001/* 002 * Licensed under the Apache License, Version 2.0 (the "License"); 003 * you may not use this file except in compliance with the License. 004 * You may obtain a copy of the License at 005 * 006 * http://www.apache.org/licenses/LICENSE-2.0 007 * 008 * Unless required by applicable law or agreed to in writing, software 009 * distributed under the License is distributed on an "AS IS" BASIS, 010 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 011 * See the License for the specific language governing permissions and 012 * limitations under the License. 013 */ 014package org.apache.shiro.cdi; 015 016import javax.annotation.security.DenyAll; 017import javax.annotation.security.PermitAll; 018import javax.annotation.security.RolesAllowed; 019import javax.enterprise.event.Observes; 020import javax.enterprise.inject.spi.Extension; 021import javax.enterprise.inject.spi.ProcessAnnotatedType; 022import javax.enterprise.inject.spi.WithAnnotations; 023 024import org.apache.shiro.authz.annotation.RequiresAuthentication; 025import org.apache.shiro.authz.annotation.RequiresGuest; 026import org.apache.shiro.authz.annotation.RequiresPermissions; 027import org.apache.shiro.authz.annotation.RequiresRoles; 028import org.apache.shiro.authz.annotation.RequiresUser; 029 030/** 031 * Automatically apply Shiro security to all appropriate beans 032 */ 033public class ShiroSecurityExtension implements Extension { 034 @ShiroSecureAnnotation 035 public static class ShiroSecureAnnotated { 036 } 037 038 public <T> void addSecurity(@Observes @WithAnnotations({ 039 RequiresAuthentication.class, RequiresGuest.class, RequiresPermissions.class, 040 RequiresRoles.class, RequiresUser.class, RolesAllowed.class, 041 PermitAll.class, DenyAll.class}) ProcessAnnotatedType<T> pat) { 042 pat.setAnnotatedType(new AnnotatedTypeWrapper<>(pat.getAnnotatedType(), 043 ShiroSecureAnnotated.class.getDeclaredAnnotations()[0])); 044 } 045}