/** * If !{@link #isPermitted(org.apache.shiro.subject.PrincipalCollection, Permission) isPermitted(permission)}, throws * an <code>UnauthorizedException</code> otherwise returns quietly. */ public void checkPermission(PrincipalCollection principals, Permission permission) throws AuthorizationException { assertRealmsConfigured(); if (!isPermitted(principals, permission)) { throw new UnauthorizedException("Subject does not have permission [" + permission + "]"); } }
/** * If !{@link #hasRole(org.apache.shiro.subject.PrincipalCollection, String) hasRole(role)}, throws * an <code>UnauthorizedException</code> otherwise returns quietly. */ public void checkRole(PrincipalCollection principals, String role) throws AuthorizationException { assertRealmsConfigured(); if (!hasRole(principals, role)) { throw new UnauthorizedException("Subject does not have role [" + role + "]"); } }
/** * Default no-arg constructor that initializes an internal default * {@link org.apache.shiro.authz.ModularRealmAuthorizer ModularRealmAuthorizer}. */ public AuthorizingSecurityManager() { super(); this.authorizer = new ModularRealmAuthorizer(); }
/** * Adds a role to this Account's set of assigned roles. Simply delegates to * <code>this.authzInfo.addRole(role)</code>. * * @param role a role to assign to this Account. */ public void addRole(String role) { this.authzInfo.addRole(role); }
/** * Sets the String-based permissions assigned to this Account. Simply delegates to * <code>this.authzInfo.setStringPermissions(permissions)</code>. * * @param permissions all String-based permissions assigned to this Account. * @see org.apache.shiro.authc.Account#getStringPermissions() */ public void setStringPermissions(Set<String> permissions) { this.authzInfo.setStringPermissions(permissions); }
/** * Assigns one or more string-based permissions directly to this Account (not to any of its realms). * * @param permissions one or more String-based permissions to assign. */ public void addStringPermissions(Collection<String> permissions) { this.authzInfo.addStringPermissions(permissions); }
/** * Add permissions to the simple authorization info. * * @param simpleAuthorizationInfo * @param permissions the list of permissions to add */ private void addPermissions(SimpleAuthorizationInfo simpleAuthorizationInfo, List<String> permissions) { for (String permission : permissions) { simpleAuthorizationInfo.addStringPermission(permission); } }
/** * Adds one or more roles to this Account's set of assigned roles. Simply delegates to * <code>this.authzInfo.addRoles(roles)</code>. * * @param roles one or more roles to assign to this Account. */ public void addRole(Collection<String> roles) { this.authzInfo.addRoles(roles); }
public boolean isPermitted(Permission p) { Collection<Permission> perms = getPermissions(); if (perms != null && !perms.isEmpty()) { for (Permission perm : perms) { if (perm.implies(p)) { return true; } } } return false; }
/** * Returns <code>true</code> if any of the configured realms' * {@link #hasRole(org.apache.shiro.subject.PrincipalCollection, String)} call returns <code>true</code>, * <code>false</code> otherwise. */ public boolean hasRole(PrincipalCollection principals, String roleIdentifier) { assertRealmsConfigured(); for (Realm realm : getRealms()) { if (!(realm instanceof Authorizer)) continue; if (((Authorizer) realm).hasRole(principals, roleIdentifier)) { return true; } } return false; }
protected Authorizer authorizer() { ModularRealmAuthorizer authorizer = new ModularRealmAuthorizer(); if (permissionResolver != null) { authorizer.setPermissionResolver(permissionResolver); } if (rolePermissionResolver != null) { authorizer.setRolePermissionResolver(rolePermissionResolver); } return authorizer; }
/** * Sets all object-based permissions assigned directly to this Account (not any of its realms). * * @param permissions the object-based permissions to assign directly to this Account. */ public void setObjectPermissions(Set<Permission> permissions) { this.authzInfo.setObjectPermissions(permissions); }
/** * Assigns an object-based permission directly to this Account (not any of its realms). * * @param permission the object-based permission to assign directly to this Account (not any of its realms). */ public void addObjectPermission(Permission permission) { this.authzInfo.addObjectPermission(permission); }
/** * Calls {@link #checkRole(org.apache.shiro.subject.PrincipalCollection, String) checkRole} for each role specified. */ public void checkRoles(PrincipalCollection principals, String... roles) throws AuthorizationException { assertRealmsConfigured(); if (roles != null) { for (String role : roles) { checkRole(principals, role); } } } }
/** * Returns <code>this.authzInfo.getRoles();</code> * * @return the Account's assigned roles. */ public Collection<String> getRoles() { return authzInfo.getRoles(); }
/** * If !{@link #isPermitted(org.apache.shiro.subject.PrincipalCollection, String...) isPermitted(permission)}, * throws an <code>UnauthorizedException</code> otherwise returns quietly. */ public void checkPermissions(PrincipalCollection principals, String... permissions) throws AuthorizationException { assertRealmsConfigured(); if (permissions != null && permissions.length > 0) { for (String perm : permissions) { checkPermission(principals, perm); } } }
/** * Assigns one or more object-based permissions directly to this Account (not any of its realms). * * @param permissions one or more object-based permissions to assign directly to this Account (not any of its realms). */ public void addObjectPermissions(Collection<Permission> permissions) { this.authzInfo.addObjectPermissions(permissions); }
/** * Constructor that accepts the <code>Realm</code>s to consult during an authorization check. Immediately calls * {@link #setRealms setRealms(realms)}. * * @param realms the realms to consult during an authorization check. */ public ModularRealmAuthorizer(Collection<Realm> realms) { setRealms(realms); }
/** * Add roles to the simple authorization info. * * @param simpleAuthorizationInfo * @param roles the list of roles to add */ private void addRoles(SimpleAuthorizationInfo simpleAuthorizationInfo, List<String> roles) { for (String role : roles) { simpleAuthorizationInfo.addRole(role); } }
/** * If !{@link #isPermitted(org.apache.shiro.subject.PrincipalCollection, String) isPermitted(permission)}, throws * an <code>UnauthorizedException</code> otherwise returns quietly. */ public void checkPermission(PrincipalCollection principals, String permission) throws AuthorizationException { assertRealmsConfigured(); if (!isPermitted(principals, permission)) { throw new UnauthorizedException("Subject does not have permission [" + permission + "]"); } }