CONTROLE DE PERMISSÃO          WASHINGTON BOTELHO@wbotelhos | wbotelhos.com.br | #qconsp / 11
public enum Perfil {	 MEMBRO, MODERADOR, ADMINISTRADOR}public class Usuario {	 private Long id;	 private String nome;	 pri...
@Post("/usuario")public void salvar(Usuario usuario) {}@Resourcepublic class AdminController {}
Annotation@Permission(Perfil.ADMINISTRADOR)
public @interface Permission {		 Perfil[] value();	}
@Retention(RetentionPolicy.RUNTIME)@Target({ ElementType.TYPE, ElementType.METHOD })public @interface Permission {		 Perfi...
@Permission({ Perfil.MODERADOR, Perfil.ADMINISTRADOR })@Post("/usuario")public void salvar(Usuario usuario) {}     @Permis...
Interceptor @Intercepts
accepts()     { true | false }     intercept(){ next | redirect | error }
public boolean accepts(ResourceMethod method) {	 return !method.getMethod().isAnnotationPresent(Public.class)}
public void intercept( InterceptorStack stack, ResourceMethod method, Object resource) {    Permission methodPermission = ...
private boolean hasAccess(Permission permission) {  if (permission == null) return true;    Collection<Perfil> perfis = Ar...
if (hasAccess(methodPermission) && hasAccess(controllerPermission))  stack.next(method, resource);else  result.redirectTo(...
Ajax Errorresult.use(http()).sendError(500, "Permission denied!");                  Not Found            result.use(http()...
Obrigado! (:   WASHINGTON BOTELHO@wbotelhos | wbotelhos.com.br
Upcoming SlideShare
Loading in …5
×

Controle de Permissão com VRaptor - QCon SP 2011

5,101 views

Published on

Published in: Technology, Health & Medicine
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
5,101
On SlideShare
0
From Embeds
0
Number of Embeds
1,502
Actions
Shares
0
Downloads
37
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Controle de Permissão com VRaptor - QCon SP 2011

  1. 1. CONTROLE DE PERMISSÃO WASHINGTON BOTELHO@wbotelhos | wbotelhos.com.br | #qconsp / 11
  2. 2. public enum Perfil { MEMBRO, MODERADOR, ADMINISTRADOR}public class Usuario { private Long id; private String nome; private Perfil perfil;}
  3. 3. @Post("/usuario")public void salvar(Usuario usuario) {}@Resourcepublic class AdminController {}
  4. 4. Annotation@Permission(Perfil.ADMINISTRADOR)
  5. 5. public @interface Permission { Perfil[] value(); }
  6. 6. @Retention(RetentionPolicy.RUNTIME)@Target({ ElementType.TYPE, ElementType.METHOD })public @interface Permission { Perfil[] value(); }
  7. 7. @Permission({ Perfil.MODERADOR, Perfil.ADMINISTRADOR })@Post("/usuario")public void salvar(Usuario usuario) {} @Permission(Perfil.ADMINISTRADOR) @Resource public class AdminController { }
  8. 8. Interceptor @Intercepts
  9. 9. accepts() { true | false } intercept(){ next | redirect | error }
  10. 10. public boolean accepts(ResourceMethod method) { return !method.getMethod().isAnnotationPresent(Public.class)}
  11. 11. public void intercept( InterceptorStack stack, ResourceMethod method, Object resource) { Permission methodPermission = method.getMethod().getAnnotation(Permission.class); Permission controllerPermission = method.getResource().getType().getAnnotation(Permission.class); // ...}
  12. 12. private boolean hasAccess(Permission permission) { if (permission == null) return true; Collection<Perfil> perfis = Arrays.asList(permission.value()); return perfis.contains(userSession.getUser().getPerfil());}
  13. 13. if (hasAccess(methodPermission) && hasAccess(controllerPermission)) stack.next(method, resource);else result.redirectTo(UsuarioController.class).negado();
  14. 14. Ajax Errorresult.use(http()).sendError(500, "Permission denied!"); Not Found result.use(http()).sendError(404);
  15. 15. Obrigado! (: WASHINGTON BOTELHO@wbotelhos | wbotelhos.com.br

×