View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.shiro.mgt;
20  
21  import org.apache.shiro.authz.AuthorizationException;
22  import org.apache.shiro.authz.Authorizer;
23  import org.apache.shiro.authz.ModularRealmAuthorizer;
24  import org.apache.shiro.authz.Permission;
25  import org.apache.shiro.subject.PrincipalCollection;
26  import org.apache.shiro.util.LifecycleUtils;
27  
28  import java.util.Collection;
29  import java.util.List;
30  
31  
32  /**
33   * Shiro support of a {@link SecurityManager} class hierarchy that delegates all
34   * authorization (access control) operations to a wrapped {@link Authorizer Authorizer} instance.  That is,
35   * this class implements all the <tt>Authorizer</tt> methods in the {@link SecurityManager SecurityManager}
36   * interface, but in reality, those methods are merely passthrough calls to the underlying 'real'
37   * <tt>Authorizer</tt> instance.
38   *
39   * <p>All remaining <tt>SecurityManager</tt> methods not covered by this class or its parents (mostly Session support)
40   * are left to be implemented by subclasses.
41   *
42   * <p>In keeping with the other classes in this hierarchy and Shiro's desire to minimize configuration whenever
43   * possible, suitable default instances for all dependencies will be created upon instantiation.
44   *
45   * @since 0.9
46   */
47  public abstract class AuthorizingSecurityManager extends AuthenticatingSecurityManager {
48  
49      /**
50       * The wrapped instance to which all of this <tt>SecurityManager</tt> authorization calls are delegated.
51       */
52      private Authorizer authorizer;
53  
54      /**
55       * Default no-arg constructor that initializes an internal default
56       * {@link org.apache.shiro.authz.ModularRealmAuthorizer ModularRealmAuthorizer}.
57       */
58      public AuthorizingSecurityManager() {
59          super();
60          this.authorizer = new ModularRealmAuthorizer();
61      }
62  
63      /**
64       * Returns the underlying wrapped <tt>Authorizer</tt> instance to which this <tt>SecurityManager</tt>
65       * implementation delegates all of its authorization calls.
66       *
67       * @return the wrapped <tt>Authorizer</tt> used by this <tt>SecurityManager</tt> implementation.
68       */
69      public Authorizer getAuthorizer() {
70          return authorizer;
71      }
72  
73      /**
74       * Sets the underlying <tt>Authorizer</tt> instance to which this <tt>SecurityManager</tt> implementation will
75       * delegate all of its authorization calls.
76       *
77       * @param authorizer the <tt>Authorizer</tt> this <tt>SecurityManager</tt> should wrap and delegate all of its
78       *                   authorization calls to.
79       */
80      public void setAuthorizer(Authorizer authorizer) {
81          if (authorizer == null) {
82              String msg = "Authorizer argument cannot be null.";
83              throw new IllegalArgumentException(msg);
84          }
85          this.authorizer = authorizer;
86      }
87  
88      /**
89       * First calls <code>super.afterRealmsSet()</code> and then sets these same <code>Realm</code> objects on this
90       * instance's wrapped {@link Authorizer Authorizer}.
91       * <p/>
92       * The setting of realms the Authorizer will only occur if it is an instance of
93       * {@link org.apache.shiro.authz.ModularRealmAuthorizer ModularRealmAuthorizer}, that is:
94       * <pre>
95       * if ( this.authorizer instanceof ModularRealmAuthorizer ) {
96       *     ((ModularRealmAuthorizer)this.authorizer).setRealms(realms);
97       * }</pre>
98       */
99      protected void afterRealmsSet() {
100         super.afterRealmsSet();
101         if (this.authorizer instanceof ModularRealmAuthorizer) {
102             ((ModularRealmAuthorizer) this.authorizer).setRealms(getRealms());
103         }
104     }
105 
106     public void destroy() {
107         LifecycleUtils.destroy(getAuthorizer());
108         this.authorizer = null;
109         super.destroy();
110     }
111 
112     public boolean isPermitted(PrincipalCollection principals, String permissionString) {
113         return this.authorizer.isPermitted(principals, permissionString);
114     }
115 
116     public boolean isPermitted(PrincipalCollection principals, Permission permission) {
117         return this.authorizer.isPermitted(principals, permission);
118     }
119 
120     public boolean[] isPermitted(PrincipalCollection principals, String... permissions) {
121         return this.authorizer.isPermitted(principals, permissions);
122     }
123 
124     public boolean[] isPermitted(PrincipalCollection principals, List<Permission> permissions) {
125         return this.authorizer.isPermitted(principals, permissions);
126     }
127 
128     public boolean isPermittedAll(PrincipalCollection principals, String... permissions) {
129         return this.authorizer.isPermittedAll(principals, permissions);
130     }
131 
132     public boolean isPermittedAll(PrincipalCollection principals, Collection<Permission> permissions) {
133         return this.authorizer.isPermittedAll(principals, permissions);
134     }
135 
136     public void checkPermission(PrincipalCollection principals, String permission) throws AuthorizationException {
137         this.authorizer.checkPermission(principals, permission);
138     }
139 
140     public void checkPermission(PrincipalCollection principals, Permission permission) throws AuthorizationException {
141         this.authorizer.checkPermission(principals, permission);
142     }
143 
144     public void checkPermissions(PrincipalCollection principals, String... permissions) throws AuthorizationException {
145         this.authorizer.checkPermissions(principals, permissions);
146     }
147 
148     public void checkPermissions(PrincipalCollection principals, Collection<Permission> permissions) throws AuthorizationException {
149         this.authorizer.checkPermissions(principals, permissions);
150     }
151 
152     public boolean hasRole(PrincipalCollection principals, String roleIdentifier) {
153         return this.authorizer.hasRole(principals, roleIdentifier);
154     }
155 
156     public boolean[] hasRoles(PrincipalCollection principals, List<String> roleIdentifiers) {
157         return this.authorizer.hasRoles(principals, roleIdentifiers);
158     }
159 
160     public boolean hasAllRoles(PrincipalCollection principals, Collection<String> roleIdentifiers) {
161         return this.authorizer.hasAllRoles(principals, roleIdentifiers);
162     }
163 
164     public void checkRole(PrincipalCollection principals, String role) throws AuthorizationException {
165         this.authorizer.checkRole(principals, role);
166     }
167 
168     public void checkRoles(PrincipalCollection principals, Collection<String> roles) throws AuthorizationException {
169         this.authorizer.checkRoles(principals, roles);
170     }
171     
172     public void checkRoles(PrincipalCollection principals, String... roles) throws AuthorizationException {
173         this.authorizer.checkRoles(principals, roles);
174     }    
175 }