/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.shiro.authz.aop;
import org.apache.shiro.aop.AnnotationMethodInterceptor;
import org.apache.shiro.aop.AnnotationResolver;
import org.apache.shiro.aop.MethodInvocation;
import org.apache.shiro.authz.AuthorizationException;
/**
* An <tt>AnnotationMethodInterceptor</tt> that asserts the calling code is authorized to execute the method
* before allowing the invocation to continue by inspecting code annotations to perform an access control check.
*
* @since 0.1
*/
public abstract class AuthorizingAnnotationMethodInterceptor extends AnnotationMethodInterceptor
{
/**
* Constructor that ensures the internal <code>handler</code> is set which will be used to perform the
* authorization assertion checks when a supported annotation is encountered.
* @param handler the internal <code>handler</code> used to perform authorization assertion checks when a
* supported annotation is encountered.
*/
public AuthorizingAnnotationMethodInterceptor( AuthorizingAnnotationHandler handler ) {
super(handler);
}
/**
*
* @param handler
* @param resolver
* @since 1.1
*/
public AuthorizingAnnotationMethodInterceptor( AuthorizingAnnotationHandler handler,
AnnotationResolver resolver) {
super(handler, resolver);
}
/**
* Ensures the <code>methodInvocation</code> is allowed to execute first before proceeding by calling the
* {@link #assertAuthorized(org.apache.shiro.aop.MethodInvocation) assertAuthorized} method first.
*
* @param methodInvocation the method invocation to check for authorization prior to allowing it to proceed/execute.
* @return the return value from the method invocation (the value of {@link org.apache.shiro.aop.MethodInvocation#proceed() MethodInvocation.proceed()}).
* @throws org.apache.shiro.authz.AuthorizationException if the <code>MethodInvocation</code> is not allowed to proceed.
* @throws Throwable if any other error occurs.
*/
public Object invoke(MethodInvocation methodInvocation) throws Throwable {
assertAuthorized(methodInvocation);
return methodInvocation.proceed();
}
/**
* Ensures the calling Subject is authorized to execute the specified <code>MethodInvocation</code>.
* <p/>
* As this is an AnnotationMethodInterceptor, this implementation merely delegates to the internal
* {@link AuthorizingAnnotationHandler AuthorizingAnnotationHandler} by first acquiring the annotation by
* calling {@link #getAnnotation(MethodInvocation) getAnnotation(methodInvocation)} and then calls
* {@link AuthorizingAnnotationHandler#assertAuthorized(java.lang.annotation.Annotation) handler.assertAuthorized(annotation)}.
*
* @param mi the <code>MethodInvocation</code> to check to see if it is allowed to proceed/execute.
* @throws AuthorizationException if the method invocation is not allowed to continue/execute.
*/
public void assertAuthorized(MethodInvocation mi) throws AuthorizationException {
try {
((AuthorizingAnnotationHandler)getHandler()).assertAuthorized(getAnnotation(mi));
}
catch(AuthorizationException ae) {
// Annotation handler doesn't know why it was called, so add the information here if possible.
// Don't wrap the exception here since we don't want to mask the specific exception, such as
// UnauthenticatedException etc.
if (ae.getCause() == null) ae.initCause(new AuthorizationException("Not authorized to invoke method: " + mi.getMethod()));
throw ae;
}
}
}