org.apache.shiro.authz
Class ModularRealmAuthorizer

java.lang.Object
  extended by org.apache.shiro.authz.ModularRealmAuthorizer
All Implemented Interfaces:
Authorizer, PermissionResolverAware, RolePermissionResolverAware

public class ModularRealmAuthorizer
extends Object
implements Authorizer, PermissionResolverAware, RolePermissionResolverAware

A ModularRealmAuthorizer is an Authorizer implementation that consults one or more configured Realms during an authorization operation.

Since:
0.2

Field Summary
protected  PermissionResolver permissionResolver
          A PermissionResolver to be used by all configured realms.
protected  Collection<Realm> realms
          The realms to consult during any authorization check.
protected  RolePermissionResolver rolePermissionResolver
          A RolePermissionResolver to be used by all configured realms.
 
Constructor Summary
ModularRealmAuthorizer()
          Default no-argument constructor, does nothing.
ModularRealmAuthorizer(Collection<Realm> realms)
          Constructor that accepts the Realms to consult during an authorization check.
 
Method Summary
protected  void applyPermissionResolverToRealms()
          Sets the internal getPermissionResolver() on any internal configured Realms that implement the PermissionResolverAware interface.
protected  void applyRolePermissionResolverToRealms()
          Sets the internal getRolePermissionResolver() on any internal configured Realms that implement the RolePermissionResolverAware interface.
protected  void assertRealmsConfigured()
          Used by the Authorizer implementation methods to ensure that the realms has been set.
 void checkPermission(PrincipalCollection principals, Permission permission)
          If !isPermitted(permission), throws an UnauthorizedException otherwise returns quietly.
 void checkPermission(PrincipalCollection principals, String permission)
          If !isPermitted(permission), throws an UnauthorizedException otherwise returns quietly.
 void checkPermissions(PrincipalCollection principals, Collection<Permission> permissions)
          If !isPermitted(permission) for all the given Permissions, throws an UnauthorizedException otherwise returns quietly.
 void checkPermissions(PrincipalCollection principals, String... permissions)
          If !isPermitted(permission), throws an UnauthorizedException otherwise returns quietly.
 void checkRole(PrincipalCollection principals, String role)
          If !hasRole(role), throws an UnauthorizedException otherwise returns quietly.
 void checkRoles(PrincipalCollection principals, Collection<String> roles)
          Calls {@link #checkRoles(PrincipalCollection principals, String...
 void checkRoles(PrincipalCollection principals, String... roles)
          Calls checkRole for each role specified.
 PermissionResolver getPermissionResolver()
          Returns the PermissionResolver to be used on all configured realms, or null
 Collection<Realm> getRealms()
          Returns the realms wrapped by this Authorizer which are consulted during an authorization check.
 RolePermissionResolver getRolePermissionResolver()
          Returns the RolePermissionResolver to be used on all configured realms, or null
 boolean hasAllRoles(PrincipalCollection principals, Collection<String> roleIdentifiers)
          Returns true iff any of the configured realms' hasRole(org.apache.shiro.subject.PrincipalCollection, String) call returns true for all roles specified, false otherwise.
 boolean hasRole(PrincipalCollection principals, String roleIdentifier)
          Returns true if any of the configured realms' hasRole(org.apache.shiro.subject.PrincipalCollection, String) call returns true, false otherwise.
 boolean[] hasRoles(PrincipalCollection principals, List<String> roleIdentifiers)
          Calls hasRole(org.apache.shiro.subject.PrincipalCollection, String) for each role name in the specified collection and places the return value from each call at the respective location in the returned array.
 boolean[] isPermitted(PrincipalCollection principals, List<Permission> permissions)
          Returns true if any of the configured realms' isPermitted(org.apache.shiro.subject.PrincipalCollection, List) call returns true, false otherwise.
 boolean isPermitted(PrincipalCollection principals, Permission permission)
          Returns true if any of the configured realms' isPermitted(org.apache.shiro.subject.PrincipalCollection, Permission) call returns true, false otherwise.
 boolean[] isPermitted(PrincipalCollection principals, String... permissions)
          Returns true if any of the configured realms' isPermittedAll(org.apache.shiro.subject.PrincipalCollection, String...) call returns true, false otherwise.
 boolean isPermitted(PrincipalCollection principals, String permission)
          Returns true if any of the configured realms' isPermitted(org.apache.shiro.subject.PrincipalCollection, String) returns true, false otherwise.
 boolean isPermittedAll(PrincipalCollection principals, Collection<Permission> permissions)
          Returns true if any of the configured realms' isPermitted(org.apache.shiro.subject.PrincipalCollection, Permission) call returns true for all of the specified Permissions, false otherwise.
 boolean isPermittedAll(PrincipalCollection principals, String... permissions)
          Returns true if any of the configured realms' isPermitted(org.apache.shiro.subject.PrincipalCollection, String) call returns true for all of the specified string permissions, false otherwise.
 void setPermissionResolver(PermissionResolver permissionResolver)
          Sets the specified PermissionResolver on all of the wrapped realms that implement the PermissionResolverAware interface.
 void setRealms(Collection<Realm> realms)
          Sets the realms wrapped by this Authorizer which are consulted during an authorization check.
 void setRolePermissionResolver(RolePermissionResolver rolePermissionResolver)
          Sets the specified RolePermissionResolver on all of the wrapped realms that implement the PermissionResolverAware interface.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

