001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 */ 019package org.apache.shiro.authz.aop; 020 021import org.apache.shiro.aop.AnnotationResolver; 022 023/** 024 * Checks to see if a @{@link org.apache.shiro.authz.annotation.RequiresPermissions RequiresPermissions} annotation is declared, and if so, performs 025 * a permission check to see if the calling <code>Subject</code> is allowed to call the method. 026 * @since 0.9 027 */ 028public class PermissionAnnotationMethodInterceptor extends AuthorizingAnnotationMethodInterceptor { 029 030 /* 031 * The character to look for that closes a permission definition. 032 **/ 033 //private static final char ARRAY_CLOSE_CHAR = ']'; 034 035 /** 036 * Default no-argument constructor that ensures this interceptor looks for 037 * {@link org.apache.shiro.authz.annotation.RequiresPermissions RequiresPermissions} annotations in a method declaration. 038 */ 039 public PermissionAnnotationMethodInterceptor() { 040 super( new PermissionAnnotationHandler() ); 041 } 042 043 /** 044 * @param resolver 045 * @since 1.1 046 */ 047 public PermissionAnnotationMethodInterceptor(AnnotationResolver resolver) { 048 super( new PermissionAnnotationHandler(), resolver); 049 } 050 051 /* 052 * Infers the permission from the specified name path in the annotation. 053 * @param methodArgs the <code>MethodInvocation</code> method arguments. 054 * @param namePath the Annotation 'name' value, which is a string-based permission definition. 055 * @return the String permission representation. 056 * @throws Exception if there is an error infering the target. 057 * 058 protected String inferTargetFromPath(Object[] methodArgs, String namePath) throws Exception { 059 int propertyStartIndex = -1; 060 061 char[] chars = namePath.toCharArray(); 062 StringBuilder buf = new StringBuilder(); 063 //init iteration at index 1 (instead of 0). This is because the first 064 //character must be the ARRAY_OPEN_CHAR (eliminates unnecessary iteration) 065 for (int i = 1; i < chars.length; i++) { 066 if (chars[i] == ARRAY_CLOSE_CHAR) { 067 // skip the delimiting period after the ARRAY_CLOSE_CHAR. The resulting 068 // index is the init of the property path that we'll use with 069 // BeanUtils.getProperty: 070 propertyStartIndex = i + 2; 071 break; 072 } else { 073 buf.append(chars[i]); 074 } 075 } 076 077 Integer methodArgIndex = Integer.parseInt(buf.toString()); 078 String beanUtilsPath = new String(chars, propertyStartIndex, 079 chars.length - propertyStartIndex); 080 Object targetValue = PropertyUtils.getProperty(methodArgs[methodArgIndex], beanUtilsPath); 081 return targetValue.toString(); 082 } 083 084 /* 085 * Returns the <code>MethodInvocation</code>'s arguments, or <code>null</code> if there were none. 086 * @param invocation the methodInvocation to inspect. 087 * @return the method invocation's method arguments, or <code>null</code> if there were none. 088 * 089 protected Object[] getMethodArguments(MethodInvocation invocation) { 090 if (invocation != null) { 091 return invocation.getArguments(); 092 } else { 093 return null; 094 } 095 } 096 097 /* 098 * Returns the annotation {@link RequiresPermissions#value value}, from which the Permission will be constructed. 099 * 100 * @param invocation the method being invoked. 101 * @return the method annotation's <code>value</code>, from which the Permission will be constructed. 102 * 103 protected String getAnnotationValue(MethodInvocation invocation) { 104 RequiresPermissions prAnnotation = (RequiresPermissions) getAnnotation(invocation); 105 return prAnnotation.value(); 106 } */ 107}