Sometimes it might be desirable to perform a security check in code, without using the @Restrict annotation. In this situation, simply use Identity.checkRestriction() to evaluate a security expression, like this:
public void deleteCustomer() {
Identity.instance().checkRestriction("#{s:hasPermission('customer','delete',
selectedCustomer)}");
}
If the expression specified doesn't evaluate to true, either
-
if the user is not logged in, a NotLoggedInException exception is thrown or
-
if the user is logged in, an AuthorizationException exception is thrown.
It is also possible to call the hasRole() and hasPermission() methods directly from Java code:
if (!Identity.instance().hasRole("admin"))
throw new AuthorizationException("Must be admin to perform this action");
if (!Identity.instance().hasPermission("customer", "create", null))
throw new AuthorizationException("You may not create new customers");
