|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.shiro.authz.ModularRealmAuthorizer
public class ModularRealmAuthorizer
A ModularRealmAuthorizer is an Authorizer implementation that consults one or more configured
Realm
s during an authorization operation.
Field Summary | |
---|---|
protected PermissionResolver |
permissionResolver
A PermissionResolver to be used by all configured realms. |
protected Collection<Realm> |
realms
The realms to consult during any authorization check. |
protected RolePermissionResolver |
rolePermissionResolver
A RolePermissionResolver to be used by all configured realms. |
Constructor Summary | |
---|---|
ModularRealmAuthorizer()
Default no-argument constructor, does nothing. |
|
ModularRealmAuthorizer(Collection<Realm> realms)
Constructor that accepts the Realm s to consult during an authorization check. |
Method Summary | |
---|---|
protected void |
applyPermissionResolverToRealms()
Sets the internal getPermissionResolver() on any internal configured
Realms that implement the PermissionResolverAware interface. |
protected void |
applyRolePermissionResolverToRealms()
Sets the internal getRolePermissionResolver() on any internal configured
Realms that implement the RolePermissionResolverAware interface. |
protected void |
assertRealmsConfigured()
Used by the Authorizer implementation methods to ensure that the realms
has been set. |
void |
checkPermission(PrincipalCollection principals,
Permission permission)
If ! isPermitted(permission) , throws
an UnauthorizedException otherwise returns quietly. |
void |
checkPermission(PrincipalCollection principals,
String permission)
If ! isPermitted(permission) , throws
an UnauthorizedException otherwise returns quietly. |
void |
checkPermissions(PrincipalCollection principals,
Collection<Permission> permissions)
If ! isPermitted(permission) for
all the given Permissions, throws
an UnauthorizedException otherwise returns quietly. |
void |
checkPermissions(PrincipalCollection principals,
String... permissions)
If ! isPermitted(permission) ,
throws an UnauthorizedException otherwise returns quietly. |
void |
checkRole(PrincipalCollection principals,
String role)
If ! hasRole(role) , throws
an UnauthorizedException otherwise returns quietly. |
void |
checkRoles(PrincipalCollection principals,
Collection<String> roles)
Calls {@link #checkRoles(PrincipalCollection principals, String... |
void |
checkRoles(PrincipalCollection principals,
String... roles)
Calls checkRole for each role specified. |
PermissionResolver |
getPermissionResolver()
Returns the PermissionResolver to be used on all configured realms, or null
|
Collection<Realm> |
getRealms()
Returns the realms wrapped by this Authorizer which are consulted during an authorization check. |
RolePermissionResolver |
getRolePermissionResolver()
Returns the RolePermissionResolver to be used on all configured realms, or null
|
boolean |
hasAllRoles(PrincipalCollection principals,
Collection<String> roleIdentifiers)
Returns true iff any of the configured realms'
hasRole(org.apache.shiro.subject.PrincipalCollection, String) call returns true for
all roles specified, false otherwise. |
boolean |
hasRole(PrincipalCollection principals,
String roleIdentifier)
Returns true if any of the configured realms'
hasRole(org.apache.shiro.subject.PrincipalCollection, String) call returns true ,
false otherwise. |
boolean[] |
hasRoles(PrincipalCollection principals,
List<String> roleIdentifiers)
Calls hasRole(org.apache.shiro.subject.PrincipalCollection, String) for each role name in the specified
collection and places the return value from each call at the respective location in the returned array. |
boolean[] |
isPermitted(PrincipalCollection principals,
List<Permission> permissions)
Returns true if any of the configured realms'
isPermitted(org.apache.shiro.subject.PrincipalCollection, List) call returns true ,
false otherwise. |
boolean |
isPermitted(PrincipalCollection principals,
Permission permission)
Returns true if any of the configured realms'
isPermitted(org.apache.shiro.subject.PrincipalCollection, Permission) call returns true ,
false otherwise. |
boolean[] |
isPermitted(PrincipalCollection principals,
String... permissions)
Returns true if any of the configured realms'
isPermittedAll(org.apache.shiro.subject.PrincipalCollection, String...) call returns
true , false otherwise. |
boolean |
isPermitted(PrincipalCollection principals,
String permission)
Returns true if any of the configured realms'
isPermitted(org.apache.shiro.subject.PrincipalCollection, String) returns true ,
false otherwise. |
boolean |
isPermittedAll(PrincipalCollection principals,
Collection<Permission> permissions)
Returns true if any of the configured realms'
isPermitted(org.apache.shiro.subject.PrincipalCollection, Permission) call returns true
for all of the specified Permissions, false otherwise. |
boolean |
isPermittedAll(PrincipalCollection principals,
String... permissions)
Returns true if any of the configured realms'
isPermitted(org.apache.shiro.subject.PrincipalCollection, String) call returns true
for all of the specified string permissions, false otherwise. |
void |
setPermissionResolver(PermissionResolver permissionResolver)
Sets the specified PermissionResolver on all of the wrapped realms that
implement the PermissionResolverAware interface. |
void |
setRealms(Collection<Realm> realms)
Sets the realms wrapped by this Authorizer which are consulted during an authorization check. |
void |
setRolePermissionResolver(RolePermissionResolver rolePermissionResolver)
Sets the specified RolePermissionResolver on all of the wrapped realms that
implement the PermissionResolverAware interface. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
protected Collection<Realm> realms
protected PermissionResolver permissionResolver
null
if you wish
to configure different resolvers for different realms.
