Controle de Permissão com VRaptor - QCon SP 2011
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Controle de Permissão com VRaptor - QCon SP 2011

on

  • 4,858 views

 

Statistics

Views

Total Views
4,858
Views on SlideShare
3,403
Embed Views
1,455

Actions

Likes
4
Downloads
29
Comments
0

10 Embeds 1,455

http://blog.concretesolutions.com.br 804
http://www.wbotelhos.com.br 587
http://wbotelhos.com 23
http://localhost 14
http://www.wbotelhos.com 12
http://wbotelhos.com.br 7
http://177.71.251.75 5
http://us-w1.rockmelt.com 1
https://twitter.com 1
http://twitter.com 1
More...

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Controle de Permissão com VRaptor - QCon SP 2011 Presentation Transcript

  • 1. CONTROLE DE PERMISSÃO WASHINGTON BOTELHO@wbotelhos | wbotelhos.com.br | #qconsp / 11
  • 2. public enum Perfil { MEMBRO, MODERADOR, ADMINISTRADOR}public class Usuario { private Long id; private String nome; private Perfil perfil;}
  • 3. @Post("/usuario")public void salvar(Usuario usuario) {}@Resourcepublic class AdminController {}
  • 4. Annotation@Permission(Perfil.ADMINISTRADOR)
  • 5. public @interface Permission { Perfil[] value(); }
  • 6. @Retention(RetentionPolicy.RUNTIME)@Target({ ElementType.TYPE, ElementType.METHOD })public @interface Permission { Perfil[] value(); }
  • 7. @Permission({ Perfil.MODERADOR, Perfil.ADMINISTRADOR })@Post("/usuario")public void salvar(Usuario usuario) {} @Permission(Perfil.ADMINISTRADOR) @Resource public class AdminController { }
  • 8. Interceptor @Intercepts
  • 9. accepts() { true | false } intercept(){ next | redirect | error }
  • 10. public boolean accepts(ResourceMethod method) { return !method.getMethod().isAnnotationPresent(Public.class)}
  • 11. public void intercept( InterceptorStack stack, ResourceMethod method, Object resource) { Permission methodPermission = method.getMethod().getAnnotation(Permission.class); Permission controllerPermission = method.getResource().getType().getAnnotation(Permission.class); // ...}
  • 12. private boolean hasAccess(Permission permission) { if (permission == null) return true; Collection<Perfil> perfis = Arrays.asList(permission.value()); return perfis.contains(userSession.getUser().getPerfil());}
  • 13. if (hasAccess(methodPermission) && hasAccess(controllerPermission)) stack.next(method, resource);else result.redirectTo(UsuarioController.class).negado();
  • 14. Ajax Errorresult.use(http()).sendError(500, "Permission denied!"); Not Found result.use(http()).sendError(404);
  • 15. Obrigado! (: WASHINGTON BOTELHO@wbotelhos | wbotelhos.com.br