Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Don't need SecurityManager to check Permissions, Subject is enough. T…

…his simplifies testing.
  • Loading branch information...
commit 6ca85bee2f8cf2bbafb8eab1943e6d34423e26a2 1 parent 7c480dc
Carl-Eric Menzel authored
173 ...y/wicket-shiro/src/main/java/org/wicketstuff/shiro/annotation/AnnotationsShiroAuthorizationStrategy.java
@@ -19,9 +19,7 @@
19 19 import java.lang.annotation.Annotation;
20 20
21 21 import org.apache.shiro.SecurityUtils;
22   -import org.apache.shiro.mgt.SecurityManager;
23 22 import org.apache.shiro.subject.Subject;
24   -import org.apache.shiro.util.ThreadContext;
25 23 import org.apache.wicket.Component;
26 24 import org.apache.wicket.authorization.Action;
27 25 import org.apache.wicket.authorization.IAuthorizationStrategy;
@@ -29,100 +27,99 @@
29 27 import org.slf4j.LoggerFactory;
30 28 import org.wicketstuff.shiro.ShiroAction;
31 29
32   -public class AnnotationsShiroAuthorizationStrategy implements IAuthorizationStrategy
33   -{
34   - private static final Logger LOG = LoggerFactory.getLogger(AnnotationsShiroAuthorizationStrategy.class);
  30 +public class AnnotationsShiroAuthorizationStrategy implements IAuthorizationStrategy {
  31 + private static final Logger LOG = LoggerFactory
  32 + .getLogger(AnnotationsShiroAuthorizationStrategy.class);
35 33
36   - /**
37   - * @param <T>
38   - * @param clazz
39   - * @return null if ok, or the Annotation that failed
40   - */
41   - protected ShiroSecurityConstraint checkInvalidInstantiation(final Annotation[] annotations,
42   - final ShiroAction action)
43   - {
44   - if (annotations == null)
45   - return null;
  34 + /**
  35 + * @param <T>
  36 + * @param clazz
  37 + * @return null if ok, or the Annotation that failed
  38 + */
  39 + protected ShiroSecurityConstraint checkInvalidInstantiation(final Annotation[] annotations,
  40 + final ShiroAction action) {
  41 + if (annotations == null) {
  42 + return null;
  43 + }
46 44
47   - for (final Annotation annotation : annotations)
48   - // Check Permissions
49   - if (annotation instanceof ShiroSecurityConstraint)
50   - {
51   - final ShiroSecurityConstraint constraint = (ShiroSecurityConstraint)annotation;
52   - if (action == constraint.action())
53   - {
54   - final SecurityManager sm = ThreadContext.getSecurityManager();
55   - final Subject subject = SecurityUtils.getSubject();
56   - switch (constraint.constraint())
57   - {
58   - case HasRole : {
59   - if (!sm.hasRole(subject.getPrincipals(), constraint.value()))
60   - return constraint;
61   - break;
62   - }
  45 + for (final Annotation annotation : annotations) {
  46 + // Check Permissions
  47 + if (annotation instanceof ShiroSecurityConstraint) {
  48 + final ShiroSecurityConstraint constraint = (ShiroSecurityConstraint) annotation;
  49 + if (action == constraint.action()) {
  50 + final Subject subject = SecurityUtils.getSubject();
  51 + switch (constraint.constraint()) {
  52 + case HasRole: {
  53 + if (!subject.hasRole(constraint.value())) {
  54 + return constraint;
  55 + }
  56 + break;
  57 + }
63 58
64   - case HasPermission : {
65   - if (!sm.isPermitted(subject.getPrincipals(), constraint.value()))
66   - return constraint;
67   - break;
68   - }
  59 + case HasPermission: {
  60 + if (!subject.isPermitted(constraint.value())) {
  61 + return constraint;
  62 + }
  63 + break;
  64 + }
69 65
70   - case IsAuthenticated : {
71   - if (!subject.isAuthenticated())
72   - return constraint;
73   - break;
74   - }
  66 + case IsAuthenticated: {
  67 + if (!subject.isAuthenticated()) {
  68 + return constraint;
  69 + }
