This content has been marked as final.
Show 3 replies
-
1. Re: Programmatically query @RolesAllowed or if caller can ac
wolfc Aug 7, 2006 9:49 AM (in response to matt10)This works for me:
package test; import java.lang.annotation.Annotation; import java.lang.reflect.Method; import javax.annotation.security.RolesAllowed; import javax.ejb.Remote; import javax.ejb.Stateless; @Stateless @Remote(MyStateless.class) public class MyStatelessBean implements MyStateless { @RolesAllowed("user") public String sayHelloTo(String name) { // Annotation as[] = MyStatelessBean.class.getAnnotations(); // for(Annotation a : as) { // System.err.println(a.toString()); // } Method ms[] = getClass().getMethods(); for(Method m : ms) { Annotation as[] = m.getAnnotations(); for (Annotation a : as) { System.err.println(a.toString()); } RolesAllowed rolesAllowed = m.getAnnotation(RolesAllowed.class); if(rolesAllowed != null) { for(String role : rolesAllowed.value()) { if(role.equals("user")) System.err.println("method " + m + " is allowed for user"); } } } return "Hi " + name; } @RolesAllowed("admin") public void notAllowed() { } @RolesAllowed("user") public void allowed() { } }
-
2. Re: Programmatically query @RolesAllowed or if caller can ac
matt10 Aug 7, 2006 1:02 PM (in response to matt10)Your code does work as expected. Thanks for your help.
I was doing annotation.getClass() instead of annotation.annotationType() on the server-side coupled with a bug on client-side which was not handling the results properly. I had mislead myself that I could not access annotations after seeing Proxy$69 and similar as the class name instead of the annotations I wanted. -
3. Re: Programmatically query @RolesAllowed or if caller can ac
juergen.zimmermann Aug 8, 2006 2:04 AM (in response to matt10)You also can do it this way
// Get the authentified subject Subject subject = null; try { subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); } catch (PolicyContextException e) { LOG.error(...); } if (DEBUG) LOG.debug("Subject: " + subject); // Get all roles of the authentified subject // JBoss proprietary: via SimpleGroup final Set<Principal> principals = subject.getPrincipals(Principal.class); for (Principal p: principals) { if (p instanceof SimpleGroup) { final SimpleGroup sg = (SimpleGroup) p; if ("Roles".equals(sg.getName())) { final Enumeration roles = sg.members(); while (roles.hasMoreElements()) { final String r = roles.nextElement().toString(); if (DEBUG) LOG.debug("..." + r); } } } }