Package org.apache.shiro.authz.annotation

Examples of org.apache.shiro.authz.annotation.Logical


    if (!SecurityUtils.getSubject().isAuthenticated()) {
      return false;
    }

    JSON foo = config.getJSON("roles");
    Logical logical = Logical.valueOf(foo.getString("logical"));
    List<String> roles = (List<String>)foo.get("value");
    if (roles.size() == 1) {
      return ShiroTools.hasRole(roles.get(0));
    } else if (roles.size() > 1) {
      switch (logical) {
View Full Code Here


    if (!SecurityUtils.getSubject().isAuthenticated()) {
      return false;
    }

    JSON foo = config.getJSON("permissions");
    Logical logical = Logical.valueOf(foo.getString("logical"));
    List<String> permissions = (List<String>)foo.get("value");
    if (permissions.size() == 1) {
      return ShiroTools.isPermitted(permissions.get(0));
    } else if (permissions.size() > 1) {
      switch (logical) {
View Full Code Here

   
    final RequiresPermissions rps = method.getAnnotation(RequiresPermissions.class);
    if (rps == null) {
      return true;
    }
    Logical logical = rps.logical();
    String[] pv = rps.value();
   
    // 假如验证逻辑为OR,并且有些权限不需要做数据权限检查的,直接返回true。
    if (logical.equals(Logical.OR)) {
      for (String p : pv) {
        if (p.split(PART_DIVIDER_TOKEN).length < 3) {
          return true;
        }
      }
    }

    boolean firstPermitted = false;
    for (String p : pv) {
      String[] v = p.split(PART_DIVIDER_TOKEN);
     
      if (v.length == 3) {
        // 进行初次验证,确保shiro中用户的权限被初始化。
        if (!firstPermitted) {
          Subject subject = SecurityUtils.getSubject();
          if (!subject.isPermitted(p)){
            throw new UnauthorizedException("数据权限验证失败!");
          }
          firstPermitted = true;
        }
     
        try {
          // 把内部动态查询参数常量,logical放入request
          request.setAttribute(SecurityConstants.NEST_DYNAMIC_SEARCH_LOGICAL, logical);
          boolean checkResult = (check(request, response, method, v[0], v[2]) == true) ? true : false;
          if (!checkResult) {
            throw new UnauthorizedException("数据权限验证失败!");
          }
         
          if (checkResult == true && logical.equals(Logical.OR)) {
            return true;
          }
        } catch (Exception e) {
          logger.error(Exceptions.getStackTraceAsString(e));
          throw new UnauthorizedException("数据权限验证失败!");
View Full Code Here

   * 处理分页显示的方法
   */
  @SuppressWarnings("unchecked")
  protected boolean handleList(HttpServletRequest request, Set<SearchFilter> filterSet,
      Method method, DataControl dataControl, Module module) {
    Logical logical = (Logical)request.getAttribute(SecurityConstants.NEST_DYNAMIC_SEARCH_LOGICAL);
    if (logical.equals(Logical.AND)) {
      Set<SearchFilter> pre = (Set<SearchFilter>)request.getAttribute(SecurityConstants.NEST_DYNAMIC_SEARCH);
      if (pre == null) {
        pre = new HashSet<SearchFilter>();
        request.setAttribute(SecurityConstants.NEST_DYNAMIC_SEARCH, pre);
      }
View Full Code Here

TOP

Related Classes of org.apache.shiro.authz.annotation.Logical

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.