View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.shiro.authz.annotation;
20  
21  import java.lang.annotation.ElementType;
22  import java.lang.annotation.Retention;
23  import java.lang.annotation.RetentionPolicy;
24  import java.lang.annotation.Target;
25  
26  /**
27   * Requires the current Subject to be an application <em>user</em> for the annotated class/instance/method to be
28   * accessed or invoked.  This is <em>less</em> restrictive than the {@link RequiresAuthentication RequiresAuthentication}
29   * annotation.
30   * <p/>
31   * Shiro defines a &quot;user&quot; as a Subject that is either
32   * &quot;remembered&quot; <b><em>or</em></b> authenticated:
33   * <ul>
34   * <li>An <b>authenticated</b> user is a Subject that has successfully logged in (proven their identity)
35   * <em>during their current session</em>.</li>
36   * <li>A <b>remembered</b> user is any Subject that has proven their identity at least once, although not necessarily
37   * during their current session, and asked the system to remember them.</li>
38   * </ul>
39   * <p/>
40   * See the {@link org.apache.shiro.authc.RememberMeAuthenticationToken RememberMeAuthenticationToken} JavaDoc for an
41   * explaination of why these two states are considered different.
42   *
43   * @see RequiresAuthentication
44   * @see RequiresGuest
45   *
46   * @since 0.9.0
47   */
48  @Target({ElementType.TYPE, ElementType.METHOD})
49  @Retention(RetentionPolicy.RUNTIME)
50  public @interface RequiresUser {
51  }