Package com.priint.pubserver.auth

Class PubServerSecuredInterceptor

java.lang.Object
com.priint.pubserver.auth.PubServerSecuredInterceptor
All Implemented Interfaces:
Serializable
@Interceptor public class PubServerSecuredInterceptor extends Object implements Serializable
Interceptor annotation for getting authorization checks done, when filter settings in web.xml or ejb-jar.xml won't work.

Use it to annotate a class like this: 

 @Interceptors(PubServerSecuredInterceptor.class)
 public class MyWebService() {...}
Alternatively the interceptor can be wrapped around classes via configuration in either ejb-jar.xml or web.xml. See the SDK documentation for an example.

If an annotated method or any method in an annotated class gets invoked, this interceptor will check for each of the @RequiredGuest etc. The annotations can decorate either the method itself or the class. If an annotation was found, the interceptor will evaluate if the user (subject) is allowed to step into the method. If not, an AuthorizationException will be thrown and the method will not be executed.

More than one of the annotations are allowed: In the example below for restricting to "admins, that can burn down houses" ;-). 

 @RequiredRoles("admin")
 @RequiredPermissions("burningdownthehouse")
 public void doSomething() {...}
See Also:

  • Constructor Details

    • PubServerSecuredInterceptor

      public PubServerSecuredInterceptor()

  • Method Details

    • interceptShiroSecurity

      public Object interceptShiroSecurity(jakarta.interceptor.InvocationContext context) throws Exception
      Intercept shiro security object. It checks if user is authenticated and has permissions to perform a call.
      Parameters:
      context - InvocationContext
      Returns:
      returnValue of the method - if any
      Throws:
      Exception - bubbles any exception