org.apache.shiro.authz.aop
Class RoleAnnotationHandler

java.lang.Object
  extended by org.apache.shiro.aop.AnnotationHandler
      extended by org.apache.shiro.authz.aop.AuthorizingAnnotationHandler
          extended by org.apache.shiro.authz.aop.RoleAnnotationHandler

public class RoleAnnotationHandler
extends AuthorizingAnnotationHandler

Checks to see if a @RequiresRoles annotation is declared, and if so, performs a role check to see if the calling Subject is allowed to proceed.

Since:
0.9.0

Field Summary
 
Fields inherited from class org.apache.shiro.aop.AnnotationHandler
annotationClass
 
Constructor Summary
RoleAnnotationHandler()
          Default no-argument constructor that ensures this handler looks for RequiresRoles annotations.
 
Method Summary
 void assertAuthorized(Annotation a)
          Ensures that the calling Subject has the Annotation's specified roles, and if not, throws an AuthorizingException indicating that access is denied.
 
Methods inherited from class org.apache.shiro.aop.AnnotationHandler
getAnnotationClass, getSubject, setAnnotationClass
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

RoleAnnotationHandler

public RoleAnnotationHandler()
Default no-argument constructor that ensures this handler looks for RequiresRoles annotations.

Method Detail

assertAuthorized

public void assertAuthorized(Annotation a)
                      throws AuthorizationException
Ensures that the calling Subject has the Annotation's specified roles, and if not, throws an AuthorizingException indicating that access is denied.

Specified by:
assertAuthorized in class AuthorizingAnnotationHandler
Parameters:
a - the RequiresRoles annotation to use to check for one or more roles
Throws:
AuthorizationException - if the calling Subject does not have the role(s) necessary to proceed.


Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.