Returns an account's authorization-specific information for the specified
principals,
or
null if no account could be found. The resulting
AuthorizationInfo object is used
by the other method implementations in this class to automatically perform access control checks for the
corresponding
Subject.
This implementation obtains the actual
AuthorizationInfo object from the subclass's
implementation of
#doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection), and then
caches it for efficient reuse if caching is enabled (see below).
Invocations of this method should be thought of as completely orthogonal to acquiring
#getAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken), since either could
occur in any order.
For example, in "Remember Me" scenarios, the user identity is remembered (and
assumed) for their current session and an authentication attempt during that session might never occur.
But because their identity would be remembered, that is sufficient enough information to call this method to
execute any necessary authorization checks. For this reason, authentication and authorization should be
loosely coupled and not depend on each other.
Caching
The
AuthorizationInfo values returned from this method are cached for efficient reuse
if caching is enabled. Caching is enabled automatically when an
#setAuthorizationCacheinstance has been explicitly configured, or if a
#setCacheManager has been configured, which
will be used to lazily create the
authorizationCache as needed.
If caching is enabled, the authorization cache will be checked first and if found, will return the cached
AuthorizationInfo immediately. If caching is disabled, or there is a cache miss, the authorization
info will be looked up from the underlying data store via the
#doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection) method, which must be implemented
by subclasses.
Changed Data
If caching is enabled and if any authorization data for an account is changed at
runtime, such as adding or removing roles and/or permissions, the subclass implementation should clear the
cached AuthorizationInfo for that account via the
#clearCachedAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)method. This ensures that the next call to
getAuthorizationInfo(PrincipalCollection) will
acquire the account's fresh authorization data, where it will then be cached for efficient reuse. This
ensures that stale authorization data will not be reused.