/** * Default no-argument constructor that ensures this interceptor looks for * * {@link org.apache.shiro.authz.annotation.RequiresUser RequiresUser} annotations in a method * declaration. */ public UserAnnotationMethodInterceptor() { super( new UserAnnotationHandler() ); }
/** * Ensures that the calling <code>Subject</code> is a <em>user</em>, that is, they are <em>either</code> * {@link org.apache.shiro.subject.Subject#isAuthenticated() authenticated} <b><em>or</em></b> remembered via remember * me services before allowing access, and if not, throws an * <code>AuthorizingException</code> indicating access is not allowed. * * @param a the RequiresUser annotation to check * @throws org.apache.shiro.authz.AuthorizationException * if the calling <code>Subject</code> is not authenticated or remembered via rememberMe services. */ public void assertAuthorized(Annotation a) throws AuthorizationException { if (a instanceof RequiresUser && getSubject().getPrincipal() == null) { throw new UnauthenticatedException("Attempting to perform a user-only operation. The current Subject is " + "not a user (they haven't been authenticated or remembered from a previous login). " + "Access denied."); } } }
/** * * @param resolver * @since 1.1 */ public UserAnnotationMethodInterceptor(AnnotationResolver resolver) { super(new UserAnnotationHandler(), resolver); }
/** * Ensures that the calling <code>Subject</code> is a <em>user</em>, that is, they are <em>either</code> * {@link org.apache.shiro.subject.Subject#isAuthenticated() authenticated} <b><em>or</em></b> remembered via remember * me services before allowing access, and if not, throws an * <code>AuthorizingException</code> indicating access is not allowed. * * @param a the RequiresUser annotation to check * @throws org.apache.shiro.authz.AuthorizationException * if the calling <code>Subject</code> is not authenticated or remembered via rememberMe services. */ public void assertAuthorized(Annotation a) throws AuthorizationException { if (a instanceof RequiresUser && getSubject().getPrincipal() == null) { throw new UnauthenticatedException("Attempting to perform a user-only operation. The current Subject is " + "not a user (they haven't been authenticated or remembered from a previous login). " + "Access denied."); } } }
private static AuthorizingAnnotationHandler createHandler(Annotation annotation) { Class<?> t = annotation.annotationType(); if (RequiresPermissions.class.equals(t)) return new PermissionAnnotationHandler(); else if (RequiresRoles.class.equals(t)) return new RoleAnnotationHandler(); else if (RequiresUser.class.equals(t)) return new UserAnnotationHandler(); else if (RequiresGuest.class.equals(t)) return new GuestAnnotationHandler(); else if (RequiresAuthentication.class.equals(t)) return new AuthenticatedAnnotationHandler(); else throw new IllegalArgumentException("Cannot create a handler for the unknown for annotation " + t); }
/** * Ensures that the calling <code>Subject</code> is a <em>user</em>, that is, they are <em>either</code> * {@link org.apache.shiro.subject.Subject#isAuthenticated() authenticated} <b><em>or</em></b> remembered via remember * me services before allowing access, and if not, throws an * <code>AuthorizingException</code> indicating access is not allowed. * * @param a the RequiresUser annotation to check * @throws org.apache.shiro.authz.AuthorizationException * if the calling <code>Subject</code> is not authenticated or remembered via rememberMe services. */ public void assertAuthorized(Annotation a) throws AuthorizationException { if (a instanceof RequiresUser && getSubject().getPrincipal() == null) { throw new UnauthenticatedException("Attempting to perform a user-only operation. The current Subject is " + "not a user (they haven't been authenticated or remembered from a previous login). " + "Access denied."); } } }
/** * * @param resolver * @since 1.1 */ public UserAnnotationMethodInterceptor(AnnotationResolver resolver) { super(new UserAnnotationHandler(), resolver); }
/** * Default no-argument constructor that ensures this interceptor looks for * * {@link org.apache.shiro.authz.annotation.RequiresUser RequiresUser} annotations in a method * declaration. */ public UserAnnotationMethodInterceptor() { super( new UserAnnotationHandler() ); }
/** * Default no-argument constructor that ensures this interceptor looks for * * {@link org.apache.shiro.authz.annotation.RequiresUser RequiresUser} annotations in a method * declaration. */ public UserAnnotationMethodInterceptor() { super( new UserAnnotationHandler() ); }
/** * * @param resolver * @since 1.1 */ public UserAnnotationMethodInterceptor(AnnotationResolver resolver) { super(new UserAnnotationHandler(), resolver); }
private static AuthorizingAnnotationHandler createHandler(Annotation annotation) { Class<?> t = annotation.annotationType(); if (RequiresPermissions.class.equals(t)) return new PermissionAnnotationHandler(); else if (RequiresRoles.class.equals(t)) return new RoleAnnotationHandler(); else if (RequiresUser.class.equals(t)) return new UserAnnotationHandler(); else if (RequiresGuest.class.equals(t)) return new GuestAnnotationHandler(); else if (RequiresAuthentication.class.equals(t)) return new AuthenticatedAnnotationHandler(); else throw new IllegalArgumentException("Cannot create a handler for the unknown for annotation " + t); }