顶端抽象类AnnotationHandler
该类是关乎注解的处理类,只涉及到注解的一些行为,符合面向对象的原则
承上启下抽象类AuthorizingAnnotationHandler
该类是权限注解处理器类,涉及到注解的行为所以继承了AnnotationHandler,又因为涉及到权限判断所以定义了判断权限的抽象方法,抽象化判断方法,使用子类具体实现判断方法
具体实现类RoleAnnotationHandler
提供权限注解的信息和权限判断的方法实现
public RoleAnnotationHandler() { super(RequiresRoles.class); }
具体实现
public void assertAuthorized(Annotation a) throws AuthorizationException { if (!(a instanceof RequiresRoles)) return; RequiresRoles rrAnnotation = (RequiresRoles) a; String[] roles = rrAnnotation.value(); if (roles.length == 1) { getSubject().checkRole(roles[0]); return; } if (Logical.AND.equals(rrAnnotation.logical())) { getSubject().checkRoles(Arrays.asList(roles)); return; } if (Logical.OR.equals(rrAnnotation.logical())) { // Avoid processing exceptions unnecessarily - "delay" throwing the exception by calling hasRole first boolean hasAtLeastOneRole = false; for (String role : roles) if (getSubject().hasRole(role)) hasAtLeastOneRole = true; // Cause the exception if none of the role match, note that the exception message will be a bit misleading if (!hasAtLeastOneRole) getSubject().checkRole(roles[0]); } }