org.apache.shiro.authz.aop
Class GuestAnnotationHandler

java.lang.Object
  org.apache.shiro.aop.AnnotationHandler
      org.apache.shiro.authz.aop.AuthorizingAnnotationHandler
          org.apache.shiro.authz.aop.GuestAnnotationHandler

public class GuestAnnotationHandler
extends AuthorizingAnnotationHandler

Checks to see if a @RequiresGuest annotation is declared, and if so, ensures the calling Subject does not have an identity before invoking the method.

This annotation essentially ensures that subject.getPrincipal() == null.

Since:

0.9.0

Field Summary

Fields inherited from class org.apache.shiro.aop.AnnotationHandler

annotationClass

Constructor Summary

GuestAnnotationHandler()
Default no-argument constructor that ensures this interceptor looks for RequiresGuest annotations in a method declaration.

Method Summary

void	assertAuthorized(Annotation a) Ensures that the calling Subject is NOT a user, that is, they do not have an identity before continuing.

Methods inherited from class org.apache.shiro.aop.AnnotationHandler

getAnnotationClass, getSubject, setAnnotationClass

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

GuestAnnotationHandler

public GuestAnnotationHandler()

Default no-argument constructor that ensures this interceptor looks for RequiresGuest annotations in a method declaration.

Method Detail

assertAuthorized

public void assertAuthorized(Annotation a)
                      throws AuthorizationException

Ensures that the calling Subject is NOT a user, that is, they do not have an identity before continuing. If they are a user (Subject.getPrincipal() != null), an AuthorizingException will be thrown indicating that execution is not allowed to continue.

Specified by:

assertAuthorized in class AuthorizingAnnotationHandler

Parameters:

a - the annotation to check for one or more roles

Throws:

AuthorizationException - if the calling Subject is not a "guest".