  70 + break;
  71 + }
75 72
76   - case LoggedIn : {
77   - if (subject.getPrincipal() == null)
78   - return constraint;
79   - break;
80   - }
81   - }
82   - }
83   - } // end if KiSecurityConstraint
84   - return null;
85   - }
  73 + case LoggedIn: {
  74 + if (subject.getPrincipal() == null) {
  75 + return constraint;
  76 + }
  77 + break;
  78 + }
  79 + }
  80 + }
  81 + } // end if KiSecurityConstraint
  82 + }
  83 + return null;
  84 + }
86 85
87   - public <T extends Component> ShiroSecurityConstraint checkInvalidInstantiation(
88   - final Class<T> componentClass)
89   - {
90   - ShiroSecurityConstraint fail = checkInvalidInstantiation(componentClass.getAnnotations(),
91   - ShiroAction.INSTANTIATE);
92   - if (fail == null)
93   - fail = checkInvalidInstantiation(componentClass.getPackage().getAnnotations(),
94   - ShiroAction.INSTANTIATE);
95   - return fail;
96   - }
  86 + public <T extends Component> ShiroSecurityConstraint checkInvalidInstantiation(
  87 + final Class<T> componentClass) {
  88 + ShiroSecurityConstraint fail = checkInvalidInstantiation(componentClass.getAnnotations(),
  89 + ShiroAction.INSTANTIATE);
  90 + if (fail == null) {
  91 + fail = checkInvalidInstantiation(componentClass.getPackage().getAnnotations(),
  92 + ShiroAction.INSTANTIATE);
  93 + }
  94 + return fail;
  95 + }
97 96
98   - /**
99   - * {@inheritDoc}
100   - */
101   - public boolean isActionAuthorized(final Component component, final Action action)
102   - {
  97 + /**
  98 + * {@inheritDoc}
  99 + */
  100 + public boolean isActionAuthorized(final Component component, final Action action) {
103 101
104   - final ShiroAction _action = action.getName().equals(Action.RENDER) ? ShiroAction.RENDER
105   - : ShiroAction.ENABLE;
  102 + final ShiroAction _action = action.getName().equals(Action.RENDER) ? ShiroAction.RENDER
  103 + : ShiroAction.ENABLE;
106 104
107   - final Class<? extends Component> clazz = component.getClass();
108   - ShiroSecurityConstraint fail = checkInvalidInstantiation(clazz.getAnnotations(), _action);
109   - if (fail == null)
110   - fail = checkInvalidInstantiation(clazz.getPackage().getAnnotations(), _action);
111   - return fail == null;
112   - }
  105 + final Class<? extends Component> clazz = component.getClass();
  106 + ShiroSecurityConstraint fail = checkInvalidInstantiation(clazz.getAnnotations(), _action);
  107 + if (fail == null) {
  108 + fail = checkInvalidInstantiation(clazz.getPackage().getAnnotations(), _action);
  109 + }
  110 + return fail == null;
  111 + }
113 112
114   - /**
115   - * {@inheritDoc}
116   - */
117   - public <T extends Component> boolean isInstantiationAuthorized(final Class<T> componentClass)
118   - {
119   - final Annotation fail = checkInvalidInstantiation(componentClass);
120   - if (fail != null)
121   - {
122   - LOG.info("Unauthorized Instantiation :: component={} reason={} subject={}",
123   - new Object[] { componentClass, fail, SecurityUtils.getSubject() });
124   - return false;
125   - }
126   - return true;
127   - }
  113 + /**
  114 + * {@inheritDoc}
  115 + */
  116 + public <T extends Component> boolean isInstantiationAuthorized(final Class<T> componentClass) {
  117 + final Annotation fail = checkInvalidInstantiation(componentClass);
  118 + if (fail != null) {
  119 + LOG.info("Unauthorized Instantiation :: component={} reason={} subject={}",
  120 + new Object[] { componentClass, fail, SecurityUtils.getSubject() });
  121 + return false;
  122 + }
  123 + return true;
  124 + }
128 125 }

0 comments on commit 6ca85be

Please sign in to comment.
Something went wrong with that request. Please try again.