@SuppressWarnings({"unchecked"}) public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException { Subject subject = getSubject(request, response); String[] rolesArray = (String[]) mappedValue; if (rolesArray == null || rolesArray.length == 0) { //no roles specified, so nothing to check - allow access. return true; } Set<String> roles = CollectionUtils.asSet(rolesArray); return subject.hasAllRoles(roles); }
@Override public boolean evaluate(Rewrite event, EvaluationContext context) { return SecurityUtils.getSubject().hasAllRoles(roles); }
@Override public boolean hasAllRoles(String... roleIdentifiers) { return SecurityUtils.getSubject().hasAllRoles(Arrays.asList(roleIdentifiers)); }
private boolean hasAllRoles(String[] roles) { return SecurityUtils.getSubject().hasAllRoles(Arrays.asList(roles)); }
public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException { Subject subject = this.getSubject(request, response); String[] rolesArray = (String[]) mappedValue; if (rolesArray != null && rolesArray.length != 0) { Set<String> roles = CollectionUtils.asSet(rolesArray); return subject.hasAllRoles(roles); } else { return true; } }
private boolean hasRoles(Request request, JSON config) { if (!SecurityUtils.getSubject().isAuthenticated()) { return false; } JSON foo = config.getJSON("roles"); Logical logical = Logical.valueOf(foo.getString("logical")); List<String> roles = (List<String>)foo.get("value"); if (roles.size() == 1) { return ShiroTools.hasRole(roles.get(0)); } else if (roles.size() > 1) { switch (logical) { case AND : return SecurityUtils.getSubject().hasAllRoles(roles); case OR : return ShiroTools.hasRole(roles.toArray(new String[roles.size()])); } } return false; }
private void handleRequiresRoles( Subject subject ) { if ( requiresRoles != null ) { LOGGER.debug( "SecurityConcern::RequiresRoles" ); String roleId = requiresRoles.value(); String[] roles = roleId.split( "," ); if ( roles.length == 1 ) { if ( !subject.hasRole( roles[ 0] ) ) { String msg = "Calling Subject does not have required role [" + roleId + "]. " + "MethodInvocation denied."; throw new UnauthorizedException( msg ); } } else { Set<String> rolesSet = new LinkedHashSet<String>( Arrays.asList( roles ) ); if ( !subject.hasAllRoles( rolesSet ) ) { String msg = "Calling Subject does not have required roles [" + roleId + "]. " + "MethodInvocation denied."; throw new UnauthorizedException( msg ); } } } else { LOGGER.debug( "SecurityConcern::RequiresRoles: not concerned" ); } }
private void handleRequiresRoles( Subject subject ) { if ( requiresRoles != null ) { LOGGER.debug( "SecurityConcern::RequiresRoles" ); String roleId = requiresRoles.value(); String[] roles = roleId.split( "," ); if ( roles.length == 1 ) { if ( !subject.hasRole( roles[ 0] ) ) { String msg = "Calling Subject does not have required role [" + roleId + "]. " + "MethodInvocation denied."; throw new UnauthorizedException( msg ); } } else { Set<String> rolesSet = new LinkedHashSet<String>( Arrays.asList( roles ) ); if ( !subject.hasAllRoles( rolesSet ) ) { String msg = "Calling Subject does not have required roles [" + roleId + "]. " + "MethodInvocation denied."; throw new UnauthorizedException( msg ); } } } else { LOGGER.debug( "SecurityConcern::RequiresRoles: not concerned" ); } }
@Override public void onRender(Env env, Scope scope, Writer writer) { if (getSubject() != null && ArrayUtils.isNotEmpty(exprList.getExprArray())) { List<String> roles = new ArrayList<String>(); for (Expr expr : exprList.getExprArray()) roles.add(expr.eval(scope).toString()); if (getSubject().hasAllRoles(roles)) renderBody(env, scope, writer); } }
public boolean isAuthorised(Subject subject, MasterSitemap sitemap, MasterSitemapNode masterNode) { checkNotNull(masterNode, "node"); checkNotNull(subject, "subject"); //get reference early and keep it use provider directly - the sitemap instance could change String virtualPage = sitemap.navigationState(masterNode) .getVirtualPage(); checkNotNull(virtualPage, "virtualPage"); checkNotNull(masterNode.getPageAccessControl(), "node.getPageAccessControl(), " + masterNode.getUriSegment()); log.debug("checking page access rights for {}", virtualPage); switch (masterNode.getPageAccessControl()) { case AUTHENTICATION: return subject.isAuthenticated(); case GUEST: return (!subject.isAuthenticated()) && (!subject.isRemembered()); case PERMISSION: return subject.isPermitted(new PagePermission(virtualPage)); case PUBLIC: return true; case ROLES: return subject.hasAllRoles(masterNode.getRoles()); case USER: return (subject.isAuthenticated()) || (subject.isRemembered()); } return false; }
public boolean isAuthorised(Subject subject, MasterSitemap sitemap, MasterSitemapNode masterNode) { checkNotNull(masterNode, "node"); checkNotNull(subject, "subject"); //get reference early and keep it use provider directly - the sitemap instance could change String virtualPage = sitemap.navigationState(masterNode) .getVirtualPage(); checkNotNull(virtualPage, "virtualPage"); checkNotNull(masterNode.getPageAccessControl(), "node.getPageAccessControl(), " + masterNode.getUriSegment()); log.debug("checking page access rights for {}", virtualPage); switch (masterNode.getPageAccessControl()) { case AUTHENTICATION: return subject.isAuthenticated(); case GUEST: return (!subject.isAuthenticated()) && (!subject.isRemembered()); case PERMISSION: return subject.isPermitted(new PagePermission(virtualPage)); case PUBLIC: return true; case ROLES: return subject.hasAllRoles(masterNode.getRoles()); case USER: return (subject.isAuthenticated()) || (subject.isRemembered()); } return false; }
if (logical == Logical.AND && subject.hasAllRoles(Arrays.asList(roles)))
authorized = currentUser.hasAllRoles(policy.getRolesList()); } else { for (String role : policy.getRolesList()) {