@Override
public boolean isAccessGranted(UI ui, String beanName) {
if (applicationContext.findAnnotationOnBean(beanName, DenyAll.class) != null) {
// DenyAll (no authentication required)
return false;
}
if (applicationContext.findAnnotationOnBean(beanName, PermitAll.class) != null) {
// PermitAll (no authentication required)
return true;
}
// RolesAllowed - authentication required
RolesAllowed ra = applicationContext.findAnnotationOnBean(beanName, RolesAllowed.class);
if (ra != null) {
// check authentication
final AuthContext authContext = AuthContext.getCurrent()
.orElseThrow(() -> new IllegalStateException("No AuthContext available as Context resource: "
+ "failed to validate RolesAllowed security annotation on View bean name [" + beanName
+ "]"));
if (!authContext.getAuthentication().isPresent()) {
// not authenticated
return false;
}
// check permissions
if (ra.value().length > 0) {
// for empty roles names, no role is required, only authentication
if (!authContext.isPermittedAny(ra.value())) {
// no roles matches (with ANY semantic)
return false;
}
}
}
return true;
}
java类javax.annotation.security.DenyAll的实例源码
SecurityAnnotationsViewAccessControl.java 文件源码
项目:holon-vaadin
阅读 35
收藏 0
点赞 0
评论 0
Builder.java 文件源码
项目:cito
阅读 40
收藏 0
点赞 0
评论 0
@Override
public boolean permitted(SecurityContext securityCtx) {
if (this.annotation.annotationType() == DenyAll.class) {
return false;
}
if (this.annotation.annotationType() == PermitAll.class) { // XXX needed?
return true;
}
if (this.annotation.annotationType() == RolesAllowed.class) {
final String[] roles = ((RolesAllowed) this.annotation).value();
for (String role : roles) {
if (securityCtx.isUserInRole(role)) {
return true;
}
}
}
return false;
}
RegisterAuthDynamicFeature.java 文件源码
项目:openregister-java
阅读 30
收藏 0
点赞 0
评论 0
@Override
public void configure(ResourceInfo resourceInfo, FeatureContext context) {
final AnnotatedMethod am = new AnnotatedMethod(resourceInfo.getResourceMethod());
final Annotation[][] parameterAnnotations = am.getParameterAnnotations();
//@DenyAll shouldn't be attached to classes
final boolean annotationOnClass = (resourceInfo.getResourceClass().getAnnotation(RolesAllowed.class) != null) ||
(resourceInfo.getResourceClass().getAnnotation(PermitAll.class) != null);
final boolean annotationOnMethod = am.isAnnotationPresent(RolesAllowed.class) || am.isAnnotationPresent(DenyAll.class) ||
am.isAnnotationPresent(PermitAll.class);
if (annotationOnClass || annotationOnMethod) {
context.register(filterClass);
} else {
for (Annotation[] annotations : parameterAnnotations) {
for (Annotation annotation : annotations) {
if (annotation instanceof Auth) {
context.register(filterClass);
return;
}
}
}
}
}
SecurityAnnotationParser.java 文件源码
项目:base
阅读 24
收藏 0
点赞 0
评论 0
private Annotation getAuthAnnotation( AnnotatedElement element )
{
Annotation ann = element.getAnnotation( DenyAll.class );
if ( ann == null )
{
ann = element.getAnnotation( RolesAllowed.class );
}
if ( ann == null )
{
ann = element.getAnnotation( PermitAll.class );
}
if ( ann == null )
{
ann = element.getAnnotation( RelationCredibility.class );
}
return ann;
}
AuthDynamicFeature.java 文件源码
项目:dropwizard-java8
阅读 27
收藏 0
点赞 0
评论 0
@Override
public void configure(ResourceInfo resourceInfo, FeatureContext context) {
final AnnotatedMethod am = new AnnotatedMethod(resourceInfo.getResourceMethod());
final Annotation[][] parameterAnnotations = am.getParameterAnnotations();
if (am.isAnnotationPresent(RolesAllowed.class) || am.isAnnotationPresent(DenyAll.class) ||
am.isAnnotationPresent(PermitAll.class)) {
