org.apache.shiro.authz.aop
Class UserAnnotationHandler

java.lang.Object
  extended by org.apache.shiro.aop.AnnotationHandler
      extended by org.apache.shiro.authz.aop.AuthorizingAnnotationHandler
          extended by org.apache.shiro.authz.aop.UserAnnotationHandler

public class UserAnnotationHandler
extends AuthorizingAnnotationHandler

Checks to see if a @RequiresUser annotation is declared, and if so, ensures the calling Subject is either authenticated or remembered via remember me services before allowing access.

This annotation essentially ensures that subject.getPrincipal() != null.

Since:
0.9.0

Field Summary
 
Fields inherited from class org.apache.shiro.aop.AnnotationHandler
annotationClass
 
Constructor Summary
UserAnnotationHandler()
          Default no-argument constructor that ensures this handler looks for RequiresUser annotations.
 
Method Summary
 void assertAuthorized(Annotation a)
          Ensures that the calling Subject is a user, that is, they are either authenticated or remembered via remember me services before allowing access, and if not, throws an AuthorizingException indicating access is not allowed.
 
Methods inherited from class org.apache.shiro.aop.AnnotationHandler
getAnnotationClass, getSubject, setAnnotationClass
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

UserAnnotationHandler

public UserAnnotationHandler()
Default no-argument constructor that ensures this handler looks for RequiresUser annotations.

Method Detail

assertAuthorized

public void assertAuthorized(Annotation a)
                      throws AuthorizationException
Ensures that the calling Subject is a user, that is, they are either authenticated or remembered via remember me services before allowing access, and if not, throws an AuthorizingException indicating access is not allowed.

Specified by:
assertAuthorized in class AuthorizingAnnotationHandler
Parameters:
a - the RequiresUser annotation to check
Throws:
AuthorizationException - if the calling Subject is not authenticated or remembered via rememberMe services.


Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.