1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.shiro.web.jaxrs;
20
21
22 import org.apache.shiro.authz.annotation.RequiresAuthentication;
23 import org.apache.shiro.authz.annotation.RequiresGuest;
24 import org.apache.shiro.authz.annotation.RequiresPermissions;
25 import org.apache.shiro.authz.annotation.RequiresRoles;
26 import org.apache.shiro.authz.annotation.RequiresUser;
27 import org.apache.shiro.web.filter.authz.AuthorizationFilter;
28
29 import javax.ws.rs.Priorities;
30 import javax.ws.rs.container.DynamicFeature;
31 import javax.ws.rs.container.ResourceInfo;
32 import javax.ws.rs.core.FeatureContext;
33 import java.lang.annotation.Annotation;
34 import java.util.ArrayList;
35 import java.util.Arrays;
36 import java.util.Collections;
37 import java.util.List;
38
39
40
41
42
43 public class ShiroAnnotationFilterFeature implements DynamicFeature {
44
45 private static List<Class<? extends Annotation>> shiroAnnotations = Collections.unmodifiableList(Arrays.asList(
46 RequiresPermissions.class,
47 RequiresRoles.class,
48 RequiresAuthentication.class,
49 RequiresUser.class,
50 RequiresGuest.class));
51
52 @Override
53 public void configure(ResourceInfo resourceInfo, FeatureContext context) {
54
55 List<Annotation> authzSpecs = new ArrayList<Annotation>();
56
57 for (Class<? extends Annotation> annotationClass : shiroAnnotations) {
58
59 Annotation classAuthzSpec = resourceInfo.getResourceClass().getAnnotation(annotationClass);
60 Annotation methodAuthzSpec = resourceInfo.getResourceMethod().getAnnotation(annotationClass);
61
62 if (classAuthzSpec != null) authzSpecs.add(classAuthzSpec);
63 if (methodAuthzSpec != null) authzSpecs.add(methodAuthzSpec);
64 }
65
66 if (!authzSpecs.isEmpty()) {
67 context.register(new AnnotationAuthorizationFilter(authzSpecs), Priorities.AUTHORIZATION);
68 }
69 }
70
71 }