001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied.  See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 */
019package org.apache.shiro.web.jaxrs;
020
021
022import org.apache.shiro.authz.annotation.RequiresAuthentication;
023import org.apache.shiro.authz.annotation.RequiresGuest;
024import org.apache.shiro.authz.annotation.RequiresPermissions;
025import org.apache.shiro.authz.annotation.RequiresRoles;
026import org.apache.shiro.authz.annotation.RequiresUser;
027import org.apache.shiro.authz.aop.AuthenticatedAnnotationHandler;
028import org.apache.shiro.authz.aop.AuthorizingAnnotationHandler;
029import org.apache.shiro.authz.aop.GuestAnnotationHandler;
030import org.apache.shiro.authz.aop.PermissionAnnotationHandler;
031import org.apache.shiro.authz.aop.RoleAnnotationHandler;
032import org.apache.shiro.authz.aop.UserAnnotationHandler;
033
034import javax.ws.rs.container.ContainerRequestContext;
035import javax.ws.rs.container.ContainerRequestFilter;
036import javax.ws.rs.ext.Provider;
037import java.io.IOException;
038import java.lang.annotation.Annotation;
039import java.util.Collection;
040import java.util.Collections;
041import java.util.HashMap;
042import java.util.Map;
043
044/**
045 * A filter that grants or denies access to a JAX-RS resource based on the Shiro annotations on it.
046 *
047 * @see org.apache.shiro.authz.annotation
048 * @since 1.4
049 */
050public class AnnotationAuthorizationFilter implements ContainerRequestFilter {
051
052    private final Map<AuthorizingAnnotationHandler, Annotation> authzChecks;
053
054    public AnnotationAuthorizationFilter(Collection<Annotation> authzSpecs) {
055        Map<AuthorizingAnnotationHandler, Annotation> authChecks = new HashMap<AuthorizingAnnotationHandler, Annotation>(authzSpecs.size());
056        for (Annotation authSpec : authzSpecs) {
057            authChecks.put(createHandler(authSpec), authSpec);
058        }
059        this.authzChecks = Collections.unmodifiableMap(authChecks);
060    }
061
062    private static AuthorizingAnnotationHandler createHandler(Annotation annotation) {
063        Class<?> t = annotation.annotationType();
064        if (RequiresPermissions.class.equals(t)) return new PermissionAnnotationHandler();
065        else if (RequiresRoles.class.equals(t)) return new RoleAnnotationHandler();
066        else if (RequiresUser.class.equals(t)) return new UserAnnotationHandler();
067        else if (RequiresGuest.class.equals(t)) return new GuestAnnotationHandler();
068        else if (RequiresAuthentication.class.equals(t)) return new AuthenticatedAnnotationHandler();
069        else throw new IllegalArgumentException("Cannot create a handler for the unknown for annotation " + t);
070    }
071
072    @Override
073    public void filter(ContainerRequestContext requestContext) throws IOException {
074
075        for (Map.Entry<AuthorizingAnnotationHandler, Annotation> authzCheck : authzChecks.entrySet()) {
076            AuthorizingAnnotationHandler handler = authzCheck.getKey();
077            Annotation authzSpec = authzCheck.getValue();
078            handler.assertAuthorized(authzSpec);
079        }
080    }
081
082}