001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied.  See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 */
019package org.apache.shiro.mgt;
020
021import org.apache.shiro.authz.AuthorizationException;
022import org.apache.shiro.authz.Authorizer;
023import org.apache.shiro.authz.ModularRealmAuthorizer;
024import org.apache.shiro.authz.Permission;
025import org.apache.shiro.subject.PrincipalCollection;
026import org.apache.shiro.util.LifecycleUtils;
027
028import java.util.Collection;
029import java.util.List;
030
031
032/**
033 * Shiro support of a {@link SecurityManager} class hierarchy that delegates all
034 * authorization (access control) operations to a wrapped {@link Authorizer Authorizer} instance.  That is,
035 * this class implements all the <tt>Authorizer</tt> methods in the {@link SecurityManager SecurityManager}
036 * interface, but in reality, those methods are merely passthrough calls to the underlying 'real'
037 * <tt>Authorizer</tt> instance.
038 *
039 * <p>All remaining <tt>SecurityManager</tt> methods not covered by this class or its parents (mostly Session support)
040 * are left to be implemented by subclasses.
041 *
042 * <p>In keeping with the other classes in this hierarchy and Shiro's desire to minimize configuration whenever
043 * possible, suitable default instances for all dependencies will be created upon instantiation.
044 *
045 * @since 0.9
046 */
047public abstract class AuthorizingSecurityManager extends AuthenticatingSecurityManager {
048
049    /**
050     * The wrapped instance to which all of this <tt>SecurityManager</tt> authorization calls are delegated.
051     */
052    private Authorizer authorizer;
053
054    /**
055     * Default no-arg constructor that initializes an internal default
056     * {@link org.apache.shiro.authz.ModularRealmAuthorizer ModularRealmAuthorizer}.
057     */
058    public AuthorizingSecurityManager() {
059        super();
060        this.authorizer = new ModularRealmAuthorizer();
061    }
062
063    /**
064     * Returns the underlying wrapped <tt>Authorizer</tt> instance to which this <tt>SecurityManager</tt>
065     * implementation delegates all of its authorization calls.
066     *
067     * @return the wrapped <tt>Authorizer</tt> used by this <tt>SecurityManager</tt> implementation.
068     */
069    public Authorizer getAuthorizer() {
070        return authorizer;
071    }
072
073    /**
074     * Sets the underlying <tt>Authorizer</tt> instance to which this <tt>SecurityManager</tt> implementation will
075     * delegate all of its authorization calls.
076     *
077     * @param authorizer the <tt>Authorizer</tt> this <tt>SecurityManager</tt> should wrap and delegate all of its
078     *                   authorization calls to.
079     */
080    public void setAuthorizer(Authorizer authorizer) {
081        if (authorizer == null) {
082            String msg = "Authorizer argument cannot be null.";
083            throw new IllegalArgumentException(msg);
084        }
085        this.authorizer = authorizer;
086    }
087
088    /**
089     * First calls <code>super.afterRealmsSet()</code> and then sets these same <code>Realm</code> objects on this
090     * instance's wrapped {@link Authorizer Authorizer}.
091     * <p/>
092     * The setting of realms the Authorizer will only occur if it is an instance of
093     * {@link org.apache.shiro.authz.ModularRealmAuthorizer ModularRealmAuthorizer}, that is:
094     * <pre>
095     * if ( this.authorizer instanceof ModularRealmAuthorizer ) {
096     *     ((ModularRealmAuthorizer)this.authorizer).setRealms(realms);
097     * }</pre>
098     */
099    protected void afterRealmsSet() {
100        super.afterRealmsSet();
101        if (this.authorizer instanceof ModularRealmAuthorizer) {
102            ((ModularRealmAuthorizer) this.authorizer).setRealms(getRealms());
103        }
104    }
105
106    public void destroy() {
107        LifecycleUtils.destroy(getAuthorizer());
108        this.authorizer = null;
109        super.destroy();
110    }
111
112    public boolean isPermitted(PrincipalCollection principals, String permissionString) {
113        return this.authorizer.isPermitted(principals, permissionString);
114    }
115
116    public boolean isPermitted(PrincipalCollection principals, Permission permission) {
117        return this.authorizer.isPermitted(principals, permission);
118    }
119
120    public boolean[] isPermitted(PrincipalCollection principals, String... permissions) {
121        return this.authorizer.isPermitted(principals, permissions);
122    }
123
124    public boolean[] isPermitted(PrincipalCollection principals, List<Permission> permissions) {
125        return this.authorizer.isPermitted(principals, permissions);
126    }
127
128    public boolean isPermittedAll(PrincipalCollection principals, String... permissions) {
129        return this.authorizer.isPermittedAll(principals, permissions);
130    }
131
132    public boolean isPermittedAll(PrincipalCollection principals, Collection<Permission> permissions) {
133        return this.authorizer.isPermittedAll(principals, permissions);
134    }
135
136    public void checkPermission(PrincipalCollection principals, String permission) throws AuthorizationException {
137        this.authorizer.checkPermission(principals, permission);
138    }
139
140    public void checkPermission(PrincipalCollection principals, Permission permission) throws AuthorizationException {
141        this.authorizer.checkPermission(principals, permission);
142    }
143
144    public void checkPermissions(PrincipalCollection principals, String... permissions) throws AuthorizationException {
145        this.authorizer.checkPermissions(principals, permissions);
146    }
147
148    public void checkPermissions(PrincipalCollection principals, Collection<Permission> permissions) throws AuthorizationException {
149        this.authorizer.checkPermissions(principals, permissions);
150    }
151
152    public boolean hasRole(PrincipalCollection principals, String roleIdentifier) {
153        return this.authorizer.hasRole(principals, roleIdentifier);
154    }
155
156    public boolean[] hasRoles(PrincipalCollection principals, List<String> roleIdentifiers) {
157        return this.authorizer.hasRoles(principals, roleIdentifiers);
158    }
159
160    public boolean hasAllRoles(PrincipalCollection principals, Collection<String> roleIdentifiers) {
161        return this.authorizer.hasAllRoles(principals, roleIdentifiers);
162    }
163
164    public void checkRole(PrincipalCollection principals, String role) throws AuthorizationException {
165        this.authorizer.checkRole(principals, role);
166    }
167
168    public void checkRoles(PrincipalCollection principals, Collection<String> roles) throws AuthorizationException {
169        this.authorizer.checkRoles(principals, roles);
170    }
171    
172    public void checkRoles(PrincipalCollection principals, String... roles) throws AuthorizationException {
173        this.authorizer.checkRoles(principals, roles);
174    }    
175}