realms

protected Collection<Realm> realms
The realms to consult during any authorization check.


permissionResolver

protected PermissionResolver permissionResolver
A PermissionResolver to be used by all configured realms. Leave null if you wish to configure different resolvers for different realms.


rolePermissionResolver

protected RolePermissionResolver rolePermissionResolver
A RolePermissionResolver to be used by all configured realms. Leave null if you wish to configure different resolvers for different realms.

Constructor Detail

ModularRealmAuthorizer

public ModularRealmAuthorizer()
Default no-argument constructor, does nothing.


ModularRealmAuthorizer

public ModularRealmAuthorizer(Collection<Realm> realms)
Constructor that accepts the Realms to consult during an authorization check. Immediately calls setRealms(realms).

Parameters:
realms - the realms to consult during an authorization check.
Method Detail

getRealms

public Collection<Realm> getRealms()
Returns the realms wrapped by this Authorizer which are consulted during an authorization check.

Returns:
the realms wrapped by this Authorizer which are consulted during an authorization check.

setRealms

public void setRealms(Collection<Realm> realms)
Sets the realms wrapped by this Authorizer which are consulted during an authorization check.

Parameters:
realms - the realms wrapped by this Authorizer which are consulted during an authorization check.

getPermissionResolver

public PermissionResolver getPermissionResolver()
Returns the PermissionResolver to be used on all configured realms, or null
Returns:
the PermissionResolver to be used on all configured realms, or nullSince:
1.0

setPermissionResolver

public void setPermissionResolver(PermissionResolver permissionResolver)
Sets the specified PermissionResolver on all of the wrapped realms that implement the PermissionResolverAware interface.

Only call this method if you want the permission resolver to be passed to all realms that implement the PermissionResolver interface. If you do not want this to occur, the realms must configure themselves individually (or be configured individually).

Specified by:
setPermissionResolver in interface PermissionResolverAware
Parameters:
permissionResolver - the permissionResolver to set on all of the wrapped realms that implement the PermissionResolverAware interface.

applyPermissionResolverToRealms

protected void applyPermissionResolverToRealms()
Sets the internal getPermissionResolver() on any internal configured Realms that implement the PermissionResolverAware interface.

This method is called after setting a permissionResolver on this ModularRealmAuthorizer via the setPermissionResolver method.

It is also called after setting one or more realms via the setRealms method to allow these newly available realms to be given the PermissionResolver already in use.

