org.apache.shiro.authz.aop
Class GuestAnnotationHandler

java.lang.Object
  extended by org.apache.shiro.aop.AnnotationHandler
      extended by org.apache.shiro.authz.aop.AuthorizingAnnotationHandler
          extended by org.apache.shiro.authz.aop.GuestAnnotationHandler

public class GuestAnnotationHandler
extends AuthorizingAnnotationHandler

Checks to see if a @RequiresGuest annotation is declared, and if so, ensures the calling Subject does not have an identity before invoking the method.

This annotation essentially ensures that subject.getPrincipal() == null.

Since:
0.9.0

Field Summary
 
Fields inherited from class org.apache.shiro.aop.AnnotationHandler
annotationClass
 
Constructor Summary
GuestAnnotationHandler()
          Default no-argument constructor that ensures this interceptor looks for RequiresGuest annotations in a method declaration.
 
Method Summary
 void assertAuthorized(Annotation a)
          Ensures that the calling Subject is NOT a user, that is, they do not have an identity before continuing.
 
Methods inherited from class org.apache.shiro.aop.AnnotationHandler
getAnnotationClass, getSubject, setAnnotationClass
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

GuestAnnotationHandler

public GuestAnnotationHandler()
Default no-argument constructor that ensures this interceptor looks for RequiresGuest annotations in a method declaration.

Method Detail

assertAuthorized

public void assertAuthorized(Annotation a)
                      throws AuthorizationException
Ensures that the calling Subject is NOT a user, that is, they do not have an identity before continuing. If they are a user (Subject.getPrincipal() != null), an AuthorizingException will be thrown indicating that execution is not allowed to continue.

Specified by:
assertAuthorized in class AuthorizingAnnotationHandler
Parameters:
a - the annotation to check for one or more roles
Throws:
AuthorizationException - if the calling Subject is not a "guest".


Copyright © 2004-2012 The Apache Software Foundation. All Rights Reserved.