ModularRealmAuthorizer (Apache Shiro

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.shiro.authz
Class ModularRealmAuthorizer

java.lang.Object
  org.apache.shiro.authz.ModularRealmAuthorizer

All Implemented Interfaces:: Authorizer, PermissionResolverAware, RolePermissionResolverAware

public class ModularRealmAuthorizer
extends Object
implements Authorizer, PermissionResolverAware, RolePermissionResolverAware
extends Object
implements Authorizer, PermissionResolverAware, RolePermissionResolverAware

A ModularRealmAuthorizer is an Authorizer implementation that consults one or more configured Realms during an authorization operation.

Since:: 0.2

Field Summary
`protected PermissionResolver`	`permissionResolver` A PermissionResolver to be used by all configured realms.
`protected Collection<Realm>`	`realms` The realms to consult during any authorization check.
`protected RolePermissionResolver`	`rolePermissionResolver` A RolePermissionResolver to be used by all configured realms.

Constructor Summary
`ModularRealmAuthorizer()` Default no-argument constructor, does nothing.
`ModularRealmAuthorizer(Collection<Realm> realms)` Constructor that accepts the `Realm`s to consult during an authorization check.

Method Summary
`protected void`	`applyPermissionResolverToRealms()` Sets the internal `getPermissionResolver()` on any internal configured `Realms` that implement the `PermissionResolverAware` interface.
`protected void`	`applyRolePermissionResolverToRealms()` Sets the internal `getRolePermissionResolver()` on any internal configured `Realms` that implement the `RolePermissionResolverAware` interface.
`protected void`	`assertRealmsConfigured()` Used by the `Authorizer` implementation methods to ensure that the `realms` has been set.
`void`	`checkPermission(PrincipalCollection principals, Permission permission)` If !`isPermitted(permission)`, throws an `UnauthorizedException` otherwise returns quietly.
`void`	`checkPermission(PrincipalCollection principals, String permission)` If !`isPermitted(permission)`, throws an `UnauthorizedException` otherwise returns quietly.
`void`	`checkPermissions(PrincipalCollection principals, Collection<Permission> permissions)` If !`isPermitted(permission)` for all the given Permissions, throws an `UnauthorizedException` otherwise returns quietly.
`void`	`checkPermissions(PrincipalCollection principals, String... permissions)` If !`isPermitted(permission)`, throws an `UnauthorizedException` otherwise returns quietly.
`void`	`checkRole(PrincipalCollection principals, String role)` If !`hasRole(role)`, throws an `UnauthorizedException` otherwise returns quietly.
`void`	`checkRoles(PrincipalCollection principals, Collection<String> roles)` Calls {@link #checkRoles(PrincipalCollection principals, String...
`void`	`checkRoles(PrincipalCollection principals, String... roles)` Calls `checkRole` for each role specified.
`PermissionResolver`	`getPermissionResolver()` Returns the PermissionResolver to be used on all configured realms, or `null`
`Collection<Realm>`	`getRealms()` Returns the realms wrapped by this `Authorizer` which are consulted during an authorization check.
`RolePermissionResolver`	`getRolePermissionResolver()` Returns the RolePermissionResolver to be used on all configured realms, or `null`
`boolean`	`hasAllRoles(PrincipalCollection principals, Collection<String> roleIdentifiers)` Returns `true` iff any of the configured realms' `hasRole(org.apache.shiro.subject.PrincipalCollection, String)` call returns `true` for all roles specified, `false` otherwise.
`boolean`	`hasRole(PrincipalCollection principals, String roleIdentifier)` Returns `true` if any of the configured realms' `hasRole(org.apache.shiro.subject.PrincipalCollection, String)` call returns `true`, `false` otherwise.
`boolean[]`	`hasRoles(PrincipalCollection principals, List<String> roleIdentifiers)` Calls `hasRole(org.apache.shiro.subject.PrincipalCollection, String)` for each role name in the specified collection and places the return value from each call at the respective location in the returned array.
`boolean[]`	`isPermitted(PrincipalCollection principals, List<Permission> permissions)` Returns `true` if any of the configured realms' `isPermitted(org.apache.shiro.subject.PrincipalCollection, List)` call returns `true`, `false` otherwise.
`boolean`	`isPermitted(PrincipalCollection principals, Permission permission)` Returns `true` if any of the configured realms' `isPermitted(org.apache.shiro.subject.PrincipalCollection, Permission)` call returns `true`, `false` otherwise.
`boolean[]`	`isPermitted(PrincipalCollection principals, String... permissions)` Returns `true` if any of the configured realms' `isPermittedAll(org.apache.shiro.subject.PrincipalCollection, String...)` call returns `true`, `false` otherwise.
`boolean`	`isPermitted(PrincipalCollection principals, String permission)` Returns `true` if any of the configured realms' `isPermitted(org.apache.shiro.subject.PrincipalCollection, String)` returns `true`, `false` otherwise.
`boolean`	`isPermittedAll(PrincipalCollection principals, Collection<Permission> permissions)` Returns `true` if any of the configured realms' `isPermitted(org.apache.shiro.subject.PrincipalCollection, Permission)` call returns `true` for all of the specified Permissions, `false` otherwise.
`boolean`	`isPermittedAll(PrincipalCollection principals, String... permissions)` Returns `true` if any of the configured realms' `isPermitted(org.apache.shiro.subject.PrincipalCollection, String)` call returns `true` for all of the specified string permissions, `false` otherwise.
`void`	`setPermissionResolver(PermissionResolver permissionResolver)` Sets the specified `PermissionResolver` on all of the wrapped realms that implement the `PermissionResolverAware` interface.
`void`	`setRealms(Collection<Realm> realms)` Sets the realms wrapped by this `Authorizer` which are consulted during an authorization check.
`void`	`setRolePermissionResolver(RolePermissionResolver rolePermissionResolver)` Sets the specified `RolePermissionResolver` on all of the wrapped realms that implement the `PermissionResolverAware` interface.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

