Reputation: 163
Restrict execution of a Method with Java Annotations
Do you know, if there is the possibility to check who is calling a method and to restrict whether they are allowed to execute it with Java Annotations?
For example if you have a client and a server. There are several users, which have different roles and they login into the client. Then (the same client) with different users wants to call a getMethod on the server.
Can I restrict, who is allowed to call this methos with Java Annotations?
Like:
@Role(role="AllowedRole")
public ReturnType getMethod() {
...
}
Upvotes: 3
Views: 1536
Answers (3)
Reputation: 115388
Annotations do not include code and are not processed magically. They just define metadata, so you need some kind of engine that processes the annotations and performs the access validation.
There are a lot of frameworks and tools that do this. For example you can implement this using AspectJ, Spring framework and Java EE support similar annotations.
You can also implement this logic yourself using dynamic proxy, byte code engineering or other technique.
So, please explain better what kind of application are you implementing and we can probably give you better advice.
Upvotes: 0
Reputation: 9795
Well, I used to achieve this with Seam/DeltaSpike in JBoss Server. It's pretty straightforward.
Basically, you have a method which you annotate with your annotation. For example, mine is @User:
public class MyClass {
@User
public Object getMethod() {
//implementation
}
}
Next, you need a class where you define how you check your annotations:
public class Restrictions {
@Secures @User
public boolean isOk(Identity identity) {
if (identity.getUsername("Peter")) {
return true;
}
return false;
}
}
That's it! Ofcourse, you need some libraries and to define these intercepting stuff in certain xml files (like beans.xml) but it can be easily done with a little googling.
Start from these links:
Upvotes: 1
Reputation: 49241
This seems to be a good case for Method Security of Spring Security.
Upvotes: 0
Related Questions
- Compel a method with specific annotation to have specific parameters/signature
- How to allow only classes annotated with some annotation in method parameters in Java?
- Enforce method signature using annotations
- Adding an annotation to a method to note if it is allowed to run
- Java annotation that disregards method call if a condition is not satisfied
- Allow annotation only for specific methods
- Conditional execution of a method using annotation
- Write annotation to guard a method from being called when parameters are invalid
- How to restrict the usage of a Java public class outside of its Jar?
- Use Java Annotation not to run a method