this.authenticationService = authenticationService;
}
@AroundInvoke
public Object aroundInvoke(InvocationContext context) throws Exception {
final User user = authenticationService.getUser();
final Collection<RestrictedAccess> annotations = getRestrictedAccessAnnotations(context.getTarget().getClass(),
context.getMethod());
final String[] roles = AnnotationUtils.mergeRoles(annotations.toArray(new RestrictedAccess[annotations.size()]));
if (User.ANONYMOUS.equals(user)) {
throw new UnauthenticatedException();
}
else if (!user.hasAllRoles(roles)) {
throw new UnauthorizedException();
}
else {
return context.proceed();
}