in src/main/java/org/apache/geronimo/microprofile/impl/jwtauth/jaxrs/RolesAllowedFeature.java [51:82]
public void configure(final ResourceInfo resourceInfo, final FeatureContext featureContext) {
final Map<Class<?>, Annotation> methodAnnotations = collectConfig(resourceInfo.getResourceMethod());
if (methodAnnotations.size() > 1) {
throw new IllegalArgumentException("Ambiguous configuration for " + resourceInfo.getResourceMethod() + ": " + methodAnnotations);
}
final Map<Class<?>, Annotation> classAnnotations = collectConfig(unwrapClazz(resourceInfo.getResourceClass()));
if (classAnnotations.size() > 1) {
throw new IllegalArgumentException("Ambiguous configuration for " + resourceInfo.getResourceClass() + ": " + classAnnotations);
}
if (classAnnotations.isEmpty() && methodAnnotations.isEmpty()) {
return;
}
try {
ofNullable(RolesAllowedFeature.class.getClassLoader())
.orElseGet(ClassLoader::getSystemClassLoader)
.loadClass("javax.annotation.security.PermitAll");
} catch (final ClassNotFoundException cnfe) {
return;
}
final boolean denyAll = methodAnnotations.containsKey(DenyAll.class) || (methodAnnotations.isEmpty() && classAnnotations.containsKey(DenyAll.class));
final boolean permitAll = !denyAll && (methodAnnotations.containsKey(PermitAll.class) || (methodAnnotations.isEmpty() && classAnnotations.containsKey(PermitAll.class)));
final Collection<String> roles = denyAll || permitAll ?
emptyList() :
Stream.of(RolesAllowed.class.cast(ofNullable(methodAnnotations.get(RolesAllowed.class)).orElseGet(() -> classAnnotations.get(RolesAllowed.class))).value())
.flatMap(it -> mapper.map(it).stream())
.collect(toSet());
featureContext.register(new RolesAllowedRequestFilter(denyAll, permitAll, roles));
}