Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
GuestAnnotationHandler |
|
| 2.5;2.5 |
1 | /* | |
2 | * Licensed to the Apache Software Foundation (ASF) under one | |
3 | * or more contributor license agreements. See the NOTICE file | |
4 | * distributed with this work for additional information | |
5 | * regarding copyright ownership. The ASF licenses this file | |
6 | * to you under the Apache License, Version 2.0 (the | |
7 | * "License"); you may not use this file except in compliance | |
8 | * with the License. You may obtain a copy of the License at | |
9 | * | |
10 | * http://www.apache.org/licenses/LICENSE-2.0 | |
11 | * | |
12 | * Unless required by applicable law or agreed to in writing, | |
13 | * software distributed under the License is distributed on an | |
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
15 | * KIND, either express or implied. See the License for the | |
16 | * specific language governing permissions and limitations | |
17 | * under the License. | |
18 | */ | |
19 | package org.apache.shiro.authz.aop; | |
20 | ||
21 | import java.lang.annotation.Annotation; | |
22 | ||
23 | import org.apache.shiro.authz.AuthorizationException; | |
24 | import org.apache.shiro.authz.UnauthenticatedException; | |
25 | import org.apache.shiro.authz.annotation.RequiresGuest; | |
26 | ||
27 | ||
28 | /** | |
29 | * Checks to see if a @{@link org.apache.shiro.authz.annotation.RequiresGuest RequiresGuest} annotation | |
30 | * is declared, and if so, ensures the calling <code>Subject</code> does <em>not</em> | |
31 | * have an {@link org.apache.shiro.subject.Subject#getPrincipal() identity} before invoking the method. | |
32 | * <p> | |
33 | * This annotation essentially ensures that <code>subject.{@link org.apache.shiro.subject.Subject#getPrincipal() getPrincipal()} == null</code>. | |
34 | * | |
35 | * @since 0.9.0 | |
36 | */ | |
37 | public class GuestAnnotationHandler extends AuthorizingAnnotationHandler { | |
38 | ||
39 | /** | |
40 | * Default no-argument constructor that ensures this interceptor looks for | |
41 | * | |
42 | * {@link org.apache.shiro.authz.annotation.RequiresGuest RequiresGuest} annotations in a method | |
43 | * declaration. | |
44 | */ | |
45 | public GuestAnnotationHandler() { | |
46 | 0 | super(RequiresGuest.class); |
47 | 0 | } |
48 | ||
49 | /** | |
50 | * Ensures that the calling <code>Subject</code> is NOT a <em>user</em>, that is, they do not | |
51 | * have an {@link org.apache.shiro.subject.Subject#getPrincipal() identity} before continuing. If they are | |
52 | * a user ({@link org.apache.shiro.subject.Subject#getPrincipal() Subject.getPrincipal()} != null), an | |
53 | * <code>AuthorizingException</code> will be thrown indicating that execution is not allowed to continue. | |
54 | * | |
55 | * @param a the annotation to check for one or more roles | |
56 | * @throws org.apache.shiro.authz.AuthorizationException | |
57 | * if the calling <code>Subject</code> is not a "guest". | |
58 | */ | |
59 | public void assertAuthorized(Annotation a) throws AuthorizationException { | |
60 | 0 | if (a instanceof RequiresGuest && getSubject().getPrincipal() != null) { |
61 | 0 | throw new UnauthenticatedException("Attempting to perform a guest-only operation. The current Subject is " + |
62 | "not a guest (they have been authenticated or remembered from a previous login). Access " + | |
63 | "denied."); | |
64 | } | |
65 | 0 | } |
66 | } |