context.register(authFilter);
} else {
for (Annotation[] annotations : parameterAnnotations) {
for (Annotation annotation : annotations) {
if (annotation instanceof Auth) {
context.register(authFilter);
return;
}
}
}
}
}
AnnotationDeployer.java 文件源码
项目:tomee
阅读 27
收藏 0
点赞 0
评论 0
/**
* Validation
* <p/>
* Conflicting use of @RolesAllowed, @PermitAll, and @DenyAll
*
* @param method
* @param ejbName
* @param ejbModule
* @param seen
*/
private void checkConflictingSecurityAnnotations(final Annotated<Method> method, final String ejbName, final EjbModule ejbModule, final List<Method> seen) {
if (seen.contains(method.get())) {
return;
} else {
seen.add(method.get());
}
final List<String> annotations = new ArrayList<String>();
for (final Class<? extends Annotation> annotation : Arrays.asList(RolesAllowed.class, PermitAll.class, DenyAll.class)) {
if (method.getAnnotation(annotation) != null) {
annotations.add("@" + annotation.getSimpleName());
}
}
if (annotations.size() > 1) {
ejbModule.getValidation().fail(ejbName, "conflictingSecurityAnnotations", method.get().getName(), Join.join(" and ", annotations), method.get().getDeclaringClass());
}
}
SecurityAnnotationsViewAccessControl.java 文件源码
项目:holon-vaadin7
阅读 31
收藏 0
点赞 0
评论 0
@Override
public boolean isAccessGranted(UI ui, String beanName) {
if (applicationContext.findAnnotationOnBean(beanName, DenyAll.class) != null) {
// DenyAll (no authentication required)
return false;
}
if (applicationContext.findAnnotationOnBean(beanName, PermitAll.class) != null) {
// PermitAll (no authentication required)
return true;
}
// RolesAllowed - authentication required
RolesAllowed ra = applicationContext.findAnnotationOnBean(beanName, RolesAllowed.class);
if (ra != null) {
// check authentication
final AuthContext authContext = AuthContext.getCurrent()
.orElseThrow(() -> new IllegalStateException("No AuthContext available as Context resource: "
+ "failed to validate RolesAllowed security annotation on View bean name [" + beanName
+ "]"));
if (!authContext.getAuthentication().isPresent()) {
// not authenticated
return false;
}
// check permissions
if (ra.value().length > 0) {
// for empty roles names, no role is required, only authentication
if (!authContext.isPermittedAny(ra.value())) {
// no roles matches (with ANY semantic)
return false;
}
}
}
return true;
}
TestAuthorizationRest.java 文件源码
项目:rest.vertx
阅读 25
收藏 0
点赞 0
评论 0
@GET
@Path("/nobody")
@Produces(MediaType.TEXT_PLAIN)
@DenyAll()
public String nobody() {
return "nobody";
}
TestAuthzStd.java 文件源码
项目:holon-jaxrs
阅读 26
收藏 0
点赞 0
评论 0
@DenyAll
@GET
@Path("prv")
@Produces(MediaType.TEXT_PLAIN)
public String prv() {
return "Denied";
}
TestAuth.java 文件源码
项目:holon-jaxrs
阅读 35
收藏 0
点赞 0
评论 0
@DenyAll
@GET
@Path("prv")
@Produces(MediaType.TEXT_PLAIN)
public String prv() {
return "Denied";
}
TestAuthJwt.java 文件源码
项目:holon-jaxrs
阅读 32
收藏 0
点赞 0
评论 0
@DenyAll
@GET
@Path("prv")
@Produces(MediaType.TEXT_PLAIN)
public String prv() {
return "Denied";
}
MinijaxApplication.java 文件源码
项目:minijax
阅读 36
收藏 0
点赞 0
评论 0
private void checkSecurity(final MinijaxRequestContext context) {
final Annotation a = context.getResourceMethod().getSecurityAnnotation();
if (a == null) {
return;
}
final Class<?> c = a.annotationType();
if (c == PermitAll.class) {
return;
}
if (c == DenyAll.class) {
throw new ForbiddenException();
}
if (c == RolesAllowed.class) {
final SecurityContext security = context.getSecurityContext();
if (security == null || security.getUserPrincipal() == null) {
