Coverage Report - org.apache.shiro.authz.Authorizer
 
Classes in this File Line Coverage Branch Coverage Complexity
Authorizer
N/A
N/A
N/A
N/A
1
 
 1   
 /*
 2   
  * Licensed to the Apache Software Foundation (ASF) under one
 3   
  * or more contributor license agreements.  See the NOTICE file
 4   
  * distributed with this work for additional information
 5   
  * regarding copyright ownership.  The ASF licenses this file
 6   
  * to you under the Apache License, Version 2.0 (the
 7   
  * "License"); you may not use this file except in compliance
 8   
  * with the License.  You may obtain a copy of the License at
 9   
  *
 10   
  *     http://www.apache.org/licenses/LICENSE-2.0
 11   
  *
 12   
  * Unless required by applicable law or agreed to in writing,
 13   
  * software distributed under the License is distributed on an
 14   
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 15   
  * KIND, either express or implied.  See the License for the
 16   
  * specific language governing permissions and limitations
 17   
  * under the License.
 18   
  */
 19   
 package org.apache.shiro.authz;
 20   
 
 21   
 import org.apache.shiro.subject.PrincipalCollection;
 22   
 
 23   
 import java.util.Collection;
 24   
 import java.util.List;
 25   
 
 26   
 /**
 27   
  * An <tt>Authorizer</tt> performs authorization (access control) operations for any given Subject
 28   
  * (aka 'application user').
 29   
  *
 30   
  * <p>Each method requires a subject principal to perform the action for the corresponding Subject/user.
 31   
  *
 32   
  * <p>This principal argument is usually an object representing a user database primary key or a String username or
 33   
  * something similar that uniquely identifies an application user.  The runtime value of the this principal
 34   
  * is application-specific and provided by the application's configured Realms.
 35   
  *
 36   
  * <p>Note that there are many *Permission methods in this interface overloaded to accept String arguments instead of
 37   
  * {@link Permission Permission} instances. They are a convenience allowing the caller to use a String representation of
 38   
  * a {@link Permission Permission} if desired.  Most implementations of this interface will simply convert these
 39   
  * String values to {@link Permission Permission} instances and then just call the corresponding type-safe method.
 40   
  * (Shiro's default implementations do String-to-Permission conversion for these methods using
 41   
  * {@link org.apache.shiro.authz.permission.PermissionResolver PermissionResolver}s.)
 42   
  *
 43   
  * <p>These overloaded *Permission methods <em>do</em> forego type-saftey for the benefit of convenience and simplicity,
 44   
  * so you should choose which ones to use based on your preferences and needs.
 45   
  *
 46   
  * @since 0.1
 47   
  */
 48   
 public interface Authorizer {
 49   
 
 50   
     /**
 51   
      * Returns <tt>true</tt> if the corresponding subject/user is permitted to perform an action or access a resource
 52   
      * summarized by the specified permission string.
 53   
      *
 54   
      * <p>This is an overloaded method for the corresponding type-safe {@link Permission Permission} variant.
 55   
      * Please see the class-level JavaDoc for more information on these String-based permission methods.
 56   
      *
 57   
      * @param principals the application-specific subject/user identifier.
 58   
      * @param permission the String representation of a Permission that is being checked.
 59   
      * @return true if the corresponding Subject/user is permitted, false otherwise.
 60   
      * @see #isPermitted(PrincipalCollection principals,Permission permission)
 61   
      * @since 0.9
 62   
      */
 63   
     boolean isPermitted(PrincipalCollection principals, String permission);
 64   
 
 65   
     /**
 66   
      * Returns <tt>true</tt> if the corresponding subject/user is permitted to perform an action or access a resource
 67   
      * summarized by the specified permission.
 68   
      *
 69   
      * <p>More specifically, this method determines if any <tt>Permission</tt>s associated
 70   
      * with the subject {@link Permission#implies(Permission) imply} the specified permission.
 71   
      *
 72   
      * @param subjectPrincipal the application-specific subject/user identifier.
 73   
      * @param permission       the permission that is being checked.
 74   
      * @return true if the corresponding Subject/user is permitted, false otherwise.
 75   
      */
 76   
     boolean isPermitted(PrincipalCollection subjectPrincipal, Permission permission);
 77   
 
