org.apache.shiro.authz.aop
Class PermissionAnnotationHandler

java.lang.Object
  extended by org.apache.shiro.aop.AnnotationHandler
      extended by org.apache.shiro.authz.aop.AuthorizingAnnotationHandler
          extended by org.apache.shiro.authz.aop.PermissionAnnotationHandler

public class PermissionAnnotationHandler
extends AuthorizingAnnotationHandler

Checks to see if a @RequiresPermissions annotation is declared, and if so, performs a permission check to see if the calling Subject is allowed continued access.

Since:
0.9.0

Field Summary
 
Fields inherited from class org.apache.shiro.aop.AnnotationHandler
annotationClass
 
Constructor Summary
PermissionAnnotationHandler()
          Default no-argument constructor that ensures this handler looks for RequiresPermissions annotations.
 
Method Summary
 void assertAuthorized(Annotation a)
          Ensures that the calling Subject has the Annotation's specified permissions, and if not, throws an AuthorizingException indicating access is denied.
protected  String[] getAnnotationValue(Annotation a)
          Returns the annotation value, from which the Permission will be constructed.
 
Methods inherited from class org.apache.shiro.aop.AnnotationHandler
getAnnotationClass, getSubject, setAnnotationClass
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PermissionAnnotationHandler

public PermissionAnnotationHandler()
Default no-argument constructor that ensures this handler looks for RequiresPermissions annotations.

Method Detail

getAnnotationValue

protected String[] getAnnotationValue(Annotation a)
Returns the annotation value, from which the Permission will be constructed.

Parameters:
a - the RequiresPermissions annotation being inspected.
Returns:
the annotation's value, from which the Permission will be constructed.

assertAuthorized

public void assertAuthorized(Annotation a)
                      throws AuthorizationException
Ensures that the calling Subject has the Annotation's specified permissions, and if not, throws an AuthorizingException indicating access is denied.

Specified by:
assertAuthorized in class AuthorizingAnnotationHandler
Parameters:
a - the RequiresPermission annotation being inspected to check for one or more permissions
Throws:
AuthorizationException - if the calling Subject does not have the permission(s) necessary to continue access or execution.


Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.