SecurityAnnotationAttributes xref

View Javadoc

1   /* Copyright 2004, 2005 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  package org.acegisecurity.annotation;
16  
17  import java.lang.annotation.Annotation;
18  import java.lang.reflect.Field;
19  import java.lang.reflect.Method;
20  import java.util.Collection;
21  import java.util.HashSet;
22  import java.util.Set;
23  
24  import org.acegisecurity.SecurityConfig;
25  
26  import org.springframework.metadata.Attributes;
27  
28  /***
29   * Java 5 Annotation <code>Attributes</code> metadata implementation used for 
30   * secure method interception. 
31   * 
32   * <p>This <code>Attributes</code> implementation will return security 
33   * configuration for classes described using the <code>Secured</code> Java 5
34   * annotation. 
35   * 
36   * <p>The <code>SecurityAnnotationAttributes</code> implementation can be used
37   * to configure a <code>MethodDefinitionAttributes</code> and 
38   * <code>MethodSecurityInterceptor</code> bean definition (see below).
39   * 
40   * <p>For example: 
41   * <pre>
42   * &lt;bean id="attributes" 
43   *     class="org.acegisecurity.annotation.SecurityAnnotationAttributes"/>
44   * 
45   * &lt;bean id="objectDefinitionSource" 
46   *     class="org.acegisecurity.intercept.method.MethodDefinitionAttributes">
47   *     &lt;property name="attributes">
48   *         &lt;ref local="attributes"/>
49   *     &lt;/property>
50   * &lt;/bean>
51   * 
52   * &lt;bean id="securityInterceptor" 
53   *     class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
54   *      . . .
55   *      &lt;property name="objectDefinitionSource">
56   *          &lt;ref local="objectDefinitionSource"/>
57   *      &lt;/property>
58   * &lt;/bean>
59   * </pre>
60   * 
61   * <p>These security annotations are similiar to the Commons Attributes
62   * approach, however they are using Java 5 language-level metadata support.
63   *
64   * @author Mark St.Godard
65   * @version $Id: SecurityAnnotationAttributes.java,v 1.2 2005/11/17 00:55:48 benalex Exp $
66   *
67   * @see org.acegisecurity.annotation.Secured
68   */
69  public class SecurityAnnotationAttributes implements Attributes {
70  
71  	/***
72  	 * Get the <code>Secured</code> attributes for a given target class.
73  	 * @param method The target method
74  	 * @return Collection of <code>SecurityConfig</code>
75  	 * @see Attributes#getAttributes
76  	 */
77  	public Collection getAttributes(Class target) {
78  
79  		Set<SecurityConfig> attributes = new HashSet<SecurityConfig>();
80  
81  		for (Annotation annotation : target.getAnnotations()) {
82  			// check for Secured annotations
83  			if (annotation instanceof Secured) {
84  				Secured attr = (Secured) annotation;
85  				for (String auth : attr.value()) {
86  					attributes.add(new SecurityConfig(auth));
87  				}
88  				break;
89  			}
90  		}
91  		return attributes;
92  	}
93  
94  	public Collection getAttributes(Class clazz, Class filter) {
95  		throw new UnsupportedOperationException("Unsupported operation");
96  	}
97  
98  	/***
99  	 * Get the <code>Secured</code> attributes for a given target method.
100 	 * @param method The target method
101 	 * @return Collection of <code>SecurityConfig</code>
102 	 * @see Attributes#getAttributes
103 	 */	
104 	public Collection getAttributes(Method method) {
105 		Set<SecurityConfig> attributes = new HashSet<SecurityConfig>();
106 
107 		for (Annotation annotation : method.getAnnotations()) {
108 			// check for Secured annotations
109 			if (annotation instanceof Secured) {
110 				Secured attr = (Secured) annotation;
111 				for (String auth : attr.value()) {
112 					attributes.add(new SecurityConfig(auth));
113 				}
114 				break;
115 			}
116 		}
117 		return attributes;
118 	}
119 
120 	public Collection getAttributes(Method method, Class clazz) {
121 		throw new UnsupportedOperationException("Unsupported operation");
122 	}
123 
124 	public Collection getAttributes(Field field) {
125 		throw new UnsupportedOperationException("Unsupported operation");
126 	}
127 
128 	public Collection getAttributes(Field field, Class clazz) {
129 		throw new UnsupportedOperationException("Unsupported operation");
130 	}
131 
132 }