View Javadoc

1   //
2   //  ========================================================================
3   //  Copyright (c) 1995-2013 Mort Bay Consulting Pty. Ltd.
4   //  ------------------------------------------------------------------------
5   //  All rights reserved. This program and the accompanying materials
6   //  are made available under the terms of the Eclipse Public License v1.0
7   //  and Apache License v2.0 which accompanies this distribution.
8   //
9   //      The Eclipse Public License is available at
10  //      http://www.eclipse.org/legal/epl-v10.html
11  //
12  //      The Apache License v2.0 is available at
13  //      http://www.opensource.org/licenses/apache2.0.php
14  //
15  //  You may elect to redistribute this code under either of these licenses.
16  //  ========================================================================
17  //
18  
19  package org.eclipse.jetty.annotations;
20  
21  import java.util.List;
22  
23  import javax.servlet.Servlet;
24  
25  import org.eclipse.jetty.annotations.AnnotationIntrospector.AbstractIntrospectableAnnotationHandler;
26  import org.eclipse.jetty.annotations.AnnotationParser.Value;
27  import org.eclipse.jetty.plus.annotation.RunAsCollection;
28  import org.eclipse.jetty.servlet.ServletHolder;
29  import org.eclipse.jetty.util.log.Log;
30  import org.eclipse.jetty.util.log.Logger;
31  import org.eclipse.jetty.webapp.Descriptor;
32  import org.eclipse.jetty.webapp.MetaData;
33  import org.eclipse.jetty.webapp.WebAppContext;
34  
35  
36  public class RunAsAnnotationHandler extends AbstractIntrospectableAnnotationHandler
37  {
38      private static final Logger LOG = Log.getLogger(RunAsAnnotationHandler.class);
39  
40      protected WebAppContext _context;
41  
42      public RunAsAnnotationHandler (WebAppContext wac)
43      {
44          //Introspect only the given class for a RunAs annotation, as it is a class level annotation,
45          //and according to Common Annotation Spec p2-6 a class-level annotation is not inheritable.
46          super(false);
47          _context = wac;
48      }
49  
50      public void doHandle (Class clazz)
51      {
52          if (!Servlet.class.isAssignableFrom(clazz))
53              return;
54  
55          javax.annotation.security.RunAs runAs = (javax.annotation.security.RunAs)clazz.getAnnotation(javax.annotation.security.RunAs.class);
56          if (runAs != null)
57          {
58              String role = runAs.value();
59              if (role != null)
60              {
61                  ServletHolder holder = getServletHolderForClass(clazz);
62                  if (holder != null)
63                  {
64                      MetaData metaData = _context.getMetaData();
65                      Descriptor d = metaData.getOriginDescriptor(holder.getName()+".servlet.run-as");
66                      //if a descriptor has already set the value for run-as, do not
67                      //let the annotation override it
68                      if (d == null)
69                      {
70                          metaData.setOrigin(holder.getName()+".servlet.run-as");
71                          org.eclipse.jetty.plus.annotation.RunAs ra = new org.eclipse.jetty.plus.annotation.RunAs();
72                          ra.setTargetClassName(clazz.getCanonicalName());
73                          ra.setRoleName(role);
74                          RunAsCollection raCollection = (RunAsCollection)_context.getAttribute(RunAsCollection.RUNAS_COLLECTION);
75                          if (raCollection == null)
76                          {
77                              raCollection = new RunAsCollection();
78                              _context.setAttribute(RunAsCollection.RUNAS_COLLECTION, raCollection);
79                          }
80                          raCollection.add(ra);
81                      }
82                  }
83              }
84              else
85                  LOG.warn("Bad value for @RunAs annotation on class "+clazz.getName());
86          }
87  
88      }
89  
90      public void handleField(String className, String fieldName, int access, String fieldType, String signature, Object value, String annotation,
91                              List<Value> values)
92      {
93         LOG.warn ("@RunAs annotation not applicable for fields: "+className+"."+fieldName);
94      }
95  
96      public void handleMethod(String className, String methodName, int access, String params, String signature, String[] exceptions, String annotation,
97                               List<Value> values)
98      {
99          LOG.warn("@RunAs annotation ignored on method: "+className+"."+methodName+" "+signature);
100     }
101 
102     private ServletHolder getServletHolderForClass (Class clazz)
103     {
104         ServletHolder holder = null;
105         ServletHolder[] holders = _context.getServletHandler().getServlets();
106         if (holders != null)
107         {
108             for (ServletHolder h : holders)
109             {
110                 if (h.getClassName() != null && h.getClassName().equals(clazz.getName()))
111                 {
112                     holder = h;
113                 }
114             }
115         }
116         return holder;
117     }
118 }