List of usage examples for org.apache.shiro.subject Subject checkRoles
void checkRoles(String... roleIdentifiers) throws AuthorizationException;
From source file:$.SecurityInterceptor.java
License:Open Source License
@Override
public void filter(ContainerRequestContext requestContext) {
ResourceMethodInvoker methodInvoker = (ResourceMethodInvoker) requestContext
.getProperty("org.jboss.resteasy.core.ResourceMethodInvoker");
Method method = methodInvoker.getMethod();
Subject subject = SecurityUtils.getSubject();
if (!subject.isAuthenticated() && method.isAnnotationPresent(RequiresAuthentication.class)) {
//throw new UnauthenticatedException("Authentication required");
requestContext.abortWith(ACCESS_DENIED);
}//from w w w . j a v a2 s. co m
if (subject.getPrincipal() != null && method.isAnnotationPresent(RequiresGuest.class)) {
//throw new UnauthenticatedException("Guest required");
requestContext.abortWith(ACCESS_DENIED);
}
if (subject.getPrincipal() == null && method.isAnnotationPresent(RequiresUser.class)) {
// throw new UnauthenticatedException("User required");
requestContext.abortWith(ACCESS_DENIED);
}
RequiresRoles roles = method.getAnnotation(RequiresRoles.class);
if (roles != null) {
subject.checkRoles(Arrays.asList(roles.value()));
}
RequiresPermissions permissions = method.getAnnotation(RequiresPermissions.class);
if (permissions != null) {
try {
subject.checkPermissions(permissions.value());
} catch (AuthorizationException e) {
//e.printStackTrace();
//requestContext.abortWith(SERVER_ERROR);
requestContext.abortWith(ACCESS_DENIED);
return;
}
}
}
From source file:br.com.diego.shiro.ShiroSecuredInterceptor.java
@AroundInvoke public Object interceptShiroSecurity(InvocationContext context) throws Exception { Subject subject = SecurityUtils.getSubject(); Class<?> c = context.getTarget().getClass(); Method m = context.getMethod(); if (!subject.isAuthenticated() && hasAnnotation(c, m, RequiresAuthentication.class)) { throw new UnauthenticatedException("Authentication required"); }// w w w. j av a 2 s . com if (subject.getPrincipal() != null && hasAnnotation(c, m, RequiresGuest.class)) { throw new UnauthenticatedException("Guest required"); } if (subject.getPrincipal() == null && hasAnnotation(c, m, RequiresUser.class)) { throw new UnauthenticatedException("User required"); } RequiresRoles roles = getAnnotation(c, m, RequiresRoles.class); if (roles != null) { subject.checkRoles(Arrays.asList(roles.value())); } RequiresPermissions permissions = getAnnotation(c, m, RequiresPermissions.class); if (permissions != null) { subject.checkPermissions(permissions.value()); } return context.proceed(); }
From source file:cn.dreampie.common.plugin.shiro.plugin.RoleAuthzHandler.java
License:Apache License
@Override public void assertAuthorized() throws AuthorizationException { Subject subject = getSubject(); if (!(annotation instanceof RequiresRoles)) return;//from ww w.ja v a2 s. c o m RequiresRoles rrAnnotation = (RequiresRoles) annotation; String[] roles = rrAnnotation.value(); if (roles.length == 1) { subject.checkRole(roles[0]); return; } if (Logical.AND.equals(rrAnnotation.logical())) { subject.checkRoles(Arrays.asList(roles)); return; } if (Logical.OR.equals(rrAnnotation.logical())) { // Avoid processing exceptions unnecessarily - "delay" throwing the exception by calling hasRole first boolean hasAtLeastOneRole = false; for (String role : roles) if (subject.hasRole(role)) hasAtLeastOneRole = true; // Cause the exception if none of the role match, note that the exception message will be a bit misleading if (!hasAtLeastOneRole) subject.checkRole(roles[0]); } }
From source file:com.ftww.basic.plugin.shiro.core.handler.RoleAuthzHandler.java
License:Apache License
@Override public void assertAuthorized() throws AuthorizationException { Subject subject = getSubject(); if (!(annotation instanceof RequiresRoles)) return;/*from w ww. jav a 2s.c o m*/ RequiresRoles rrAnnotation = (RequiresRoles) annotation; String[] roles = rrAnnotation.value(); if (roles.length == 1) { subject.checkRole(roles[0]); return; } //?&&? if (Logical.AND.equals(rrAnnotation.logical())) { subject.checkRoles(Arrays.asList(roles)); return; } //?||? if (Logical.OR.equals(rrAnnotation.logical())) { boolean hasAtLeastOneRole = false; for (String role : roles) if (subject.hasRole(role))//? hasAtLeastOneRole = true; //???role?? if (!hasAtLeastOneRole) subject.checkRole(roles[0]);//? } }
