001    /*
002     * Licensed to the Apache Software Foundation (ASF) under one
003     * or more contributor license agreements.  See the NOTICE file
004     * distributed with this work for additional information
005     * regarding copyright ownership.  The ASF licenses this file
006     * to you under the Apache License, Version 2.0 (the
007     * "License"); you may not use this file except in compliance
008     * with the License.  You may obtain a copy of the License at
009     *
010     *     http://www.apache.org/licenses/LICENSE-2.0
011     *
012     * Unless required by applicable law or agreed to in writing,
013     * software distributed under the License is distributed on an
014     * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015     * KIND, either express or implied.  See the License for the
016     * specific language governing permissions and limitations
017     * under the License.
018     */
019    package org.apache.shiro.authz.aop;
020    
021    import org.apache.shiro.authz.AuthorizationException;
022    import org.apache.shiro.authz.annotation.RequiresRoles;
023    
024    import java.lang.annotation.Annotation;
025    import java.util.Arrays;
026    import java.util.LinkedHashSet;
027    import java.util.Set;
028    
029    
030    /**
031     * Checks to see if a @{@link org.apache.shiro.authz.annotation.RequiresRoles RequiresRoles} annotation is declared, and if so, performs
032     * a role check to see if the calling <code>Subject</code> is allowed to proceed.
033     *
034     * @author Les Hazlewood
035     * @since 0.9.0
036     */
037    public class RoleAnnotationHandler extends AuthorizingAnnotationHandler {
038    
039        /**
040         * Default no-argument constructor that ensures this handler looks for
041         * {@link org.apache.shiro.authz.annotation.RequiresRoles RequiresRoles} annotations.
042         */
043        public RoleAnnotationHandler() {
044            super(RequiresRoles.class);
045        }
046    
047        /**
048         * Ensures that the calling <code>Subject</code> has the Annotation's specified roles, and if not, throws an
049         * <code>AuthorizingException</code> indicating that access is denied.
050         *
051         * @param a the RequiresRoles annotation to use to check for one or more roles
052         * @throws org.apache.shiro.authz.AuthorizationException
053         *          if the calling <code>Subject</code> does not have the role(s) necessary to
054         *          proceed.
055         */
056        public void assertAuthorized(Annotation a) throws AuthorizationException {
057            if (!(a instanceof RequiresRoles)) {
058                return;
059            }
060            RequiresRoles rrAnnotation = (RequiresRoles) a;
061    
062            String roleId = rrAnnotation.value();
063    
064            String[] roles = roleId.split(",");
065    
066            if (roles.length == 1) {
067                getSubject().checkRole(roles[0]);
068            } else {
069                Set<String> rolesSet = new LinkedHashSet<String>(Arrays.asList(roles));
070                getSubject().checkRoles(rolesSet);
071            }
072        }
073    
074    }