throw new NotAuthorizedException(Response.status(Status.UNAUTHORIZED).build());
}
boolean found = false;
for (final String role : ((RolesAllowed) a).value()) {
if (security.isUserInRole(role)) {
found = true;
break;
}
}
if (!found) {
throw new ForbiddenException();
}
}
}
MinijaxResourceMethod.java 文件源码
项目:minijax
阅读 28
收藏 0
点赞 0
评论 0
private static Annotation findSecurityAnnotation(final Annotation[] annotations) {
for (final Annotation a : annotations) {
final Class<?> c = a.annotationType();
if (c == PermitAll.class || c == DenyAll.class || c == RolesAllowed.class) {
return a;
}
}
return null;
}
PermissionCheckTest.java 文件源码
项目:oasp-tutorial-sources
阅读 22
收藏 0
点赞 0
评论 0
/**
* Check if all relevant methods in use case implementations have permission checks i.e. {@link RolesAllowed},
* {@link DenyAll} or {@link PermitAll} annotation is applied. This is only checked for methods that are declared in
* the corresponding interface and thus have the {@link Override} annotations applied.
*/
@Test
public void permissionCheckAnnotationPresent() {
String packageName = "com.cap.jumpthequeue";
Filter<String> filter = new Filter<String>() {
@Override
public boolean accept(String value) {
return value.contains(".logic.impl.usecase.Uc") && value.endsWith("Impl");
}
};
ReflectionUtil ru = ReflectionUtilImpl.getInstance();
Set<String> classNames = ru.findClassNames(packageName, true, filter);
Set<Class<?>> classes = ru.loadClasses(classNames);
SoftAssertions assertions = new SoftAssertions();
for (Class<?> clazz : classes) {
Method[] methods = clazz.getDeclaredMethods();
for (Method method : methods) {
Method parentMethod = ru.getParentMethod(method);
if (parentMethod != null) {
Class<?> declaringClass = parentMethod.getDeclaringClass();
if (declaringClass.isInterface() && declaringClass.getSimpleName().startsWith("Uc")) {
boolean hasAnnotation = false;
if (method.getAnnotation(RolesAllowed.class) != null || method.getAnnotation(DenyAll.class) != null
|| method.getAnnotation(PermitAll.class) != null) {
hasAnnotation = true;
}
assertions.assertThat(hasAnnotation)
.as("Method " + method.getName() + " in Class " + clazz.getSimpleName() + " is missing access control")
.isTrue();
}
}
}
}
assertions.assertAll();
}
Builder.java 文件源码
项目:cito
阅读 31
收藏 0
点赞 0
评论 0
public SecurityAnnotationMatcher(Annotation annotation) {
if (annotation.annotationType() != PermitAll.class &&
annotation.annotationType() != DenyAll.class &&
annotation.annotationType() != RolesAllowed.class)
{
throw new IllegalArgumentException("Not supported! [" + annotation + "]");
}
this.annotation = annotation;
}
BuilderTest.java 文件源码
项目:cito
阅读 32
收藏 0
点赞 0
评论 0
@Test
public void denyAll() {
this.builder.denyAll();
assertTrue(getFrameMatchers().isEmpty());
assertEquals(1, getSecurityMatchers().size());
SecurityAnnotationMatcher matcher = (SecurityAnnotationMatcher) getSecurityMatchers().get(0);
assertTrue(DenyAll.class.isAssignableFrom(ReflectionUtil.get(matcher, "annotation").getClass()));
}
RolesAllowedChecker.java 文件源码
项目:rest-schemagen
阅读 28
收藏 0
点赞 0
评论 0
@Override
public boolean test(Scope scope) {
AnnotatedMethod am = new AnnotatedMethod(scope.getInvokedMethod());
// DenyAll on the method take precedence over RolesAllowed and PermitAll
if (am.isAnnotationPresent(DenyAll.class)) {
return false;
}
// RolesAllowed on the method takes precedence over PermitAll
RolesAllowed ra = am.getAnnotation(RolesAllowed.class);
if (ra != null) {
return checkRoles(ra.value());
}
// PermitAll takes precedence over RolesAllowed on the class
if (am.isAnnotationPresent(PermitAll.class)) {
// Do nothing.
