|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface AuthorizationInfo
AuthorizationInfo
represents a single Subject's stored authorization data (roles, permissions, etc)
used during authorization (access control) checks only.
Collection
of Strings
(Collection
<String
>), typically each element being the Role name.
Permission
s are provided in two ways:
Collection
of Strings, where each String can usually be converted into Permission
objects by a Realm
's
PermissionResolver
Collection
of Permission
objectsAuthenticationInfo
interface for use during the authentication
process that represents identity data such as principals and credentials.
Because many if not most Realm
s store both sets of data for a Subject, it might be
convenient for a Realm
implementation to utilize an implementation of the
Account
interface instead, which is a convenience interface that combines both
AuthenticationInfo
and AuthorizationInfo
. Whether you choose to implement these two
interfaces separately or implement the one Account
interface for a given Realm
is
entirely based on your application's needs or your preferences.
AuthenticationInfo
,
Account
Method Summary | |
---|---|
Collection<Permission> |
getObjectPermissions()
Returns all type-safe Permission s assigned to the corresponding Subject. |
Collection<String> |
getRoles()
Returns the names of all roles assigned to a corresponding Subject. |
Collection<String> |
getStringPermissions()
Returns all string-based permissions assigned to the corresponding Subject. |
Method Detail |
---|
Collection<String> getRoles()
Collection<String> getStringPermissions()
getObjectPermissions()
represent the total set of permissions
assigned. The aggregate set is used to perform a permission authorization check.
This method is a convenience mechanism that allows Realms to represent permissions as Strings if they choose.
When performing a security check, a Realm
usually converts these strings to object
Permission
s via an internal
PermissionResolver
in order to perform the actual permission check. This is not a requirement of course, since Realm
s
can perform security checks in whatever manner deemed necessary, but this explains the conversion mechanism that
most Shiro Realms execute for string-based permission checks.
Collection<Permission> getObjectPermissions()
Permission
s assigned to the corresponding Subject. The permissions
returned from this method plus any returned from getStringPermissions()
represent the total set of permissions. The aggregate set is used to perform a permission authorization check.
Permission
s assigned to the corresponding Subject.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |