Use Enum type as a value parameter for @RolesAllowed-Annotation

java jakarta-ee enums annotations java-ee-6

47,677

Solution 1

I don't think your approach of using enums is going to work. I found that the compiler error went away if I changed the STUDENT_ROLE field in your final example to a constant string, as opposed to an expression:

public enum RoleType { 
  ...
  public static final String STUDENT_ROLE = "STUDENT";
  ...
}

However, this then means that the enum values wouldn't be used anywhere, because you'd be using the string constants in annotations instead.

It seems to me that you'd be better off if your RoleType class contained nothing more than a bunch of static final String constants.

To see why your code wasn't compiling, I had a look into the Java Language Specification (JLS). The JLS for annotations states that for an annotation with a parameter of type T and value V,

if T is a primitive type or String, V is a constant expression.

A constant expression includes, amongst other things,

Qualified names of the form TypeName . Identifier that refer to constant variables

and a constant variable is defined as

a variable, of primitive type or type String, that is final and initialized with a compile-time constant expression

Solution 2

How about this?

public enum RoleType {
    STUDENT(Names.STUDENT),
    TEACHER(Names.TEACHER),
    DEANERY(Names.DEANERY);

    public class Names{
        public static final String STUDENT = "Student";
        public static final String TEACHER = "Teacher";
        public static final String DEANERY = "Deanery";
    }

    private final String label;

    private RoleType(String label) {
        this.label = label;
    }

    public String toString() {
        return this.label;
    }
}

And in annotation you can use it like

@RolesAllowed(RoleType.Names.DEANERY)
public void update(User p) { ... }

One little concern is, for any modification, we need to change in two places. But since they are in same file, its quite unlikely to be missed. In return, we are getting the benefit of not using raw strings and avoiding the sophisticated mechanism.

Or this sounds totally stupid? :)

Solution 3

Here's a solution using an additional interface and a meta-annotation. I've included a utility class to help do the reflection to get the role types from a set of annotations, and a little test for it:

/**
 * empty interface which must be implemented by enums participating in
 * annotations of "type" @RolesAllowed.
 */
public interface RoleType {
    public String toString();
}

/** meta annotation to be applied to annotations that have enum values implementing RoleType. 
 *  the value() method should return an array of objects assignable to RoleType*.
 */
@Retention(RetentionPolicy.RUNTIME)
@Target({ANNOTATION_TYPE})
public @interface RolesAllowed { 
    /* deliberately empty */ 
}

@RolesAllowed
@Retention(RetentionPolicy.RUNTIME)
@Target({TYPE, METHOD})
public @interface AcademicRolesAllowed {
    public AcademicRoleType[] value();
}

public enum AcademicRoleType implements RoleType {
    STUDENT, TEACHER, DEANERY;
    @Override
    public String toString() {
        return name();
    }
}


public class RolesAllowedUtil {

    /** get the array of allowed RoleTypes for a given class **/
    public static List<RoleType> getRoleTypesAllowedFromAnnotations(
            Annotation[] annotations) {
        List<RoleType> roleTypesAllowed = new ArrayList<RoleType>();
        for (Annotation annotation : annotations) {
            if (annotation.annotationType().isAnnotationPresent(
                    RolesAllowed.class)) {
                RoleType[] roleTypes = getRoleTypesFromAnnotation(annotation);
                if (roleTypes != null)
                    for (RoleType roleType : roleTypes)
                        roleTypesAllowed.add(roleType);
            }
        }
        return roleTypesAllowed;
    }

    public static RoleType[] getRoleTypesFromAnnotation(Annotation annotation) {
        Method[] methods = annotation.annotationType().getMethods();
        for (Method method : methods) {
            String name = method.getName();
            Class<?> returnType = method.getReturnType();
            Class<?> componentType = returnType.getComponentType();
            if (name.equals("value") && returnType.isArray()
                    && RoleType.class.isAssignableFrom(componentType)) {
                RoleType[] features;
                try {
                    features = (RoleType[]) (method.invoke(annotation,
                            new Object[] {}));
                } catch (Exception e) {
                    throw new RuntimeException(
                            "Error executing value() method in "
                                    + annotation.getClass().getCanonicalName(),
                            e);
                }
                return features;
            }
        }
        throw new RuntimeException(
                "No value() method returning a RoleType[] type "
                        + "was found in annotation "
                        + annotation.getClass().getCanonicalName());
    }

}

public class RoleTypeTest {

    @AcademicRolesAllowed({DEANERY})
    public class DeaneryDemo {

    }

    @Test
    public void testDeanery() {
        List<RoleType> roleTypes = RolesAllowedUtil.getRoleTypesAllowedFromAnnotations(DeaneryDemo.class.getAnnotations());
        assertEquals(1, roleTypes.size());
    }
}

Solution 4

I solved this by using Lombok annotation FieldNameConstants :

@FieldNameConstants(onlyExplicitlyIncluded = true)
public enum EnumBasedRole {
    @FieldNameConstants.Include ADMIN,
    @FieldNameConstants.Include EDITOR,
    @FieldNameConstants.Include READER;
}

Next you can use it as follow :

@RestController
@RequestMapping("admin")
@RolesAllowed(EnumBasedRole.Fields.ADMIN)
public class MySecuredController {

   @PostMapping("user")
   public void deleteUser(...) {
       ...
   }
}

View more solutions

47,677

Author by

Wolkenarchitekt

https://github.com/wolkenarchitekt

Updated on July 08, 2022

Comments

Wolkenarchitekt almost 2 years
I'm developing a Java enterprise application, currently doing Java EE security stuff to restrict access for particular functions to specific users. I configured the application server and everything, and now I'm using the RolesAllowed-annotation to secure the methods:
```
@Documented
@Retention (RUNTIME)
@Target({TYPE, METHOD})
public @interface RolesAllowed {
    String[] value();
}
```
When I use the annotation like this, it works fine:
```
@RolesAllowed("STUDENT")
public void update(User p) { ... }
```
But this is not what I want, as I have to use a String here, refactoring becomes hard, and typos can happen. So instead of using a String, I would like to use an Enum value as a parameter for this annotation. The Enum looks like this:
```
public enum RoleType {
    STUDENT("STUDENT"),
    TEACHER("TEACHER"),
    DEANERY("DEANERY");

    private final String label;

    private RoleType(String label) {
        this.label = label;
    }

    public String toString() {
        return this.label;
    }
}
```
So I tried to use the Enum as a parameter like this:
```
@RolesAllowed(RoleType.DEANERY.name())
public void update(User p) { ... }
```
But then I get the following compiler error, although Enum.name just returns a String (which is always constant, isn't it?).

The value for annotation attribute RolesAllowed.value must be a constant expression`

The next thing I tried was to add an additional final String to my Enum:
```
public enum RoleType {
    ...
    public static final String STUDENT_ROLE = STUDENT.toString();
    ...
}
```
But this also doesn't work as a parameter, resulting in the same compiler error:
```
// The value for annotation attribute RolesAllowed.value must be a constant expression
@RolesAllowed(RoleType.STUDENT_ROLE)
```
How can I achieve the behavior I want? I even implemented my own interceptor to use my own annotations, which is beautiful, but far too much lines of codes for a little problem like this.

DISCLAIMER

This question was originally a Scala question. I found out that Scala is not the source of the problem, so I first try to do this in Java.
Wolkenarchitekt almost 14 years

Thanks for your efforts! Interesting facts. Especially the last one. Always thought that finals are already constants. Ok this is why it cannot work. Seems to me that this is already the answer. Although i'm not really happy with it ;) (BTW i really do need the Enum, not only for the annotation)
Arjan over 12 years

I indeed ran into an example that declares public interface Roles {String REGISTERED = "registered"; } and then uses @RolesAllowed({Roles.REGISTERED}). Of course, one example not using enum doesn't mean that enum yields problems, but well ;-)
Trevor over 6 years

Thanks, I really like this and I'll use it. I came to this question originally because I am looking for a cleaner way to specify the 'name' property in Jackson's @JsonSubTypes.Type annotation, in such a way that the enums that define those logical names can be used in the annotation as well as being available for other parts of the application.
Samiron over 6 years

Glad that you liked @Trevor
alexander almost 6 years

See: stackoverflow.com/questions/13253624/…
John B over 5 years

Wow! This is a really elegant solution for when there are multiple enum role types needed. I think it is overkill when there is a single role type enum, but for multiple (which is the problem I am currently trying to solve) this looks great. Thanks!
Muhammad Ali over 2 years

I think The inner "Names" should be an interface.
Viacheslav Plekhanov about 2 years

Probably it is more convenient to make the Names class static