List of usage examples for org.apache.shiro.subject Subject isPermittedAll
boolean isPermittedAll(Collection<Permission> permissions);
From source file:cn.powerdash.libsystem.common.security.SecurityContext.java
License:Open Source License
/** * Description: ?????/*from www .j a v a 2s .co m*/ * * @param permissions * @return */ public static boolean hasAllPermissions(String... permissions) { Subject subject = getSubject(); return subject == null ? false : subject.isPermittedAll(permissions); }
From source file:com.google.code.lightssh.project.security.shiro.MySecondaryLicensePermissionsAuthorizationFilter.java
/** * ??/* w w w . j a v a 2s . c o m*/ */ @Override public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException { Subject subject = getSubject(request, response); String[] perms = (String[]) mappedValue; boolean isPermitted = true; String targetUrl = request.getParameter("targetUrl"); if (targetUrl == null) { HttpServletRequest httpServletRequest = (HttpServletRequest) request; targetUrl = httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length()); } AuthorizedResource authResource = authorizedResourceManager.getWithRegexp("/" + targetUrl); if (authResource != null) { isPermitted = checkTempAuth((HttpServletRequest) request, perms); } else { if (perms != null && perms.length > 0) { // boolean tempAuthed = tempAuthService.authorize(perms,request); if (perms.length == 1) { if (!subject.isPermitted(perms[0])) { isPermitted = false; } } else { if (!subject.isPermittedAll(perms)) { isPermitted = false; } } } } return isPermitted; }
From source file:com.klwork.explorer.security.ShiroSecurityNavigator.java
License:Apache License
/** * Check access for class//from w ww. jav a 2 s. co m * ??Shiro? * @param clazz * @return */ public static boolean hasAccess(Class<?> clazz) { boolean isAllow = true; if (clazz.isAnnotationPresent(RequiresRoles.class)) { isAllow = false; RequiresRoles requiresRoles = clazz.getAnnotation(RequiresRoles.class); String[] roles = requiresRoles.value(); Logical logical = requiresRoles.logical(); if (roles.length > 0) { Subject subject = SecurityUtils.getSubject(); if (!subject.isAuthenticated()) { return false; } if (logical == Logical.AND && subject.hasAllRoles(Arrays.asList(roles))) { isAllow = true; } if (logical == Logical.OR) { for (boolean hasRole : subject.hasRoles(Arrays.asList(roles))) { if (hasRole) { isAllow = true; break; } } } } } if (isAllow && clazz.isAnnotationPresent(RequiresPermissions.class)) { isAllow = false; RequiresPermissions requiresPermissions = clazz.getAnnotation(RequiresPermissions.class); String[] permissions = requiresPermissions.value(); Logical logical = requiresPermissions.logical(); Subject subject = SecurityUtils.getSubject(); if (permissions.length > 0) { if (!subject.isAuthenticated()) { return false; } if (logical == Logical.AND && subject.isPermittedAll(permissions)) { isAllow = true; } if (logical == Logical.OR && subject.isPermittedAll(permissions)) { for (boolean isPermitted : subject.isPermitted(permissions)) { if (isPermitted) { isAllow = true; break; } } } } } if (isAllow && clazz.isAnnotationPresent(RequiresAuthentication.class)) { Subject subject = SecurityUtils.getSubject(); isAllow = subject.isAuthenticated(); } if (isAllow && clazz.isAnnotationPresent(RequiresGuest.class)) { Subject subject = SecurityUtils.getSubject(); isAllow = subject.getPrincipals() == null; } if (isAllow && clazz.isAnnotationPresent(RequiresUser.class)) { Subject subject = SecurityUtils.getSubject(); isAllow = subject.getPrincipals() != null && !subject.getPrincipals().isEmpty(); } return isAllow; }
From source file:info.novatec.inspectit.cmr.security.SessionAwarePermissionsAuthorizationFilter.java
License:Apache License
/** * Is the subject who created the request permitted? * //from w ww.j a v a2 s. com * @param request * Servlet request * @param response * Servlet response * @param mappedValue * Permissions * @throws IOException * IOException * @return Returns whether request has permission to proceed * */ @Override public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException { // This is the most relevant modified part, where the sessionid is extracted from the header and the subject is build manually. if (!(request instanceof HttpServletRequest)) { throw new IOException("Invalid http request."); } String sessionid = ((HttpServletRequest) request).getHeader("sessionid"); Subject subject = new Subject.Builder(SecurityUtils.getSecurityManager()) .sessionId((Serializable) sessionid).buildSubject(); String[] perms = (String[]) mappedValue; boolean isPermitted = true; if (perms != null && perms.length > 0) { if (perms.length == 1) { if (!subject.isPermitted(perms[0])) { isPermitted = false; } } else { if (!subject.isPermittedAll(perms)) { isPermitted = false; } } } return isPermitted; }
