Package juzu.plugin.authz

Source Code of juzu.plugin.authz.AuthzManager

/*
* Copyright 2013 eXo Platform SAS
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*     http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package juzu.plugin.authz;

import juzu.Response;
import juzu.impl.request.Request;
import juzu.impl.request.RequestFilter;
import juzu.impl.request.Stage;
import juzu.request.SecurityContext;

import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import java.lang.reflect.Method;

/**
* @author Julien Viet
*/
public class AuthzManager implements RequestFilter<Stage.Handler> {

  @Override
  public Class<Stage.Handler> getStageType() {
    return Stage.Handler.class;
  }

  @Override
  public Response handle(Stage.Handler argument) {
    Request request = argument.getRequest();

    // Search for annotation on the method
    Method method = request.getHandler().getMethod();
    RolesAllowed rolesAllowed = method.getAnnotation(RolesAllowed.class);
    PermitAll permitAll = method.getAnnotation(PermitAll.class);
    DenyAll denyAll = method.getAnnotation(DenyAll.class);

    // Look at parent if nothing found at method level
    if (rolesAllowed == null && permitAll == null && denyAll == null) {
      Class<?> controllerClass = method.getDeclaringClass();
      rolesAllowed = controllerClass.getAnnotation(RolesAllowed.class);
      denyAll = controllerClass.getAnnotation(DenyAll.class);
    }

    //
    boolean ok = false;
    if (denyAll != null) {
      ok = false;
    } else if (rolesAllowed != null) {
      SecurityContext securityContext = request.getSecurityContext();
      for (String role : rolesAllowed.value()) {
        if (securityContext.isUserInRole(role)) {
          ok = true;
          break;
        }
      }
    } else {
      ok = true;
    }

    //
    if (!ok) {
      return new Response.Error.Forbidden("Access denied");
    } else {
      return argument.invoke();
    }
  }
}
TOP

Related Classes of juzu.plugin.authz.AuthzManager

TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.