public interface AuthorizationInfo extends Serializable
AuthorizationInforepresents a single Subject's stored authorization data (roles, permissions, etc) used during authorization (access control) checks only. Roles are represented as a
Collectionof Strings (
String>), typically each element being the Role name.
Permissions are provided in two ways:
Collectionof Strings, where each String can usually be converted into
Permissionobjects by a
AuthenticationInfointerface for use during the authentication process that represents identity data such as principals and credentials. Because many if not most
Realms store both sets of data for a Subject, it might be convenient for a
Realmimplementation to utilize an implementation of the
Accountinterface instead, which is a convenience interface that combines both
AuthorizationInfo. Whether you choose to implement these two interfaces separately or implement the one
Accountinterface for a given
Realmis entirely based on your application's needs or your preferences.
|Modifier and Type||Method and Description|
Returns all type-safe
Returns the names of all roles assigned to a corresponding Subject.
Returns all string-based permissions assigned to the corresponding Subject.
getObjectPermissions()represent the total set of permissions assigned. The aggregate set is used to perform a permission authorization check. This method is a convenience mechanism that allows Realms to represent permissions as Strings if they choose. When performing a security check, a
Realmusually converts these strings to object
Permissions via an internal
PermissionResolverin order to perform the actual permission check. This is not a requirement of course, since
Realms can perform security checks in whatever manner deemed necessary, but this explains the conversion mechanism that most Shiro Realms execute for string-based permission checks.
Permissions assigned to the corresponding Subject. The permissions returned from this method plus any returned from
getStringPermissions()represent the total set of permissions. The aggregate set is used to perform a permission authorization check.
Permissions assigned to the corresponding Subject.
Copyright © 2004-2013 The Apache Software Foundation. All Rights Reserved.