RequiresRolesInterceptor.java

/**
 * Copyright (c) 2013-2016, The SeedStack authors <http://seedstack.org>
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 */
package org.seedstack.seed.security.internal.authorization;

import org.aopalliance.intercept.MethodInterceptor;
import org.aopalliance.intercept.MethodInvocation;
import org.seedstack.seed.security.AuthorizationException;
import org.seedstack.seed.security.Logical;
import org.seedstack.seed.security.RequiresRoles;
import org.seedstack.seed.security.SecuritySupport;

import java.lang.annotation.Annotation;

/**
 * Interceptor for annotation RequiresRoles
 */
public class RequiresRolesInterceptor implements MethodInterceptor {

    private SecuritySupport securitySupport;

    /**
     * Constructor
     * 
     * @param securitySupport
     *            the security support
     */
    public RequiresRolesInterceptor(SecuritySupport securitySupport) {
        this.securitySupport = securitySupport;
    }

    @Override
    public Object invoke(MethodInvocation invocation) throws Throwable {
        Annotation annotation = findAnnotation(invocation);
        if (annotation == null) {
            return invocation.proceed();
        }
        RequiresRoles rrAnnotation = (RequiresRoles) annotation;
        String[] roles = rrAnnotation.value();
        if (roles.length == 1) {
            securitySupport.checkRole(roles[0]);
            return invocation.proceed();
        } else if (Logical.OR.equals(rrAnnotation.logical())) {
            boolean hasAtLeastOneRole = false;
            for (String role : roles) {
                if (securitySupport.hasRole(role)) {
                    hasAtLeastOneRole = true;
                    break;
                }
            }
            if (!hasAtLeastOneRole) {
                throw new AuthorizationException("User does not have any of the roles to access method " + invocation.getMethod().toString());
            }
        } else {
            // Otherwise rrAnnotation.logical() is by default considered as Logical.AND
            securitySupport.checkRoles(roles);
        }
        return invocation.proceed();
    }

    private Annotation findAnnotation(MethodInvocation invocation) {
        Annotation annotation = invocation.getMethod().getAnnotation(RequiresRoles.class);
        if (annotation == null) {
            annotation = invocation.getThis().getClass().getAnnotation(RequiresRoles.class);
        }
        return annotation;
    }
}