/**
* Copyright (c) 2013-2016, The SeedStack authors <http://seedstack.org>
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
package org.seedstack.seed.security.internal.authorization;
import org.aopalliance.intercept.MethodInterceptor;
import org.aopalliance.intercept.MethodInvocation;
import org.seedstack.seed.security.AuthorizationException;
import org.seedstack.seed.security.Logical;
import org.seedstack.seed.security.RequiresPermissions;
import org.seedstack.seed.security.SecuritySupport;
import java.lang.annotation.Annotation;
/**
* Interceptor for the annotation RequiresPermissions
*/
public class RequiresPermissionsInterceptor implements MethodInterceptor {
private SecuritySupport securitySupport;
/**
* Constructor
*
* @param securitySupport
* the security support
*/
public RequiresPermissionsInterceptor(SecuritySupport securitySupport) {
this.securitySupport = securitySupport;
}
@Override
public Object invoke(MethodInvocation invocation) throws Throwable {
Annotation annotation = findAnnotation(invocation);
if (annotation == null) {
return invocation.proceed();
}
RequiresPermissions rpAnnotation = (RequiresPermissions) annotation;
String[] perms = rpAnnotation.value();
if (perms.length == 1) {
securitySupport.checkPermission(perms[0]);
return invocation.proceed();
} else if (Logical.OR.equals(rpAnnotation.logical())) {
boolean hasAtLeastOnePermission = false;
for (String permission : perms) {
if (securitySupport.isPermitted(permission)) {
hasAtLeastOnePermission = true;
break;
}
}
if (!hasAtLeastOnePermission) {
throw new AuthorizationException("User does not have any of the permissions to access method " + invocation.getMethod().toString());
}
} else {
// Otherwise rrAnnotation.logical() is by default considered as Logical.AND
securitySupport.checkPermissions(perms);
}
return invocation.proceed();
}
private Annotation findAnnotation(MethodInvocation invocation) {
Annotation annotation = invocation.getMethod().getAnnotation(RequiresPermissions.class);
if (annotation == null) {
annotation = invocation.getThis().getClass().getAnnotation(RequiresPermissions.class);
}
return annotation;
}
}