realms

protected Collection<Realm> realms

The realms to consult during any authorization check.

permissionResolver

protected PermissionResolver permissionResolver

A PermissionResolver to be used by all configured realms. Leave null if you wish to configure different resolvers for different realms.

rolePermissionResolver

protected RolePermissionResolver rolePermissionResolver

A RolePermissionResolver to be used by all configured realms. Leave null if you wish to configure different resolvers for different realms.

Constructor Detail

ModularRealmAuthorizer

public ModularRealmAuthorizer()

Default no-argument constructor, does nothing.

ModularRealmAuthorizer

public ModularRealmAuthorizer(Collection<Realm> realms)

Constructor that accepts the Realms to consult during an authorization check. Immediately calls setRealms(realms).

Parameters:: realms - the realms to consult during an authorization check.

Method Detail

getRealms

public Collection<Realm> getRealms()

Returns the realms wrapped by this Authorizer which are consulted during an authorization check.

Returns:: the realms wrapped by this Authorizer which are consulted during an authorization check.

setRealms

public void setRealms(Collection<Realm> realms)

Sets the realms wrapped by this Authorizer which are consulted during an authorization check.

Parameters:: realms - the realms wrapped by this Authorizer which are consulted during an authorization check.

getPermissionResolver

public PermissionResolver getPermissionResolver()

Returns the PermissionResolver to be used on all configured realms, or null

Returns:: the PermissionResolver to be used on all configured realms, or nullSince:; 1.0

setPermissionResolver

public void setPermissionResolver(PermissionResolver permissionResolver)

Sets the specified PermissionResolver on all of the wrapped realms that implement the PermissionResolverAware interface.

Only call this method if you want the permission resolver to be passed to all realms that implement the PermissionResolver interface. If you do not want this to occur, the realms must configure themselves individually (or be configured individually).

Specified by:: setPermissionResolver in interface PermissionResolverAware

Parameters:: permissionResolver - the permissionResolver to set on all of the wrapped realms that implement the PermissionResolverAware interface.

applyPermissionResolverToRealms

protected void applyPermissionResolverToRealms()

Sets the internal getPermissionResolver() on any internal configured Realms that implement the PermissionResolverAware interface.

This method is called after setting a permissionResolver on this ModularRealmAuthorizer via the setPermissionResolver method.

It is also called after setting one or more realms via the setRealms method to allow these newly available realms to be given the PermissionResolver already in use.

Since:: 1.0

getRolePermissionResolver

public RolePermissionResolver getRolePermissionResolver()

Returns the RolePermissionResolver to be used on all configured realms, or null

Returns:: the RolePermissionResolver to be used on all configured realms, or nullSince:; 1.0

setRolePermissionResolver

public void setRolePermissionResolver(RolePermissionResolver rolePermissionResolver)

Sets the specified RolePermissionResolver on all of the wrapped realms that implement the PermissionResolverAware interface.

Only call this method if you want the permission resolver to be passed to all realms that implement the RolePermissionResolver interface. If you do not want this to occur, the realms must configure themselves individually (or be configured individually).

