Package javax.annotation.security

Examples of javax.annotation.security.RolesAllowed

40
41
42
43
44
45
46
47
48
49
50
51
52
      if (method.isAnnotationPresent(RolesAllowed.class)) {
        UserRole userPrincipal = securityContext.getUserPrincipal();
        if (userPrincipal == null && request.getUserPrincipal() == null)
          throw new UserNotLoginException("没有登录或者已经超时");
       
        RolesAllowed annotation = method
            .getAnnotation(RolesAllowed.class);
        String[] roles = annotation.value();

        boolean hasPermission = securityContext.isUserInRole(roles);

        if (!hasPermission)
          throw new AccessDeniedException("拒绝访问");
View Full Code Here
72
73
74
75
76
77
78
79
80
81
82
83
84
85
    */
    private int checkPermission(AnnotatedElement targetObject) {
        int perm = -1;
        if (log.isDebugEnabled()) log.debug("Checking user credentials to execute " + targetObject);
        if (targetObject != null) {
            RolesAllowed rolesAllowed = targetObject.getAnnotation(RolesAllowed.class);
            if (rolesAllowed != null) {
                if (log.isDebugEnabled()) log.debug("Detected roles for object " + rolesAllowed);
                for (String role : rolesAllowed.value()) {
                    if (perm != 1) {
                        perm = this.roleMembershipManagement.isInRole(role) ? 1 : 0;
                        if (log.isDebugEnabled() & (perm == 1)) log.debug("Authenticated user is member of role: " + role);
                    }
                }
View Full Code Here
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
      final Iterator<WebServiceDeclaration> ejbContainers = wsDeployment.getServiceEndpoints().iterator();

      while (ejbContainers.hasNext())
      {
         final WebServiceDeclaration ejbContainer = ejbContainers.next();
         final RolesAllowed allowedRoles = ejbContainer.getAnnotation(RolesAllowed.class);
         final boolean hasAllowedRoles = allowedRoles != null;

         if (hasAllowedRoles)
         {
            for (final String roleName : allowedRoles.value())
            {
               final SecurityRoleMetaData securityRoleMD = new SecurityRoleMetaData();

               securityRoleMD.setRoleName(roleName);
               securityRolesMD.add(securityRoleMD);
View Full Code Here
179
180
181
182
183
184
185
186
187
188
189
190
191
192
      // class not here, therefore not on method either
      return true;
    }
    // From now on we can use this class since it's there. I (Stef Epardaud) don't think we need to
    // remove the reference here and use reflection.
    RolesAllowed rolesAllowed = m.getAnnotation(RolesAllowed.class);
    if(rolesAllowed == null)
      return true;
    SecurityContext context = ResteasyProviderFactory.getContextData(SecurityContext.class);
    for(String role : rolesAllowed.value())
      if(context.isUserInRole(role))
        return true;
    return false;
  }
View Full Code Here
30
31
32
33
34
35
36
37
38
39
40
41
   protected boolean denyAll;

   public boolean accept(Class declaring, Method method)
   {
      if (declaring == null || method == null) return false;
      RolesAllowed allowed = (RolesAllowed) declaring.getAnnotation(RolesAllowed.class);
      RolesAllowed methodAllowed = method.getAnnotation(RolesAllowed.class);
      if (methodAllowed != null) allowed = methodAllowed;
      if (allowed != null)
      {
         rolesAllowed = allowed.value();
      }
View Full Code Here
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
    _lazyGenerator = lazyGenerator;
   
    DeclareRoles declareRoles
      = annotatedType.getJavaClass().getAnnotation(DeclareRoles.class);

    RolesAllowed rolesAllowed
      = annotatedType.getJavaClass().getAnnotation(RolesAllowed.class);
   
    if (declareRoles != null && rolesAllowed != null) {
      _declaredRoles = new String[declareRoles.value().length +
                                  rolesAllowed.value().length];

      System.arraycopy(declareRoles.value(), 0,
                       _declaredRoles, 0,
                       declareRoles.value().length);

      System.arraycopy(rolesAllowed.value(), 0,
                       _declaredRoles, declareRoles.value().length,
                       rolesAllowed.value().length);
    }
    else if (declareRoles != null) {
      _declaredRoles = declareRoles.value();
    }
    else if (rolesAllowed != null) {
      _declaredRoles = rolesAllowed.value();
    }
  }
View Full Code Here
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
            for (Class<?> clazz : ancestors(beanClass)) {

                if (!classPermissions.contains("*") || !classPermissions.contains(clazz.getName())){

