@Override public void checkPermissions( PrincipalCollection subjectPrincipal, Collection<Permission> permissions ) throws AuthorizationException { for ( Permission permission : permissions ) { checkPermission( subjectPrincipal, permission ); } }
@Override public boolean hasAllRoles( PrincipalCollection subjectPrincipal, Collection<String> roleIdentifiers ) { for ( String roleIdentifier : roleIdentifiers ) { if ( !hasRole( subjectPrincipal, roleIdentifier ) ) { return false; } } return true; }
@Override public boolean isPermittedAll( PrincipalCollection subjectPrincipal, Collection<Permission> permissions ) { for ( Permission permission : permissions ) { if ( !isPermitted( subjectPrincipal, permission ) ) { return false; } } return true; }
@Override public boolean isPermitted( PrincipalCollection subjectPrincipal, Permission permission ) { for ( Realm realm : this.getRealms() ) { if ( !( realm instanceof Authorizer ) ) { continue; // ignore non-authorizing realms } try { if ( ( (Authorizer) realm ).isPermitted( subjectPrincipal, permission ) ) { return true; } } catch ( AuthorizationException e ) { logAndIgnore( realm, e ); } catch ( RuntimeException e ) { logAndIgnore( realm, e ); } } return false; }
public void init() throws ShiroException { this.setSessionManager( new DefaultSessionManager() ); // This could be injected // Authorizer ExceptionCatchingModularRealmAuthorizer authorizer = new ExceptionCatchingModularRealmAuthorizer( this.getRealms() ); // if we have a Role Permission Resolver, set it, if not, don't worry about it if ( rolePermissionResolver != null ) { authorizer.setRolePermissionResolver( rolePermissionResolver ); logger.debug( "RolePermissionResolver was set to " + authorizer.getRolePermissionResolver() ); } else { logger.warn( "No RolePermissionResolver is set" ); } this.setAuthorizer( authorizer ); // set the realm authenticator, that will automatically deligate the authentication to all the realms. FirstSuccessfulModularRealmAuthenticator realmAuthenticator = new FirstSuccessfulModularRealmAuthenticator(); realmAuthenticator.setAuthenticationStrategy( new FirstSuccessfulStrategy() ); // Authenticator this.setAuthenticator( realmAuthenticator ); } }
@Inject public ExceptionCatchingModularRealmAuthorizer( Collection<Realm> realms, @Nullable RolePermissionResolver rolePermissionResolver ) { super( realms ); if ( null != rolePermissionResolver ) { setRolePermissionResolver( rolePermissionResolver ); } }
@Override public void checkRoles( PrincipalCollection subjectPrincipal, Collection<String> roleIdentifiers ) throws AuthorizationException { if ( !this.hasAllRoles( subjectPrincipal, roleIdentifiers ) ) { throw new AuthorizationException( "User is not permitted role: " + roleIdentifiers ); } }
@Override public boolean hasRole( PrincipalCollection subjectPrincipal, String roleIdentifier ) { for ( Realm realm : this.getRealms() ) { if ( !( realm instanceof Authorizer ) ) { continue; // ignore non-authorizing realms } // need to catch an AuthorizationException, the user might only belong to on of the realms try { if ( ( (Authorizer) realm ).hasRole( subjectPrincipal, roleIdentifier ) ) { return true; } } catch ( AuthorizationException e ) { logAndIgnore( realm, e ); } catch ( RuntimeException e ) { logAndIgnore( realm, e ); } } return false; }
@Override public boolean[] isPermitted( PrincipalCollection subjectPrincipal, String... permissions ) { boolean[] combinedResult = new boolean[permissions.length]; for ( Realm realm : this.getRealms() ) { if ( !( realm instanceof Authorizer ) ) { continue; // ignore non-authorizing realms } try { boolean[] result = ( (Authorizer) realm ).isPermitted( subjectPrincipal, permissions ); for ( int i = 0; i < combinedResult.length; i++ ) { combinedResult[i] = combinedResult[i] | result[i]; } } catch ( AuthorizationException e ) { logAndIgnore( realm, e ); } catch ( RuntimeException e ) { logAndIgnore( realm, e ); } } return combinedResult; }
@Override public boolean isPermittedAll( PrincipalCollection subjectPrincipal, String... permissions ) { for ( String permission : permissions ) { if ( !isPermitted( subjectPrincipal, permission ) ) { return false; } } return true; }
@Override public void checkPermissions( PrincipalCollection subjectPrincipal, String... permissions ) throws AuthorizationException { for ( String permission : permissions ) { checkPermission( subjectPrincipal, permission ); } }
@Override public void checkRole( PrincipalCollection subjectPrincipal, String roleIdentifier ) throws AuthorizationException { if ( !this.hasRole( subjectPrincipal, roleIdentifier ) ) { throw new AuthorizationException( "User is not permitted role: " + roleIdentifier ); } }
@Override public boolean[] hasRoles( PrincipalCollection subjectPrincipal, List<String> roleIdentifiers ) { boolean[] combinedResult = new boolean[roleIdentifiers.size()]; for ( Realm realm : this.getRealms() ) { if ( !( realm instanceof Authorizer ) ) { continue; // ignore non-authorizing realms } try { boolean[] result = ( (Authorizer) realm ).hasRoles( subjectPrincipal, roleIdentifiers ); for ( int i = 0; i < combinedResult.length; i++ ) { combinedResult[i] = combinedResult[i] | result[i]; } } catch ( AuthorizationException e ) { logAndIgnore( realm, e ); } catch ( RuntimeException e ) { logAndIgnore( realm, e ); } } return combinedResult; }
@Override public void checkPermission( PrincipalCollection subjectPrincipal, String permission ) throws AuthorizationException { if ( !this.isPermitted( subjectPrincipal, permission ) ) { throw new AuthorizationException( "User is not permitted: " + permission ); } }
@Override public boolean[] isPermitted( PrincipalCollection subjectPrincipal, List<Permission> permissions ) { boolean[] combinedResult = new boolean[permissions.size()]; for ( Realm realm : this.getRealms() ) { if ( !( realm instanceof Authorizer ) ) { continue; // ignore non-authorizing realms } try { boolean[] result = ( (Authorizer) realm ).isPermitted( subjectPrincipal, permissions ); for ( int i = 0; i < combinedResult.length; i++ ) { combinedResult[i] = combinedResult[i] | result[i]; } } catch ( AuthorizationException e ) { logAndIgnore( realm, e ); } catch ( RuntimeException e ) { logAndIgnore( realm, e ); } } return combinedResult; }
@Override public void checkPermission( PrincipalCollection subjectPrincipal, Permission permission ) throws AuthorizationException { if ( !this.isPermitted( subjectPrincipal, permission ) ) { throw new AuthorizationException( "User is not permitted: " + permission ); } }
@Override public boolean isPermitted( PrincipalCollection subjectPrincipal, String permission ) for ( Realm realm : this.getRealms() ) logAndIgnore( realm, e ); logAndIgnore( realm, e );