Specified by:: setRolePermissionResolver in interface RolePermissionResolverAware

Parameters:: rolePermissionResolver - the rolePermissionResolver to set on all of the wrapped realms that implement the RolePermissionResolverAware interface.

applyRolePermissionResolverToRealms

protected void applyRolePermissionResolverToRealms()

Sets the internal getRolePermissionResolver() on any internal configured Realms that implement the RolePermissionResolverAware interface.

This method is called after setting a rolePermissionResolver on this ModularRealmAuthorizer via the setRolePermissionResolver method.

It is also called after setting one or more realms via the setRealms method to allow these newly available realms to be given the RolePermissionResolver already in use.

Since:: 1.0

assertRealmsConfigured

protected void assertRealmsConfigured()
                               throws IllegalStateException

Used by the Authorizer implementation methods to ensure that the realms has been set. The default implementation ensures the property is not null and not empty.

Throws:: IllegalStateException - if the realms property is configured incorrectly.

isPermitted

public boolean isPermitted(PrincipalCollection principals,
                           String permission)

Returns true if any of the configured realms' isPermitted(org.apache.shiro.subject.PrincipalCollection, String) returns true, false otherwise.

Specified by:: isPermitted in interface Authorizer

Parameters:: principals - the application-specific subject/user identifier.; permission - the String representation of a Permission that is being checked.
Returns:: true if the corresponding Subject/user is permitted, false otherwise.
See Also:: Authorizer.isPermitted(PrincipalCollection principals,Permission permission)

isPermitted

public boolean isPermitted(PrincipalCollection principals,
                           Permission permission)

Returns true if any of the configured realms' isPermitted(org.apache.shiro.subject.PrincipalCollection, Permission) call returns true, false otherwise.

Specified by:: isPermitted in interface Authorizer

Parameters:: principals - the application-specific subject/user identifier.; permission - the permission that is being checked.
Returns:: true if the corresponding Subject/user is permitted, false otherwise.

isPermitted

public boolean[] isPermitted(PrincipalCollection principals,
                             String... permissions)

Returns true if any of the configured realms' isPermittedAll(org.apache.shiro.subject.PrincipalCollection, String...) call returns true, false otherwise.

Specified by:: isPermitted in interface Authorizer

Parameters:: principals - the application-specific subject/user identifier.; permissions - the String representations of the Permissions that are being checked.
Returns:: an array of booleans whose indices correspond to the index of the permissions in the given list. A true value at an index indicates the user is permitted for for the associated Permission string in the list. A false value at an index indicates otherwise.

isPermitted

public boolean[] isPermitted(PrincipalCollection principals,
                             List<Permission> permissions)

Returns true if any of the configured realms' isPermitted(org.apache.shiro.subject.PrincipalCollection, List) call returns true, false otherwise.

Specified by:: isPermitted in interface Authorizer

Parameters:: principals - the application-specific subject/user identifier.; permissions - the permissions that are being checked.
Returns:: an array of booleans whose indices correspond to the index of the permissions in the given list. A true value at an index indicates the user is permitted for for the associated Permission object in the list. A false value at an index indicates otherwise.

isPermittedAll

public boolean isPermittedAll(PrincipalCollection principals,
                              String... permissions)

Returns true if any of the configured realms' isPermitted(org.apache.shiro.subject.PrincipalCollection, String) call returns true for all of the specified string permissions, false otherwise.

Specified by:: isPermittedAll in interface Authorizer

Parameters:: principals - the application-specific subject/user identifier.; permissions - the String representations of the Permissions that are being checked.
Returns:: true if the user has all of the specified permissions, false otherwise.
See Also:: Authorizer.isPermittedAll(PrincipalCollection,Collection)

isPermittedAll

public boolean isPermittedAll(PrincipalCollection principals,
                              Collection<Permission> permissions)

Returns true if any of the configured realms' isPermitted(org.apache.shiro.subject.PrincipalCollection, Permission) call returns true for all of the specified Permissions, false otherwise.

Specified by:: isPermittedAll in interface Authorizer

Parameters:: principals - the application-specific subject/user identifier.; permissions - the permissions to check.
Returns:: true if the user has all of the specified permissions, false otherwise.

checkPermission

public void checkPermission(PrincipalCollection principals,
                            String permission)
                     throws AuthorizationException

If !isPermitted(permission), throws an UnauthorizedException otherwise returns quietly.

Specified by:: checkPermission in interface Authorizer

Parameters:: principals - the application-specific subject/user identifier.; permission - the String representation of the Permission to check.
Throws:: AuthorizationException - if the user does not have the permission.

checkPermission

public void checkPermission(PrincipalCollection principals,
                            Permission permission)
                     throws AuthorizationException

If !isPermitted(permission), throws an UnauthorizedException otherwise returns quietly.

