Package org.craftercms.commons.security.permissions.annotations

Class HasPermissionAnnotationHandler

java.lang.Object

org.craftercms.commons.security.permissions.annotations.AbstractPermissionAnnotationHandler

org.craftercms.commons.security.permissions.annotations.HasPermissionAnnotationHandler

@Order(-1)
public class HasPermissionAnnotationHandler
extends AbstractPermissionAnnotationHandler

Aspect that handles HasPermission annotations, by doing appropriate permission checking.

Author:

avasquez

Field Summary

Fields

Modifier and Type	Field	Description
protected final String	managementToken	Management token to be validated in case a HasPermission annotation has been configured to accept a management token.

Fields inherited from class org.craftercms.commons.security.permissions.annotations.AbstractPermissionAnnotationHandler

permissionEvaluators

Constructor Summary

Constructors

Constructor	Description
HasPermissionAnnotationHandler(Map<Class<?>,PermissionEvaluator<?,?>> permissionEvaluators, String managementToken)

Method Summary

Modifier and Type	Method	Description
protected boolean	checkManagementToken(HasPermission hasPermission)	Checks if there is a valid management token param in the request.
Object	checkPermissions(org.aspectj.lang.ProceedingJoinPoint pjp)

Methods inherited from class org.craftercms.commons.security.permissions.annotations.AbstractPermissionAnnotationHandler

checkPermissions, getAnnotatedProtectedResource, getAnnotatedProtectedResourceIds, getHasPermissionAnnotation

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

managementToken

protected final String managementToken

Management token to be validated in case a HasPermission annotation has been configured to accept a management token.

Constructor Details

HasPermissionAnnotationHandler

@ConstructorProperties({"permissionEvaluators","managementToken"})
public HasPermissionAnnotationHandler(Map<Class<?>,PermissionEvaluator<?,?>> permissionEvaluators,
 String managementToken)

Method Details

checkPermissions

public Object checkPermissions(org.aspectj.lang.ProceedingJoinPoint pjp)
                        throws Throwable

Throws:

Throwable

checkManagementToken

protected boolean checkManagementToken(HasPermission hasPermission)

Checks if there is a valid management token param in the request. This token must match the configured management token for this handler.

Parameters:

hasPermission - the HasPermission annotation

Returns:

true if and only if a valid management token is present in the request AND the HasPermission annotation has been configured to accept the token