protected RolePermissionResolver rolePermissionResolver
null
if you wish
to configure different resolvers for different realms.
Constructor Detail |
---|
public ModularRealmAuthorizer()
public ModularRealmAuthorizer(Collection<Realm> realms)
Realm
s to consult during an authorization check. Immediately calls
setRealms(realms)
.
realms
- the realms to consult during an authorization check.Method Detail |
---|
public Collection<Realm> getRealms()
Authorizer
which are consulted during an authorization check.
Authorizer
which are consulted during an authorization check.public void setRealms(Collection<Realm> realms)
Authorizer
which are consulted during an authorization check.
realms
- the realms wrapped by this Authorizer
which are consulted during an authorization check.public PermissionResolver getPermissionResolver()
null
null
Since:
public void setPermissionResolver(PermissionResolver permissionResolver)
PermissionResolver
on all of the wrapped realms that
implement the PermissionResolverAware
interface.
Only call this method if you want the permission resolver to be passed to all realms that implement the
PermissionResolver
interface. If you do not want this to occur, the realms must
configure themselves individually (or be configured individually).
setPermissionResolver
in interface PermissionResolverAware
permissionResolver
- the permissionResolver to set on all of the wrapped realms that implement the
PermissionResolverAware
interface.protected void applyPermissionResolverToRealms()
getPermissionResolver()
on any internal configured
Realms
that implement the PermissionResolverAware
interface.
This method is called after setting a permissionResolver on this ModularRealmAuthorizer via the
setPermissionResolver
method.
It is also called after setting one or more realms via the setRealms
method to allow these
newly available realms to be given the PermissionResolver
already in use.
public RolePermissionResolver getRolePermissionResolver()
null
null
Since:
public void setRolePermissionResolver(RolePermissionResolver rolePermissionResolver)
RolePermissionResolver
on all of the wrapped realms that
implement the PermissionResolverAware
interface.
Only call this method if you want the permission resolver to be passed to all realms that implement the
RolePermissionResolver
interface. If you do not want this to occur, the realms must
configure themselves individually (or be configured individually).
setRolePermissionResolver
in interface RolePermissionResolverAware
rolePermissionResolver
- the rolePermissionResolver to set on all of the wrapped realms that implement the
RolePermissionResolverAware
interface.protected void applyRolePermissionResolverToRealms()
getRolePermissionResolver()
on any internal configured
Realms
that implement the RolePermissionResolverAware
interface.
This method is called after setting a rolePermissionResolver on this ModularRealmAuthorizer via the
setRolePermissionResolver
method.
It is also called after setting one or more realms via the setRealms
method to allow these
newly available realms to be given the RolePermissionResolver
already in use.
protected void assertRealmsConfigured() throws IllegalStateException
Authorizer
implementation methods to ensure that the realms
has been set. The default implementation ensures the property is not null and not empty.
IllegalStateException
- if the realms property is configured incorrectly.public boolean isPermitted(PrincipalCollection principals, String permission)
true
if any of the configured realms'
isPermitted(org.apache.shiro.subject.PrincipalCollection, String)
returns true
,
false
otherwise.
isPermitted
in interface Authorizer
principals
- the application-specific subject/user identifier.permission
- the String representation of a Permission that is being checked.
Authorizer.isPermitted(PrincipalCollection principals,Permission permission)
public boolean isPermitted(PrincipalCollection principals, Permission permission)
true
if any of the configured realms'
isPermitted(org.apache.shiro.subject.PrincipalCollection, Permission)
call returns true
,
false
otherwise.
isPermitted
in interface Authorizer
principals
- the application-specific subject/user identifier.permission
- the permission that is being checked.
public boolean[] isPermitted(PrincipalCollection principals, String... permissions)
true
if any of the configured realms'
isPermittedAll(org.apache.shiro.subject.PrincipalCollection, String...)
call returns
true
, false
otherwise.
isPermitted
in interface Authorizer
principals
- the application-specific subject/user identifier.permissions
- the String representations of the Permissions that are being checked.
public boolean[] isPermitted(PrincipalCollection principals, List<Permission> permissions)
true
if any of the configured realms'
isPermitted(org.apache.shiro.subject.PrincipalCollection, List)
call returns true
,
false
otherwise.
isPermitted
in interface Authorizer
principals
- the application-specific subject/user identifier.permissions
- the permissions that are being checked.
public boolean isPermittedAll(PrincipalCollection principals, String... permissions)
true
if any of the configured realms'
isPermitted(org.apache.shiro.subject.PrincipalCollection, String)
call returns true
for all of the specified string permissions, false
otherwise.
isPermittedAll
in interface Authorizer
principals
- the application-specific subject/user identifier.permissions
- the String representations of the Permissions that are being checked.
