Java tutorial
/* * To change this license header, choose License Headers in Project Properties. * To change this template file, choose Tools | Templates * and open the template in the editor. */ package b4f.seguridad.filtros; import b4f.modelos.Usuario; import java.io.IOException; import java.lang.annotation.ElementType; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; import java.util.Arrays; import javax.ws.rs.NameBinding; import javax.ws.rs.container.ContainerRequestContext; import javax.ws.rs.container.ContainerRequestFilter; import javax.ws.rs.container.ResourceInfo; import javax.ws.rs.core.Context; import javax.ws.rs.core.Response; import javax.ws.rs.ext.Provider; import org.apache.shiro.SecurityUtils; import org.apache.shiro.subject.Subject; /** * * @author SamuelSalazar */ @Provider @Requieres public class RequieresFilter implements ContainerRequestFilter { @Context private ResourceInfo resourceInfo; @Override public void filter(ContainerRequestContext crc) throws IOException { Requieres requieres = resourceInfo.getResourceMethod().getAnnotation(Requieres.class); // System.out.println("Authorization filter: " + Arrays.toString(requieres.roles())); // crc.getHeaderString("Authorization"); Subject sub = SecurityUtils.getSubject(); Object principal = sub.getPrincipal(); if (!(principal instanceof Usuario)) { crc.abortWith(Response.status(401).build()); return; } Usuario user = (Usuario) principal; // System.out.println("Rol->" + user.getRol()); boolean pass = false; for (String r : requieres.roles()) { if (r.equalsIgnoreCase(user.getRol().getDescripcion())) { pass = true; break; } } if (!pass) { crc.abortWith(Response.status(403).build()); } } }