List of usage examples for org.apache.shiro.subject Subject hasRoles
boolean[] hasRoles(List<String> roleIdentifiers);
From source file:com.klwork.explorer.security.ShiroSecurityNavigator.java
License:Apache License
/** * Check access for class//from ww w . j av a 2 s . com * ??Shiro? * @param clazz * @return */ public static boolean hasAccess(Class<?> clazz) { boolean isAllow = true; if (clazz.isAnnotationPresent(RequiresRoles.class)) { isAllow = false; RequiresRoles requiresRoles = clazz.getAnnotation(RequiresRoles.class); String[] roles = requiresRoles.value(); Logical logical = requiresRoles.logical(); if (roles.length > 0) { Subject subject = SecurityUtils.getSubject(); if (!subject.isAuthenticated()) { return false; } if (logical == Logical.AND && subject.hasAllRoles(Arrays.asList(roles))) { isAllow = true; } if (logical == Logical.OR) { for (boolean hasRole : subject.hasRoles(Arrays.asList(roles))) { if (hasRole) { isAllow = true; break; } } } } } if (isAllow && clazz.isAnnotationPresent(RequiresPermissions.class)) { isAllow = false; RequiresPermissions requiresPermissions = clazz.getAnnotation(RequiresPermissions.class); String[] permissions = requiresPermissions.value(); Logical logical = requiresPermissions.logical(); Subject subject = SecurityUtils.getSubject(); if (permissions.length > 0) { if (!subject.isAuthenticated()) { return false; } if (logical == Logical.AND && subject.isPermittedAll(permissions)) { isAllow = true; } if (logical == Logical.OR && subject.isPermittedAll(permissions)) { for (boolean isPermitted : subject.isPermitted(permissions)) { if (isPermitted) { isAllow = true; break; } } } } } if (isAllow && clazz.isAnnotationPresent(RequiresAuthentication.class)) { Subject subject = SecurityUtils.getSubject(); isAllow = subject.isAuthenticated(); } if (isAllow && clazz.isAnnotationPresent(RequiresGuest.class)) { Subject subject = SecurityUtils.getSubject(); isAllow = subject.getPrincipals() == null; } if (isAllow && clazz.isAnnotationPresent(RequiresUser.class)) { Subject subject = SecurityUtils.getSubject(); isAllow = subject.getPrincipals() != null && !subject.getPrincipals().isEmpty(); } return isAllow; }
From source file:com.wegas.core.rest.util.SecurityFilter.java
License:MIT License
@Override public void filter(ContainerRequestContext crc) throws IOException { // Targeted Class & method final Class<? extends Object> runtimeClass = resourceInfo.getResourceClass(); Method method = resourceInfo.getResourceMethod(); Subject subject = SecurityUtils.getSubject(); /*/*from w ww.j a v a 2 s . co m*/ * Is authentication required ? */ RequiresAuthentication authRequired = this.getAnnotation(RequiresAuthentication.class, runtimeClass, method); if (authRequired != null) { // Annotation found, assert subject is authenticated if (!subject.isAuthenticated() && !subject.isRemembered()) { logger.error("Access denied for non-authenticted users"); crc.abortWith( Response.status(Response.Status.UNAUTHORIZED).entity("Subject is not logged in").build()); } } /* * Check if specific roles are required */ RequiresRoles requiredRoles = this.getAnnotation(RequiresRoles.class, runtimeClass, method); if (requiredRoles != null) { List<String> listOfRoles = Arrays.asList(requiredRoles.value()); boolean[] boolRoles = subject.hasRoles(listOfRoles); boolean roleVerified = false; for (boolean b : boolRoles) { if (b) { roleVerified = true; break; } } if (!roleVerified) { String msg = "Access denied. User doesn't have enough privilege Roles:" + listOfRoles + " to access this page."; logger.error("Access denied missing roles"); crc.abortWith(Response.status(Response.Status.FORBIDDEN).entity(msg).build()); } } /* * and lastly check for permissions */ RequiresPermissions requiredPermissions = getAnnotation(RequiresPermissions.class, runtimeClass, method); if (requiredPermissions != null) { List<String> listOfPermissionsString = Arrays.asList(requiredPermissions.value()); List<Permission> listOfPermissions = new ArrayList<>(); for (String p : listOfPermissionsString) { listOfPermissions.add((Permission) new WildcardPermission(p)); } boolean[] boolPermissions = subject.isPermitted(listOfPermissions); boolean permitted = false; for (boolean b : boolPermissions) { if (b) { permitted = true; break; } } if (!permitted) { String msg = "Access denied. User doesn't have enough privilege Permissions:" + listOfPermissions + " to access this page."; logger.error("Access denied: missing permissions"); crc.abortWith(Response.status(Response.Status.FORBIDDEN).entity(msg).build()); } } }
From source file:com.wegas.core.security.util.SecurityInterceptor.java
License:MIT License
