Controle de Permissão com VRaptor - QCon SP 2011
Upcoming SlideShare
Loading in...5
×
 

Controle de Permissão com VRaptor - QCon SP 2011

on

  • 4,641 views

 

Statistics

Views

Total Views
4,641
Views on SlideShare
3,187
Embed Views
1,454

Actions

Likes
4
Downloads
29
Comments
0

10 Embeds 1,454

http://blog.concretesolutions.com.br 803
http://www.wbotelhos.com.br 587
http://wbotelhos.com 23
http://localhost 14
http://www.wbotelhos.com 12
http://wbotelhos.com.br 7
http://177.71.251.75 5
http://us-w1.rockmelt.com 1
https://twitter.com 1
http://twitter.com 1
More...

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Controle de Permissão com VRaptor - QCon SP 2011 Controle de Permissão com VRaptor - QCon SP 2011 Presentation Transcript

    • CONTROLE DE PERMISSÃO WASHINGTON BOTELHO@wbotelhos | wbotelhos.com.br | #qconsp / 11
    • public enum Perfil { MEMBRO, MODERADOR, ADMINISTRADOR}public class Usuario { private Long id; private String nome; private Perfil perfil;}
    • @Post("/usuario")public void salvar(Usuario usuario) {}@Resourcepublic class AdminController {}
    • Annotation@Permission(Perfil.ADMINISTRADOR)
    • public @interface Permission { Perfil[] value(); }
    • @Retention(RetentionPolicy.RUNTIME)@Target({ ElementType.TYPE, ElementType.METHOD })public @interface Permission { Perfil[] value(); }
    • @Permission({ Perfil.MODERADOR, Perfil.ADMINISTRADOR })@Post("/usuario")public void salvar(Usuario usuario) {} @Permission(Perfil.ADMINISTRADOR) @Resource public class AdminController { }
    • Interceptor @Intercepts
    • accepts() { true | false } intercept(){ next | redirect | error }
    • public boolean accepts(ResourceMethod method) { return !method.getMethod().isAnnotationPresent(Public.class)}
    • public void intercept( InterceptorStack stack, ResourceMethod method, Object resource) { Permission methodPermission = method.getMethod().getAnnotation(Permission.class); Permission controllerPermission = method.getResource().getType().getAnnotation(Permission.class); // ...}
    • private boolean hasAccess(Permission permission) { if (permission == null) return true; Collection<Perfil> perfis = Arrays.asList(permission.value()); return perfis.contains(userSession.getUser().getPerfil());}
    • if (hasAccess(methodPermission) && hasAccess(controllerPermission)) stack.next(method, resource);else result.redirectTo(UsuarioController.class).negado();
    • Ajax Errorresult.use(http()).sendError(500, "Permission denied!"); Not Found result.use(http()).sendError(404);
    • Obrigado! (: WASHINGTON BOTELHO@wbotelhos | wbotelhos.com.br