return true;
}
// DenyAll can't be attached to classes
// RolesAllowed on the class takes precedence over PermitAll
ra = scope.getInvokedClass().getAnnotation(RolesAllowed.class);
if (ra != null) {
return checkRoles(ra.value());
}
return true;
}
DropwizardAuthFrameworkTest.java 文件源码
项目:dropwizard-auth-example
阅读 25
收藏 0
点赞 0
评论 0
@GET
@Path("/denyAllEndpoint")
@DenyAll
public Response denyAllEndpoint() throws Exception {
Response.ResponseBuilder responseBuilder = Response.ok();
return responseBuilder.build();
}
DropwizardAuthFrameworkTest.java 文件源码
项目:dropwizard-auth-example
阅读 19
收藏 0
点赞 0
评论 0
@GET
@Path("/denyAllEndpointWithRole")
@DenyAll
@RolesAllowed({Role.USER_READ_ONLY})
public Response denyAllEndpointWithRole() throws Exception {
Response.ResponseBuilder responseBuilder = Response.ok();
return responseBuilder.build();
}
AccountBean.java 文件源码
项目:study-ocbcd
阅读 30
收藏 0
点赞 0
评论 0
@DenyAll
@RolesAllowed("Customer")
public void withdraw(double amount) throws AccountBalanceException, SecurityException {
if (balance - amount < 0) {
ctx.setRollbackOnly();
throw new AccountBalanceException("There isn't enough money.");
} else if (!ctx.isCallerInRole("EjbRoleCustomer")) {
throw new SecurityException("Not authorized.");
} else {
Principal princ = ctx.getCallerPrincipal();
System.out.println("Somebody is withdrawing: " + princ.getName());
balance -= amount;
}
}
SecurityInterceptor.java 文件源码
项目:Bionimbuz
阅读 23
收藏 0
点赞 0
评论 0
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
final ResourceMethodInvoker methodInvoker = (ResourceMethodInvoker) requestContext.getProperty("org.jboss.resteasy.core.ResourceMethodInvoker");
final Method method = methodInvoker.getMethod();
// Verifies if it isn't annotated with @PermitAll
if (!method.isAnnotationPresent(PermitAll.class)) {
if (method.isAnnotationPresent(DenyAll.class)) {
LOGGER.info("Access denied!");
requestContext.abortWith(Response.status(Status.FORBIDDEN).entity(new User()).build());
}
}
}
SecurityInterceptor.java 文件源码
项目:hammock
阅读 28
收藏 0
点赞 0
评论 0
private void checkLoggedIn(InvocationContext invocationContext) {
LoggedIn loggedIn = AnnotationUtil.getAnnotation(invocationContext, LoggedIn.class);
DenyAll denyAll = AnnotationUtil.getAnnotation(invocationContext, DenyAll.class);
if (loggedIn != null || denyAll != null) {
if(!identity.isLoggedIn()) {
throw new NotLoggedInException(identity+" Not logged in");
}
}
}
RolesAllowedDynamicFeature.java 文件源码
项目:SensorSafe
阅读 33
收藏 0
点赞 0
评论 0
@Override
public void configure(final ResourceInfo resourceInfo, final FeatureContext configuration) {
AnnotatedMethod am = new AnnotatedMethod(resourceInfo.getResourceMethod());
// DenyAll on the method take precedence over RolesAllowed and PermitAll
if (am.isAnnotationPresent(DenyAll.class)) {
configuration.register(new RolesAllowedRequestFilter());
return;
}
// RolesAllowed on the method takes precedence over PermitAll
RolesAllowed ra = am.getAnnotation(RolesAllowed.class);
if (ra != null) {
configuration.register(new RolesAllowedRequestFilter(ra.value()));
return;
}
// PermitAll takes precedence over RolesAllowed on the class
if (am.isAnnotationPresent(PermitAll.class)) {
// Do nothing.
