Package org.apache.shiro.authz.aop
Class UserAnnotationHandler
-
- org.apache.shiro.aop.AnnotationHandler
-
- org.apache.shiro.authz.aop.AuthorizingAnnotationHandler
-
- org.apache.shiro.authz.aop.UserAnnotationHandler
-
public class UserAnnotationHandler extends AuthorizingAnnotationHandler
Checks to see if a @RequiresUserannotation is declared, and if so, ensures the callingSubjectis eitherauthenticatedor remembered via remember me services before allowing access.This annotation essentially ensures that
subject..getPrincipal()!= null- Since:
- 0.9.0
-
-
Field Summary
-
Fields inherited from class org.apache.shiro.aop.AnnotationHandler
annotationClass
-
-
Constructor Summary
Constructors Constructor Description UserAnnotationHandler()Default no-argument constructor that ensures this handler looks forRequiresUserannotations.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voida)Ensures that the callingSubjectis a user, that is, they are eitherauthenticatedor remembered via remember me services before allowing access, and if not, throws anAuthorizingExceptionindicating access is not allowed.-
Methods inherited from class org.apache.shiro.aop.AnnotationHandler
getAnnotationClass, getSubject, setAnnotationClass
-
-
-
-
Constructor Detail
-
UserAnnotationHandler
public UserAnnotationHandler()
Default no-argument constructor that ensures this handler looks forRequiresUserannotations.
-
-
Method Detail
-
assertAuthorized
public void assertAuthorized( a) throws AuthorizationExceptionEnsures that the callingSubjectis a user, that is, they are eitherauthenticatedor remembered via remember me services before allowing access, and if not, throws anAuthorizingExceptionindicating access is not allowed.- Specified by:
assertAuthorizedin classAuthorizingAnnotationHandler- Parameters:
a- the RequiresUser annotation to check- Throws:
AuthorizationException- if the callingSubjectis not authenticated or remembered via rememberMe services.
-
-