 78   
     /**
 79   
      * Checks if the corresponding Subject implies the given permission strings and returns a boolean array
 80   
      * indicating which permissions are implied.
 81   
      *
 82   
      * <p>This is an overloaded method for the corresponding type-safe {@link Permission Permission} variant.
 83   
      * Please see the class-level JavaDoc for more information on these String-based permission methods.
 84   
      *
 85   
      * @param subjectPrincipal the application-specific subject/user identifier.
 86   
      * @param permissions      the String representations of the Permissions that are being checked.
 87   
      * @return an array of booleans whose indices correspond to the index of the
 88   
      *         permissions in the given list.  A true value at an index indicates the user is permitted for
 89   
      *         for the associated <tt>Permission</tt> string in the list.  A false value at an index
 90   
      *         indicates otherwise.
 91   
      * @since 0.9
 92   
      */
 93   
     boolean[] isPermitted(PrincipalCollection subjectPrincipal, String... permissions);
 94   
 
 95   
     /**
 96   
      * Checks if the corresponding Subject/user implies the given Permissions and returns a boolean array indicating
 97   
      * which permissions are implied.
 98   
      *
 99   
      * <p>More specifically, this method should determine if each <tt>Permission</tt> in
 100   
      * the array is {@link Permission#implies(Permission) implied} by permissions
 101   
      * already associated with the subject.
 102   
      *
 103   
      * <p>This is primarily a performance-enhancing method to help reduce the number of
 104   
      * {@link #isPermitted} invocations over the wire in client/server systems.
 105   
      *
 106   
      * @param subjectPrincipal the application-specific subject/user identifier.
 107   
      * @param permissions      the permissions that are being checked.
 108   
      * @return an array of booleans whose indices correspond to the index of the
 109   
      *         permissions in the given list.  A true value at an index indicates the user is permitted for
 110   
      *         for the associated <tt>Permission</tt> object in the list.  A false value at an index
 111   
      *         indicates otherwise.
 112   
      */
 113   
     boolean[] isPermitted(PrincipalCollection subjectPrincipal, List<Permission> permissions);
 114   
 
 115   
     /**
 116   
      * Returns <tt>true</tt> if the corresponding Subject/user implies all of the specified permission strings,
 117   
      * <tt>false</tt> otherwise.
 118   
      *
 119   
      * <p>This is an overloaded method for the corresponding type-safe {@link Permission Permission} variant.
 120   
      * Please see the class-level JavaDoc for more information on these String-based permission methods.
 121   
      *
 122   
      * @param subjectPrincipal the application-specific subject/user identifier.
 123   
      * @param permissions      the String representations of the Permissions that are being checked.
 124   
      * @return true if the user has all of the specified permissions, false otherwise.
 125   
      * @see #isPermittedAll(PrincipalCollection,Collection)
 126   
      * @since 0.9
 127   
      */
 128   
     boolean isPermittedAll(PrincipalCollection subjectPrincipal, String... permissions);
 129   
 
 130   
     /**
 131   
      * Returns <tt>true</tt> if the corresponding Subject/user implies all of the specified permissions, <tt>false</tt>
 132   
      * otherwise.
 133   
      *
 134   
      * <p>More specifically, this method determines if all of the given <tt>Permission</tt>s are
 135   
      * {@link Permission#implies(Permission) implied by} permissions already associated with the subject.
 136   
      *
 137   
      * @param subjectPrincipal the application-specific subject/user identifier.
 138   
      * @param permissions      the permissions to check.
 139   
      * @return true if the user has all of the specified permissions, false otherwise.
 140   
      */
 141   
     boolean isPermittedAll(PrincipalCollection subjectPrincipal, Collection<Permission> permissions);
 142   
 
