Sometimes it might be desirable to perform a security check in code, without using the @Restrict
annotation. In this situation, simply use Identity.checkRestriction()
to evaluate a security expression, like this:
public void deleteCustomer() {
Identity.instance().checkRestriction("#{s:hasPermission('customer','delete',
selectedCustomer)}");
}
If the expression specified doesn't evaluate to true
, either
-
if the user is not logged in, a NotLoggedInException
exception is thrown or
-
if the user is logged in, an AuthorizationException
exception is thrown.
It is also possible to call the hasRole()
and hasPermission()
methods directly from Java code:
if (!Identity.instance().hasRole("admin"))
throw new AuthorizationException("Must be admin to perform this action");
if (!Identity.instance().hasPermission("customer", "create", null))
throw new AuthorizationException("You may not create new customers");