All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.wicketstuff.shiro.annotation.AnnotationsShiroAuthorizationStrategy Maven / Gradle / Ivy

Go to download

Shiro Security for Apache Wicket. (Shiro was formerly known as Apache Ki and JSecurity)

The newest version!
/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.wicketstuff.shiro.annotation;

import java.lang.annotation.Annotation;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ThreadContext;
import org.apache.wicket.Component;
import org.apache.wicket.authorization.Action;
import org.apache.wicket.authorization.IAuthorizationStrategy;
import org.apache.wicket.request.component.IRequestableComponent;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wicketstuff.shiro.ShiroAction;

public class AnnotationsShiroAuthorizationStrategy implements IAuthorizationStrategy
{
	private static final Logger LOG = LoggerFactory.getLogger(AnnotationsShiroAuthorizationStrategy.class);

	/**
	 * @param 
	 * @param clazz
	 * @return null if ok, or the Annotation that failed
	 */
	protected ShiroSecurityConstraint checkInvalidInstantiation(final Annotation[] annotations,
		final ShiroAction action)
	{
		if (annotations == null)
			return null;

		for (final Annotation annotation : annotations)
			// Check Permissions
			if (annotation instanceof ShiroSecurityConstraint)
			{
				final ShiroSecurityConstraint constraint = (ShiroSecurityConstraint)annotation;
				if (action == constraint.action())
				{
					final SecurityManager sm = ThreadContext.getSecurityManager();
					final Subject subject = SecurityUtils.getSubject();
					switch (constraint.constraint())
					{
						case HasRole :
						{
							if (!sm.hasRole(subject.getPrincipals(), constraint.value()))
								return constraint;
							break;
						}

						case HasPermission :
						{
							if (!sm.isPermitted(subject.getPrincipals(), constraint.value()))
								return constraint;
							break;
						}

						case IsAuthenticated :
						{
							if (!subject.isAuthenticated())
								return constraint;
							break;
						}

						case LoggedIn :
						{
							if (subject.getPrincipal() == null)
								return constraint;
							break;
						}
					}
				}
			} // end if KiSecurityConstraint
		return null;
	}

	public  ShiroSecurityConstraint checkInvalidInstantiation(
		final Class componentClass)
	{
		ShiroSecurityConstraint fail = checkInvalidInstantiation(componentClass.getAnnotations(),
			ShiroAction.INSTANTIATE);
		if (fail == null)
			fail = checkInvalidInstantiation(componentClass.getPackage().getAnnotations(),
				ShiroAction.INSTANTIATE);
		return fail;
	}

	/**
	 * {@inheritDoc}
	 */
	public boolean isActionAuthorized(final Component component, final Action action)
	{

		final ShiroAction _action = action.getName().equals(Action.RENDER) ? ShiroAction.RENDER
			: ShiroAction.ENABLE;

		final Class clazz = component.getClass();
		ShiroSecurityConstraint fail = checkInvalidInstantiation(clazz.getAnnotations(), _action);
		if (fail == null)
			fail = checkInvalidInstantiation(clazz.getPackage().getAnnotations(), _action);
		return fail == null;
	}

	/**
	 * {@inheritDoc}
	 */
	public  boolean isInstantiationAuthorized(
		final Class componentClass)
	{
		final Annotation fail = checkInvalidInstantiation(componentClass);
		if (fail != null)
		{
			LOG.info("Unauthorized Instantiation :: component={} reason={} subject={}",
				new Object[] { componentClass, fail, SecurityUtils.getSubject() });
			return false;
		}
		return true;
	}
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy