@Retention(RUNTIME) @Target(TYPE) @Inherited public @interface RequiresPermission

Indicates that a page requires the user to have a specific permission.

When applied to a page class, the Oorian framework will invoke the registered SecurityHandler to verify that the current user has the specified permission. If the user lacks the permission, the framework returns a 403 Forbidden response.

This annotation implies authentication — a RequiresAuth check is performed automatically before the permission check.

Usage:


 @Page("/admin/users/delete")
 @RequiresPermission("user:delete")
 public class DeleteUserPage extends HtmlPage { }

Multiple Permissions (all required):


 @Page("/admin/config")
 @RequiresPermission({"config:read", "config:write"})
 public class ConfigPage extends HtmlPage { }

Since:

2.1

Version:

1.0

Author:

Marvin P. Warble Jr.

See Also:

Required Element Summary

Required Elements

Modifier and Type

Required Element

Description

String[]

value

The permission(s) required to access this page.

Element Details
- value
  
  String[] value
  
  The permission(s) required to access this page.
  If multiple permissions are specified, the user must have all of them.
  
  Returns:
  
  the required permission strings

Annotation Interface RequiresPermission

Required Element Summary

Element Details

value