Coverage Report - org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor
 
Classes in this File Line Coverage Branch Coverage Complexity
AuthorizationAttributeSourceAdvisor
91%
22/24
90%
9/10
2.8
 
 1   
 /*
 2   
  * Licensed to the Apache Software Foundation (ASF) under one
 3   
  * or more contributor license agreements.  See the NOTICE file
 4   
  * distributed with this work for additional information
 5   
  * regarding copyright ownership.  The ASF licenses this file
 6   
  * to you under the Apache License, Version 2.0 (the
 7   
  * "License"); you may not use this file except in compliance
 8   
  * with the License.  You may obtain a copy of the License at
 9   
  *
 10   
  *     http://www.apache.org/licenses/LICENSE-2.0
 11   
  *
 12   
  * Unless required by applicable law or agreed to in writing,
 13   
  * software distributed under the License is distributed on an
 14   
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 15   
  * KIND, either express or implied.  See the License for the
 16   
  * specific language governing permissions and limitations
 17   
  * under the License.
 18   
  */
 19   
 package org.apache.shiro.spring.security.interceptor;
 20   
 
 21   
 import org.apache.shiro.authz.annotation.*;
 22   
 import org.apache.shiro.mgt.SecurityManager;
 23   
 import org.slf4j.Logger;
 24   
 import org.slf4j.LoggerFactory;
 25   
 import org.springframework.aop.support.StaticMethodMatcherPointcutAdvisor;
 26   
 import org.springframework.core.annotation.AnnotationUtils;
 27   
 
 28   
 import java.lang.annotation.Annotation;
 29   
 import java.lang.reflect.Method;
 30   
 
 31   
 
 32   
 /**
 33   
  * TODO - complete JavaDoc
 34   
  *
 35   
  * @since 0.1
 36   
  */
 37   
 @SuppressWarnings({"unchecked"})
 38   
 public class AuthorizationAttributeSourceAdvisor extends StaticMethodMatcherPointcutAdvisor {
 39   
 
 40  1 
     private static final Logger log = LoggerFactory.getLogger(AuthorizationAttributeSourceAdvisor.class);
 41   
 
 42  1 
     private static final Class<? extends Annotation>[] AUTHZ_ANNOTATION_CLASSES =
 43   
             new Class[] {
 44   
                     RequiresPermissions.class, RequiresRoles.class,
 45   
                     RequiresUser.class, RequiresGuest.class, RequiresAuthentication.class
 46   
             };
 47   
 
 48  1 
     protected SecurityManager securityManager = null;
 49   
 
 50   
     /**
 51   
      * Create a new AuthorizationAttributeSourceAdvisor.
 52   
      */
 53  1 
     public AuthorizationAttributeSourceAdvisor() {
 54  1 
         setAdvice(new AopAllianceAnnotationsAuthorizingMethodInterceptor());
 55  1 
     }
 56   
 
 57   
     public SecurityManager getSecurityManager() {
 58  0 
         return securityManager;
 59   
     }
 60   
 
 61   
     public void setSecurityManager(org.apache.shiro.mgt.SecurityManager securityManager) {
 62  1 
         this.securityManager = securityManager;
 63  1 
     }
 64   
 
 65   
     /**
 66   
      * Returns <tt>true</tt> if the method has any Shiro annotations, false otherwise.
 67   
      * The annotations inspected are:
 68   
      * <ul>
 69   
      * <li>{@link org.apache.shiro.authz.annotation.RequiresAuthentication RequiresAuthentication}</li>
 70   
      * <li>{@link org.apache.shiro.authz.annotation.RequiresUser RequiresUser}</li>
 71   
      * <li>{@link org.apache.shiro.authz.annotation.RequiresGuest RequiresGuest}</li>
 72   
      * <li>{@link org.apache.shiro.authz.annotation.RequiresRoles RequiresRoles}</li>
 73   
      * <li>{@link org.apache.shiro.authz.annotation.RequiresPermissions RequiresPermissions}</li>
 74   
      * </ul>
 75   
      *
 76   
      * @param method      the method to check for a Shiro annotation
 77   
      * @param targetClass the class potentially declaring Shiro annotations
 78   
      * @return <tt>true</tt> if the method has a Shiro annotation, false otherwise.
 79   
      * @see org.springframework.aop.MethodMatcher#matches(java.lang.reflect.Method, Class)
 80   
      */
 81   
     public boolean matches(Method method, Class targetClass) {
 82  122 
         Method m = method;
 83   
 
 84  122 
         if ( isAuthzAnnotationPresent(m) ) {
 85  4 
             return true;
 86   
         }
 87   
 
 88   
         //The 'method' parameter could be from an interface that doesn't have the annotation.
 89   
         //Check to see if the implementation has it.
 90  118 
         if ( targetClass != null) {
 91   
             try {
 92  118 
                 m = targetClass.getMethod(m.getName(), m.getParameterTypes());
 93  118 
                 if ( isAuthzAnnotationPresent(m) ) {
 94  3 
                     return true;
 95   
                 }
 96  0 
             } catch (NoSuchMethodException ignored) {
 97   
                 //default return value is false.  If we can't find the method, then obviously
 98   
                 //there is no annotation, so just use the default return value.
 99  115 
             }
 100   
         }
 101   
 
 102  115 
         return false;
 103   
     }
 104   
 
 105   
     private boolean isAuthzAnnotationPresent(Method method) {
 106  1426 
         for( Class<? extends Annotation> annClass : AUTHZ_ANNOTATION_CLASSES ) {
 107  1193 
             Annotation a = AnnotationUtils.findAnnotation(method, annClass);
 108  1193 
             if ( a != null ) {
 109  7 
                 return true;
 110   
             }
 111   
         }
 112  233 
         return false;
 113   
     }
 114   
 
 115   
 }
Report generated by Cobertura 1.9.4.1 on 3/4/16 6:05 PM.