/** * Default no-argument constructor that ensures this interceptor looks for * {@link RequiresRoles RequiresRoles} annotations in a method declaration. */ public RoleAnnotationMethodInterceptor() { super( new RoleAnnotationHandler() ); }
/** * Default no-argument constructor that ensures this interceptor looks for * * {@link org.apache.shiro.authz.annotation.RequiresUser RequiresUser} annotations in a method * declaration. */ public UserAnnotationMethodInterceptor() { super( new UserAnnotationHandler() ); }
/** * @param resolver * @since 1.1 */ public PermissionAnnotationMethodInterceptor(AnnotationResolver resolver) { super( new PermissionAnnotationHandler(), resolver); }
/** * Default no-argument constructor that defaults the * {@link #methodInterceptors methodInterceptors} attribute to contain two interceptors by default - the * {@link RoleAnnotationMethodInterceptor RoleAnnotationMethodInterceptor} and the * {@link PermissionAnnotationMethodInterceptor PermissionAnnotationMethodInterceptor} to * support role and permission annotations. */ public AnnotationsAuthorizingMethodInterceptor() { methodInterceptors = new ArrayList<AuthorizingAnnotationMethodInterceptor>(5); methodInterceptors.add(new RoleAnnotationMethodInterceptor()); methodInterceptors.add(new PermissionAnnotationMethodInterceptor()); methodInterceptors.add(new AuthenticatedAnnotationMethodInterceptor()); methodInterceptors.add(new UserAnnotationMethodInterceptor()); methodInterceptors.add(new GuestAnnotationMethodInterceptor()); }
private static AuthorizingAnnotationHandler createHandler(Annotation annotation) { Class<?> t = annotation.annotationType(); if (RequiresPermissions.class.equals(t)) return new PermissionAnnotationHandler(); else if (RequiresRoles.class.equals(t)) return new RoleAnnotationHandler(); else if (RequiresUser.class.equals(t)) return new UserAnnotationHandler(); else if (RequiresGuest.class.equals(t)) return new GuestAnnotationHandler(); else if (RequiresAuthentication.class.equals(t)) return new AuthenticatedAnnotationHandler(); else throw new IllegalArgumentException("Cannot create a handler for the unknown for annotation " + t); }
@Test(expected = UnauthenticatedException.class) public void testGuestSingleRoleAssertion() throws Throwable { RoleAnnotationHandler handler = new RoleAnnotationHandler(); Annotation requiresRolesAnnotation = new RequiresRoles() { public String[] value() { return new String[]{"blah"}; } public Class<? extends Annotation> annotationType() { return RequiresRoles.class; } public Logical logical() { return Logical.AND; } }; handler.assertAuthorized(requiresRolesAnnotation); }
/** * Iterates over the internal {@link #getMethodInterceptors() methodInterceptors} collection, and for each one, * ensures that if the interceptor * {@link AuthorizingAnnotationMethodInterceptor#supports(org.apache.shiro.aop.MethodInvocation) supports} * the invocation, that the interceptor * {@link AuthorizingAnnotationMethodInterceptor#assertAuthorized(org.apache.shiro.aop.MethodInvocation) asserts} * that the invocation is authorized to proceed. */ protected void assertAuthorized(MethodInvocation methodInvocation) throws AuthorizationException { //default implementation just ensures no deny votes are cast: Collection<AuthorizingAnnotationMethodInterceptor> aamis = getMethodInterceptors(); if (aamis != null && !aamis.isEmpty()) { for (AuthorizingAnnotationMethodInterceptor aami : aamis) { if (aami.supports(methodInvocation)) { aami.assertAuthorized(methodInvocation); } } } } }
/** * Default no-argument constructor that ensures this interceptor looks for * {@link org.apache.shiro.authz.annotation.RequiresAuthentication RequiresAuthentication} annotations in a method * declaration. */ public AuthenticatedAnnotationMethodInterceptor() { super(new AuthenticatedAnnotationHandler()); }
/** * Default no-argument constructor that ensures this interceptor looks for * {@link org.apache.shiro.authz.annotation.RequiresGuest RequiresGuest} annotations in a method * declaration. */ public GuestAnnotationMethodInterceptor() { super(new GuestAnnotationHandler()); }
/** * Invokes the specified method (<code>methodInvocation.{@link org.apache.shiro.aop.MethodInvocation#proceed proceed}()</code> * if authorization is allowed by first * calling {@link #assertAuthorized(org.apache.shiro.aop.MethodInvocation) assertAuthorized}. */ public Object invoke(MethodInvocation methodInvocation) throws Throwable { assertAuthorized(methodInvocation); return methodInvocation.proceed(); }
