• Home
• org.nutz
• nutz-integration-shiro
• 1.r.63
• source code
• NurtzPermissionAnnotationHandler.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.nutz.integration.shiro.aop.NurtzPermissionAnnotationHandler Maven / Gradle / Ivy

/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.nutz.integration.shiro.aop;

import java.lang.annotation.Annotation;

import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.annotation.Logical;
import org.apache.shiro.authz.aop.PermissionAnnotationHandler;
import org.apache.shiro.subject.Subject;
import org.nutz.integration.shiro.annotation.NutzRequiresPermissions;

/**
 * Checks to see if a @
 * {@link org.apache.shiro.authz.annotation.NutzRequiresPermissionss
 * NutzRequiresPermissionss} annotation is declared, and if so, performs a
 * permission check to see if the calling Subject is allowed
 * continued access.
 *
 * @since 0.9.0
 */
public class NurtzPermissionAnnotationHandler extends PermissionAnnotationHandler {

	/**
	 * Default no-argument constructor that ensures this handler looks for
	 * {@link org.apache.shiro.authz.annotation.NutzRequiresPermissionss
	 * NutzRequiresPermissionss} annotations.
	 */
	public NurtzPermissionAnnotationHandler() {
		setAnnotationClass(NutzRequiresPermissions.class);
	}

	/**
	 * Ensures that the calling Subject has the Annotation's
	 * specified permissions, and if not, throws an
	 * AuthorizingException indicating access is denied.
	 *
	 * @param a
	 *            the NutzRequiresPermissions annotation being inspected to
	 *            check for one or more permissions
	 * @throws org.apache.shiro.authz.AuthorizationException
	 *             if the calling Subject does not have the
	 *             permission(s) necessary to continue access or execution.
	 */
	@Override
	public void assertAuthorized(Annotation a) throws AuthorizationException {
		if (!(a instanceof NutzRequiresPermissions))
			return;

		NutzRequiresPermissions rpAnnotation = (NutzRequiresPermissions) a;
		String[] perms = rpAnnotation.value();
		Subject subject = getSubject();

		if (perms.length == 1) {
			subject.checkPermission(perms[0]);
			return;
		}
		if (Logical.AND.equals(rpAnnotation.logical())) {
			getSubject().checkPermissions(perms);
			return;
		}
		if (Logical.OR.equals(rpAnnotation.logical())) {
			boolean hasAtLeastOnePermission = false;
			for (String permission : perms)
				if (getSubject().isPermitted(permission))
					hasAtLeastOnePermission = true;
			if (!hasAtLeastOnePermission)
				getSubject().checkPermission(perms[0]);
		}
	}
}