Class PermissionAnnotationHandler

java.lang.Object

org.apache.shiro.aop.AnnotationHandler

org.apache.shiro.authz.aop.AuthorizingAnnotationHandler

org.apache.shiro.authz.aop.PermissionAnnotationHandler

public class PermissionAnnotationHandler
extends AuthorizingAnnotationHandler

Checks to see if a @RequiresPermissions annotation is declared, and if so, performs a permission check to see if the calling Subject is allowed continued access.

Since:

0.9.0

Field Summary

Fields inherited from class org.apache.shiro.aop.AnnotationHandler

annotationClass

Constructor Summary

Constructors

Constructor	Description
PermissionAnnotationHandler()	Default no-argument constructor that ensures this handler looks for RequiresPermissions annotations.

Method Summary

Modifier and Type	Method	Description
void	assertAuthorized(Annotation a)	Ensures that the calling Subject has the Annotation's specified permissions, and if not, throws an AuthorizingException indicating access is denied.
protected String[]	getAnnotationValue(Annotation a)	Returns the annotation value, from which the Permission will be constructed.

Methods inherited from class org.apache.shiro.aop.AnnotationHandler

getAnnotationClass, getSubject, setAnnotationClass

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

PermissionAnnotationHandler

public PermissionAnnotationHandler()

Default no-argument constructor that ensures this handler looks for RequiresPermissions annotations.

Method Details

getAnnotationValue

protected String[] getAnnotationValue(Annotation a)

Returns the annotation value, from which the Permission will be constructed.

Parameters:

a - the RequiresPermissions annotation being inspected.

Returns:

the annotation's value, from which the Permission will be constructed.

assertAuthorized

public void assertAuthorized(Annotation a)
                      throws AuthorizationException

Ensures that the calling Subject has the Annotation's specified permissions, and if not, throws an AuthorizingException indicating access is denied.

Specified by:

assertAuthorized in class AuthorizingAnnotationHandler

Parameters:

a - the RequiresPermission annotation being inspected to check for one or more permissions

Throws:

AuthorizationException - if the calling Subject does not have the permission(s) necessary to continue access or execution.