View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.shiro.authz.aop;
20  
21  import org.apache.shiro.aop.MethodInterceptorSupport;
22  import org.apache.shiro.aop.MethodInvocation;
23  import org.apache.shiro.authz.AuthorizationException;
24  
25  /**
26   * Basic abstract class to support intercepting methods that perform authorization (access control) checks.
27   *
28   * @since 0.9
29   */
30  public abstract class AuthorizingMethodInterceptor extends MethodInterceptorSupport {
31  
32      /**
33       * Invokes the specified method (<code>methodInvocation.{@link org.apache.shiro.aop.MethodInvocation#proceed proceed}()</code>
34       * if authorization is allowed by first
35       * calling {@link #assertAuthorized(org.apache.shiro.aop.MethodInvocation) assertAuthorized}.
36       */
37      public Object invoke(MethodInvocation methodInvocation) throws Throwable {
38          assertAuthorized(methodInvocation);
39          return methodInvocation.proceed();
40      }
41  
42      /**
43       * Asserts that the specified MethodInvocation is allowed to continue by performing any necessary authorization
44       * (access control) checks first.
45       * @param methodInvocation the <code>MethodInvocation</code> to invoke.
46       * @throws AuthorizationException if the <code>methodInvocation</code> should not be allowed to continue/execute.
47       */
48      protected abstract void assertAuthorized(MethodInvocation methodInvocation) throws AuthorizationException;
49  
50  }