001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 */ 019package org.apache.shiro.authz.aop; 020 021import org.apache.shiro.aop.MethodInterceptorSupport; 022import org.apache.shiro.aop.MethodInvocation; 023import org.apache.shiro.authz.AuthorizationException; 024 025/** 026 * Basic abstract class to support intercepting methods that perform authorization (access control) checks. 027 * 028 * @since 0.9 029 */ 030public abstract class AuthorizingMethodInterceptor extends MethodInterceptorSupport { 031 032 /** 033 * Invokes the specified method (<code>methodInvocation.{@link org.apache.shiro.aop.MethodInvocation#proceed proceed}()</code> 034 * if authorization is allowed by first 035 * calling {@link #assertAuthorized(org.apache.shiro.aop.MethodInvocation) assertAuthorized}. 036 */ 037 public Object invoke(MethodInvocation methodInvocation) throws Throwable { 038 assertAuthorized(methodInvocation); 039 return methodInvocation.proceed(); 040 } 041 042 /** 043 * Asserts that the specified MethodInvocation is allowed to continue by performing any necessary authorization 044 * (access control) checks first. 045 * @param methodInvocation the <code>MethodInvocation</code> to invoke. 046 * @throws AuthorizationException if the <code>methodInvocation</code> should not be allowed to continue/execute. 047 */ 048 protected abstract void assertAuthorized(MethodInvocation methodInvocation) throws AuthorizationException; 049 050}