeastOnePermission = true; break; } } // Cause the exception if none match if (!hasAtLeastOnePermission) { subject.checkPermission(permissionsString[0]); } } } catch (AuthorizationException e) { throw new SecurityApiException(e, ErrorCode.SECURITY_NOT_ENOUGH_PERMISSIONS); } }
/** * Authorizes the client for the annotated permissions. If any authorizations fail an {@link AuthorizationException} * will be thrown, otherwise the original request is returned. */ @Override public ContainerRequest filter(ContainerRequest request) { Subject subject = ThreadContext.getSubject(); String[] permissions = resolvePermissions(request); if (permissions.length == 1 || _logical == Logical.AND) { // Shortcut call to check all permissions at once subject.checkPermissions(permissions); } else { // Check each permission until any passes boolean anyPermitted = false; int p = 0; while (!anyPermitted) { try { subject.checkPermission(permissions[p]); anyPermitted = true; } catch (AuthorizationException e) { // If this is the last permission then pass the exception along if (++p == permissions.length) { throw e; } } } } return request; }
@Override public SecurityCheckInfo performCheck(Subject subject, AccessDecisionVoterContext accessContext, Annotation securityAnnotation) { SecurityCheckInfo result; RequiresPermissions requiresPermissions = (RequiresPermissions) securityAnnotation; String[] permissions = requiresPermissions.value(); try { subject.checkPermissions(permissions); result = SecurityCheckInfo.allowAccess(); } catch (AuthorizationException ae) { result = SecurityCheckInfo.withException( new OctopusUnauthorizedException("Shiro permissions required", infoProducer.getViolationInfo(accessContext)) ); } return result; }
subject.checkPermissions(perms); return AuthorizeResult.ok();
@Override public void assertAuthorized() throws AuthorizationException { Subject subject = getSubject(); if (!(annotation instanceof RequiresPermissions)) return; RequiresPermissions rpAnnotation = (RequiresPermissions) annotation; String[] perms = rpAnnotation.value(); if (perms.length == 1) { subject.checkPermission(perms[0]); return; } if (Logical.AND.equals(rpAnnotation.logical())) { getSubject().checkPermissions(perms); return; } if (Logical.OR.equals(rpAnnotation.logical())) { // Avoid processing exceptions unnecessarily - "delay" throwing the // exception by calling hasRole first boolean hasAtLeastOnePermission = false; for (String permission : perms) if (subject.isPermitted(permission)) hasAtLeastOnePermission = true; // Cause the exception if none of the role match, note that the // exception message will be a bit misleading if (!hasAtLeastOnePermission) subject.checkPermission(perms[0]); } }
@Override public void assertAuthorized() throws AuthorizationException { Subject subject = getSubject(); if (!(annotation instanceof RequiresPermissions)) return; RequiresPermissions rpAnnotation = (RequiresPermissions) annotation; String[] perms = rpAnnotation.value(); if (perms.length == 1) { subject.checkPermission(perms[0]); return; } if (Logical.AND.equals(rpAnnotation.logical())) { getSubject().checkPermissions(perms); return; } if (Logical.OR.equals(rpAnnotation.logical())) { // Avoid processing exceptions unnecessarily - "delay" throwing the // exception by calling hasRole first boolean hasAtLeastOnePermission = false; for (String permission : perms) if (subject.isPermitted(permission)) hasAtLeastOnePermission = true; // Cause the exception if none of the role match, note that the // exception message will be a bit misleading if (!hasAtLeastOnePermission) subject.checkPermission(perms[0]); } }
getSubject().checkPermissions(perms); return;
getSubject().checkPermissions(perms); return;
@Override public void assertAuthorized() throws AuthorizationException { if (!(annotation instanceof RequiresPermissions)) return; RequiresPermissions rpAnnotation = (RequiresPermissions) annotation; String[] perms = rpAnnotation.value(); Subject subject = getSubject(); if (perms.length == 1) { subject.checkPermission(perms[0]); return; } if (Logical.AND.equals(rpAnnotation.logical())) { getSubject().checkPermissions(perms); return; } if (Logical.OR.equals(rpAnnotation.logical())) { // Avoid processing exceptions unnecessarily - "delay" throwing the // exception by calling hasRole first boolean hasAtLeastOnePermission = false; for (String permission : perms) if (getSubject().isPermitted(permission)) hasAtLeastOnePermission = true; // Cause the exception if none of the role match, note that the // exception message will be a bit misleading if (!hasAtLeastOnePermission) getSubject().checkPermission(perms[0]); } }
getSubject().checkPermissions(perms); return;
getSubject().checkPermissions(newPerms); return true;
getSubject().checkPermissions(newPerms); return true;