protected Authorizer authorizer() { ModularRealmAuthorizer authorizer = new ModularRealmAuthorizer(); if (permissionResolver != null) { authorizer.setPermissionResolver(permissionResolver); } if (rolePermissionResolver != null) { authorizer.setRolePermissionResolver(rolePermissionResolver); } return authorizer; }
/** * Constructor that accepts the <code>Realm</code>s to consult during an authorization check. Immediately calls * {@link #setRealms setRealms(realms)}. * * @param realms the realms to consult during an authorization check. */ public ModularRealmAuthorizer(Collection<Realm> realms) { setRealms(realms); }
/** * Sets the realms wrapped by this <code>Authorizer</code> which are consulted during an authorization check. * * @param realms the realms wrapped by this <code>Authorizer</code> which are consulted during an authorization check. */ public void setRealms(Collection<Realm> realms) { this.realms = realms; applyPermissionResolverToRealms(); applyRolePermissionResolverToRealms(); }
/** * Calls {@link #checkRole(org.apache.shiro.subject.PrincipalCollection, String) checkRole} for each role specified. */ public void checkRoles(PrincipalCollection principals, String... roles) throws AuthorizationException { assertRealmsConfigured(); if (roles != null) { for (String role : roles) { checkRole(principals, role); } } } }
/** * If !{@link #isPermitted(org.apache.shiro.subject.PrincipalCollection, String...) isPermitted(permission)}, * throws an <code>UnauthorizedException</code> otherwise returns quietly. */ public void checkPermissions(PrincipalCollection principals, String... permissions) throws AuthorizationException { assertRealmsConfigured(); if (permissions != null && permissions.length > 0) { for (String perm : permissions) { checkPermission(principals, perm); } } }
/** * Returns <code>true</code> if any of the configured realms' * {@link #isPermitted(org.apache.shiro.subject.PrincipalCollection, String)} call returns <code>true</code> * for <em>all</em> of the specified string permissions, <code>false</code> otherwise. */ public boolean isPermittedAll(PrincipalCollection principals, String... permissions) { assertRealmsConfigured(); if (permissions != null && permissions.length > 0) { for (String perm : permissions) { if (!isPermitted(principals, perm)) { return false; } } } return true; }
ModularRealmAuthorizer modRealmAuthz = new ModularRealmAuthorizer(); modRealmAuthz.setRealms( realms ); modRealmAuthz.setRolePermissionResolver( rolePermissionResolver ); modRealmAuthz.setRealms( realms ); assertTrue( ((AuthorizingRealm) mockRealm).getRolePermissionResolver() == rolePermissionResolver );
/** * Returns <code>true</code> iff any of the configured realms' * {@link #hasRole(org.apache.shiro.subject.PrincipalCollection, String)} call returns <code>true</code> for * <em>all</em> roles specified, <code>false</code> otherwise. */ public boolean hasAllRoles(PrincipalCollection principals, Collection<String> roleIdentifiers) { assertRealmsConfigured(); for (String roleIdentifier : roleIdentifiers) { if (!hasRole(principals, roleIdentifier)) { return false; } } return true; }
/** * Returns <code>true</code> if any of the configured realms' * {@link #hasRole(org.apache.shiro.subject.PrincipalCollection, String)} call returns <code>true</code>, * <code>false</code> otherwise. */ public boolean hasRole(PrincipalCollection principals, String roleIdentifier) { assertRealmsConfigured(); for (Realm realm : getRealms()) { if (!(realm instanceof Authorizer)) continue; if (((Authorizer) realm).hasRole(principals, roleIdentifier)) { return true; } } return false; }
((ModularRealmAuthenticator) authenticator).setAuthenticationStrategy(new FirstSuccessfulStrategy()); final ModularRealmAuthorizer authorizer = new ModularRealmAuthorizer(of(mongoDbAuthorizationRealm, rootAccountRealm)); authorizer.setRolePermissionResolver(inMemoryRolePermissionResolver); sm.setAuthorizer(authorizer);
/** * Default no-arg constructor that initializes an internal default * {@link org.apache.shiro.authz.ModularRealmAuthorizer ModularRealmAuthorizer}. */ public AuthorizingSecurityManager() { super(); this.authorizer = new ModularRealmAuthorizer(); }
/** * Sets the internal {@link #getPermissionResolver} on any internal configured * {@link #getRealms Realms} that implement the {@link org.apache.shiro.authz.permission.PermissionResolverAware PermissionResolverAware} interface. * <p/> * This method is called after setting a permissionResolver on this ModularRealmAuthorizer via the * {@link #setPermissionResolver(org.apache.shiro.authz.permission.PermissionResolver) setPermissionResolver} method. * <p/> * It is also called after setting one or more realms via the {@link #setRealms setRealms} method to allow these * newly available realms to be given the <code>PermissionResolver</code> already in use. * * @since 1.0 */ protected void applyPermissionResolverToRealms() { PermissionResolver resolver = getPermissionResolver(); Collection<Realm> realms = getRealms(); if (resolver != null && realms != null && !realms.isEmpty()) { for (Realm realm : realms) { if (realm instanceof PermissionResolverAware) { ((PermissionResolverAware) realm).setPermissionResolver(resolver); } } } }
