Package org.apache.shiro.authz
Interface AuthorizationInfo
-
- All Superinterfaces:
- All Known Subinterfaces:
Account
- All Known Implementing Classes:
SimpleAccount
,SimpleAuthorizationInfo
public interface AuthorizationInfo extends
AuthorizationInfo
represents a single Subject's stored authorization data (roles, permissions, etc) used during authorization (access control) checks only. Roles are represented as aCollection
of Strings (<>), typically each element being the Role name.Permission
s are provided in two ways:- A
Collection
of Strings, where each String can usually be converted intoPermission
objects by aRealm
'sPermissionResolver
- A
Collection
ofPermission
objects
AuthenticationInfo
interface for use during the authentication process that represents identity data such as principals and credentials. Because many if not mostRealm
s store both sets of data for a Subject, it might be convenient for aRealm
implementation to utilize an implementation of theAccount
interface instead, which is a convenience interface that combines bothAuthenticationInfo
andAuthorizationInfo
. Whether you choose to implement these two interfaces separately or implement the oneAccount
interface for a givenRealm
is entirely based on your application's needs or your preferences.- Since:
- 0.9
- See Also:
AuthenticationInfo
,Account
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description <Permission>
getObjectPermissions()
Returns all type-safePermission
s assigned to the corresponding Subject.<>
getRoles()
Returns the names of all roles assigned to a corresponding Subject.<>
getStringPermissions()
Returns all string-based permissions assigned to the corresponding Subject.
-
-
-
Method Detail
-
getRoles
<> getRoles()
Returns the names of all roles assigned to a corresponding Subject.- Returns:
- the names of all roles assigned to a corresponding Subject.
-
getStringPermissions
<> getStringPermissions()
Returns all string-based permissions assigned to the corresponding Subject. The permissions here plus those returned fromgetObjectPermissions()
represent the total set of permissions assigned. The aggregate set is used to perform a permission authorization check. This method is a convenience mechanism that allows Realms to represent permissions as Strings if they choose. When performing a security check, aRealm
usually converts these strings to objectPermission
s via an internalPermissionResolver
in order to perform the actual permission check. This is not a requirement of course, sinceRealm
s can perform security checks in whatever manner deemed necessary, but this explains the conversion mechanism that most Shiro Realms execute for string-based permission checks.- Returns:
- all string-based permissions assigned to the corresponding Subject.
-
getObjectPermissions
<Permission> getObjectPermissions()
Returns all type-safePermission
s assigned to the corresponding Subject. The permissions returned from this method plus any returned fromgetStringPermissions()
represent the total set of permissions. The aggregate set is used to perform a permission authorization check.- Returns:
- all type-safe
Permission
s assigned to the corresponding Subject.
-
-