1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 */ 19 package org.apache.shiro.authz.aop; 20 21 import java.lang.annotation.Annotation; 22 23 import org.apache.shiro.authz.AuthorizationException; 24 import org.apache.shiro.authz.UnauthenticatedException; 25 import org.apache.shiro.authz.annotation.RequiresGuest; 26 27 28 /** 29 * Checks to see if a @{@link org.apache.shiro.authz.annotation.RequiresGuest RequiresGuest} annotation 30 * is declared, and if so, ensures the calling <code>Subject</code> does <em>not</em> 31 * have an {@link org.apache.shiro.subject.Subject#getPrincipal() identity} before invoking the method. 32 * <p> 33 * This annotation essentially ensures that <code>subject.{@link org.apache.shiro.subject.Subject#getPrincipal() getPrincipal()} == null</code>. 34 * 35 * @since 0.9.0 36 */ 37 public class GuestAnnotationHandler extends AuthorizingAnnotationHandler { 38 39 /** 40 * Default no-argument constructor that ensures this interceptor looks for 41 * 42 * {@link org.apache.shiro.authz.annotation.RequiresGuest RequiresGuest} annotations in a method 43 * declaration. 44 */ 45 public GuestAnnotationHandler() { 46 super(RequiresGuest.class); 47 } 48 49 /** 50 * Ensures that the calling <code>Subject</code> is NOT a <em>user</em>, that is, they do not 51 * have an {@link org.apache.shiro.subject.Subject#getPrincipal() identity} before continuing. If they are 52 * a user ({@link org.apache.shiro.subject.Subject#getPrincipal() Subject.getPrincipal()} != null), an 53 * <code>AuthorizingException</code> will be thrown indicating that execution is not allowed to continue. 54 * 55 * @param a the annotation to check for one or more roles 56 * @throws org.apache.shiro.authz.AuthorizationException 57 * if the calling <code>Subject</code> is not a "guest". 58 */ 59 public void assertAuthorized(Annotation a) throws AuthorizationException { 60 if (a instanceof RequiresGuest && getSubject().getPrincipal() != null) { 61 throw new UnauthenticatedException("Attempting to perform a guest-only operation. The current Subject is " + 62 "not a guest (they have been authenticated or remembered from a previous login). Access " + 63 "denied."); 64 } 65 } 66 }