                    RolesAllowed rolesAllowed = clazz.getAnnotation(RolesAllowed.class);
                    PermitAll permitAll = clazz.getAnnotation(PermitAll.class);

                    if (rolesAllowed != null && permitAll != null){
                        ejbModule.getValidation().fail(ejbName, "permitAllAndRolesAllowedOnClass", clazz.getName());
                    }

                    if (rolesAllowed != null) {
                        MethodPermission methodPermission = new MethodPermission();
                        methodPermission.getRoleName().addAll(asList(rolesAllowed.value()));
                        methodPermission.getMethod().add(new org.apache.openejb.jee.Method(ejbName, clazz.getName(), "*"));
                        assemblyDescriptor.getMethodPermission().add(methodPermission);

                        // Automatically add a role ref for any role listed in RolesAllowed
                        RemoteBean remoteBean = (RemoteBean) bean;
                        List<SecurityRoleRef> securityRoleRefs = remoteBean.getSecurityRoleRef();
                        for (String role : rolesAllowed.value()) {
                            securityRoleRefs.add(new SecurityRoleRef(role));
                        }
                    }

                    if (permitAll != null) {
                        MethodPermission methodPermission = new MethodPermission();
                        methodPermission.setUnchecked(true);
                        methodPermission.getMethod().add(new org.apache.openejb.jee.Method(ejbName, clazz.getName(), "*"));
                        assemblyDescriptor.getMethodPermission().add(methodPermission);
                    }
                }

                RunAs runAs = clazz.getAnnotation(RunAs.class);
                if (runAs != null && bean.getSecurityIdentity() == null) {
                    SecurityIdentity securityIdentity = new SecurityIdentity();
                    securityIdentity.setRunAs(runAs.value());
                    bean.setSecurityIdentity(securityIdentity);
                }

                DeclareRoles declareRoles = clazz.getAnnotation(DeclareRoles.class);
                if (declareRoles != null && bean instanceof RemoteBean){
                    RemoteBean remoteBean = (RemoteBean) bean;
                    List<SecurityRoleRef> securityRoleRefs = remoteBean.getSecurityRoleRef();
                    for (String role : declareRoles.value()) {
                        securityRoleRefs.add(new SecurityRoleRef(role));
                    }
                }
            }

            List<Method> seen = new ArrayList<Method>();

            for (Method method : classFinder.findAnnotatedMethods(RolesAllowed.class)) {
                checkConflictingSecurityAnnotations(method, ejbName, ejbModule, seen);
                RolesAllowed rolesAllowed = method.getAnnotation(RolesAllowed.class);
                MethodPermission methodPermission = new MethodPermission();
                methodPermission.getRoleName().addAll(asList(rolesAllowed.value()));
                methodPermission.getMethod().add(new org.apache.openejb.jee.Method(ejbName, method));
                assemblyDescriptor.getMethodPermission().add(methodPermission);

                // Automatically add a role ref for any role listed in RolesAllowed
                RemoteBean remoteBean = (RemoteBean) bean;
                List<SecurityRoleRef> securityRoleRefs = remoteBean.getSecurityRoleRef();
                for (String role : rolesAllowed.value()) {
                    securityRoleRefs.add(new SecurityRoleRef(role));
                }
            }

            for (Method method : classFinder.findAnnotatedMethods(PermitAll.class)) {
View Full Code Here
3011
3012
3013
3014
3015
3016
3017
3018
3019
3020
3021
3022
3023
3024
3025
3026
3027
3028
3029
3030
3031
3032
3033
3034
3035
3036
3037
3038
3039
3040
3041
3042
3043
3044
3045
3046
3047
3048
3049
3050
3051
3052
3053
3054
3055
3056
3057
3058
3059
3060
3061
3062
3063
3064
3065
3066
3067
3068
3069
3070
3071
3072
3073
3074
3075
3076
3077
3078
3079
3080
3081
3082
3083
3084
3085
3086
3087
3088
3089
3090
3091
3092
3093
3094
3095
3096
3097
3098
                /*
                 * Process annotations at the class level
                 */
                if (!classPermissions.contains("*") || !classPermissions.contains(clazz.getName())) {

                    RolesAllowed rolesAllowed = clazz.getAnnotation(RolesAllowed.class);
                    PermitAll permitAll = clazz.getAnnotation(PermitAll.class);

                    /*
                     * @RolesAllowed
                     */
                    if (rolesAllowed != null && permitAll != null) {
                        ejbModule.getValidation().fail(ejbName, "permitAllAndRolesAllowedOnClass", clazz.getName());
                    }

                    if (rolesAllowed != null) {
                        MethodPermission methodPermission = new MethodPermission();
                        methodPermission.getRoleName().addAll(asList(rolesAllowed.value()));
                        methodPermission.getMethod().add(new org.apache.openejb.jee.Method(ejbName, clazz.getName(), "*"));
                        assemblyDescriptor.getMethodPermission().add(methodPermission);

                        // Automatically add a role ref for any role listed in RolesAllowed
                        RemoteBean remoteBean = (RemoteBean) bean;
                        List<SecurityRoleRef> securityRoleRefs = remoteBean.getSecurityRoleRef();
                        for (String role : rolesAllowed.value()) {
                            securityRoleRefs.add(new SecurityRoleRef(role));
                        }
                    }