From source file:org.apache.activemq.shiro.authz.AuthorizationFilter.java
License:Apache License
protected void assertAuthorized(DestinationAction action, String verbText) { if (!isEnabled() || isSystemBroker(action)) { return;//www . j av a 2 s .c o m } final Subject subject = getSubject(action.getConnectionContext()); Collection<Permission> perms = this.actionPermissionResolver.getPermissions(action); if (!subject.isPermittedAll(perms)) { String msg = createUnauthorizedMessage(subject, action, verbText); throw new UnauthorizedException(msg); } }
From source file:org.apache.camel.component.shiro.security.ShiroSecurityProcessor.java
License:Apache License
private void authorizeUser(Subject currentUser, Exchange exchange) throws CamelAuthorizationException { boolean authorized = false; if (!policy.getPermissionsList().isEmpty()) { if (policy.isAllPermissionsRequired()) { authorized = currentUser.isPermittedAll(policy.getPermissionsList()); } else {/*from w w w . j a v a 2 s . c o m*/ for (Permission permission : policy.getPermissionsList()) { if (currentUser.isPermitted(permission)) { authorized = true; break; } } } } else { LOG.trace( "Valid Permissions List not specified for ShiroSecurityPolicy. No authorization checks will be performed for current user."); authorized = true; } if (!authorized) { throw new CamelAuthorizationException( "Authorization Failed. Subject's role set does not have the necessary permissions to perform further processing.", exchange); } LOG.debug("Current user {} is successfully authorized.", currentUser.getPrincipal()); }
From source file:org.cgiar.ccafs.marlo.security.BaseSecurityContext.java
License:Open Source License
/** * Verify that the current user has all the following permissions. * /*from w w w . j ava 2 s .c om*/ * @param permissions * @return an Subject object. */ public boolean hasAllPermissions(String permissions) { Subject subject = this.getSubject(); return subject == null ? false : subject.isPermittedAll(permissions); }
From source file:org.cgiar.ccafs.security.BaseSecurityContext.java
License:Open Source License
/** * Verify that the current user has all the following permissions. * /*from w w w . j av a 2 s . c o m*/ * @param permissions * @return */ public boolean hasAllPermissions(String... permissions) { Subject subject = this.getSubject(); return subject == null ? false : subject.isPermittedAll(permissions); }
From source file:org.frat.common.security.BaseSecurityContext.java
License:Open Source License
/** * Description: ?????.//from ww w . ja va 2 s. co m * * @param permissions * @return */ public boolean hasAllPermissions(String... permissions) { Subject subject = getSubject(); return subject == null ? false : subject.isPermittedAll(permissions); }
From source file:org.qi4j.library.shiro.concerns.SecurityConcern.java
License:Open Source License
private void handleRequiresPermissions(Subject subject) { if (requiresPermissions != null) { LOGGER.debug("SecurityConcern::RequiresPermissions"); String permsString = requiresPermissions.value(); Set<String> permissions = PermissionUtils.toPermissionStrings(permsString); if (permissions.size() == 1) { if (!subject.isPermitted(permissions.iterator().next())) { String msg = "Calling Subject does not have required permission [" + permsString + "]. " + "Method invocation denied."; throw new UnauthorizedException(msg); }//w ww.j a v a 2s . com } else { String[] permStrings = new String[permissions.size()]; permStrings = permissions.toArray(permStrings); if (!subject.isPermittedAll(permStrings)) { String msg = "Calling Subject does not have required permissions [" + permsString + "]. " + "Method invocation denied."; throw new UnauthorizedException(msg); } } } else { LOGGER.debug("SecurityConcern::RequiresPermissions: not concerned"); } }