org.apache.shiro.authz
Class SimpleAuthorizationInfo

java.lang.Object
  org.apache.shiro.authz.SimpleAuthorizationInfo

All Implemented Interfaces:

Serializable, AuthorizationInfo

public class SimpleAuthorizationInfo
extends Object
implements AuthorizationInfo

Simple POJO implementation of the AuthorizationInfo interface that stores roles and permissions as internal attributes.

Since:

0.9

See Also:

AuthorizingRealm, Serialized Form

Field Summary

protected Set<Permission>	objectPermissions Collection of all object-based permissions associaed with the account.
protected Set<String>	roles The internal roles collection.
protected Set<String>	stringPermissions Collection of all string-based permissions associated with the account.

Constructor Summary

SimpleAuthorizationInfo()
Default no-argument constructor.

SimpleAuthorizationInfo(Set<String> roles)
Creates a new instance with the specified roles and no permissions.

Method Summary

void	addObjectPermission(Permission permission) Adds (assigns) a permission to those directly associated with the account.
void	addObjectPermissions(Collection<Permission> permissions) Adds (assigns) multiple permissions to those associated directly with the account.
void	addRole(String role) Adds (assigns) a role to those associated with the account.
void	addRoles(Collection<String> roles) Adds (assigns) multiple roles to those associated with the account.
void	addStringPermission(String permission) Adds (assigns) a permission to those directly associated with the account.
void	addStringPermissions(Collection<String> permissions) Adds (assigns) multiple permissions to those associated directly with the account.
Set<Permission>	getObjectPermissions() Returns all type-safe Permissions assigned to the corresponding Subject.
Set<String>	getRoles() Returns the names of all roles assigned to a corresponding Subject.
Set<String>	getStringPermissions() Returns all string-based permissions assigned to the corresponding Subject.
void	setObjectPermissions(Set<Permission> objectPermissions) Sets the object-based permissions assigned directly to the account.
void	setRoles(Set<String> roles) Sets the roles assigned to the account.
void	setStringPermissions(Set<String> stringPermissions) Sets the string-based permissions assigned directly to the account.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

roles

protected Set<String> roles

The internal roles collection.

stringPermissions

protected Set<String> stringPermissions

Collection of all string-based permissions associated with the account.

objectPermissions

protected Set<Permission> objectPermissions

Collection of all object-based permissions associaed with the account.

Constructor Detail

SimpleAuthorizationInfo

public SimpleAuthorizationInfo()

Default no-argument constructor.

SimpleAuthorizationInfo

public SimpleAuthorizationInfo(Set<String> roles)

Creates a new instance with the specified roles and no permissions.

Parameters:

roles - the roles assigned to the realm account.

Method Detail

getRoles

public Set<String> getRoles()

Description copied from interface: AuthorizationInfo

Returns the names of all roles assigned to a corresponding Subject.

Specified by:

getRoles in interface AuthorizationInfo

Returns:

the names of all roles assigned to a corresponding Subject.

setRoles

public void setRoles(Set<String> roles)

Sets the roles assigned to the account.

Parameters:

roles - the roles assigned to the account.

addRole

public void addRole(String role)

Adds (assigns) a role to those associated with the account. If the account doesn't yet have any roles, a new roles collection (a Set) will be created automatically.

Parameters:

role - the role to add to those associated with the account.

addRoles

public void addRoles(Collection<String> roles)

Adds (assigns) multiple roles to those associated with the account. If the account doesn't yet have any roles, a new roles collection (a Set) will be created automatically.

Parameters:

roles - the roles to add to those associated with the account.

getStringPermissions

public Set<String> getStringPermissions()

Description copied from interface: AuthorizationInfo

Returns all string-based permissions assigned to the corresponding Subject. The permissions here plus those returned from getObjectPermissions() represent the total set of permissions assigned. The aggregate set is used to perform a permission authorization check.

This method is a convenience mechanism that allows Realms to represent permissions as Strings if they choose. When performing a security check, a Realm usually converts these strings to object Permissions via an internal PermissionResolver in order to perform the actual permission check. This is not a requirement of course, since Realms can perform security checks in whatever manner deemed necessary, but this explains the conversion mechanism that most Shiro Realms execute for string-based permission checks.

Specified by:

getStringPermissions in interface AuthorizationInfo

Returns:

all string-based permissions assigned to the corresponding Subject.

setStringPermissions

public void setStringPermissions(Set<String> stringPermissions)

Sets the string-based permissions assigned directly to the account. The permissions set here, in addition to any object permissions constitute the total permissions assigned directly to the account.

Parameters:

stringPermissions - the string-based permissions assigned directly to the account.

addStringPermission

public void addStringPermission(String permission)

Adds (assigns) a permission to those directly associated with the account. If the account doesn't yet have any direct permissions, a new permission collection (a Set<String>) will be created automatically.

Parameters:

permission - the permission to add to those directly assigned to the account.

addStringPermissions

public void addStringPermissions(Collection<String> permissions)

Adds (assigns) multiple permissions to those associated directly with the account. If the account doesn't yet have any string-based permissions, a new permissions collection (a Set<String>) will be created automatically.

Parameters:

permissions - the permissions to add to those associated directly with the account.

getObjectPermissions

public Set<Permission> getObjectPermissions()

Description copied from interface: AuthorizationInfo

Returns all type-safe Permissions assigned to the corresponding Subject. The permissions returned from this method plus any returned from getStringPermissions() represent the total set of permissions. The aggregate set is used to perform a permission authorization check.

Specified by:

getObjectPermissions in interface AuthorizationInfo

Returns:

all type-safe Permissions assigned to the corresponding Subject.

setObjectPermissions

public void setObjectPermissions(Set<Permission> objectPermissions)

Sets the object-based permissions assigned directly to the account. The permissions set here, in addition to any string permissions constitute the total permissions assigned directly to the account.

Parameters:

objectPermissions - the object-based permissions assigned directly to the account.

addObjectPermission

public void addObjectPermission(Permission permission)

Adds (assigns) a permission to those directly associated with the account. If the account doesn't yet have any direct permissions, a new permission collection (a Set<Permission>) will be created automatically.

Parameters:

permission - the permission to add to those directly assigned to the account.

addObjectPermissions

public void addObjectPermissions(Collection<Permission> permissions)

Adds (assigns) multiple permissions to those associated directly with the account. If the account doesn't yet have any object-based permissions, a new permissions collection (a Set<Permission>) will be created automatically.

Parameters:

permissions - the permissions to add to those associated directly with the account.