in deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/SecurityMetaDataStorage.java [103:187]
synchronized <T> void registerSecuredMethod(Class<T> targetClass, Method targetMethod)
{
ensureInitializedAuthorizersForClass(targetClass);
if (!containsMethodAuthorizers(targetClass, targetMethod))
{
Set<AuthorizationParameter> parameterBindings = new HashSet<AuthorizationParameter>();
Class<?>[] parameterTypes = targetMethod.getParameterTypes();
Annotation[][] parameterAnnotations = targetMethod.getParameterAnnotations();
for (int i = 0; i < parameterTypes.length; i++)
{
Set<Annotation> securityBindings = null;
for (final Annotation parameterAnnotation : parameterAnnotations[i])
{
if (SecurityUtils.isMetaAnnotatedWithSecurityParameterBinding(parameterAnnotation))
{
if (securityBindings == null)
{
securityBindings = new HashSet<Annotation>();
}
securityBindings.add(parameterAnnotation);
}
}
if (securityBindings != null)
{
parameterBindings.add(new AuthorizationParameter(parameterTypes[i], securityBindings));
}
}
Set<Authorizer> authorizerStack = new HashSet<Authorizer>();
for (Annotation binding : SecurityUtils.getSecurityBindingTypes(targetClass, targetMethod))
{
boolean found = false;
// For each security binding, find a valid authorizer
for (Authorizer authorizer : authorizers)
{
if (authorizer.matchesBindings(binding, parameterBindings, targetMethod.getReturnType()))
{
if (found)
{
StringBuilder sb = new StringBuilder();
sb.append("Matching authorizer methods found: [");
sb.append(authorizer.getBoundAuthorizerMethod().getDeclaringClass().getName());
sb.append(".");
sb.append(authorizer.getBoundAuthorizerMethod().getName());
sb.append("]");
for (Authorizer a : authorizerStack)
{
if (a.matchesBindings(binding, parameterBindings, targetMethod.getReturnType()))
{
sb.append(", [");
sb.append(a.getBoundAuthorizerMethod().getDeclaringClass().getName());
sb.append(".");
sb.append(a.getBoundAuthorizerMethod().getName());
sb.append("]");
}
}
throw new SecurityDefinitionException(
"Ambiguous authorizers found for security binding type [@" +
binding.annotationType().getName() + "] on method [" +
targetMethod.getDeclaringClass().getName() + "." +
targetMethod.getName() + "]. " + sb.toString());
}
authorizerStack.add(authorizer);
found = true;
}
}
if (!found)
{
throw new SecurityDefinitionException(
"No matching authorizer found for security binding type [@" +
binding.annotationType().getName() + "] on method [" +
targetMethod.getDeclaringClass().getName() + "." +
targetMethod.getName() + "].");
}
}
addMethodAuthorizer(targetClass, targetMethod, authorizerStack);
}
}