return;
}
// DenyAll can't be attached to classes
// RolesAllowed on the class takes precedence over PermitAll
ra = resourceInfo.getResourceClass().getAnnotation(RolesAllowed.class);
if (ra != null) {
configuration.register(new RolesAllowedRequestFilter(ra.value()));
}
}
CustomerService.java 文件源码
项目:wso2-samples-cxf
阅读 32
收藏 0
点赞 0
评论 0
@DenyAll
@Path("/orders/{orderId}/")
public Order getOrder(@PathParam("orderId") String orderId) {
System.out.println("----invoking getOrder, Order id is: " + orderId);
long idNumber = Long.parseLong(orderId);
Order c = orders.get(idNumber);
return c;
}
RouteDefinition.java 文件源码
项目:rest.vertx
阅读 28
收藏 0
点赞 0
评论 0
/**
* Sets path specifics
*
* @param annotations list of method annotations
*/
private void init(Annotation[] annotations) {
for (Annotation annotation : annotations) {
//log.info(annotation.toString());
if (annotation instanceof RouteOrder) {
order(((RouteOrder) annotation).value());
}
if (annotation instanceof Path) {
path(((Path) annotation).value());
}
if (annotation instanceof Produces) {
produces(((Produces) annotation).value());
}
if (annotation instanceof Consumes) {
consumes(((Consumes) annotation).value());
}
if (annotation instanceof javax.ws.rs.HttpMethod) {
method(((javax.ws.rs.HttpMethod) annotation).value());
}
if (annotation instanceof GET ||
annotation instanceof POST ||
annotation instanceof PUT ||
annotation instanceof DELETE ||
annotation instanceof HEAD ||
annotation instanceof OPTIONS) {
method(annotation.annotationType().getSimpleName());
}
// response writer ...
if (annotation instanceof ResponseWriter) {
writer = ((ResponseWriter) annotation).value();
}
if (annotation instanceof RequestReader) {
reader = ((RequestReader) annotation).value();
}
if (annotation instanceof Blocking) {
blocking = ((Blocking) annotation).value();
}
if (annotation instanceof RolesAllowed) {
permitAll = null; // override any previous definition
roles = ((RolesAllowed) annotation).value();
}
if (annotation instanceof DenyAll) {
roles = null; // override any previous definition
permitAll = false;
}
if (annotation instanceof PermitAll) {
roles = null; // override any previous definition
permitAll = true;
}
if (annotation instanceof CatchWith) {
exceptionHandlers = ArrayUtils.join(((CatchWith) annotation).value(), exceptionHandlers);
}
}
}
TestRestClientSecurity.java 文件源码
项目:holon-core
阅读 32
收藏 0
点赞 0
评论 0
@DenyAll
@GET
@Path("deny")
public Response deny() {
return Response.ok().build();
}
AuthorizationFilter.java 文件源码
项目:jersey-jwt
阅读 45
收藏 0
点赞 0
评论 0
@Override
public void filter(final ContainerRequestContext requestContext) throws IOException {
Method method = resourceInfo.getResourceMethod();
// @DenyAll on the method takes precedence over @RolesAllowed and @PermitAll
if (method.isAnnotationPresent(DenyAll.class)) {
throw new AccessDeniedException("You don't have permissions to perform this action.");
}
// @RolesAllowed on the method takes precedence over @PermitAll
RolesAllowed rolesAllowed = method.getAnnotation(RolesAllowed.class);
if (rolesAllowed != null) {
performAuthorization(rolesAllowed.value(), requestContext);
return;
}
// @PermitAll on the method takes precedence over @RolesAllowed on the class
if (method.isAnnotationPresent(PermitAll.class)) {
// Do nothing
return;
}
// @DenyAll can't be attached to classes
// @RolesAllowed on the class takes precedence over @PermitAll on the class
rolesAllowed = resourceInfo.getResourceClass().getAnnotation(RolesAllowed.class);
if (rolesAllowed != null) {
performAuthorization(rolesAllowed.value(), requestContext);
}
