001 /*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements. See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership. The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License. You may obtain a copy of the License at
009 *
010 * http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied. See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 */
019 package org.apache.shiro.authz.aop;
020
021 import org.apache.shiro.aop.AnnotationMethodInterceptor;
022 import org.apache.shiro.aop.MethodInvocation;
023 import org.apache.shiro.authz.AuthorizationException;
024
025
026 /**
027 * An <tt>AnnotationMethodInterceptor</tt> that asserts the calling code is authorized to execute the method
028 * before allowing the invocation to continue by inspecting code annotations to perform an access control check.
029 *
030 * @author Les Hazlewood
031 * @since 0.1
032 */
033 public abstract class AuthorizingAnnotationMethodInterceptor extends AnnotationMethodInterceptor
034 {
035
036 /**
037 * Constructor that ensures the internal <code>handler</code> is set which will be used to perform the
038 * authorization assertion checks when a supported annotation is encountered.
039 * @param handler the internal <code>handler</code> used to perform authorization assertion checks when a
040 * supported annotation is encountered.
041 */
042 public AuthorizingAnnotationMethodInterceptor( AuthorizingAnnotationHandler handler ) {
043 super(handler);
044 }
045
046 /**
047 * Ensures the <code>methodInvocation</code> is allowed to execute first before proceeding by calling the
048 * {@link #assertAuthorized(org.apache.shiro.aop.MethodInvocation) assertAuthorized} method first.
049 *
050 * @param methodInvocation the method invocation to check for authorization prior to allowing it to proceed/execute.
051 * @return the return value from the method invocation (the value of {@link org.apache.shiro.aop.MethodInvocation#proceed() MethodInvocation.proceed()}).
052 * @throws org.apache.shiro.authz.AuthorizationException if the <code>MethodInvocation</code> is not allowed to proceed.
053 * @throws Throwable if any other error occurs.
054 */
055 public Object invoke(MethodInvocation methodInvocation) throws Throwable {
056 assertAuthorized(methodInvocation);
057 return methodInvocation.proceed();
058 }
059
060 /**
061 * Ensures the calling Subject is authorized to execute the specified <code>MethodInvocation</code>.
062 * <p/>
063 * As this is an AnnotationMethodInterceptor, this implementation merely delegates to the internal
064 * {@link AuthorizingAnnotationHandler AuthorizingAnnotationHandler} by first acquiring the annotation by
065 * calling {@link #getAnnotation(MethodInvocation) getAnnotation(methodInvocation)} and then calls
066 * {@link AuthorizingAnnotationHandler#assertAuthorized(java.lang.annotation.Annotation) handler.assertAuthorized(annotation)}.
067 *
068 * @param mi the <code>MethodInvocation</code> to check to see if it is allowed to proceed/execute.
069 * @throws AuthorizationException if the method invocation is not allowed to continue/execute.
070 */
071 public void assertAuthorized(MethodInvocation mi) throws AuthorizationException {
072 ((AuthorizingAnnotationHandler)getHandler()).assertAuthorized(getAnnotation(mi));
073 }
074 }