From source file:com.ks.shiro.auth.interceptor.ShiroSecuredInterceptor.java
@AroundInvoke public Object interceptShiroSecurity(InvocationContext context) throws Exception { Class<?> c = context.getTarget().getClass(); Method m = context.getMethod(); Subject subject = SecurityUtils.getSubject(); if (!subject.isAuthenticated() && hasAnnotation(c, m, RequiresAuthentication.class)) { throw new UnauthenticatedException("Authentication required"); }// w w w .j a v a 2 s . c o m if (subject.getPrincipal() != null && hasAnnotation(c, m, RequiresGuest.class)) { throw new UnauthenticatedException("Guest required"); } if (subject.getPrincipal() == null && hasAnnotation(c, m, RequiresUser.class)) { throw new UnauthenticatedException("User required"); } RequiresRoles roles = getAnnotation(c, m, RequiresRoles.class); if (roles != null) { subject.checkRoles(Arrays.asList(roles.value())); } RequiresPermissions permissions = getAnnotation(c, m, RequiresPermissions.class); if (permissions != null) { subject.checkPermissions(permissions.value()); } return context.proceed(); }
From source file:de.cosmocode.palava.security.aspectj.SecurityTest.java
License:Apache License
/** * Runs before class und binds a dummy subject. *//* w ww .java 2s. c o m*/ @BeforeClass public static void beforeClass() { Guice.createInjector(new Module() { @Override public void configure(Binder binder) { final Subject subject = EasyMock.createMock("subject", Subject.class); EasyMock.expect(subject.isAuthenticated()).andStubReturn(false); EasyMock.expect(subject.isRemembered()).andStubReturn(false); subject.checkPermissions("access"); EasyMock.expectLastCall().andStubThrow(new AuthorizationException()); subject.checkRoles(Arrays.asList("admin")); EasyMock.expectLastCall().andStubThrow(new AuthorizationException()); EasyMock.replay(subject); binder.bind(Subject.class).toInstance(subject); } }); }
From source file:griffon.plugins.shiro.RolesRequirementEvaluator.java
License:Apache License
@Override protected boolean doEval(@Nonnull RequirementConfiguration requirementConfig, @Nonnull Subject subject) { String[] roles = requirementConfig.getValues(); Logical logical = requirementConfig.getLogical(); try {/* w ww .j a v a 2 s .co m*/ if (roles.length == 1) { subject.checkRole(roles[0]); } else if (Logical.AND.equals(logical)) { subject.checkRoles(Arrays.asList(roles)); } else if (Logical.OR.equals(logical)) { boolean hasAtLeastOneRole = false; for (String role : roles) { if (subject.hasRole(role)) { hasAtLeastOneRole = true; } } if (!hasAtLeastOneRole) { subject.checkRole(roles[0]); } else { return true; } } } catch (AuthorizationException ae) { return false; } return true; }
From source file:shiro.ShiroInterceptor.java
@AroundInvoke public Object interceptShiroSecurity(InvocationContext context) throws Exception { Class<?> c = context.getTarget().getClass(); Method m = context.getMethod(); org.apache.shiro.subject.Subject subject = SecurityUtils.getSubject(); if (!subject.isAuthenticated() && hasAnnotation(c, m, RequiresAuthentication.class)) { throw new UnauthenticatedException("Authentication required"); }// ww w.j av a 2 s . c o m if (subject.getPrincipal() != null && hasAnnotation(c, m, RequiresGuest.class)) { throw new UnauthenticatedException("Guest required"); } if (subject.getPrincipal() == null && hasAnnotation(c, m, RequiresUser.class)) { throw new UnauthenticatedException("User required"); } RequiresRoles roles = getAnnotation(c, m, RequiresRoles.class); if (roles != null) { subject.checkRoles(Arrays.asList(roles.value())); } RequiresPermissions permissions = getAnnotation(c, m, RequiresPermissions.class); if (permissions != null) { subject.checkPermissions(permissions.value()); } return context.proceed(); }