List of usage examples for org.apache.shiro.subject Subject checkPermissions
void checkPermissions(Collection<Permission> permissions) throws AuthorizationException;
From source file:$.SecurityInterceptor.java
License:Open Source License
@Override
public void filter(ContainerRequestContext requestContext) {
ResourceMethodInvoker methodInvoker = (ResourceMethodInvoker) requestContext
.getProperty("org.jboss.resteasy.core.ResourceMethodInvoker");
Method method = methodInvoker.getMethod();
Subject subject = SecurityUtils.getSubject();
if (!subject.isAuthenticated() && method.isAnnotationPresent(RequiresAuthentication.class)) {
//throw new UnauthenticatedException("Authentication required");
requestContext.abortWith(ACCESS_DENIED);
}/*from ww w.j av a2 s . co m*/
if (subject.getPrincipal() != null && method.isAnnotationPresent(RequiresGuest.class)) {
//throw new UnauthenticatedException("Guest required");
requestContext.abortWith(ACCESS_DENIED);
}
if (subject.getPrincipal() == null && method.isAnnotationPresent(RequiresUser.class)) {
// throw new UnauthenticatedException("User required");
requestContext.abortWith(ACCESS_DENIED);
}
RequiresRoles roles = method.getAnnotation(RequiresRoles.class);
if (roles != null) {
subject.checkRoles(Arrays.asList(roles.value()));
}
RequiresPermissions permissions = method.getAnnotation(RequiresPermissions.class);
if (permissions != null) {
try {
subject.checkPermissions(permissions.value());
} catch (AuthorizationException e) {
//e.printStackTrace();
//requestContext.abortWith(SERVER_ERROR);
requestContext.abortWith(ACCESS_DENIED);
return;
}
}
}
From source file:br.com.diego.shiro.ShiroSecuredInterceptor.java
@AroundInvoke public Object interceptShiroSecurity(InvocationContext context) throws Exception { Subject subject = SecurityUtils.getSubject(); Class<?> c = context.getTarget().getClass(); Method m = context.getMethod(); if (!subject.isAuthenticated() && hasAnnotation(c, m, RequiresAuthentication.class)) { throw new UnauthenticatedException("Authentication required"); }// w w w . j av a 2 s . c om if (subject.getPrincipal() != null && hasAnnotation(c, m, RequiresGuest.class)) { throw new UnauthenticatedException("Guest required"); } if (subject.getPrincipal() == null && hasAnnotation(c, m, RequiresUser.class)) { throw new UnauthenticatedException("User required"); } RequiresRoles roles = getAnnotation(c, m, RequiresRoles.class); if (roles != null) { subject.checkRoles(Arrays.asList(roles.value())); } RequiresPermissions permissions = getAnnotation(c, m, RequiresPermissions.class); if (permissions != null) { subject.checkPermissions(permissions.value()); } return context.proceed(); }
From source file:com.caricah.iotracah.core.handlers.RequestHandler.java
License:Apache License
public Observable<IOTClient> checkPermission(String sessionId, String authKey, AuthorityRole role, List<String> topicList) { return Observable.create(observable -> { IotClientKey clientKey = new IotClientKey(); clientKey.setSessionId(sessionId); Subject subject = new Subject.Builder().sessionId(clientKey).buildSubject(); final IOTClient session = (IOTClient) subject.getSession(false); if (session != null && subject.isAuthenticated()) { try { if (!AuthorityRole.CONNECT.equals(role)) { if (Protocol.fromString(session.getProtocol()).isNotPersistent()) { String session_auth_key = session.getAuthKey(); /** * Make sure for non persistent connections the authKey matches * the stored authKey. Otherwise fail the request. *//*from w w w.j a v a 2 s . c om*/ if (!StringUtils.isEmpty(session_auth_key)) { if (!session_auth_key.equals(authKey)) throw new UnauthenticatedException("Client fails auth key assertion."); } } List<Permission> permissions = topicList.stream() .map(topic -> getPermission(session.getPartitionId(), session.getUsername(), session.getClientIdentification(), role, topic)) .collect(Collectors.toList()); subject.checkPermissions(permissions); } //Update session last accessed time. session.touch(); observable.onNext(session); observable.onCompleted(); } catch (AuthorizationException e) { //Notify failure to authorize user. observable.onError(e); } } else { observable.onError(new AuthenticationException( "Client must be authenticated {Try connecting first} found : " + session)); } }); }
From source file:com.ks.shiro.auth.interceptor.ShiroSecuredInterceptor.java
@AroundInvoke public Object interceptShiroSecurity(InvocationContext context) throws Exception { Class<?> c = context.getTarget().getClass(); Method m = context.getMethod(); Subject subject = SecurityUtils.getSubject(); if (!subject.isAuthenticated() && hasAnnotation(c, m, RequiresAuthentication.class)) { throw new UnauthenticatedException("Authentication required"); }/* ww w. j a va 2 s . c o m*/ if (subject.getPrincipal() != null && hasAnnotation(c, m, RequiresGuest.class)) { throw new UnauthenticatedException("Guest required"); } if (subject.getPrincipal() == null && hasAnnotation(c, m, RequiresUser.class)) { throw new UnauthenticatedException("User required"); } RequiresRoles roles = getAnnotation(c, m, RequiresRoles.class); if (roles != null) { subject.checkRoles(Arrays.asList(roles.value())); } RequiresPermissions permissions = getAnnotation(c, m, RequiresPermissions.class); if (permissions != null) { subject.checkPermissions(permissions.value()); } return context.proceed(); }