Authorizer.isPermittedAll(PrincipalCollection,Collection)
public boolean isPermittedAll(PrincipalCollection principals, Collection<Permission> permissions)
true
if any of the configured realms'
isPermitted(org.apache.shiro.subject.PrincipalCollection, Permission)
call returns true
for all of the specified Permissions, false
otherwise.
isPermittedAll
in interface Authorizer
principals
- the application-specific subject/user identifier.permissions
- the permissions to check.
public void checkPermission(PrincipalCollection principals, String permission) throws AuthorizationException
isPermitted(permission)
, throws
an UnauthorizedException
otherwise returns quietly.
checkPermission
in interface Authorizer
principals
- the application-specific subject/user identifier.permission
- the String representation of the Permission to check.
AuthorizationException
- if the user does not have the permission.public void checkPermission(PrincipalCollection principals, Permission permission) throws AuthorizationException
isPermitted(permission)
, throws
an UnauthorizedException
otherwise returns quietly.
checkPermission
in interface Authorizer
principals
- the application-specific subject/user identifier.permission
- the Permission to check.
AuthorizationException
- if the user does not have the permission.public void checkPermissions(PrincipalCollection principals, String... permissions) throws AuthorizationException
isPermitted(permission)
,
throws an UnauthorizedException
otherwise returns quietly.
checkPermissions
in interface Authorizer
principals
- the application-specific subject/user identifier.permissions
- the string representations of Permissions to check.
AuthorizationException
- if the user does not have all of the given permissions.public void checkPermissions(PrincipalCollection principals, Collection<Permission> permissions) throws AuthorizationException
isPermitted(permission)
for
all the given Permissions, throws
an UnauthorizedException
otherwise returns quietly.
checkPermissions
in interface Authorizer
principals
- the application-specific subject/user identifier.permissions
- the Permissions to check.
AuthorizationException
- if the user does not have all of the given permissions.public boolean hasRole(PrincipalCollection principals, String roleIdentifier)
true
if any of the configured realms'
hasRole(org.apache.shiro.subject.PrincipalCollection, String)
call returns true
,
false
otherwise.
hasRole
in interface Authorizer
principals
- the application-specific subject/user identifier.roleIdentifier
- the application-specific role identifier (usually a role id or role name).
public boolean[] hasRoles(PrincipalCollection principals, List<String> roleIdentifiers)
hasRole(org.apache.shiro.subject.PrincipalCollection, String)
for each role name in the specified
collection and places the return value from each call at the respective location in the returned array.
hasRoles
in interface Authorizer
principals
- the application-specific subject/user identifier.roleIdentifiers
- the application-specific role identifiers to check (usually role ids or role names).
public boolean hasAllRoles(PrincipalCollection principals, Collection<String> roleIdentifiers)
true
iff any of the configured realms'
hasRole(org.apache.shiro.subject.PrincipalCollection, String)
call returns true
for
all roles specified, false
otherwise.
hasAllRoles
in interface Authorizer
principals
- the application-specific subject/user identifier.roleIdentifiers
- the application-specific role identifiers to check (usually role ids or role names).
public void checkRole(PrincipalCollection principals, String role) throws AuthorizationException
hasRole(role)
, throws
an UnauthorizedException
otherwise returns quietly.
checkRole
in interface Authorizer
principals
- the application-specific subject/user identifier.role
- the application-specific role identifier (usually a role id or role name ).
AuthorizationException
- if the user does not have the role.public void checkRoles(PrincipalCollection principals, Collection<String> roles) throws AuthorizationException
checkRoles(PrincipalCollection principals, String... roles)
.
checkRoles
in interface Authorizer
principals
- the application-specific subject/user identifier.roles
- the application-specific role identifiers to check (usually role ids or role names).
AuthorizationException
- if the user does not have all of the specified roles.public void checkRoles(PrincipalCollection principals, String... roles) throws AuthorizationException
checkRole
for each role specified.
checkRoles
in interface Authorizer
principals
- the application-specific subject/user identifier.roles
- the application-specific role identifiers to check (usually role ids or role names).
AuthorizationException
- if the user does not have all of the specified roles.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |