简介

实现处理注解的基础支持类；

核心方法

// 处理的注解类型
protected Class<? extends Annotation> annotationClass;

/**
 * 构造方法
 */
public AnnotationHandler(Class<? extends Annotation> annotationClass) {
    setAnnotationClass(annotationClass);
}

/**
 * 获取当前的Subject
 */
protected Subject getSubject() {
    return SecurityUtils.getSubject();
}

/**
 * 设置处理的注解的类型
 */
protected void setAnnotationClass(Class<? extends Annotation> annotationClass)
        throws IllegalArgumentException {
    if (annotationClass == null) {
        String msg = "annotationClass argument cannot be null";
        throw new IllegalArgumentException(msg);
    }
    this.annotationClass = annotationClass;
}

实现子类

public abstract class AnnotationHandler
    public abstract class AuthorizingAnnotationHandler extends AnnotationHandler
        public class AuthenticatedAnnotationHandler extends AuthorizingAnnotationHandler
        public class GuestAnnotationHandler extends AuthorizingAnnotationHandler
        public class UserAnnotationHandler extends AuthorizingAnnotationHandler
        public class PermissionAnnotationHandler extends AuthorizingAnnotationHandler
        public class RoleAnnotationHandler extends AuthorizingAnnotationHandler

AuthorizingAnnotationHandler

简介

支持基于注解中的指令进行授权行为的注解处理器；

核心方法

/**
 * 构造方法
 */
public AuthorizingAnnotationHandler(Class<? extends Annotation> annotationClass) {
    super(annotationClass);
}

/**
 * 确保当前Subject基于给定注解中的指令被授权
 */
public abstract void assertAuthorized(Annotation a) throws AuthorizationException;

AuthenticatedAnnotationHandler

简介

处理注解@RequiresAuthentication，确保当前Subject在允许访问前已登录；

核心方法

/**
 * 构造方法
 */
public AuthenticatedAnnotationHandler() {
    super(RequiresAuthentication.class);
}

/**
 * 确保当前Subject已登录
 */
public void assertAuthorized(Annotation a) throws UnauthenticatedException {
    if (a instanceof RequiresAuthentication && !getSubject().isAuthenticated() ) {
        throw new UnauthenticatedException( "The current Subject is not authenticated.  Access denied." );
    }
}

GuestAnnotationHandler

简介

处理注解@RequiresGuest，确保当前Subject在执行方法前未登录；

核心方法

/**
 * 构造方法
 */
public GuestAnnotationHandler() {
    super(RequiresGuest.class);
}

/**
 * 确保当前Subject未登录
 */
public void assertAuthorized(Annotation a) throws AuthorizationException {
    if (a instanceof RequiresGuest && getSubject().getPrincipal() != null) {
        throw new UnauthenticatedException("Attempting to perform a guest-only operation.  The current Subject is " +
                "not a guest (they have been authenticated or remembered from a previous login).  Access " +
                "denied.");
    }
}

UserAnnotationHandler

简介

处理注解@RequiresUser，确保当前Subject在执行方法前已登录或者被记住；

核心方法

/**
 * 构造方法
 */
public UserAnnotationHandler() {
    super(RequiresUser.class);
}

/**
 * 确保当前Subject已登录或者被记住
 */
public void assertAuthorized(Annotation a) throws AuthorizationException {
    if (a instanceof RequiresUser && getSubject().getPrincipal() == null) {
        throw new UnauthenticatedException("Attempting to perform a user-only operation.  The current Subject is " +
                "not a user (they haven't been authenticated or remembered from a previous login).  " +
                "Access denied.");
    }
}

PermissionAnnotationHandler

简介

处理注解@RequiresPermissions，确保当前Subject在执行方法前拥有指定的权限；

核心方法

/**
 * 构造方法
 */
public PermissionAnnotationHandler() {
    super(RequiresPermissions.class);
}

/**
 * 获取指定的权限
 */
protected String[] getAnnotationValue(Annotation a) {
    RequiresPermissions rpAnnotation = (RequiresPermissions) a;
    return rpAnnotation.value();
}

/**
 * 确保当前Subject拥有注解指定的权限
 */
public void assertAuthorized(Annotation a) throws AuthorizationException {
    if (!(a instanceof RequiresPermissions)) return;

    // 获取注解中指定的权限
    RequiresPermissions rpAnnotation = (RequiresPermissions) a;
    String[] perms = getAnnotationValue(a);
    Subject subject = getSubject();

    // 校验权限
    if (perms.length == 1) {
        subject.checkPermission(perms[0]);
        return;
    }
    if (Logical.AND.equals(rpAnnotation.logical())) {
        getSubject().checkPermissions(perms);
        return;
    }
    if (Logical.OR.equals(rpAnnotation.logical())) {
        // Avoid processing exceptions unnecessarily - "delay" throwing the exception by calling hasRole first
        boolean hasAtLeastOnePermission = false;
        for (String permission : perms) if (getSubject().isPermitted(permission)) hasAtLeastOnePermission = true;
        // Cause the exception if none of the role match, note that the exception message will be a bit misleading
        if (!hasAtLeastOnePermission) getSubject().checkPermission(perms[0]);
        
    }
}

RoleAnnotationHandler

简介

处理注解@RequiresRoles，确保当前Subject在执行方法前拥有指定的角色；

核心方法

/**
 * 构造方法
 */
public RoleAnnotationHandler() {
    super(RequiresRoles.class);
}

/**
 * 确保当前Subject拥有注解指定的角色
 */
public void assertAuthorized(Annotation a) throws AuthorizationException {
    if (!(a instanceof RequiresRoles)) return;

    // 获取注解中指定的角色
    RequiresRoles rrAnnotation = (RequiresRoles) a;
    String[] roles = rrAnnotation.value();

    // 校验角色
    if (roles.length == 1) {
        getSubject().checkRole(roles[0]);
        return;
    }
    if (Logical.AND.equals(rrAnnotation.logical())) {
        getSubject().checkRoles(Arrays.asList(roles));
        return;
    }
    if (Logical.OR.equals(rrAnnotation.logical())) {
        // Avoid processing exceptions unnecessarily - "delay" throwing the exception by calling hasRole first
        boolean hasAtLeastOneRole = false;
        for (String role : roles) if (getSubject().hasRole(role)) hasAtLeastOneRole = true;
        // Cause the exception if none of the role match, note that the exception message will be a bit misleading
        if (!hasAtLeastOneRole) getSubject().checkRole(roles[0]);
    }
}