/** * Calls {@link #checkRoles(PrincipalCollection principals, String... roles) checkRoles(PrincipalCollection principals, String... roles) }. */ public void checkRoles(PrincipalCollection principals, Collection<String> roles) throws AuthorizationException { //SHIRO-234 - roles.toArray() -> roles.toArray(new String[roles.size()]) if (roles != null && !roles.isEmpty()) checkRoles(principals, roles.toArray(new String[roles.size()])); }
/** * Sets the specified {@link PermissionResolver PermissionResolver} on <em>all</em> of the wrapped realms that * implement the {@link org.apache.shiro.authz.permission.PermissionResolverAware PermissionResolverAware} interface. * <p/> * Only call this method if you want the permission resolver to be passed to all realms that implement the * <code>PermissionResolver</code> interface. If you do not want this to occur, the realms must * configure themselves individually (or be configured individually). * * @param permissionResolver the permissionResolver to set on all of the wrapped realms that implement the * {@link org.apache.shiro.authz.permission.PermissionResolverAware PermissionResolverAware} interface. */ public void setPermissionResolver(PermissionResolver permissionResolver) { this.permissionResolver = permissionResolver; applyPermissionResolverToRealms(); }
/** * Sets the specified {@link RolePermissionResolver RolePermissionResolver} on <em>all</em> of the wrapped realms that * implement the {@link org.apache.shiro.authz.permission.RolePermissionResolverAware PermissionResolverAware} interface. * <p/> * Only call this method if you want the permission resolver to be passed to all realms that implement the * <code>RolePermissionResolver</code> interface. If you do not want this to occur, the realms must * configure themselves individually (or be configured individually). * * @param rolePermissionResolver the rolePermissionResolver to set on all of the wrapped realms that implement the * {@link org.apache.shiro.authz.permission.RolePermissionResolverAware RolePermissionResolverAware} interface. */ public void setRolePermissionResolver(RolePermissionResolver rolePermissionResolver) { this.rolePermissionResolver = rolePermissionResolver; applyRolePermissionResolverToRealms(); }
/** * Returns <code>true</code> if any of the configured realms' * {@link #isPermittedAll(org.apache.shiro.subject.PrincipalCollection, String...)} call returns * <code>true</code>, <code>false</code> otherwise. */ public boolean[] isPermitted(PrincipalCollection principals, String... permissions) { assertRealmsConfigured(); if (permissions != null && permissions.length > 0) { boolean[] isPermitted = new boolean[permissions.length]; for (int i = 0; i < permissions.length; i++) { isPermitted[i] = isPermitted(principals, permissions[i]); } return isPermitted; } return new boolean[0]; }
/** * If !{@link #hasRole(org.apache.shiro.subject.PrincipalCollection, String) hasRole(role)}, throws * an <code>UnauthorizedException</code> otherwise returns quietly. */ public void checkRole(PrincipalCollection principals, String role) throws AuthorizationException { assertRealmsConfigured(); if (!hasRole(principals, role)) { throw new UnauthorizedException("Subject does not have role [" + role + "]"); } }
/** * Returns <code>true</code> if any of the configured realms' * {@link #isPermitted(org.apache.shiro.subject.PrincipalCollection, String)} returns <code>true</code>, * <code>false</code> otherwise. */ public boolean isPermitted(PrincipalCollection principals, String permission) { assertRealmsConfigured(); for (Realm realm : getRealms()) { if (!(realm instanceof Authorizer)) continue; if (((Authorizer) realm).isPermitted(principals, permission)) { return true; } } return false; }
((ModularRealmAuthenticator) authenticator).setAuthenticationStrategy(new FirstSuccessfulStrategy()); final ModularRealmAuthorizer authorizer = new ModularRealmAuthorizer(of(mongoDbAuthorizationRealm, rootAccountRealm)); authorizer.setRolePermissionResolver(inMemoryRolePermissionResolver); sm.setAuthorizer(authorizer);
/** * If !{@link #isPermitted(org.apache.shiro.subject.PrincipalCollection, Permission) isPermitted(permission)} for * <em>all</em> the given Permissions, throws * an <code>UnauthorizedException</code> otherwise returns quietly. */ public void checkPermissions(PrincipalCollection principals, Collection<Permission> permissions) throws AuthorizationException { assertRealmsConfigured(); if (permissions != null) { for (Permission permission : permissions) { checkPermission(principals, permission); } } }