Specified by:: checkPermission in interface Authorizer

Parameters:: principals - the application-specific subject/user identifier.; permission - the Permission to check.
Throws:: AuthorizationException - if the user does not have the permission.

checkPermissions

public void checkPermissions(PrincipalCollection principals,
                             String... permissions)
                      throws AuthorizationException

If !isPermitted(permission), throws an UnauthorizedException otherwise returns quietly.

Specified by:: checkPermissions in interface Authorizer

Parameters:: principals - the application-specific subject/user identifier.; permissions - the string representations of Permissions to check.
Throws:: AuthorizationException - if the user does not have all of the given permissions.

checkPermissions

public void checkPermissions(PrincipalCollection principals,
                             Collection<Permission> permissions)
                      throws AuthorizationException

If !isPermitted(permission) for all the given Permissions, throws an UnauthorizedException otherwise returns quietly.

Specified by:: checkPermissions in interface Authorizer

Parameters:: principals - the application-specific subject/user identifier.; permissions - the Permissions to check.
Throws:: AuthorizationException - if the user does not have all of the given permissions.

hasRole

public boolean hasRole(PrincipalCollection principals,
                       String roleIdentifier)

Returns true if any of the configured realms' hasRole(org.apache.shiro.subject.PrincipalCollection, String) call returns true, false otherwise.

Specified by:: hasRole in interface Authorizer

Parameters:: principals - the application-specific subject/user identifier.; roleIdentifier - the application-specific role identifier (usually a role id or role name).
Returns:: true if the corresponding subject has the specified role, false otherwise.

hasRoles

public boolean[] hasRoles(PrincipalCollection principals,
                          List<String> roleIdentifiers)

Calls hasRole(org.apache.shiro.subject.PrincipalCollection, String) for each role name in the specified collection and places the return value from each call at the respective location in the returned array.

Specified by:: hasRoles in interface Authorizer

Parameters:: principals - the application-specific subject/user identifier.; roleIdentifiers - the application-specific role identifiers to check (usually role ids or role names).
Returns:: an array of booleans whose indices correspond to the index of the roles in the given identifiers. A true value indicates the user has the role at that index. False indicates the user does not have the role at that index.

hasAllRoles

public boolean hasAllRoles(PrincipalCollection principals,
                           Collection<String> roleIdentifiers)

Returns true iff any of the configured realms' hasRole(org.apache.shiro.subject.PrincipalCollection, String) call returns true for all roles specified, false otherwise.

Specified by:: hasAllRoles in interface Authorizer

Parameters:: principals - the application-specific subject/user identifier.; roleIdentifiers - the application-specific role identifiers to check (usually role ids or role names).
Returns:: true if the user has all the roles, false otherwise.

checkRole

public void checkRole(PrincipalCollection principals,
                      String role)
               throws AuthorizationException

If !hasRole(role), throws an UnauthorizedException otherwise returns quietly.

Specified by:: checkRole in interface Authorizer

Parameters:: principals - the application-specific subject/user identifier.; role - the application-specific role identifier (usually a role id or role name ).
Throws:: AuthorizationException - if the user does not have the role.

checkRoles

public void checkRoles(PrincipalCollection principals,
                       Collection<String> roles)
                throws AuthorizationException

Calls checkRoles(PrincipalCollection principals, String... roles) .

Specified by:: checkRoles in interface Authorizer

Parameters:: principals - the application-specific subject/user identifier.; roles - the application-specific role identifiers to check (usually role ids or role names).
Throws:: AuthorizationException - if the user does not have all of the specified roles.

checkRoles

public void checkRoles(PrincipalCollection principals,
                       String... roles)
                throws AuthorizationException

Calls checkRole for each role specified.

Specified by:: checkRoles in interface Authorizer

Parameters:: principals - the application-specific subject/user identifier.; roles - the application-specific role identifiers to check (usually role ids or role names).
Throws:: AuthorizationException - if the user does not have all of the specified roles.

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.shiro.authz Class ModularRealmAuthorizer

realms

permissionResolver

rolePermissionResolver

ModularRealmAuthorizer

ModularRealmAuthorizer

getRealms

setRealms

getPermissionResolver

setPermissionResolver

applyPermissionResolverToRealms

getRolePermissionResolver

setRolePermissionResolver

applyRolePermissionResolverToRealms

assertRealmsConfigured

isPermitted

isPermitted

isPermitted

isPermitted

isPermittedAll

isPermittedAll

checkPermission

checkPermission

checkPermissions

checkPermissions

hasRole

hasRoles

hasAllRoles

checkRole

checkRoles

checkRoles

org.apache.shiro.authz
Class ModularRealmAuthorizer