Since:
1.0

getRolePermissionResolver

public RolePermissionResolver getRolePermissionResolver()
Returns the RolePermissionResolver to be used on all configured realms, or null
Returns:
the RolePermissionResolver to be used on all configured realms, or nullSince:
1.0

setRolePermissionResolver

public void setRolePermissionResolver(RolePermissionResolver rolePermissionResolver)
Sets the specified RolePermissionResolver on all of the wrapped realms that implement the PermissionResolverAware interface.

Only call this method if you want the permission resolver to be passed to all realms that implement the RolePermissionResolver interface. If you do not want this to occur, the realms must configure themselves individually (or be configured individually).

Specified by:
setRolePermissionResolver in interface RolePermissionResolverAware
Parameters:
rolePermissionResolver - the rolePermissionResolver to set on all of the wrapped realms that implement the RolePermissionResolverAware interface.

applyRolePermissionResolverToRealms

protected void applyRolePermissionResolverToRealms()
Sets the internal getRolePermissionResolver() on any internal configured Realms that implement the RolePermissionResolverAware interface.

This method is called after setting a rolePermissionResolver on this ModularRealmAuthorizer via the setRolePermissionResolver method.

It is also called after setting one or more realms via the setRealms method to allow these newly available realms to be given the RolePermissionResolver already in use.

Since:
1.0

assertRealmsConfigured

protected void assertRealmsConfigured()
                               throws IllegalStateException
Used by the Authorizer implementation methods to ensure that the realms has been set. The default implementation ensures the property is not null and not empty.

Throws:
IllegalStateException - if the realms property is configured incorrectly.

isPermitted

public boolean isPermitted(PrincipalCollection principals,
                           String permission)
Returns true if any of the configured realms' isPermitted(org.apache.shiro.subject.PrincipalCollection, String) returns true, false otherwise.

Specified by:
isPermitted in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
permission - the String representation of a Permission that is being checked.
Returns:
true if the corresponding Subject/user is permitted, false otherwise.
See Also:
Authorizer.isPermitted(PrincipalCollection principals,Permission permission)

isPermitted

public boolean isPermitted(PrincipalCollection principals,
                           Permission permission)
Returns true if any of the configured realms' isPermitted(org.apache.shiro.subject.PrincipalCollection, Permission) call returns true, false otherwise.

Specified by:
isPermitted in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
permission - the permission that is being checked.
Returns:
true if the corresponding Subject/user is permitted, false otherwise.

isPermitted

public boolean[] isPermitted(PrincipalCollection principals,
                             String... permissions)
Returns true if any of the configured realms' isPermittedAll(org.apache.shiro.subject.PrincipalCollection, String...) call returns true, false otherwise.

Specified by:
isPermitted in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
permissions - the String representations of the Permissions that are being checked.
Returns:
an array of booleans whose indices correspond to the index of the permissions in the given list. A true value at an index indicates the user is permitted for for the associated Permission string in the list. A false value at an index indicates otherwise.

isPermitted

public boolean[] isPermitted(PrincipalCollection principals,
                             List<Permission> permissions)
Returns true if any of the configured realms' isPermitted(org.apache.shiro.subject.PrincipalCollection, List) call returns true, false otherwise.

Specified by:
isPermitted in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
permissions - the permissions that are being checked.
Returns:
an array of booleans whose indices correspond to the index of the permissions in the given list. A true value at an index indicates the user is permitted for for the associated Permission object in the list. A false value at an index indicates otherwise.

isPermittedAll

public boolean isPermittedAll(PrincipalCollection principals,
                              String... permissions)
Returns true if any of the configured realms' isPermitted(org.apache.shiro.subject.PrincipalCollection, String) call returns true for all of the specified string permissions, false otherwise.

Specified by:
isPermittedAll in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
permissions - the String representations of the Permissions that are being checked.
Returns:
true if the user has all of the specified permissions, false otherwise.
See Also:
Authorizer.isPermittedAll(PrincipalCollection,Collection)

isPermittedAll

public boolean isPermittedAll(PrincipalCollection principals,
                              Collection<Permission> permissions)
Returns true if any of the configured realms' isPermitted(org.apache.shiro.subject.PrincipalCollection, Permission) call returns true for all of the specified Permissions, false otherwise.

Specified by:
isPermittedAll in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
permissions - the permissions to check.
Returns:
true if the user has all of the specified permissions, false otherwise.

checkPermission

public void checkPermission(PrincipalCollection principals,
                            String permission)
                     throws AuthorizationException
If !isPermitted(permission), throws an UnauthorizedException otherwise returns quietly.

Specified by:
checkPermission in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
permission - the String representation of the Permission to check.
Throws:
AuthorizationException - if the user does not have the permission.

checkPermission

public void checkPermission(PrincipalCollection principals,
                            Permission permission)
                     throws AuthorizationException
If !isPermitted(permission), throws an UnauthorizedException otherwise returns quietly.

Specified by:
checkPermission in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
permission - the Permission to check.
Throws:
AuthorizationException - if the user does not have the permission.

checkPermissions

public void checkPermissions(PrincipalCollection principals,
                             String... permissions)
                      throws AuthorizationException
If !isPermitted(permission), throws an UnauthorizedException otherwise returns quietly.

Specified by:
checkPermissions in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
permissions - the string representations of Permissions to check.
Throws:
AuthorizationException - if the user does not have all of the given permissions.

checkPermissions

public void checkPermissions(PrincipalCollection principals,
                             Collection<Permission> permissions)
                      throws AuthorizationException
If !isPermitted(permission) for all the given Permissions, throws an UnauthorizedException otherwise returns quietly.

Specified by:
checkPermissions in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
permissions - the Permissions to check.
Throws:
AuthorizationException - if the user does not have all of the given permissions.

hasRole

public boolean hasRole(PrincipalCollection principals,
                       String roleIdentifier)
Returns true if any of the configured realms' hasRole(org.apache.shiro.subject.PrincipalCollection, String) call returns true, false otherwise.

Specified by:
hasRole in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
roleIdentifier - the application-specific role identifier (usually a role id or role name).
Returns:
true if the corresponding subject has the specified role, false otherwise.

hasRoles

public boolean[] hasRoles(PrincipalCollection principals,
                          List<String> roleIdentifiers)
Calls hasRole(org.apache.shiro.subject.PrincipalCollection, String) for each role name in the specified collection and places the return value from each call at the respective location in the returned array.

Specified by:
hasRoles in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
roleIdentifiers - the application-specific role identifiers to check (usually role ids or role names).
Returns:
an array of booleans whose indices correspond to the index of the roles in the given identifiers. A true value indicates the user has the role at that index. False indicates the user does not have the role at that index.

hasAllRoles

public boolean hasAllRoles(PrincipalCollection principals,
                           Collection<String> roleIdentifiers)
Returns true iff any of the configured realms' hasRole(org.apache.shiro.subject.PrincipalCollection, String) call returns true for all roles specified, false otherwise.

Specified by:
hasAllRoles in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
roleIdentifiers - the application-specific role identifiers to check (usually role ids or role names).
Returns:
true if the user has all the roles, false otherwise.

checkRole

public void checkRole(PrincipalCollection principals,
                      String role)
               throws AuthorizationException
If !hasRole(role), throws an UnauthorizedException otherwise returns quietly.

Specified by:
checkRole in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
role - the application-specific role identifier (usually a role id or role name ).
Throws:
AuthorizationException - if the user does not have the role.

checkRoles

public void checkRoles(PrincipalCollection principals,
                       Collection<String> roles)
                throws AuthorizationException
Calls checkRoles(PrincipalCollection principals, String... roles) .

Specified by:
checkRoles in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
roles - the application-specific role identifiers to check (usually role ids or role names).
Throws:
AuthorizationException - if the user does not have all of the specified roles.

checkRoles

public void checkRoles(PrincipalCollection principals,
                       String... roles)
                throws AuthorizationException
Calls checkRole for each role specified.

Specified by:
checkRoles in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
roles - the application-specific role identifiers to check (usually role ids or role names).
Throws:
AuthorizationException - if the user does not have all of the specified roles.


Copyright © 2004-2012 The Apache Software Foundation. All Rights Reserved.