/** * Ensures that the calling <code>Subject</code> has the Annotation's specified roles, and if not, throws an * <code>AuthorizingException</code> indicating that access is denied. * * @param a the RequiresRoles annotation to use to check for one or more roles * @throws org.apache.shiro.authz.AuthorizationException * if the calling <code>Subject</code> does not have the role(s) necessary to * proceed. */ public void assertAuthorized(Annotation a) throws AuthorizationException { if (!(a instanceof RequiresRoles)) return; RequiresRoles rrAnnotation = (RequiresRoles) a; String[] roles = rrAnnotation.value(); if (roles.length == 1) { getSubject().checkRole(roles[0]); return; } if (Logical.AND.equals(rrAnnotation.logical())) { getSubject().checkRoles(Arrays.asList(roles)); return; } if (Logical.OR.equals(rrAnnotation.logical())) { // Avoid processing exceptions unnecessarily - "delay" throwing the exception by calling hasRole first boolean hasAtLeastOneRole = false; for (String role : roles) if (getSubject().hasRole(role)) hasAtLeastOneRole = true; // Cause the exception if none of the role match, note that the exception message will be a bit misleading if (!hasAtLeastOneRole) getSubject().checkRole(roles[0]); } }
/** * Ensures that the calling <code>Subject</code> has the Annotation's specified roles, and if not, throws an * <code>AuthorizingException</code> indicating that access is denied. * * @param a the RequiresRoles annotation to use to check for one or more roles * @throws org.apache.shiro.authz.AuthorizationException * if the calling <code>Subject</code> does not have the role(s) necessary to * proceed. */ public void assertAuthorized(Annotation a) throws AuthorizationException { if (!(a instanceof RequiresRoles)) return; RequiresRoles rrAnnotation = (RequiresRoles) a; String[] roles = rrAnnotation.value(); if (roles.length == 1) { getSubject().checkRole(roles[0]); return; } if (Logical.AND.equals(rrAnnotation.logical())) { getSubject().checkRoles(Arrays.asList(roles)); return; } if (Logical.OR.equals(rrAnnotation.logical())) { // Avoid processing exceptions unnecessarily - "delay" throwing the exception by calling hasRole first boolean hasAtLeastOneRole = false; for (String role : roles) if (getSubject().hasRole(role)) hasAtLeastOneRole = true; // Cause the exception if none of the role match, note that the exception message will be a bit misleading if (!hasAtLeastOneRole) getSubject().checkRole(roles[0]); } }
@Override public void checkRoles(String... roleIdentifiers) { try { SecurityUtils.getSubject().checkRoles(roleIdentifiers); } catch (org.apache.shiro.authz.AuthorizationException e) { throw new AuthorizationException("Subject doesn't have roles " + Arrays.toString(roleIdentifiers), e); } }
@Override public void assertAuthorized(Annotation a) throws AuthorizationException { RolesAllowed rrAnnotation = (RolesAllowed) a; String[] roles = rrAnnotation.value(); getSubject().checkRoles(Arrays.asList(roles)); return; }
@Override public void assertAuthorized(Annotation a) throws AuthorizationException { RolesAllowed rrAnnotation = (RolesAllowed) a; String[] roles = rrAnnotation.value(); getSubject().checkRoles(Arrays.asList(roles)); return; }
@Override public SecurityCheckInfo performCheck(Subject subject, AccessDecisionVoterContext accessContext, Annotation securityAnnotation) { SecurityCheckInfo result; RequiresRoles requiresRoles = (RequiresRoles) securityAnnotation; String[] roles = requiresRoles.value(); try { subject.checkRoles(roles); result = SecurityCheckInfo.allowAccess(); } catch (AuthorizationException ae) { result = SecurityCheckInfo.withException( new OctopusUnauthorizedException("Shiro Roles required", infoProducer.getViolationInfo(accessContext)) ); } return result; }
@Override public AuthorizeResult authorize() { String[] roles = requiresRoles.value(); try { if (roles.length == 1) { SecurityUtils.getSubject().checkRole(roles[0]); return AuthorizeResult.ok(); } if (Logical.AND.equals(requiresRoles.logical())) { SecurityUtils.getSubject().checkRoles(Arrays.asList(roles)); return AuthorizeResult.ok(); } if (Logical.OR.equals(requiresRoles.logical())) { // Avoid processing exceptions unnecessarily - "delay" throwing the exception by calling hasRole first boolean hasAtLeastOneRole = false; for (String role : roles) if (SecurityUtils.getSubject().hasRole(role)) hasAtLeastOneRole = true; // Cause the exception if none of the role match, note that the exception message will be a bit misleading if (!hasAtLeastOneRole) SecurityUtils.getSubject().checkRole(roles[0]); } return AuthorizeResult.ok(); } catch (AuthorizationException e) { return AuthorizeResult.fail(AuthorizeResult.ERROR_CODE_UNAUTHORIZATION); } } }
@Override public void assertAuthorized() throws AuthorizationException { Subject subject = getSubject(); if (!(annotation instanceof RequiresRoles)) return; RequiresRoles rrAnnotation = (RequiresRoles) annotation; String[] roles = rrAnnotation.value(); if (roles.length == 1) { subject.checkRole(roles[0]); return; } if (Logical.AND.equals(rrAnnotation.logical())) { subject.checkRoles(Arrays.asList(roles)); return; } if (Logical.OR.equals(rrAnnotation.logical())) { // Avoid processing exceptions unnecessarily - "delay" throwing the exception by calling hasRole first boolean hasAtLeastOneRole = false; for (String role : roles) if (subject.hasRole(role)) hasAtLeastOneRole = true; // Cause the exception if none of the role match, note that the exception message will be a bit misleading if (!hasAtLeastOneRole) subject.checkRole(roles[0]); } } }
@Override public void assertAuthorized() throws AuthorizationException { Subject subject = getSubject(); if (!(annotation instanceof RequiresRoles)) return; RequiresRoles rrAnnotation = (RequiresRoles) annotation; String[] roles = rrAnnotation.value(); if (roles.length == 1) { subject.checkRole(roles[0]); return; } if (Logical.AND.equals(rrAnnotation.logical())) { subject.checkRoles(Arrays.asList(roles)); return; } if (Logical.OR.equals(rrAnnotation.logical())) { // Avoid processing exceptions unnecessarily - "delay" throwing the exception by calling hasRole first boolean hasAtLeastOneRole = false; for (String role : roles) if (subject.hasRole(role)) hasAtLeastOneRole = true; // Cause the exception if none of the role match, note that the exception message will be a bit misleading if (!hasAtLeastOneRole) subject.checkRole(roles[0]); } } }
getSubject().checkRoles(Arrays.asList(roles)); return;
@Override public void assertAuthorized() throws AuthorizationException { //if (!(annotation instanceof RequiresRoles)) return; RequiresRoles rrAnnotation = (RequiresRoles) annotation; String[] roles = rrAnnotation.value(); if (roles.length == 1) { getSubject().checkRole(roles[0]); return; } if (Logical.AND.equals(rrAnnotation.logical())) { getSubject().checkRoles(Arrays.asList(roles)); return; } if (Logical.OR.equals(rrAnnotation.logical())) { // Avoid processing exceptions unnecessarily - "delay" throwing the exception by calling hasRole first boolean hasAtLeastOneRole = false; for (String role : roles) if (getSubject().hasRole(role)) hasAtLeastOneRole = true; // Cause the exception if none of the role match, note that the exception message will be a bit misleading if (!hasAtLeastOneRole) getSubject().checkRole(roles[0]); } } }
getSubject().checkRoles(Arrays.asList(roles)); return;
/** * Ensures that the calling <code>Subject</code> has the Annotation's specified roles, and if not, throws an * <code>AuthorizingException</code> indicating that access is denied. * * @param a the RequiresRoles annotation to use to check for one or more roles * @throws org.apache.shiro.authz.AuthorizationException * if the calling <code>Subject</code> does not have the role(s) necessary to * proceed. */ public void assertAuthorized(Annotation a) throws AuthorizationException { if (!(a instanceof RequiresRoles)) return; RequiresRoles rrAnnotation = (RequiresRoles) a; String[] roles = rrAnnotation.value(); if (roles.length == 1) { getSubject().checkRole(roles[0]); return; } if (Logical.AND.equals(rrAnnotation.logical())) { getSubject().checkRoles(Arrays.asList(roles)); return; } if (Logical.OR.equals(rrAnnotation.logical())) { // Avoid processing exceptions unnecessarily - "delay" throwing the exception by calling hasRole first boolean hasAtLeastOneRole = false; for (String role : roles) if (getSubject().hasRole(role)) hasAtLeastOneRole = true; // Cause the exception if none of the role match, note that the exception message will be a bit misleading if (!hasAtLeastOneRole) getSubject().checkRole(roles[0]); } }