 143   
     /**
 144   
      * Ensures the corresponding Subject/user implies the specified permission String.
 145   
      *
 146   
      * <p>If the subject's existing associated permissions do not {@link Permission#implies(Permission)} imply}
 147   
      * the given permission, an {@link AuthorizationException} will be thrown.
 148   
      *
 149   
      * <p>This is an overloaded method for the corresponding type-safe {@link Permission Permission} variant.
 150   
      * Please see the class-level JavaDoc for more information on these String-based permission methods.
 151   
      *
 152   
      * @param subjectPrincipal the application-specific subject/user identifier.
 153   
      * @param permission       the String representation of the Permission to check.
 154   
      * @throws AuthorizationException
 155   
      *          if the user does not have the permission.
 156   
      * @since 0.9
 157   
      */
 158   
     void checkPermission(PrincipalCollection subjectPrincipal, String permission) throws AuthorizationException;
 159   
 
 160   
     /**
 161   
      * Ensures a subject/user {@link Permission#implies(Permission)} implies} the specified <tt>Permission</tt>.
 162   
      * If the subject's exisiting associated permissions do not {@link Permission#implies(Permission)} imply}
 163   
      * the given permission, an {@link AuthorizationException} will be thrown.
 164   
      *
 165   
      * @param subjectPrincipal the application-specific subject/user identifier.
 166   
      * @param permission       the Permission to check.
 167   
      * @throws AuthorizationException
 168   
      *          if the user does not have the permission.
 169   
      */
 170   
     void checkPermission(PrincipalCollection subjectPrincipal, Permission permission) throws AuthorizationException;
 171   
 
 172   
     /**
 173   
      * Ensures the corresponding Subject/user
 174   
      * {@link Permission#implies(Permission) implies} all of the
 175   
      * specified permission strings.
 176   
      *
 177   
      * If the subject's exisiting associated permissions do not
 178   
      * {@link Permission#implies(Permission) imply} all of the given permissions,
 179   
      * an {@link AuthorizationException} will be thrown.
 180   
      *
 181   
      * <p>This is an overloaded method for the corresponding type-safe {@link Permission Permission} variant.
 182   
      * Please see the class-level JavaDoc for more information on these String-based permission methods.
 183   
      *
 184   
      * @param subjectPrincipal the application-specific subject/user identifier.
 185   
      * @param permissions      the string representations of Permissions to check.
 186   
      * @throws AuthorizationException if the user does not have all of the given permissions.
 187   
      * @since 0.9
 188   
      */
 189   
     void checkPermissions(PrincipalCollection subjectPrincipal, String... permissions) throws AuthorizationException;
 190   
 
 191   
     /**
 192   
      * Ensures the corresponding Subject/user
 193   
      * {@link Permission#implies(Permission) implies} all of the
 194   
      * specified permission strings.
 195   
      *
 196   
      * If the subject's exisiting associated permissions do not
 197   
      * {@link Permission#implies(Permission) imply} all of the given permissions,
 198   
      * an {@link AuthorizationException} will be thrown.
 199   
      *
 200   
      * @param subjectPrincipal the application-specific subject/user identifier.
 201   
      * @param permissions      the Permissions to check.
 202   
      * @throws AuthorizationException if the user does not have all of the given permissions.
 203   
      */
 204   
     void checkPermissions(PrincipalCollection subjectPrincipal, Collection<Permission> permissions) throws AuthorizationException;
 205   
 
 206   
     /**
 207   
      * Returns <tt>true</tt> if the corresponding Subject/user has the specified role, <tt>false</tt> otherwise.
 208   
      *
 209   
      * @param subjectPrincipal the application-specific subject/user identifier.
 210   
      * @param roleIdentifier   the application-specific role identifier (usually a role id or role name).
 211   
      * @return <tt>true</tt> if the corresponding subject has the specified role, <tt>false</tt> otherwise.
 212   
      */
 213   
     boolean hasRole(PrincipalCollection subjectPrincipal, String roleIdentifier);
 214   
 
