1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.eclipse.jetty.annotations;
20
21 import java.util.List;
22
23 import javax.servlet.Servlet;
24
25 import org.eclipse.jetty.annotations.AnnotationIntrospector.AbstractIntrospectableAnnotationHandler;
26 import org.eclipse.jetty.annotations.AnnotationParser.Value;
27 import org.eclipse.jetty.plus.annotation.RunAsCollection;
28 import org.eclipse.jetty.servlet.ServletHolder;
29 import org.eclipse.jetty.util.log.Log;
30 import org.eclipse.jetty.util.log.Logger;
31 import org.eclipse.jetty.webapp.Descriptor;
32 import org.eclipse.jetty.webapp.MetaData;
33 import org.eclipse.jetty.webapp.WebAppContext;
34
35
36 public class RunAsAnnotationHandler extends AbstractIntrospectableAnnotationHandler
37 {
38 private static final Logger LOG = Log.getLogger(RunAsAnnotationHandler.class);
39
40 protected WebAppContext _context;
41
42 public RunAsAnnotationHandler (WebAppContext wac)
43 {
44
45
46 super(false);
47 _context = wac;
48 }
49
50 public void doHandle (Class clazz)
51 {
52 if (!Servlet.class.isAssignableFrom(clazz))
53 return;
54
55 javax.annotation.security.RunAs runAs = (javax.annotation.security.RunAs)clazz.getAnnotation(javax.annotation.security.RunAs.class);
56 if (runAs != null)
57 {
58 String role = runAs.value();
59 if (role != null)
60 {
61 ServletHolder holder = getServletHolderForClass(clazz);
62 if (holder != null)
63 {
64 MetaData metaData = _context.getMetaData();
65 Descriptor d = metaData.getOriginDescriptor(holder.getName()+".servlet.run-as");
66
67
68 if (d == null)
69 {
70 metaData.setOrigin(holder.getName()+".servlet.run-as");
71 org.eclipse.jetty.plus.annotation.RunAs ra = new org.eclipse.jetty.plus.annotation.RunAs();
72 ra.setTargetClassName(clazz.getCanonicalName());
73 ra.setRoleName(role);
74 RunAsCollection raCollection = (RunAsCollection)_context.getAttribute(RunAsCollection.RUNAS_COLLECTION);
75 if (raCollection == null)
76 {
77 raCollection = new RunAsCollection();
78 _context.setAttribute(RunAsCollection.RUNAS_COLLECTION, raCollection);
79 }
80 raCollection.add(ra);
81 }
82 }
83 }
84 else
85 LOG.warn("Bad value for @RunAs annotation on class "+clazz.getName());
86 }
87
88 }
89
90 public void handleField(String className, String fieldName, int access, String fieldType, String signature, Object value, String annotation,
91 List<Value> values)
92 {
93 LOG.warn ("@RunAs annotation not applicable for fields: "+className+"."+fieldName);
94 }
95
96 public void handleMethod(String className, String methodName, int access, String params, String signature, String[] exceptions, String annotation,
97 List<Value> values)
98 {
99 LOG.warn("@RunAs annotation ignored on method: "+className+"."+methodName+" "+signature);
100 }
101
102 private ServletHolder getServletHolderForClass (Class clazz)
103 {
104 ServletHolder holder = null;
105 ServletHolder[] holders = _context.getServletHandler().getServlets();
106 if (holders != null)
107 {
108 for (ServletHolder h : holders)
109 {
110 if (h.getClassName() != null && h.getClassName().equals(clazz.getName()))
111 {
112 holder = h;
113 }
114 }
115 }
116 return holder;
117 }
118 }