                    /*
                     * @PermitAll
                     */
                    if (permitAll != null) {
                        MethodPermission methodPermission = new MethodPermission();
                        methodPermission.setUnchecked(true);
                        methodPermission.getMethod().add(new org.apache.openejb.jee.Method(ejbName, clazz.getName(), "*"));
                        assemblyDescriptor.getMethodPermission().add(methodPermission);
                    }
                }

                /*
                 * @RunAs
                 */
                RunAs runAs = clazz.getAnnotation(RunAs.class);
                if (runAs != null && bean.getSecurityIdentity() == null) {
                    SecurityIdentity securityIdentity = new SecurityIdentity();
                    securityIdentity.setRunAs(runAs.value());
                    bean.setSecurityIdentity(securityIdentity);
                }

                /*
                 * @DeclareRoles
                 */
                DeclareRoles declareRoles = clazz.getAnnotation(DeclareRoles.class);
                if (declareRoles != null && bean instanceof RemoteBean) {
                    RemoteBean remoteBean = (RemoteBean) bean;
                    List<SecurityRoleRef> securityRoleRefs = remoteBean.getSecurityRoleRef();
                    for (String role : declareRoles.value()) {
                        securityRoleRefs.add(new SecurityRoleRef(role));
                    }
                }
            }

            /*
             * Process annotations at the method level
             */
            List<Method> seen = new ArrayList<Method>();

            /*
             * @RolesAllowed
             */
            for (Annotated<Method> method : annotationFinder.findMetaAnnotatedMethods(RolesAllowed.class)) {
                checkConflictingSecurityAnnotations(method, ejbName, ejbModule, seen);
                RolesAllowed rolesAllowed = method.getAnnotation(RolesAllowed.class);
                MethodPermission methodPermission = new MethodPermission();
                methodPermission.getRoleName().addAll(asList(rolesAllowed.value()));
                methodPermission.getMethod().add(new org.apache.openejb.jee.Method(ejbName, method.get()));
                assemblyDescriptor.getMethodPermission().add(methodPermission);

                // Automatically add a role ref for any role listed in RolesAllowed
                RemoteBean remoteBean = (RemoteBean) bean;
                List<SecurityRoleRef> securityRoleRefs = remoteBean.getSecurityRoleRef();
                for (String role : rolesAllowed.value()) {
                    securityRoleRefs.add(new SecurityRoleRef(role));
                }
            }

            /*
 
View Full Code Here
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
   }

  
   public void process(MethodPermissionsMetaData metaData, T type)
   {
      RolesAllowed allowed = finder.getAnnotation(type, RolesAllowed.class);
      if(allowed == null)
         return;

      Method method = null;
      if(type instanceof Method)
         method = (Method) type;

      String ejbName = EjbNameThreadLocal.ejbName.get();
      MethodMetaData mmd = ProcessorUtils.createMethod(ejbName, method);
      MethodPermissionMetaData perm = new MethodPermissionMetaData();
      MethodsMetaData methods = perm.getMethods();
      if(methods == null)
      {
         methods = new MethodsMetaData();
         perm.setMethods(methods);
      }
      HashSet<String> roles = new HashSet<String>();
      for(String role : allowed.value())
         roles.add(role);
      perm.setRoles(roles);
      Descriptions descriptions = ProcessorUtils.getDescription("@RolesAllowed for: "+type);
      mmd.setDescriptions(descriptions);
      methods.add(mmd);
View Full Code Here
64
65
66
67
68
69
70
71
72
73
74
75
76
            if (a instanceof PermitAll) {
                attributes.add(Jsr250SecurityConfig.PERMIT_ALL_ATTRIBUTE);
                return attributes;
            }
            if (a instanceof RolesAllowed) {
                RolesAllowed ra = (RolesAllowed) a;

                for (String allowed : ra.value()) {
                    attributes.add(new Jsr250SecurityConfig(allowed));
                }
                return attributes;
            }
        }
View Full Code Here
TOP

Related Classes of javax.annotation.security.RolesAllowed

  • com.caucho.config.gen.SecurityFactory
  • com.caucho.ejb.session.AbstractSessionManager
  • com.caucho.ejb.session.SessionServer
  • com.sun.enterprise.deployment.annotation.handlers.RolesAllowedHandler
  • com.sun.jersey.api.container.filter.RolesAllowedResourceFilterFactory
  • com.sun.jersey.api.container.filter.servlet.RolesAllowedResourceFilterFactory
  • com.walters.sms.rest.SecurityFilter
  • es.internna.jee.security.impl.SecurityInterceptor
  • juzu.plugin.authz.AuthzManager
  • org.apache.openejb.config.AnnotationDeployer$ProcessAnnotatedBeans
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.