AuthorizingAnnotationMethodInterceptor (Apache Shiro

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.shiro.authz.aop
Class AuthorizingAnnotationMethodInterceptor

java.lang.Object
  org.apache.shiro.aop.MethodInterceptorSupport
      org.apache.shiro.aop.AnnotationMethodInterceptor
          org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor

All Implemented Interfaces:: MethodInterceptor

Direct Known Subclasses:: AuthenticatedAnnotationMethodInterceptor, GuestAnnotationMethodInterceptor, PermissionAnnotationMethodInterceptor, RoleAnnotationMethodInterceptor, UserAnnotationMethodInterceptor

public abstract class AuthorizingAnnotationMethodInterceptor
extends AnnotationMethodInterceptor
extends AnnotationMethodInterceptor

An AnnotationMethodInterceptor that asserts the calling code is authorized to execute the method before allowing the invocation to continue by inspecting code annotations to perform an access control check.

Since:: 0.1
Author:: Les Hazlewood

Constructor Summary
`AuthorizingAnnotationMethodInterceptor(AuthorizingAnnotationHandler handler)` Constructor that ensures the internal `handler` is set which will be used to perform the authorization assertion checks when a supported annotation is encountered.

Method Summary
`void`	`assertAuthorized(MethodInvocation mi)` Ensures the calling Subject is authorized to execute the specified `MethodInvocation`.
`Object`	`invoke(MethodInvocation methodInvocation)` Ensures the `methodInvocation` is allowed to execute first before proceeding by calling the `assertAuthorized` method first.

Methods inherited from class org.apache.shiro.aop.AnnotationMethodInterceptor
`getAnnotation, getHandler, setHandler, supports`

Methods inherited from class org.apache.shiro.aop.MethodInterceptorSupport
`getSubject`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

AuthorizingAnnotationMethodInterceptor

public AuthorizingAnnotationMethodInterceptor(AuthorizingAnnotationHandler handler)

Constructor that ensures the internal handler is set which will be used to perform the authorization assertion checks when a supported annotation is encountered.

Parameters:: handler - the internal handler used to perform authorization assertion checks when a supported annotation is encountered.

Method Detail

invoke

public Object invoke(MethodInvocation methodInvocation)
              throws Throwable

Ensures the methodInvocation is allowed to execute first before proceeding by calling the assertAuthorized method first.

Parameters:: methodInvocation - the method invocation to check for authorization prior to allowing it to proceed/execute.
Returns:: the return value from the method invocation (the value of MethodInvocation.proceed()).
Throws:: AuthorizationException - if the MethodInvocation is not allowed to proceed.; Throwable - if any other error occurs.

assertAuthorized

public void assertAuthorized(MethodInvocation mi)
                      throws AuthorizationException

Ensures the calling Subject is authorized to execute the specified MethodInvocation.

As this is an AnnotationMethodInterceptor, this implementation merely delegates to the internal AuthorizingAnnotationHandler by first acquiring the annotation by calling getAnnotation(methodInvocation) and then calls handler.assertAuthorized(annotation).

Parameters:: mi - the MethodInvocation to check to see if it is allowed to proceed/execute.
Throws:: AuthorizationException - if the method invocation is not allowed to continue/execute.