// @PermitAll on the class
if (resourceInfo.getResourceClass().isAnnotationPresent(PermitAll.class)) {
// Do nothing
return;
}
// Authentication is required for non-annotated methods
if (!isAuthenticated(requestContext)) {
throw new AccessDeniedException("Authentication is required to perform this action.");
}
}
AuthenticationFilter.java 文件源码
项目:full-javaee-app
阅读 39
收藏 0
点赞 0
评论 0
@Override
public void filter(ContainerRequestContext requestContext) {
Method method = resourceInfo.getResourceMethod();
if (!method.isAnnotationPresent(PermitAll.class)) {
if (method.isAnnotationPresent(DenyAll.class)) {
requestContext.abortWith(ACCESS_FORBIDDEN);
return;
}
//Get request headers
final MultivaluedMap<String, String> headers = requestContext.getHeaders();
//Fetch authorization header
final List<String> authorization = headers.get(AUTHORIZATION_PROPERTY);
//If no authorization information present; block access
if (authorization == null || authorization.isEmpty()) {
requestContext.abortWith(ACCESS_DENIED);
return;
}
//Get encoded username and password
final String encodedUserPassword = authorization.get(0).replaceFirst(AUTHENTICATION_SCHEME + " ", "");
//Decode username and password
String usernameAndPassword = new String(Base64.decode(encodedUserPassword.getBytes()));
;
//Split username and password tokens
final StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":");
final String username = tokenizer.nextToken();
final String password = tokenizer.nextToken();
//Verify user access
if (method.isAnnotationPresent(RolesAllowed.class)) {
RolesAllowed rolesAnnotation = method.getAnnotation(RolesAllowed.class);
Set<String> rolesSet = new HashSet<String>(Arrays.asList(rolesAnnotation.value()));
//Is user valid?
if (!isUserAllowed(username, password, rolesSet)) {
requestContext.abortWith(ACCESS_DENIED);
return;
}
}
}
}
SecurityInterceptor.java 文件源码
项目:tapestry5-angular2-demo
阅读 26
收藏 0
点赞 0
评论 0
public void filter(ContainerRequestContext requestContext) throws IOException {
ResourceMethodInvoker methodInvoker = (ResourceMethodInvoker)
requestContext.getProperty("org.jboss.resteasy.core.ResourceMethodInvoker");
Method method = methodInvoker.getMethod();
//Access allowed for all
if( ! method.isAnnotationPresent(PermitAll.class))
{
//Access denied for all
if(method.isAnnotationPresent(DenyAll.class))
{
requestContext.abortWith(ACCESS_FORBIDDEN);
return;
}
//Get request headers
final MultivaluedMap<String, String> headers = requestContext.getHeaders();
//Fetch authorization header
final List<String> authorization = headers.get(AUTHORIZATION_PROPERTY);
//If no authorization information present; block access
if(authorization == null || authorization.isEmpty())
{
requestContext.abortWith(ACCESS_DENIED);
return;
}
Subject subject = securityService.getSubject();
if (!subject.isAuthenticated()) {
requestContext.abortWith(SERVER_ERROR);
return;
}
//Verify user access
if(method.isAnnotationPresent(RolesAllowed.class))
{
boolean isAllowed = false;
RolesAllowed rolesAnnotation = method.getAnnotation(RolesAllowed.class);
Set<String> rolesSet = new HashSet<String>(Arrays.asList(rolesAnnotation.value()));
//Is user allowed?
for(String s : rolesSet)
if(subject.hasRole(s))
{
isAllowed = true;
}
if(!isAllowed)
{
requestContext.abortWith(ACCESS_DENIED);
}
}
}
}
SecurityAnnotationParser.java 文件源码
项目:base
阅读 30
收藏 0
点赞 0
评论 0
private boolean isSecuredEl( AnnotatedElement element )
{
return element.isAnnotationPresent( RelationCredibility.class ) || element
.isAnnotationPresent( RolesAllowed.class ) || element.isAnnotationPresent( DenyAll.class );
}