From source file:de.cosmocode.palava.security.aspectj.SecurityTest.java
License:Apache License
/** * Runs before class und binds a dummy subject. *///from w w w . java 2 s .co m @BeforeClass public static void beforeClass() { Guice.createInjector(new Module() { @Override public void configure(Binder binder) { final Subject subject = EasyMock.createMock("subject", Subject.class); EasyMock.expect(subject.isAuthenticated()).andStubReturn(false); EasyMock.expect(subject.isRemembered()).andStubReturn(false); subject.checkPermissions("access"); EasyMock.expectLastCall().andStubThrow(new AuthorizationException()); subject.checkRoles(Arrays.asList("admin")); EasyMock.expectLastCall().andStubThrow(new AuthorizationException()); EasyMock.replay(subject); binder.bind(Subject.class).toInstance(subject); } }); }
From source file:griffon.plugins.shiro.PermissionsRequirementEvaluator.java
License:Apache License
@Override protected boolean doEval(@Nonnull RequirementConfiguration requirementConfig, @Nonnull Subject subject) { String[] perms = requirementConfig.getValues(); Logical logical = requirementConfig.getLogical(); try {// www. j a va 2 s .c om if (perms.length == 1) { subject.checkPermission(perms[0]); } else if (Logical.AND.equals(logical)) { subject.checkPermissions(perms); } else if (Logical.OR.equals(logical)) { boolean hasAtLeastOnePermission = false; for (String permission : perms) { if (subject.isPermitted(permission)) { hasAtLeastOnePermission = true; } } if (!hasAtLeastOnePermission) { subject.checkPermission(perms[0]); } else { return true; } } } catch (AuthorizationException ae) { return false; } return true; }
From source file:org.cherchgk.security.PermissionChecker.java
License:Apache License
/** * ?? ? ?./*from w ww .j av a2 s. co m*/ * ? ? ? , * ? ? org.apache.shiro.authz.AuthorizationException. * * @param permissions ?? ? * @throws org.apache.shiro.authz.AuthorizationException * ? ? ? . */ public static void checkPermissions(String... permissions) { Subject currentUser = SecurityUtils.getSubject(); currentUser.checkPermissions(permissions); }
From source file:org.killbill.billing.util.security.api.DefaultSecurityApi.java
License:Apache License
@Override public void checkCurrentUserPermissions(final List<Permission> permissions, final Logical logical, final TenantContext context) throws SecurityApiException { final String[] permissionsString = Lists .<Permission, String>transform(permissions, Functions.toStringFunction()) .toArray(new String[permissions.size()]); try {//w w w . j av a 2 s .c o m final Subject subject = SecurityUtils.getSubject(); if (permissionsString.length == 1) { subject.checkPermission(permissionsString[0]); } else if (Logical.AND.equals(logical)) { subject.checkPermissions(permissionsString); } else if (Logical.OR.equals(logical)) { boolean hasAtLeastOnePermission = false; for (final String permission : permissionsString) { if (subject.isPermitted(permission)) { hasAtLeastOnePermission = true; break; } } // Cause the exception if none match if (!hasAtLeastOnePermission) { subject.checkPermission(permissionsString[0]); } } } catch (final AuthorizationException e) { throw new SecurityApiException(e, ErrorCode.SECURITY_NOT_ENOUGH_PERMISSIONS); } }
From source file:org.sonatype.nexus.security.SecurityHelper.java
License:Open Source License
/** * Ensure subject has given permissions. *//*from w w w. j ava 2 s . com*/ public void ensurePermitted(final Subject subject, final Permission... permissions) throws AuthorizationException { checkNotNull(subject); checkNotNull(permissions); checkArgument(permissions.length != 0); if (log.isTraceEnabled()) { log.trace("Ensuring subject '{}' has permissions: {}", subject.getPrincipal(), Arrays.toString(permissions)); } subject.checkPermissions(Arrays.asList(permissions)); }
From source file:shiro.ShiroInterceptor.java
@AroundInvoke public Object interceptShiroSecurity(InvocationContext context) throws Exception { Class<?> c = context.getTarget().getClass(); Method m = context.getMethod(); org.apache.shiro.subject.Subject subject = SecurityUtils.getSubject(); if (!subject.isAuthenticated() && hasAnnotation(c, m, RequiresAuthentication.class)) { throw new UnauthenticatedException("Authentication required"); }// w w w . j a v a 2s . c o m if (subject.getPrincipal() != null && hasAnnotation(c, m, RequiresGuest.class)) { throw new UnauthenticatedException("Guest required"); } if (subject.getPrincipal() == null && hasAnnotation(c, m, RequiresUser.class)) { throw new UnauthenticatedException("User required"); } RequiresRoles roles = getAnnotation(c, m, RequiresRoles.class); if (roles != null) { subject.checkRoles(Arrays.asList(roles.value())); } RequiresPermissions permissions = getAnnotation(c, m, RequiresPermissions.class); if (permissions != null) { subject.checkPermissions(permissions.value()); } return context.proceed(); }