org.apache.shiro.authz.aop
Class UserAnnotationHandler
java.lang.Object
org.apache.shiro.aop.AnnotationHandler
org.apache.shiro.authz.aop.AuthorizingAnnotationHandler
org.apache.shiro.authz.aop.UserAnnotationHandler
public class UserAnnotationHandler
- extends AuthorizingAnnotationHandler
Checks to see if a @RequiresUser annotation
is declared, and if so, ensures the calling Subject is either
authenticated or remembered via remember
me services before allowing access.
This annotation essentially ensures that subject.getPrincipal() != null.
- Since:
- 0.9.0
|
Method Summary |
void |
assertAuthorized(Annotation a)
Ensures that the calling Subject is a user, that is, they are either
authenticated or remembered via remember
me services before allowing access, and if not, throws an
AuthorizingException indicating access is not allowed. |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
UserAnnotationHandler
public UserAnnotationHandler()
- Default no-argument constructor that ensures this handler looks for
RequiresUser annotations.
assertAuthorized
public void assertAuthorized(Annotation a)
throws AuthorizationException
- Ensures that the calling
Subject is a user, that is, they are either
authenticated or remembered via remember
me services before allowing access, and if not, throws an
AuthorizingException indicating access is not allowed.
- Specified by:
assertAuthorized in class AuthorizingAnnotationHandler
- Parameters:
a - the RequiresUser annotation to check
- Throws:
AuthorizationException - if the calling Subject is not authenticated or remembered via rememberMe services.
Copyright © 2004-2012 The Apache Software Foundation. All Rights Reserved.