Examples of org.apache.shiro.authz.annotation.RequiresPermissions

• org.apache.shiro.authz.annotation.RequiresPermissions

                context.register(new ShiroAuthenticationFilter());
            }
        }
        if (resourceMethod.isAnnotationPresent(RequiresPermissions.class) ||
                resourceClass.isAnnotationPresent(RequiresPermissions.class)) {
            RequiresPermissions a = resourceClass.getAnnotation(RequiresPermissions.class);
            if (a == null) {
                a = resourceMethod.getAnnotation(RequiresPermissions.class);
            }
            LOG.debug("Resource method {}#{} requires an authorization checks.", resourceClass.getCanonicalName(), resourceMethod.getName());
            context.register(new ShiroAuthorizationFilter(a));

     *
     * @param a the RequiresPermissions annotation being inspected.
     * @return the annotation's <code>value</code>, from which the Permission will be constructed.
     */
    protected String getAnnotationValue(Annotation a) {
        RequiresPermissions rpAnnotation = (RequiresPermissions) a;
        return rpAnnotation.value();
    }

    @Test(expected = UnauthenticatedException.class)
    public void testGuestSinglePermissionAssertion() throws Throwable {
        PermissionAnnotationHandler handler = new PermissionAnnotationHandler();

        Annotation requiresPermissionAnnotation = new RequiresPermissions() {
            public String value() {
                return "test:test";
            }

            public Class<? extends Annotation> annotationType() {

    @Test(expected = UnauthenticatedException.class)
    public void testGuestMultiplePermissionAssertion() throws Throwable {
        PermissionAnnotationHandler handler = new PermissionAnnotationHandler();

        Annotation requiresPermissionAnnotation = new RequiresPermissions() {
            public String value() {
                return "test:test, test2:test2";
            }

            public Class<? extends Annotation> annotationType() {

    Subject subject = getSubject();

    if (!(annotation instanceof RequiresPermissions))
      return;

    RequiresPermissions rpAnnotation = (RequiresPermissions) annotation;
    String[] perms = rpAnnotation.value();

    if (perms.length == 1) {
      subject.checkPermission(perms[0]);
      return;
    }
    if (Logical.AND.equals(rpAnnotation.logical())) {
      getSubject().checkPermissions(perms);
      return;
    }
    if (Logical.OR.equals(rpAnnotation.logical())) {
      // Avoid processing exceptions unnecessarily - "delay" throwing the
      // exception by calling hasRole first
      boolean hasAtLeastOnePermission = false;
      for (String permission : perms)
        if (subject.isPermitted(permission))

  @Override
    public void assertAuthorized() throws AuthorizationException {
    if (!(annotation instanceof RequiresPermissions))
      return;

    RequiresPermissions rpAnnotation = (RequiresPermissions) annotation;
    String[] perms = rpAnnotation.value();
    Subject subject = getSubject();

    if (perms.length == 1) {
      subject.checkPermission(perms[0]);
      return;
    }
    if (Logical.AND.equals(rpAnnotation.logical())) {
      getSubject().checkPermissions(perms);
      return;
    }
    if (Logical.OR.equals(rpAnnotation.logical())) {
      // Avoid processing exceptions unnecessarily - "delay" throwing the
      // exception by calling hasRole first
      boolean hasAtLeastOnePermission = false;
      for (String permission : perms)
        if (getSubject().isPermitted(permission))

    @Test(expected = UnauthenticatedException.class)
    public void testGuestSinglePermissionAssertion() throws Throwable {
        PermissionAnnotationHandler handler = new PermissionAnnotationHandler();

        Annotation requiresPermissionAnnotation = new RequiresPermissions() {
            public String[] value() {
                return new String[]{"test:test"};
            }

            public Class<? extends Annotation> annotationType() {

    @Test(expected = UnauthenticatedException.class)
    public void testGuestMultiplePermissionAssertion() throws Throwable {
        PermissionAnnotationHandler handler = new PermissionAnnotationHandler();

        Annotation requiresPermissionAnnotation = new RequiresPermissions() {
            public String[] value() {
                return new String[]{"test:test", "test2:test2"};
            }

            public Class<? extends Annotation> annotationType() {

     *
     * @param a the RequiresPermissions annotation being inspected.
     * @return the annotation's <code>value</code>, from which the Permission will be constructed.
     */
    protected String[] getAnnotationValue(Annotation a) {
        RequiresPermissions rpAnnotation = (RequiresPermissions) a;
        return rpAnnotation.value();
    }

     *          continue access or execution.
     */
    public void assertAuthorized(Annotation a) throws AuthorizationException {
        if (!(a instanceof RequiresPermissions)) return;

        RequiresPermissions rpAnnotation = (RequiresPermissions) a;
        String[] perms = getAnnotationValue(a);
        Subject subject = getSubject();

        if (perms.length == 1) {
            subject.checkPermission(perms[0]);
            return;
        }
        if (Logical.AND.equals(rpAnnotation.logical())) {
            getSubject().checkPermissions(perms);
            return;
        }
        if (Logical.OR.equals(rpAnnotation.logical())) {
            // Avoid processing exceptions unnecessarily - "delay" throwing the exception by calling hasRole first
            boolean hasAtLeastOnePermission = false;
            for (String permission : perms) if (getSubject().isPermitted(permission)) hasAtLeastOnePermission = true;
            // Cause the exception if none of the role match, note that the exception message will be a bit misleading
            if (!hasAtLeastOnePermission) getSubject().checkPermission(perms[0]);