@SuppressWarnings({ "unchecked", "rawtypes" }) private synchronized void lookupTargetBean() { if (targetBean == null) { Method m = implementationMethod.getJavaMember(); Set<Bean<?>> beans = beanManager.getBeans(m.getDeclaringClass()); if (beans.size() == 1) { targetBean = beans.iterator().next(); } else if (beans.isEmpty()) { throw new IllegalStateException("Exception looking up authorizer method bean - " + "no beans found for method [" + m.getDeclaringClass() + "." + m.getName() + "]"); } else if (beans.size() > 1) { throw new IllegalStateException("Exception looking up authorizer method bean - " + "multiple beans found for method [" + m.getDeclaringClass().getName() + "." + m.getName() + "]"); } injectableMethod = new InjectableMethod(implementationMethod, targetBean, beanManager); } }
public void authorize() { if (targetBean == null) { lookupTargetBean(); } CreationalContext<?> cc = beanManager.createCreationalContext(targetBean); Object reference = beanManager.getReference(targetBean, implementationMethod.getJavaMember().getDeclaringClass(), cc); Object result = injectableMethod.invoke(reference, cc, null); if (result.equals(Boolean.FALSE)) { throw new AuthorizationException("Authorization check failed"); } }
builder = new AnnotatedTypeBuilder<X>().readFromType(type); builder.addToClass(SecurityInterceptorBindingLiteral.INSTANCE); isSecured = true; if (annotation.annotationType().isAnnotationPresent(SecurityBindingType.class)) { if (builder == null) { builder = new AnnotatedTypeBuilder<X>().readFromType(type); builder.addToMethod(m, SecurityInterceptorBindingLiteral.INSTANCE); isSecured = true; break; event.setAnnotatedType(builder.create());
builderHolder.getBuilder().overrideConstructorParameterType(c.getJavaMember(), p.getPosition(), Resource.class); modifiedType = true; builderHolder.getBuilder().overrideFieldType(f.getJavaMember(), Resource.class); modifiedType = true; AnnotatedType<T> replacement = builderHolder.getBuilder().create(); typeOverrides.put(replacement.getJavaClass(), replacement); event.setAnnotatedType(replacement);
@Override public Object redefineParameterValue(ParameterValue value) { Object result = value.getDefaultValue(creationalContext); InjectionPoint injectionPoint = value.getInjectionPoint(); if (injectionPoint != null) { Annotated securingParameterAnnotatedType = injectionPoint.getAnnotated(); Set<Annotation> securingParameterAnnotations = securingParameterAnnotatedType.getAnnotations(); Set<Annotation> requiredBindingAnnotations = new HashSet<Annotation>(); for (Annotation annotation : securingParameterAnnotations) { if (annotation.annotationType().isAnnotationPresent(SecurityParameterBinding.class)) { requiredBindingAnnotations.add(annotation); } } if (!requiredBindingAnnotations.isEmpty()) { Annotation[][] businessMethodParameterAnnotations = invocation.getMethod().getParameterAnnotations(); for (int i = 0; i < businessMethodParameterAnnotations.length; i++) { List<Annotation> businessParameterAnnotations = Arrays.asList(businessMethodParameterAnnotations[i]); for (Annotation annotation : requiredBindingAnnotations) { if (businessParameterAnnotations.contains(annotation)) { return invocation.getParameters()[i]; } } } } } return result; } }
boolean addedToClass = false; if (type.isAnnotationPresent(Transactional.class)) { builder = new AnnotatedTypeBuilder<X>().readFromType(type); builder.addToClass(TransactionInterceptorBindingLiteral.INSTANCE); addedToClass = true; classLevelAnnotations.put(type.getJavaClass(), type.getAnnotation(Transactional.class)); } else if (type.isAnnotationPresent(EjbApi.TRANSACTION_ATTRIBUTE) && !EjbApi.isEjb(event.getAnnotatedType())) { checkTransactionAttributeIsValue(type, type); builder = new AnnotatedTypeBuilder<X>().readFromType(type); builder.addToClass(TransactionInterceptorBindingLiteral.INSTANCE); addedToClass = true; classLevelAnnotations.put(type.getJavaClass(), type.getAnnotation(EjbApi.TRANSACTION_ATTRIBUTE)); for (Annotation stereotypeAnnotation : beanManager.getStereotypeDefinition(annotation.annotationType())) { if (stereotypeAnnotation.annotationType().equals(Transactional.class)) { builder = new AnnotatedTypeBuilder<X>().readFromType(type); builder.addToClass(TransactionInterceptorBindingLiteral.INSTANCE); addedToClass = true; classLevelAnnotations.put(type.getJavaClass(), stereotypeAnnotation); } else if (stereotypeAnnotation.annotationType().equals(EjbApi.TRANSACTION_ATTRIBUTE) && !EjbApi.isEjb(event.getAnnotatedType())) { checkTransactionAttributeIsValue(type, type); builder = new AnnotatedTypeBuilder<X>().readFromType(type); builder.addToClass(TransactionInterceptorBindingLiteral.INSTANCE); addedToClass = true; classLevelAnnotations.put(type.getJavaClass(), stereotypeAnnotation); if (m.isAnnotationPresent(Transactional.class)) { if (builder == null) { builder = new AnnotatedTypeBuilder<X>().readFromType(type);
public void authorize(InvocationContext context) { if (targetBean == null) { lookupTargetBean(); } CreationalContext<?> cc = beanManager.createCreationalContext(targetBean); Object reference = beanManager.getReference(targetBean, implementationMethod.getJavaMember().getDeclaringClass(), cc); Object result = injectableMethod.invoke(reference, cc, new SecurityParameterValueRedefiner(cc, context)); if (result.equals(Boolean.FALSE)) { throw new AuthorizationException("Authorization check failed"); } }