Package org.apache.shiro.authz

Core interfaces and exceptions supporting Authorization (access control).

Shiro abbreviates the word 'AuthoriZation' as authz to distinguish it separately from 'AuthentiCation', abbreviated as authc.

This package's primary interface of interest, which is the core of Shiro authorization functionality, is the Authorizer. This interface handles all aspects of principal-related security and is the facade to all other Shiro authorization components.

Shiro has the ability to authorize subjects (a.k.a. users) without being intrusive to the application's domain model. Most applications will utilize the concepts of groups, roles, and permissions, but Shiro tries to be as non-invasive as possible doesn't require any such interfaces (although a Permission interface is made available for fine-grained access control policies if you want to use Shiro's permission support out-of-the-box).

Although it is possible for applications to implement this and other interfaces directly, it is not recommended. Shiro already has base implementations which should be suitable for 99% of deployments.