/** * * @param ctx//w w w .j a va 2s.c om * @return * @throws Exception */ @AroundInvoke public Object interceptGet(InvocationContext ctx) throws Exception { log.info("Securing {}.{}({})", new Object[] { ctx.getClass().getName(), ctx.getMethod(), ctx.getParameters() }); final Class<? extends Object> runtimeClass = ctx.getTarget().getClass(); Subject subject = SecurityUtils.getSubject(); boolean requiresAuthentication = false;// Check if user is authenticated try { // check method first ctx.getMethod().getAnnotation(RequiresAuthentication.class); requiresAuthentication = true; } catch (NullPointerException e) { requiresAuthentication = false; } if (!requiresAuthentication) { // check class level try { runtimeClass.getAnnotation(RequiresAuthentication.class); requiresAuthentication = true; } catch (NullPointerException e) { requiresAuthentication = false; } } if (requiresAuthentication) { log.debug("[security] checking for authenticated user."); try { if (!subject.isAuthenticated() && !subject.isRemembered()) { throw new AuthenticationException("Subject is not logged in."); } } catch (Exception e) { log.error("Access denied - {}: {}", e.getClass().getName(), e.getMessage()); throw e; } } /** * ********************************************************* */ // check if user has roles boolean requiresRoles = false; List<String> listOfRoles = null; try { // check method first RequiresRoles roles = ctx.getMethod().getAnnotation(RequiresRoles.class); listOfRoles = Arrays.asList(roles.value()); requiresRoles = true; } catch (NullPointerException e) { requiresRoles = false; } if (!requiresRoles || listOfRoles == null) { // check class try { RequiresRoles roles = runtimeClass.getAnnotation(RequiresRoles.class); listOfRoles = Arrays.asList(roles.value()); requiresRoles = true; } catch (NullPointerException e) { requiresRoles = false; } } if (requiresRoles && listOfRoles != null) { log.debug("[security] checking for roles."); try { boolean[] boolRoles = subject.hasRoles(listOfRoles); boolean roleVerified = false; for (boolean b : boolRoles) { if (b) { roleVerified = true; break; } } if (!roleVerified) { throw new UnauthorizedException("Access denied. User doesn't have enough privilege Roles:" + listOfRoles + " to access this page."); } } catch (Exception e) { log.error("Access denied - {}: {}", e.getClass().getName(), e.getMessage()); throw e; } } /** * ********************************************************* */ // and lastly check for permissions boolean requiresPermissions = false; List<String> listOfPermissionsString = null; try { // check method first RequiresPermissions permissions = ctx.getMethod().getAnnotation(RequiresPermissions.class); listOfPermissionsString = Arrays.asList(permissions.value()); requiresPermissions = true; } catch (NullPointerException e) { requiresPermissions = false; } if (!requiresPermissions || listOfPermissionsString == null) { // check class try { RequiresPermissions permissions = runtimeClass.getAnnotation(RequiresPermissions.class); listOfPermissionsString = Arrays.asList(permissions.value()); requiresPermissions = true; } catch (NullPointerException e) { requiresPermissions = false; } } if (requiresPermissions && listOfPermissionsString != null) { log.debug("[security] checking for permissions."); List<Permission> listOfPermissions = new ArrayList<Permission>(); for (String p : listOfPermissionsString) { listOfPermissions.add((Permission) new WildcardPermission(p)); } try { boolean[] boolPermissions = subject.isPermitted(listOfPermissions); boolean permitted = false; for (boolean b : boolPermissions) { if (b) { permitted = true; break; } } if (!permitted) { throw new UnauthorizedException("Access denied. User doesn't have enough privilege Permissions:" + listOfRoles + " to access this page."); } } catch (Exception e) { log.error("Access denied - {}: {}", e.getClass().getName(), e.getMessage()); throw e; } } return ctx.proceed(); }
From source file:org.debux.webmotion.shiro.Shiro.java
License:Open Source License
/** * Check if the current user has role./* w w w. j a v a 2s. c o m*/ * * @param role * @return */ public Render hasRole(HttpContext context, Call call) { FilterRule rule = (FilterRule) call.getCurrentRule(); Map<String, String[]> defaultParameters = rule.getDefaultParameters(); String[] values = defaultParameters.get("role"); List<String> roles = Arrays.asList(values); Subject currentUser = getSubject(context); if (currentUser.isAuthenticated()) { boolean[] hasRoles = currentUser.hasRoles(roles); if (BooleanUtils.and(hasRoles)) { doProcess(); return null; } else { return renderError(HttpURLConnection.HTTP_FORBIDDEN); } } else { return renderError(HttpURLConnection.HTTP_UNAUTHORIZED); } }
From source file:org.mpavel.app.security.ApplicationSecurity.java
License:Apache License
public static boolean[] hasRoles(List<String> roles) { logger.executionTrace();//from w ww . ja v a 2s.c om final Subject subject = SecurityUtils.getSubject(); return subject.hasRoles(roles); }
From source file:org.obiba.mica.web.rest.security.CurrentSessionResource.java
License:Open Source License
@GET public Mica.SessionDto get() { Subject subject = SecurityUtils.getSubject(); Mica.SessionDto.Builder builder = Mica.SessionDto.newBuilder() // .setUsername(subject.getPrincipal().toString()); List<String> roles = // Arrays.asList(Roles.MICA_ADMIN, Roles.MICA_REVIEWER, Roles.MICA_EDITOR, Roles.MICA_DAO, Roles.MICA_USER); // boolean[] result = subject.hasRoles(roles); IntStream.range(0, result.length).filter(i -> result[i]).forEach(i -> builder.addRoles(roles.get(i))); return builder.build(); }