下面列出了javax.annotation.security.RolesAllowed#value ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
SecurityInvocationHandler(SessionContext sessionContext, Method beanMethod) {
this.sessionContext = sessionContext;
RolesAllowed rolesAllowed = beanMethod
.getAnnotation(RolesAllowed.class);
// a somewhat nasty scenario: a bean is spied using Mockito, so the
// roles allowed annotations have to be retrieved from the superclass...
Class<?> declaringClass = beanMethod.getDeclaringClass();
Class<?> superclass = declaringClass.getSuperclass();
if (declaringClass.getName().contains("Mockito")
&& !superclass.equals(Object.class)) {
try {
Method method = superclass.getMethod(beanMethod.getName(),
beanMethod.getParameterTypes());
rolesAllowed = method.getAnnotation(RolesAllowed.class);
} catch (Exception e) {
e.printStackTrace();
}
}
if (rolesAllowed == null) {
this.rolesAllowed = new String[0];
} else {
this.rolesAllowed = rolesAllowed.value();
}
}
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
RolesAllowed rolesAllowed = resourceInfo.getResourceMethod().getDeclaredAnnotation(RolesAllowed.class);
if (rolesAllowed == null || rolesAllowed.value().length == 0) {
return;
}
SecurityContext securityContext = requestContext.getSecurityContext();
for (String role : rolesAllowed.value()) {
if (!securityContext.isUserInRole(role)) {
throw new ForbiddenException("invalid permission");
}
}
}
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
RolesAllowed rolesAllowed = resourceInfo.getResourceMethod().getDeclaredAnnotation(RolesAllowed.class);
if (rolesAllowed == null || rolesAllowed.value().length == 0) {
return;
}
SecurityContext securityContext = requestContext.getSecurityContext();
for (String role : rolesAllowed.value()) {
if (!securityContext.isUserInRole(role)) {
throw new AdminForbiddenException("invalid permission");
}
}
}
private boolean isRoleAllowed(Method method, UserRoleType roleType) {
RolesAllowed rolesAllowed = method.getAnnotation(RolesAllowed.class);
if (rolesAllowed == null) {
return true;
}
for (String role : rolesAllowed.value()) {
if (role.equals(roleType.name())) {
return true;
}
}
return false;
}
private boolean isRoleAllowed(Method method, UserRoleType roleType) {
RolesAllowed rolesAllowed = method.getAnnotation(RolesAllowed.class);
if (rolesAllowed == null) {
return true;
}
for (String role : rolesAllowed.value()) {
if (role.equals(roleType.name())) {
return true;
}
}
return false;
}
private boolean isRoleAllowed(Method method, UserRoleType roleType) {
RolesAllowed rolesAllowed = method.getAnnotation(RolesAllowed.class);
if (rolesAllowed == null) {
return true;
}
for (String role : rolesAllowed.value()) {
if (role.equals(roleType.name())) {
return true;
}
}
return false;
}
private boolean isRoleAllowed(Method method, UserRoleType roleType) {
RolesAllowed rolesAllowed = method.getAnnotation(RolesAllowed.class);
if (rolesAllowed == null) {
return true;
}
for (String role : rolesAllowed.value()) {
if (role.equals(roleType.name())) {
return true;
}
}
return false;
}
private boolean roleAllowed(RolesAllowed rolesAllowed,
HttpServletRequest request) {
if (rolesAllowed == null) {
return true;
}
for (String role : rolesAllowed.value()) {
if (request.isUserInRole(role)) {
return true;
}
}
return false;
}