org.apache.shiro.authz
Class SimpleAuthorizationInfo

java.lang.Object
  extended by org.apache.shiro.authz.SimpleAuthorizationInfo
All Implemented Interfaces:
Serializable, AuthorizationInfo

public class SimpleAuthorizationInfo
extends Object
implements AuthorizationInfo

Simple POJO implementation of the AuthorizationInfo interface that stores roles and permissions as internal attributes.

Since:
0.9
See Also:
AuthorizingRealm, Serialized Form

Field Summary
protected  Set<Permission> objectPermissions
          Collection of all object-based permissions associaed with the account.
protected  Set<String> roles
          The internal roles collection.
protected  Set<String> stringPermissions
          Collection of all string-based permissions associated with the account.
 
Constructor Summary
SimpleAuthorizationInfo()
          Default no-argument constructor.
SimpleAuthorizationInfo(Set<String> roles)
          Creates a new instance with the specified roles and no permissions.
 
Method Summary
 void addObjectPermission(Permission permission)
          Adds (assigns) a permission to those directly associated with the account.
 void addObjectPermissions(Collection<Permission> permissions)
          Adds (assigns) multiple permissions to those associated directly with the account.
 void addRole(String role)
          Adds (assigns) a role to those associated with the account.
 void addRoles(Collection<String> roles)
          Adds (assigns) multiple roles to those associated with the account.
 void addStringPermission(String permission)
          Adds (assigns) a permission to those directly associated with the account.
 void addStringPermissions(Collection<String> permissions)
          Adds (assigns) multiple permissions to those associated directly with the account.
 Set<Permission> getObjectPermissions()
          Returns all type-safe Permissions assigned to the corresponding Subject.
 Set<String> getRoles()
          Returns the names of all roles assigned to a corresponding Subject.
 Set<String> getStringPermissions()
          Returns all string-based permissions assigned to the corresponding Subject.
 void setObjectPermissions(Set<Permission> objectPermissions)
          Sets the object-based permissions assigned directly to the account.
 void setRoles(Set<String> roles)
          Sets the roles assigned to the account.
 void setStringPermissions(Set<String> stringPermissions)
          Sets the string-based permissions assigned directly to the account.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

roles

protected Set<String> roles
The internal roles collection.


stringPermissions

protected Set<String> stringPermissions
Collection of all string-based permissions associated with the account.


objectPermissions

protected Set<Permission> objectPermissions
Collection of all object-based permissions associaed with the account.

Constructor Detail

SimpleAuthorizationInfo

public SimpleAuthorizationInfo()
Default no-argument constructor.


SimpleAuthorizationInfo

public SimpleAuthorizationInfo(Set<String> roles)
Creates a new instance with the specified roles and no permissions.

Parameters:
roles - the roles assigned to the realm account.
Method Detail

getRoles

public Set<String> getRoles()
Description copied from interface: AuthorizationInfo
Returns the names of all roles assigned to a corresponding Subject.

Specified by:
getRoles in interface AuthorizationInfo
Returns:
the names of all roles assigned to a corresponding Subject.

setRoles

public void setRoles(Set<String> roles)
Sets the roles assigned to the account.

Parameters:
roles - the roles assigned to the account.

addRole

public void addRole(String role)
Adds (assigns) a role to those associated with the account. If the account doesn't yet have any roles, a new roles collection (a Set) will be created automatically.

Parameters:
role - the role to add to those associated with the account.

addRoles

public void addRoles(Collection<String> roles)
Adds (assigns) multiple roles to those associated with the account. If the account doesn't yet have any roles, a new roles collection (a Set) will be created automatically.

Parameters:
roles - the roles to add to those associated with the account.

getStringPermissions

public Set<String> getStringPermissions()
Description copied from interface: AuthorizationInfo
Returns all string-based permissions assigned to the corresponding Subject. The permissions here plus those returned from getObjectPermissions() represent the total set of permissions assigned. The aggregate set is used to perform a permission authorization check.

This method is a convenience mechanism that allows Realms to represent permissions as Strings if they choose. When performing a security check, a Realm usually converts these strings to object Permissions via an internal PermissionResolver in order to perform the actual permission check. This is not a requirement of course, since Realms can perform security checks in whatever manner deemed necessary, but this explains the conversion mechanism that most Shiro Realms execute for string-based permission checks.

Specified by:
getStringPermissions in interface AuthorizationInfo
Returns:
all string-based permissions assigned to the corresponding Subject.

setStringPermissions

public void setStringPermissions(Set<String> stringPermissions)
Sets the string-based permissions assigned directly to the account. The permissions set here, in addition to any object permissions constitute the total permissions assigned directly to the account.

Parameters:
stringPermissions - the string-based permissions assigned directly to the account.

addStringPermission

public void addStringPermission(String permission)
Adds (assigns) a permission to those directly associated with the account. If the account doesn't yet have any direct permissions, a new permission collection (a Set<String>) will be created automatically.

Parameters:
permission - the permission to add to those directly assigned to the account.

addStringPermissions

public void addStringPermissions(Collection<String> permissions)
Adds (assigns) multiple permissions to those associated directly with the account. If the account doesn't yet have any string-based permissions, a new permissions collection (a Set<String>) will be created automatically.

Parameters:
permissions - the permissions to add to those associated directly with the account.

getObjectPermissions

public Set<Permission> getObjectPermissions()
Description copied from interface: AuthorizationInfo
Returns all type-safe Permissions assigned to the corresponding Subject. The permissions returned from this method plus any returned from getStringPermissions() represent the total set of permissions. The aggregate set is used to perform a permission authorization check.

Specified by:
getObjectPermissions in interface AuthorizationInfo
Returns:
all type-safe Permissions assigned to the corresponding Subject.

setObjectPermissions

public void setObjectPermissions(Set<Permission> objectPermissions)
Sets the object-based permissions assigned directly to the account. The permissions set here, in addition to any string permissions constitute the total permissions assigned directly to the account.

Parameters:
objectPermissions - the object-based permissions assigned directly to the account.

addObjectPermission

public void addObjectPermission(Permission permission)
Adds (assigns) a permission to those directly associated with the account. If the account doesn't yet have any direct permissions, a new permission collection (a Set<Permission>) will be created automatically.

Parameters:
permission - the permission to add to those directly assigned to the account.

addObjectPermissions

public void addObjectPermissions(Collection<Permission> permissions)
Adds (assigns) multiple permissions to those associated directly with the account. If the account doesn't yet have any object-based permissions, a new permissions collection (a Set<Permission>) will be created automatically.

Parameters:
permissions - the permissions to add to those associated directly with the account.


Copyright © 2004-2012 The Apache Software Foundation. All Rights Reserved.