001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 */ 019package org.apache.shiro.web.jaxrs; 020 021 022import org.apache.shiro.authz.annotation.RequiresAuthentication; 023import org.apache.shiro.authz.annotation.RequiresGuest; 024import org.apache.shiro.authz.annotation.RequiresPermissions; 025import org.apache.shiro.authz.annotation.RequiresRoles; 026import org.apache.shiro.authz.annotation.RequiresUser; 027import org.apache.shiro.authz.aop.AuthenticatedAnnotationHandler; 028import org.apache.shiro.authz.aop.AuthorizingAnnotationHandler; 029import org.apache.shiro.authz.aop.GuestAnnotationHandler; 030import org.apache.shiro.authz.aop.PermissionAnnotationHandler; 031import org.apache.shiro.authz.aop.RoleAnnotationHandler; 032import org.apache.shiro.authz.aop.UserAnnotationHandler; 033 034import javax.ws.rs.container.ContainerRequestContext; 035import javax.ws.rs.container.ContainerRequestFilter; 036import javax.ws.rs.ext.Provider; 037import java.io.IOException; 038import java.lang.annotation.Annotation; 039import java.util.Collection; 040import java.util.Collections; 041import java.util.HashMap; 042import java.util.Map; 043 044/** 045 * A filter that grants or denies access to a JAX-RS resource based on the Shiro annotations on it. 046 * 047 * @see org.apache.shiro.authz.annotation 048 * @since 1.4 049 */ 050public class AnnotationAuthorizationFilter implements ContainerRequestFilter { 051 052 private final Map<AuthorizingAnnotationHandler, Annotation> authzChecks; 053 054 public AnnotationAuthorizationFilter(Collection<Annotation> authzSpecs) { 055 Map<AuthorizingAnnotationHandler, Annotation> authChecks = new HashMap<AuthorizingAnnotationHandler, Annotation>(authzSpecs.size()); 056 for (Annotation authSpec : authzSpecs) { 057 authChecks.put(createHandler(authSpec), authSpec); 058 } 059 this.authzChecks = Collections.unmodifiableMap(authChecks); 060 } 061 062 private static AuthorizingAnnotationHandler createHandler(Annotation annotation) { 063 Class<?> t = annotation.annotationType(); 064 if (RequiresPermissions.class.equals(t)) return new PermissionAnnotationHandler(); 065 else if (RequiresRoles.class.equals(t)) return new RoleAnnotationHandler(); 066 else if (RequiresUser.class.equals(t)) return new UserAnnotationHandler(); 067 else if (RequiresGuest.class.equals(t)) return new GuestAnnotationHandler(); 068 else if (RequiresAuthentication.class.equals(t)) return new AuthenticatedAnnotationHandler(); 069 else throw new IllegalArgumentException("Cannot create a handler for the unknown for annotation " + t); 070 } 071 072 @Override 073 public void filter(ContainerRequestContext requestContext) throws IOException { 074 075 for (Map.Entry<AuthorizingAnnotationHandler, Annotation> authzCheck : authzChecks.entrySet()) { 076 AuthorizingAnnotationHandler handler = authzCheck.getKey(); 077 Annotation authzSpec = authzCheck.getValue(); 078 handler.assertAuthorized(authzSpec); 079 } 080 } 081 082}