 215   
     /**
 216   
      * Checks if the corresponding Subject/user has the specified roles, returning a boolean array indicating
 217   
      * which roles are associated with the given subject.
 218   
      *
 219   
      * <p>This is primarily a performance-enhancing method to help reduce the number of
 220   
      * {@link #hasRole} invocations over the wire in client/server systems.
 221   
      *
 222   
      * @param subjectPrincipal the application-specific subject/user identifier.
 223   
      * @param roleIdentifiers  the application-specific role identifiers to check (usually role ids or role names).
 224   
      * @return an array of booleans whose indices correspond to the index of the
 225   
      *         roles in the given identifiers.  A true value indicates the user has the
 226   
      *         role at that index.  False indicates the user does not have the role at that index.
 227   
      */
 228   
     boolean[] hasRoles(PrincipalCollection subjectPrincipal, List<String> roleIdentifiers);
 229   
 
 230   
     /**
 231   
      * Returns <tt>true</tt> if the corresponding Subject/user has all of the specified roles, <tt>false</tt> otherwise.
 232   
      *
 233   
      * @param subjectPrincipal the application-specific subject/user identifier.
 234   
      * @param roleIdentifiers  the application-specific role identifiers to check (usually role ids or role names).
 235   
      * @return true if the user has all the roles, false otherwise.
 236   
      */
 237   
     boolean hasAllRoles(PrincipalCollection subjectPrincipal, Collection<String> roleIdentifiers);
 238   
 
 239   
     /**
 240   
      * Asserts the corresponding Subject/user has the specified role by returning quietly if they do or throwing an
 241   
      * {@link AuthorizationException} if they do not.
 242   
      *
 243   
      * @param subjectPrincipal the application-specific subject/user identifier.
 244   
      * @param roleIdentifier   the application-specific role identifier (usually a role id or role name ).
 245   
      * @throws AuthorizationException
 246   
      *          if the user does not have the role.
 247   
      */
 248   
     void checkRole(PrincipalCollection subjectPrincipal, String roleIdentifier) throws AuthorizationException;
 249   
 
 250   
     /**
 251   
      * Asserts the corresponding Subject/user has all of the specified roles by returning quietly if they do or
 252   
      * throwing an {@link AuthorizationException} if they do not.
 253   
      *
 254   
      * @param subjectPrincipal the application-specific subject/user identifier.
 255   
      * @param roleIdentifiers  the application-specific role identifiers to check (usually role ids or role names).
 256   
      * @throws AuthorizationException
 257   
      *          if the user does not have all of the specified roles.
 258   
      */
 259   
     void checkRoles(PrincipalCollection subjectPrincipal, Collection<String> roleIdentifiers) throws AuthorizationException;
 260   
 
 261   
     /**
 262   
      * Same as {@link #checkRoles(org.apache.shiro.subject.PrincipalCollection, java.util.Collection)
 263   
      * checkRoles(PrincipalCollection subjectPrincipal, Collection&lt;String&gt; roleIdentifiers)} but doesn't require a collection
 264   
      * as an argument.
 265   
      * Asserts the corresponding Subject/user has all of the specified roles by returning quietly if they do or
 266   
      * throwing an {@link AuthorizationException} if they do not.
 267   
      *
 268   
      * @param subjectPrincipal the application-specific subject/user identifier.
 269   
      * @param roleIdentifiers  the application-specific role identifiers to check (usually role ids or role names).
 270   
      * @throws AuthorizationException
 271   
      *          if the user does not have all of the specified roles.
 272   
      *
 273   
      *  @since 1.1.0
 274   
      */
 275   
     void checkRoles(PrincipalCollection subjectPrincipal, String... roleIdentifiers) throws AuthorizationException;
 276   
 
 277   
 }
 278   
 
Report generated by Cobertura 1.9.4.1 on 5/25/16 11:31 PM.