Package org.apache.shiro.authz

Class ModularRealmAuthorizer

    • Field Detail

      • realms

        protected <Realm> realms
        The realms to consult during any authorization check.

      • permissionResolver

        protected PermissionResolver permissionResolver
        A PermissionResolver to be used by all configured realms. Leave null if you wish to configure different resolvers for different realms.

      • rolePermissionResolver

        protected RolePermissionResolver rolePermissionResolver
        A RolePermissionResolver to be used by all configured realms. Leave null if you wish to configure different resolvers for different realms.

    • Constructor Detail

      • ModularRealmAuthorizer

        public ModularRealmAuthorizer()
        Default no-argument constructor, does nothing.

      • ModularRealmAuthorizer

        public ModularRealmAuthorizer​(<Realm> realms)
        Constructor that accepts the Realms to consult during an authorization check. Immediately calls setRealms(realms).
        Parameters:
        realms - the realms to consult during an authorization check.

    • Method Detail

      • getRealms

        public <Realm> getRealms()
        Returns the realms wrapped by this Authorizer which are consulted during an authorization check.
        Returns:
        the realms wrapped by this Authorizer which are consulted during an authorization check.

      • setRealms

        public void setRealms​(<Realm> realms)
        Sets the realms wrapped by this Authorizer which are consulted during an authorization check.
        Parameters:
        realms - the realms wrapped by this Authorizer which are consulted during an authorization check.

      • getPermissionResolver

        public PermissionResolver getPermissionResolver()
        Returns the PermissionResolver to be used on all configured realms, or null
        Returns:
        the PermissionResolver to be used on all configured realms, or null
        Since:
        1.0

      • setPermissionResolver

        public void setPermissionResolver​(PermissionResolver permissionResolver)
        Sets the specified PermissionResolver on all of the wrapped realms that implement the PermissionResolverAware interface.

        Only call this method if you want the permission resolver to be passed to all realms that implement the PermissionResolver interface. If you do not want this to occur, the realms must configure themselves individually (or be configured individually).

        Specified by:
        setPermissionResolver in interface PermissionResolverAware
        Parameters:
        permissionResolver - the permissionResolver to set on all of the wrapped realms that implement the PermissionResolverAware interface.

      • applyPermissionResolverToRealms

        protected void applyPermissionResolverToRealms()
        Sets the internal getPermissionResolver() on any internal configured Realms that implement the PermissionResolverAware interface.

        This method is called after setting a permissionResolver on this ModularRealmAuthorizer via the setPermissionResolver method.

        It is also called after setting one or more realms via the setRealms method to allow these newly available realms to be given the PermissionResolver already in use.

        Since:
        1.0

      • getRolePermissionResolver

        public RolePermissionResolver getRolePermissionResolver()
        Returns the RolePermissionResolver to be used on all configured realms, or null
        Returns:
        the RolePermissionResolver to be used on all configured realms, or null
        Since:
        1.0

      • setRolePermissionResolver

        public void setRolePermissionResolver​(RolePermissionResolver rolePermissionResolver)
        Sets the specified RolePermissionResolver on all of the wrapped realms that implement the PermissionResolverAware interface.

        Only call this method if you want the permission resolver to be passed to all realms that implement the RolePermissionResolver interface. If you do not want this to occur, the realms must configure themselves individually (or be configured individually).

        Specified by:
        setRolePermissionResolver in interface RolePermissionResolverAware
        Parameters:
        rolePermissionResolver - the rolePermissionResolver to set on all of the wrapped realms that implement the RolePermissionResolverAware interface.

      • applyRolePermissionResolverToRealms

        protected void applyRolePermissionResolverToRealms()
        Sets the internal getRolePermissionResolver() on any internal configured Realms that implement the RolePermissionResolverAware interface.

        This method is called after setting a rolePermissionResolver on this ModularRealmAuthorizer via the setRolePermissionResolver method.

        It is also called after setting one or more realms via the setRealms method to allow these newly available realms to be given the RolePermissionResolver already in use.

        Since:
        1.0

      • assertRealmsConfigured

        protected void assertRealmsConfigured()
                               throws
        Used by the Authorizer implementation methods to ensure that the realms has been set. The default implementation ensures the property is not null and not empty.
        Throws:
        - if the realms property is configured incorrectly.

      • isPermitted

        public boolean[] isPermitted​(PrincipalCollection principals,
                             ... permissions)
        Returns true if any of the configured realms' isPermittedAll(org.apache.shiro.subject.PrincipalCollection, String...) call returns true, false otherwise.
        Specified by:
        isPermitted in interface Authorizer
        Parameters:
        principals - the application-specific subject/user identifier.
        permissions - the String representations of the Permissions that are being checked.
        Returns:
        an array of booleans whose indices correspond to the index of the permissions in the given list. A true value at an index indicates the user is permitted for for the associated Permission string in the list. A false value at an index indicates otherwise.

      • isPermitted

        public boolean[] isPermitted​(PrincipalCollection principals,
                             <Permission> permissions)
        Returns true if any of the configured realms' isPermitted(org.apache.shiro.subject.PrincipalCollection, List) call returns true, false otherwise.
        Specified by:
        isPermitted in interface Authorizer
        Parameters:
        principals - the application-specific subject/user identifier.
        permissions - the permissions that are being checked.
        Returns:
        an array of booleans whose indices correspond to the index of the permissions in the given list. A true value at an index indicates the user is permitted for for the associated Permission object in the list. A false value at an index indicates otherwise.

      • hasRole

        public boolean hasRole​(PrincipalCollection principals,
                        roleIdentifier)
        Returns true if any of the configured realms' hasRole(org.apache.shiro.subject.PrincipalCollection, String) call returns true, false otherwise.
        Specified by:
        hasRole in interface Authorizer
        Parameters:
        principals - the application-specific subject/user identifier.
        roleIdentifier - the application-specific role identifier (usually a role id or role name).
        Returns:
        true if the corresponding subject has the specified role, false otherwise.

      • hasRoles

        public boolean[] hasRoles​(PrincipalCollection principals,
                          <> roleIdentifiers)
        Calls hasRole(org.apache.shiro.subject.PrincipalCollection, String) for each role name in the specified collection and places the return value from each call at the respective location in the returned array.
        Specified by:
        hasRoles in interface Authorizer
        Parameters:
        principals - the application-specific subject/user identifier.
        roleIdentifiers - the application-specific role identifiers to check (usually role ids or role names).
        Returns:
        an array of booleans whose indices correspond to the index of the roles in the given identifiers. A true value indicates the user has the role at that index. False indicates the user does not have the role at that index.

      • hasAllRoles

        public boolean hasAllRoles​(PrincipalCollection principals,
                           <> roleIdentifiers)
        Returns true iff any of the configured realms' hasRole(org.apache.shiro.subject.PrincipalCollection, String) call returns true for all roles specified, false otherwise.
        Specified by:
        hasAllRoles in interface Authorizer
        Parameters:
        principals - the application-specific subject/user identifier.
        roleIdentifiers - the application-specific role identifiers to check (usually role ids or role names).
        Returns:
        true if the user has all the roles, false otherwise.

      • checkRoles

        public void checkRoles​(PrincipalCollection principals,
                       ... roles)
                throws AuthorizationException
        Calls checkRole for each role specified.
        Specified by:
        checkRoles in interface Authorizer
        Parameters:
        principals - the application-specific subject/user identifier.
        roles - the application-specific role identifiers to check (usually role ids or role names).
        Throws:
        AuthorizationException - if the user does not have all of the specified roles.