Class GuestAnnotationHandler

java.lang.Object

org.apache.shiro.aop.AnnotationHandler

org.apache.shiro.authz.aop.AuthorizingAnnotationHandler

org.apache.shiro.authz.aop.GuestAnnotationHandler

public class GuestAnnotationHandler
extends AuthorizingAnnotationHandler

Checks to see if a @RequiresGuest annotation is declared, and if so, ensures the calling Subject does not have an identity before invoking the method.

This annotation essentially ensures that subject. getPrincipal() == null.

Since:

0.9.0

Field Summary

Fields inherited from class org.apache.shiro.aop.AnnotationHandler

annotationClass

Constructor Summary

Constructors

Constructor	Description
GuestAnnotationHandler()	Default no-argument constructor that ensures this interceptor looks for

Method Summary

Modifier and Type	Method	Description
void	assertAuthorized(Annotation a)	Ensures that the calling Subject is NOT a user, that is, they do not have an identity before continuing.

Methods inherited from class org.apache.shiro.aop.AnnotationHandler

getAnnotationClass, getSubject, setAnnotationClass

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

GuestAnnotationHandler

public GuestAnnotationHandler()

Default no-argument constructor that ensures this interceptor looks for

RequiresGuest annotations in a method declaration.

Method Details

assertAuthorized

public void assertAuthorized(Annotation a)
                      throws AuthorizationException

Ensures that the calling Subject is NOT a user, that is, they do not have an identity before continuing. If they are a user (Subject.getPrincipal() != null), an AuthorizingException will be thrown indicating that execution is not allowed to continue.

Specified by:

assertAuthorized in class AuthorizingAnnotationHandler

Parameters:

a - the annotation to check for one or more roles

Throws:

AuthorizationException - if the calling Subject is not a "guest".