public void checkRoles(SecuritySubject subject, Collection<String> roles) throws AuthorizationException { if (delegate != null) { delegate.checkRoles(subject, roles); } BasicSecuritySubject basicSubject = subject.getDelegate(BasicSecuritySubject.class); for (String role : roles) { if (!basicSubject.hasRole(role)) { throw new NotAuthorizedException("Subject not authorized for role"); } } }
public Message invoke(Message msg) { WorkContext workContext = msg.getWorkContext(); try { SecuritySubject subject = workContext.getSubject(); if (subject == null) { msg.setBodyWithFault(new ServiceRuntimeException("Subject not authenticated")); return msg; } authorizationService.checkRoles(subject, roles); return next.invoke(msg); } catch (AuthorizationException e) { msg.setBodyWithFault(new ServiceRuntimeException(e)); return msg; } }