• Home
• com.ovea.tajin.framework
• tajin-framework-all
• 2.0.b6
• source code
• AuthorizationInfo.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.apache.shiro.authz.AuthorizationInfo Maven / Gradle / Ivy

/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.shiro.authz;

import java.io.Serializable;
import java.util.Collection;

/**
 * AuthorizationInfo represents a single Subject's stored authorization data (roles, permissions, etc)
 * used during authorization (access control) checks only.
 * 

 * Roles are represented as a Collection of Strings
 * ({@link java.util.Collection Collection}<{@link String String}>), typically each element being the Role name.
 * 

 * {@link Permission Permission}s are provided in two ways:
 * 

 * 
A Collection of Strings, where each String can usually be converted into Permission
 * objects by a Realm's
 * {@link org.apache.shiro.authz.permission.PermissionResolver PermissionResolver}
 * 
A Collection of {@link Permission Permission} objects
 * 
 * Both permission collections together represent the total aggregate collection of permissions.  You may use one
 * or both depending on your preference and needs.
 * 

 * Because the act of authorization (access control) is orthoganal to authentication (log-in), this interface is
 * intended to represent only the account data needed by Shiro during an access control check
 * (role, permission, etc).  Shiro also has a parallel
 * {@link org.apache.shiro.authc.AuthenticationInfo AuthenticationInfo} interface for use during the authentication
 * process that represents identity data such as principals and credentials.
 * 

 * Because many if not most {@link org.apache.shiro.realm.Realm Realm}s store both sets of data for a Subject, it might be
 * convenient for a Realm implementation to utilize an implementation of the
 * {@link org.apache.shiro.authc.Account Account} interface instead, which is a convenience interface that combines both
 * AuthenticationInfo and AuthorizationInfo.  Whether you choose to implement these two
 * interfaces separately or implement the one Account interface for a given Realm is
 * entirely based on your application's needs or your preferences.
 *
 * @see org.apache.shiro.authc.AuthenticationInfo AuthenticationInfo
 * @see org.apache.shiro.authc.Account
 * @since 0.9
 */
public interface AuthorizationInfo extends Serializable {

    /**
     * Returns the names of all roles assigned to a corresponding Subject.
     *
     * @return the names of all roles assigned to a corresponding Subject.
     */
    Collection getRoles();

    /**
     * Returns all string-based permissions assigned to the corresponding Subject.  The permissions here plus those
     * returned from {@link #getObjectPermissions() getObjectPermissions()} represent the total set of permissions
     * assigned.  The aggregate set is used to perform a permission authorization check.
     * 

     * This method is a convenience mechanism that allows Realms to represent permissions as Strings if they choose.
     * When performing a security check, a Realm usually converts these strings to object
     * {@link Permission Permission}s via an internal
     * {@link org.apache.shiro.authz.permission.PermissionResolver PermissionResolver}
     * in order to perform the actual permission check.  This is not a requirement of course, since Realms
     * can perform security checks in whatever manner deemed necessary, but this explains the conversion mechanism that
     * most Shiro Realms execute for string-based permission checks.
     *
     * @return all string-based permissions assigned to the corresponding Subject.
     */
    Collection getStringPermissions();

    /**
     * Returns all type-safe {@link Permission Permission}s assigned to the corresponding Subject.  The permissions
     * returned from this method plus any returned from {@link #getStringPermissions() getStringPermissions()}
     * represent the total set of permissions.  The aggregate set is used to perform a permission authorization check.
     *
     * @return all type-safe {@link Permission Permission}s assigned to the corresponding Subject.
     */
    Collection getObjectPermissions();
}