/** * Ensures the <code>methodInvocation</code> is allowed to execute first before proceeding by calling the * {@link #assertAuthorized(org.apache.shiro.aop.MethodInvocation) assertAuthorized} method first. * * @param methodInvocation the method invocation to check for authorization prior to allowing it to proceed/execute. * @return the return value from the method invocation (the value of {@link org.apache.shiro.aop.MethodInvocation#proceed() MethodInvocation.proceed()}). * @throws org.apache.shiro.authz.AuthorizationException if the <code>MethodInvocation</code> is not allowed to proceed. * @throws Throwable if any other error occurs. */ public Object invoke(MethodInvocation methodInvocation) throws Throwable { assertAuthorized(methodInvocation); return methodInvocation.proceed(); }
/** * Creates a Shiro {@link MethodInvocation MethodInvocation} instance and then immediately calls * {@link org.apache.shiro.authz.aop.AuthorizingMethodInterceptor#invoke super.invoke}. * * @param methodInvocation the AOP Alliance-specific <code>methodInvocation</code> instance. * @return the return value from invoking the method invocation. * @throws Throwable if the underlying AOP Alliance method invocation throws a <code>Throwable</code>. */ public Object invoke(MethodInvocation methodInvocation) throws Throwable { org.apache.shiro.aop.MethodInvocation mi = createMethodInvocation(methodInvocation); return super.invoke(mi); } }
protected void configureDefaultInterceptors(AnnotationResolver resolver) { bindShiroInterceptor(new RoleAnnotationMethodInterceptor(resolver)); bindShiroInterceptor(new PermissionAnnotationMethodInterceptor(resolver)); bindShiroInterceptor(new AuthenticatedAnnotationMethodInterceptor(resolver)); bindShiroInterceptor(new UserAnnotationMethodInterceptor(resolver)); bindShiroInterceptor(new GuestAnnotationMethodInterceptor(resolver)); }
@Test(expected = UnauthenticatedException.class) public void testGuestMultipleRolesAssertion() throws Throwable { RoleAnnotationHandler handler = new RoleAnnotationHandler(); Annotation requiresRolesAnnotation = new RequiresRoles() { public String[] value() { return new String[]{"blah", "blah2"}; } public Class<? extends Annotation> annotationType() { return RequiresRoles.class; } public Logical logical() { return Logical.AND; } }; handler.assertAuthorized(requiresRolesAnnotation); }
/** * @param resolver * @since 1.1 */ public RoleAnnotationMethodInterceptor(AnnotationResolver resolver) { super(new RoleAnnotationHandler(), resolver); } }
/** * Default no-argument constructor that ensures this interceptor looks for * {@link org.apache.shiro.authz.annotation.RequiresPermissions RequiresPermissions} annotations in a method declaration. */ public PermissionAnnotationMethodInterceptor() { super( new PermissionAnnotationHandler() ); }
/** * * @param resolver * @since 1.1 */ public UserAnnotationMethodInterceptor(AnnotationResolver resolver) { super(new UserAnnotationHandler(), resolver); }
/** * @param resolver * @since 1.1 */ public AuthenticatedAnnotationMethodInterceptor(AnnotationResolver resolver) { super(new AuthenticatedAnnotationHandler(), resolver); } }
/** * @param resolver * @since 1.1 */ public GuestAnnotationMethodInterceptor(AnnotationResolver resolver) { super(new GuestAnnotationHandler(), resolver); }
public AopAllianceAnnotationsAuthorizingMethodInterceptor() { List<AuthorizingAnnotationMethodInterceptor> interceptors = new ArrayList<AuthorizingAnnotationMethodInterceptor>(5); //use a Spring-specific Annotation resolver - Spring's AnnotationUtils is nicer than the //raw JDK resolution process. AnnotationResolver resolver = new SpringAnnotationResolver(); //we can re-use the same resolver instance - it does not retain state: interceptors.add(new RoleAnnotationMethodInterceptor(resolver)); interceptors.add(new PermissionAnnotationMethodInterceptor(resolver)); interceptors.add(new AuthenticatedAnnotationMethodInterceptor(resolver)); interceptors.add(new UserAnnotationMethodInterceptor(resolver)); interceptors.add(new GuestAnnotationMethodInterceptor(resolver)); setMethodInterceptors(interceptors); } /**