Examples of org.apache.shiro.authz.AuthorizationInfo

• org.apache.shiro.authz.AuthorizationInfo
  AuthorizationInfo represents a single Subject's stored authorization data (roles, permissions, etc) used during authorization (access control) checks only.

  Roles are represented as a Collection of Strings ( {@link java.util.Collection Collection}< {@link String String}>), typically each element being the Role name.

  {@link Permission Permission}s are provided in two ways:

  • A Collection of Strings, where each String can usually be converted into Permission objects by a Realm's {@link org.apache.shiro.authz.permission.PermissionResolver PermissionResolver}
  • A Collection of {@link Permission Permission} objects

  Both permission collections together represent the total aggregate collection of permissions. You may use one or both depending on your preference and needs.

  Because the act of authorization (access control) is orthoganal to authentication (log-in), this interface is intended to represent only the account data needed by Shiro during an access control check (role, permission, etc). Shiro also has a parallel {@link org.apache.shiro.authc.AuthenticationInfo AuthenticationInfo} interface for use during the authenticationprocess that represents identity data such as principals and credentials.

  Because many if not most {@link org.apache.shiro.realm.Realm Realm}s store both sets of data for a Subject, it might be convenient for a Realm implementation to utilize an implementation of the {@link org.apache.shiro.authc.Account Account} interface instead, which is a convenience interface that combines bothAuthenticationInfo and AuthorizationInfo. Whether you choose to implement these two interfaces separately or implement the one Account interface for a given Realm is entirely based on your application's needs or your preferences. @author Jeremy Haile @author Les Hazlewood @see org.apache.shiro.authc.AuthenticationInfo AuthenticationInfo @see org.apache.shiro.authc.Account @since 0.9

            if(realm.supports(token)) {
                continue;
            }
            final AuthenticationInfo authenticationInfo = realm.getAuthenticationInfo(token);
            if(authenticationInfo instanceof AuthorizationInfo) {
                final AuthorizationInfo authorizationInfo = (AuthorizationInfo) authenticationInfo;
                final Collection<String> realmRoles = authorizationInfo.getRoles();
                for (final String role : realmRoles) {
                    roles.add(realm.getName() + ":" + role);
                }
            }
        }

        return info;
    }


    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        AuthorizationInfo info;
        try {
            info = queryForAuthorizationInfo(principals, ensureContextFactory());
        } catch (NamingException e) {
            String msg = "LDAP naming error while attempting to retrieve authorization for user [" + principals + "].";
            throw new AuthorizationException(msg, e);

        if (principals == null) {
            return null;
        }

        AuthorizationInfo info = null;

        if (log.isTraceEnabled()) {
            log.trace("Retrieving AuthorizationInfo for principals [" + principals + "]");
        }

        Permission p = getPermissionResolver().resolvePermission(permission);
        return isPermitted(principals, p);
    }

    public boolean isPermitted(PrincipalCollection principals, Permission permission) {
        AuthorizationInfo info = getAuthorizationInfo(principals);
        return isPermitted(permission, info);
    }

        }
        return isPermitted(subjectIdentifier, perms);
    }

    public boolean[] isPermitted(PrincipalCollection principals, List<Permission> permissions) {
        AuthorizationInfo info = getAuthorizationInfo(principals);
        return isPermitted(permissions, info);
    }

        }
        return false;
    }

    public boolean isPermittedAll(PrincipalCollection principal, Collection<Permission> permissions) {
        AuthorizationInfo info = getAuthorizationInfo(principal);
        return info != null && isPermittedAll(permissions, info);
    }

        Permission p = getPermissionResolver().resolvePermission(permission);
        checkPermission(subjectIdentifier, p);
    }

    public void checkPermission(PrincipalCollection principal, Permission permission) throws AuthorizationException {
        AuthorizationInfo info = getAuthorizationInfo(principal);
        checkPermission(permission, info);
    }

            }
        }
    }

    public void checkPermissions(PrincipalCollection principal, Collection<Permission> permissions) throws AuthorizationException {
        AuthorizationInfo info = getAuthorizationInfo(principal);
        checkPermissions(permissions, info);
    }

            }
        }
    }

    public boolean hasRole(PrincipalCollection principal, String roleIdentifier) {
        AuthorizationInfo info = getAuthorizationInfo(principal);
        return hasRole(roleIdentifier, info);
    }

    protected boolean hasRole(String roleIdentifier, AuthorizationInfo info) {
        return info != null && info.getRoles() != null && info.getRoles().contains(roleIdentifier);
    }

    public boolean[] hasRoles(PrincipalCollection principal, List<String> roleIdentifiers) {
        AuthorizationInfo info = getAuthorizationInfo(principal);
        boolean[] result = new boolean[roleIdentifiers != null ? roleIdentifiers.size() : 0];
        if (info != null) {
            result = hasRoles(roleIdentifiers, info);
        }
        return result;