org.apache.shiro.authz.aop
Class AuthorizingAnnotationMethodInterceptor
java.lang.Object
org.apache.shiro.aop.MethodInterceptorSupport
org.apache.shiro.aop.AnnotationMethodInterceptor
org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor
- All Implemented Interfaces:
- MethodInterceptor
- Direct Known Subclasses:
- AuthenticatedAnnotationMethodInterceptor, GuestAnnotationMethodInterceptor, PermissionAnnotationMethodInterceptor, RoleAnnotationMethodInterceptor, UserAnnotationMethodInterceptor
public abstract class AuthorizingAnnotationMethodInterceptor
- extends AnnotationMethodInterceptor
An AnnotationMethodInterceptor that asserts the calling code is authorized to execute the method
before allowing the invocation to continue by inspecting code annotations to perform an access control check.
- Since:
- 0.1
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
AuthorizingAnnotationMethodInterceptor
public AuthorizingAnnotationMethodInterceptor(AuthorizingAnnotationHandler handler)
- Constructor that ensures the internal
handler
is set which will be used to perform the
authorization assertion checks when a supported annotation is encountered.
- Parameters:
handler
- the internal handler
used to perform authorization assertion checks when a
supported annotation is encountered.
AuthorizingAnnotationMethodInterceptor
public AuthorizingAnnotationMethodInterceptor(AuthorizingAnnotationHandler handler,
AnnotationResolver resolver)
- Parameters:
handler
- resolver
- - Since:
- 1.1
invoke
public Object invoke(MethodInvocation methodInvocation)
throws Throwable
- Ensures the
methodInvocation
is allowed to execute first before proceeding by calling the
assertAuthorized
method first.
- Parameters:
methodInvocation
- the method invocation to check for authorization prior to allowing it to proceed/execute.
- Returns:
- the return value from the method invocation (the value of
MethodInvocation.proceed()
).
- Throws:
AuthorizationException
- if the MethodInvocation
is not allowed to proceed.
Throwable
- if any other error occurs.
assertAuthorized
public void assertAuthorized(MethodInvocation mi)
throws AuthorizationException
- Ensures the calling Subject is authorized to execute the specified
MethodInvocation
.
As this is an AnnotationMethodInterceptor, this implementation merely delegates to the internal
AuthorizingAnnotationHandler
by first acquiring the annotation by
calling getAnnotation(methodInvocation)
and then calls
handler.assertAuthorized(annotation)
.
- Parameters:
mi
- the MethodInvocation
to check to see if it is allowed to proceed/execute.
- Throws:
AuthorizationException
- if the method invocation is not allowed to continue/execute.
Copyright © 2004-2012 The Apache Software Foundation. All Rights Reserved.