001    /*
002     * Licensed to the Apache Software Foundation (ASF) under one
003     * or more contributor license agreements.  See the NOTICE file
004     * distributed with this work for additional information
005     * regarding copyright ownership.  The ASF licenses this file
006     * to you under the Apache License, Version 2.0 (the
007     * "License"); you may not use this file except in compliance
008     * with the License.  You may obtain a copy of the License at
009     *
010     *     http://www.apache.org/licenses/LICENSE-2.0
011     *
012     * Unless required by applicable law or agreed to in writing,
013     * software distributed under the License is distributed on an
014     * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015     * KIND, either express or implied.  See the License for the
016     * specific language governing permissions and limitations
017     * under the License.
018     */
019    package org.apache.shiro.mgt;
020    
021    import org.apache.shiro.authz.AuthorizationException;
022    import org.apache.shiro.authz.Authorizer;
023    import org.apache.shiro.authz.ModularRealmAuthorizer;
024    import org.apache.shiro.authz.Permission;
025    import org.apache.shiro.subject.PrincipalCollection;
026    import org.apache.shiro.util.LifecycleUtils;
027    
028    import java.util.Collection;
029    import java.util.List;
030    
031    
032    /**
033     * Shiro support of a {@link SecurityManager} class hierarchy that delegates all
034     * authorization (access control) operations to a wrapped {@link Authorizer Authorizer} instance.  That is,
035     * this class implements all the <tt>Authorizer</tt> methods in the {@link SecurityManager SecurityManager}
036     * interface, but in reality, those methods are merely passthrough calls to the underlying 'real'
037     * <tt>Authorizer</tt> instance.
038     *
039     * <p>All remaining <tt>SecurityManager</tt> methods not covered by this class or its parents (mostly Session support)
040     * are left to be implemented by subclasses.
041     *
042     * <p>In keeping with the other classes in this hierarchy and Shiro's desire to minimize configuration whenever
043     * possible, suitable default instances for all dependencies will be created upon instantiation.
044     *
045     * @since 0.9
046     */
047    public abstract class AuthorizingSecurityManager extends AuthenticatingSecurityManager {
048    
049        /**
050         * The wrapped instance to which all of this <tt>SecurityManager</tt> authorization calls are delegated.
051         */
052        private Authorizer authorizer;
053    
054        /**
055         * Default no-arg constructor that initializes an internal default
056         * {@link org.apache.shiro.authz.ModularRealmAuthorizer ModularRealmAuthorizer}.
057         */
058        public AuthorizingSecurityManager() {
059            super();
060            this.authorizer = new ModularRealmAuthorizer();
061        }
062    
063        /**
064         * Returns the underlying wrapped <tt>Authorizer</tt> instance to which this <tt>SecurityManager</tt>
065         * implementation delegates all of its authorization calls.
066         *
067         * @return the wrapped <tt>Authorizer</tt> used by this <tt>SecurityManager</tt> implementation.
068         */
069        public Authorizer getAuthorizer() {
070            return authorizer;
071        }
072    
073        /**
074         * Sets the underlying <tt>Authorizer</tt> instance to which this <tt>SecurityManager</tt> implementation will
075         * delegate all of its authorization calls.
076         *
077         * @param authorizer the <tt>Authorizer</tt> this <tt>SecurityManager</tt> should wrap and delegate all of its
078         *                   authorization calls to.
079         */
080        public void setAuthorizer(Authorizer authorizer) {
081            if (authorizer == null) {
082                String msg = "Authorizer argument cannot be null.";
083                throw new IllegalArgumentException(msg);
084            }
085            this.authorizer = authorizer;
086        }
087    
088        /**
089         * First calls <code>super.afterRealmsSet()</code> and then sets these same <code>Realm</code> objects on this
090         * instance's wrapped {@link Authorizer Authorizer}.
091         * <p/>
092         * The setting of realms the Authorizer will only occur if it is an instance of
093         * {@link org.apache.shiro.authz.ModularRealmAuthorizer ModularRealmAuthorizer}, that is:
094         * <pre>
095         * if ( this.authorizer instanceof ModularRealmAuthorizer ) {
096         *     ((ModularRealmAuthorizer)this.authorizer).setRealms(realms);
097         * }</pre>
098         */
099        protected void afterRealmsSet() {
100            super.afterRealmsSet();
101            if (this.authorizer instanceof ModularRealmAuthorizer) {
102                ((ModularRealmAuthorizer) this.authorizer).setRealms(getRealms());
103            }
104        }
105    
106        public void destroy() {
107            LifecycleUtils.destroy(getAuthorizer());
108            this.authorizer = null;
109            super.destroy();
110        }
111    
112        public boolean isPermitted(PrincipalCollection principals, String permissionString) {
113            return this.authorizer.isPermitted(principals, permissionString);
114        }
115    
116        public boolean isPermitted(PrincipalCollection principals, Permission permission) {
117            return this.authorizer.isPermitted(principals, permission);
118        }
119    
120        public boolean[] isPermitted(PrincipalCollection principals, String... permissions) {
121            return this.authorizer.isPermitted(principals, permissions);
122        }
123    
124        public boolean[] isPermitted(PrincipalCollection principals, List<Permission> permissions) {
125            return this.authorizer.isPermitted(principals, permissions);
126        }
127    
128        public boolean isPermittedAll(PrincipalCollection principals, String... permissions) {
129            return this.authorizer.isPermittedAll(principals, permissions);
130        }
131    
132        public boolean isPermittedAll(PrincipalCollection principals, Collection<Permission> permissions) {
133            return this.authorizer.isPermittedAll(principals, permissions);
134        }
135    
136        public void checkPermission(PrincipalCollection principals, String permission) throws AuthorizationException {
137            this.authorizer.checkPermission(principals, permission);
138        }
139    
140        public void checkPermission(PrincipalCollection principals, Permission permission) throws AuthorizationException {
141            this.authorizer.checkPermission(principals, permission);
142        }
143    
144        public void checkPermissions(PrincipalCollection principals, String... permissions) throws AuthorizationException {
145            this.authorizer.checkPermissions(principals, permissions);
146        }
147    
148        public void checkPermissions(PrincipalCollection principals, Collection<Permission> permissions) throws AuthorizationException {
149            this.authorizer.checkPermissions(principals, permissions);
150        }
151    
152        public boolean hasRole(PrincipalCollection principals, String roleIdentifier) {
153            return this.authorizer.hasRole(principals, roleIdentifier);
154        }
155    
156        public boolean[] hasRoles(PrincipalCollection principals, List<String> roleIdentifiers) {
157            return this.authorizer.hasRoles(principals, roleIdentifiers);
158        }
159    
160        public boolean hasAllRoles(PrincipalCollection principals, Collection<String> roleIdentifiers) {
161            return this.authorizer.hasAllRoles(principals, roleIdentifiers);
162        }
163    
164        public void checkRole(PrincipalCollection principals, String role) throws AuthorizationException {
165            this.authorizer.checkRole(principals, role);
166        }
167    
168        public void checkRoles(PrincipalCollection principals, Collection<String> roles) throws AuthorizationException {
169            this.authorizer.checkRoles(principals, roles);
170        }
171        
172        public void checkRoles(PrincipalCollection principals, String... roles) throws AuthorizationException {
173            this.authorizer.checkRoles(principals, roles);
174        }    
175    }