|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface Authorizer
An Authorizer performs authorization (access control) operations for any given Subject (aka 'application user').
Each method requires a subject principal to perform the action for the corresponding Subject/user.
This principal argument is usually an object representing a user database primary key or a String username or something similar that uniquely identifies an application user. The runtime value of the this principal is application-specific and provided by the application's configured Realms.
Note that there are many *Permission methods in this interface overloaded to accept String arguments instead of
Permission
instances. They are a convenience allowing the caller to use a String representation of
a Permission
if desired. Most implementations of this interface will simply convert these
String values to Permission
instances and then just call the corresponding type-safe method.
(Shiro's default implementations do String-to-Permission conversion for these methods using
PermissionResolver
s.)
These overloaded *Permission methods do forego type-saftey for the benefit of convenience and simplicity, so you should choose which ones to use based on your preferences and needs.
Method Summary | |
---|---|
void |
checkPermission(PrincipalCollection subjectPrincipal,
Permission permission)
Ensures a subject/user Permission.implies(Permission) implies} the specified Permission. |
void |
checkPermission(PrincipalCollection subjectPrincipal,
String permission)
Ensures the corresponding Subject/user implies the specified permission String. |
void |
checkPermissions(PrincipalCollection subjectPrincipal,
Collection<Permission> permissions)
Ensures the corresponding Subject/user implies all of the
specified permission strings. |
void |
checkPermissions(PrincipalCollection subjectPrincipal,
String... permissions)
Ensures the corresponding Subject/user implies all of the
specified permission strings. |
void |
checkRole(PrincipalCollection subjectPrincipal,
String roleIdentifier)
Asserts the corresponding Subject/user has the specified role by returning quietly if they do or throwing an AuthorizationException if they do not. |
void |
checkRoles(PrincipalCollection subjectPrincipal,
Collection<String> roleIdentifiers)
Asserts the corresponding Subject/user has all of the specified roles by returning quietly if they do or throwing an AuthorizationException if they do not. |
void |
checkRoles(PrincipalCollection subjectPrincipal,
String... roleIdentifiers)
Same as checkRoles(PrincipalCollection subjectPrincipal, Collection<String> roleIdentifiers) but doesn't require a collection
as an argument. |
boolean |
hasAllRoles(PrincipalCollection subjectPrincipal,
Collection<String> roleIdentifiers)
Returns true if the corresponding Subject/user has all of the specified roles, false otherwise. |
boolean |
hasRole(PrincipalCollection subjectPrincipal,
String roleIdentifier)
Returns true if the corresponding Subject/user has the specified role, false otherwise. |
boolean[] |
hasRoles(PrincipalCollection subjectPrincipal,
List<String> roleIdentifiers)
Checks if the corresponding Subject/user has the specified roles, returning a boolean array indicating which roles are associated with the given subject. |
boolean[] |
isPermitted(PrincipalCollection subjectPrincipal,
List<Permission> permissions)
Checks if the corresponding Subject/user implies the given Permissions and returns a boolean array indicating which permissions are implied. |
boolean |
isPermitted(PrincipalCollection subjectPrincipal,
Permission permission)
Returns true if the corresponding subject/user is permitted to perform an action or access a resource summarized by the specified permission. |
boolean[] |
isPermitted(PrincipalCollection subjectPrincipal,
String... permissions)
Checks if the corresponding Subject implies the given permission strings and returns a boolean array indicating which permissions are implied. |
boolean |
isPermitted(PrincipalCollection principals,
String permission)
Returns true if the corresponding subject/user is permitted to perform an action or access a resource summarized by the specified permission string. |
boolean |
isPermittedAll(PrincipalCollection subjectPrincipal,
Collection<Permission> permissions)
Returns true if the corresponding Subject/user implies all of the specified permissions, false otherwise. |
boolean |
isPermittedAll(PrincipalCollection subjectPrincipal,
String... permissions)
Returns true if the corresponding Subject/user implies all of the specified permission strings, false otherwise. |
Method Detail |
---|
boolean isPermitted(PrincipalCollection principals, String permission)
This is an overloaded method for the corresponding type-safe Permission
variant.
Please see the class-level JavaDoc for more information on these String-based permission methods.
principals
- the application-specific subject/user identifier.permission
- the String representation of a Permission that is being checked.
isPermitted(PrincipalCollection principals,Permission permission)
boolean isPermitted(PrincipalCollection subjectPrincipal, Permission permission)
More specifically, this method determines if any Permissions associated
with the subject imply
the specified permission.
subjectPrincipal
- the application-specific subject/user identifier.permission
- the permission that is being checked.
boolean[] isPermitted(PrincipalCollection subjectPrincipal, String... permissions)
This is an overloaded method for the corresponding type-safe Permission
variant.
Please see the class-level JavaDoc for more information on these String-based permission methods.
subjectPrincipal
- the application-specific subject/user identifier.permissions
- the String representations of the Permissions that are being checked.
boolean[] isPermitted(PrincipalCollection subjectPrincipal, List<Permission> permissions)
More specifically, this method should determine if each Permission in
the array is implied
by permissions
already associated with the subject.
This is primarily a performance-enhancing method to help reduce the number of
isPermitted(org.apache.shiro.subject.PrincipalCollection, java.lang.String)
invocations over the wire in client/server systems.
subjectPrincipal
- the application-specific subject/user identifier.permissions
- the permissions that are being checked.
boolean isPermittedAll(PrincipalCollection subjectPrincipal, String... permissions)
This is an overloaded method for the corresponding type-safe Permission
variant.
Please see the class-level JavaDoc for more information on these String-based permission methods.
subjectPrincipal
- the application-specific subject/user identifier.permissions
- the String representations of the Permissions that are being checked.
isPermittedAll(PrincipalCollection,Collection)
boolean isPermittedAll(PrincipalCollection subjectPrincipal, Collection<Permission> permissions)
More specifically, this method determines if all of the given Permissions are
implied by
permissions already associated with the subject.
subjectPrincipal
- the application-specific subject/user identifier.permissions
- the permissions to check.
void checkPermission(PrincipalCollection subjectPrincipal, String permission) throws AuthorizationException
If the subject's existing associated permissions do not Permission.implies(Permission)
imply}
the given permission, an AuthorizationException
will be thrown.
This is an overloaded method for the corresponding type-safe Permission
variant.
Please see the class-level JavaDoc for more information on these String-based permission methods.
subjectPrincipal
- the application-specific subject/user identifier.permission
- the String representation of the Permission to check.
AuthorizationException
- if the user does not have the permission.void checkPermission(PrincipalCollection subjectPrincipal, Permission permission) throws AuthorizationException
Permission.implies(Permission)
implies} the specified Permission.
If the subject's exisiting associated permissions do not Permission.implies(Permission)
imply}
the given permission, an AuthorizationException
will be thrown.
subjectPrincipal
- the application-specific subject/user identifier.permission
- the Permission to check.
AuthorizationException
- if the user does not have the permission.void checkPermissions(PrincipalCollection subjectPrincipal, String... permissions) throws AuthorizationException
implies
all of the
specified permission strings.
If the subject's exisiting associated permissions do not
imply
all of the given permissions,
an AuthorizationException
will be thrown.
This is an overloaded method for the corresponding type-safe Permission
variant.
Please see the class-level JavaDoc for more information on these String-based permission methods.
subjectPrincipal
- the application-specific subject/user identifier.permissions
- the string representations of Permissions to check.
AuthorizationException
- if the user does not have all of the given permissions.void checkPermissions(PrincipalCollection subjectPrincipal, Collection<Permission> permissions) throws AuthorizationException
implies
all of the
specified permission strings.
If the subject's exisiting associated permissions do not
imply
all of the given permissions,
an AuthorizationException
will be thrown.
subjectPrincipal
- the application-specific subject/user identifier.permissions
- the Permissions to check.
AuthorizationException
- if the user does not have all of the given permissions.boolean hasRole(PrincipalCollection subjectPrincipal, String roleIdentifier)
subjectPrincipal
- the application-specific subject/user identifier.roleIdentifier
- the application-specific role identifier (usually a role id or role name).
boolean[] hasRoles(PrincipalCollection subjectPrincipal, List<String> roleIdentifiers)
This is primarily a performance-enhancing method to help reduce the number of
hasRole(org.apache.shiro.subject.PrincipalCollection, java.lang.String)
invocations over the wire in client/server systems.
subjectPrincipal
- the application-specific subject/user identifier.roleIdentifiers
- the application-specific role identifiers to check (usually role ids or role names).
boolean hasAllRoles(PrincipalCollection subjectPrincipal, Collection<String> roleIdentifiers)
subjectPrincipal
- the application-specific subject/user identifier.roleIdentifiers
- the application-specific role identifiers to check (usually role ids or role names).
void checkRole(PrincipalCollection subjectPrincipal, String roleIdentifier) throws AuthorizationException
AuthorizationException
if they do not.
subjectPrincipal
- the application-specific subject/user identifier.roleIdentifier
- the application-specific role identifier (usually a role id or role name ).
AuthorizationException
- if the user does not have the role.void checkRoles(PrincipalCollection subjectPrincipal, Collection<String> roleIdentifiers) throws AuthorizationException
AuthorizationException
if they do not.
subjectPrincipal
- the application-specific subject/user identifier.roleIdentifiers
- the application-specific role identifiers to check (usually role ids or role names).
AuthorizationException
- if the user does not have all of the specified roles.void checkRoles(PrincipalCollection subjectPrincipal, String... roleIdentifiers) throws AuthorizationException
checkRoles(PrincipalCollection subjectPrincipal, Collection<String> roleIdentifiers)
but doesn't require a collection
as an argument.
Asserts the corresponding Subject/user has all of the specified roles by returning quietly if they do or
throwing an AuthorizationException
if they do not.
subjectPrincipal
- the application-specific subject/user identifier.roleIdentifiers
- the application-specific role identifiers to check (usually role ids or role names).
AuthorizationException
- if the user does not have all of the specified roles.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |