001 /*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements. See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership. The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License. You may obtain a copy of the License at
009 *
010 * http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied. See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 */
019 package org.apache.shiro.mgt;
020
021 import org.apache.shiro.authz.AuthorizationException;
022 import org.apache.shiro.authz.Authorizer;
023 import org.apache.shiro.authz.ModularRealmAuthorizer;
024 import org.apache.shiro.authz.Permission;
025 import org.apache.shiro.subject.PrincipalCollection;
026 import org.apache.shiro.util.LifecycleUtils;
027
028 import java.util.Collection;
029 import java.util.List;
030
031
032 /**
033 * Shiro support of a {@link SecurityManager} class hierarchy that delegates all
034 * authorization (access control) operations to a wrapped {@link Authorizer Authorizer} instance. That is,
035 * this class implements all the <tt>Authorizer</tt> methods in the {@link SecurityManager SecurityManager}
036 * interface, but in reality, those methods are merely passthrough calls to the underlying 'real'
037 * <tt>Authorizer</tt> instance.
038 *
039 * <p>All remaining <tt>SecurityManager</tt> methods not covered by this class or its parents (mostly Session support)
040 * are left to be implemented by subclasses.
041 *
042 * <p>In keeping with the other classes in this hierarchy and Shiro's desire to minimize configuration whenever
043 * possible, suitable default instances for all dependencies will be created upon instantiation.
044 *
045 * @author Les Hazlewood
046 * @since 0.9
047 */
048 public abstract class AuthorizingSecurityManager extends AuthenticatingSecurityManager {
049
050 /**
051 * The wrapped instance to which all of this <tt>SecurityManager</tt> authorization calls are delegated.
052 */
053 private Authorizer authorizer;
054
055 /**
056 * Default no-arg constructor that initializes an internal default
057 * {@link org.apache.shiro.authz.ModularRealmAuthorizer ModularRealmAuthorizer}.
058 */
059 public AuthorizingSecurityManager() {
060 super();
061 this.authorizer = new ModularRealmAuthorizer();
062 }
063
064 /**
065 * Returns the underlying wrapped <tt>Authorizer</tt> instance to which this <tt>SecurityManager</tt>
066 * implementation delegates all of its authorization calls.
067 *
068 * @return the wrapped <tt>Authorizer</tt> used by this <tt>SecurityManager</tt> implementation.
069 */
070 public Authorizer getAuthorizer() {
071 return authorizer;
072 }
073
074 /**
075 * Sets the underlying <tt>Authorizer</tt> instance to which this <tt>SecurityManager</tt> implementation will
076 * delegate all of its authorization calls.
077 *
078 * @param authorizer the <tt>Authorizer</tt> this <tt>SecurityManager</tt> should wrap and delegate all of its
079 * authorization calls to.
080 */
081 public void setAuthorizer(Authorizer authorizer) {
082 if (authorizer == null) {
083 String msg = "Authorizer argument cannot be null.";
084 throw new IllegalArgumentException(msg);
085 }
086 this.authorizer = authorizer;
087 }
088
089 /**
090 * First calls <code>super.afterRealmsSet()</code> and then sets these same <code>Realm</code> objects on this
091 * instance's wrapped {@link Authorizer Authorizer}.
092 * <p/>
093 * The setting of realms the Authorizer will only occur if it is an instance of
094 * {@link org.apache.shiro.authz.ModularRealmAuthorizer ModularRealmAuthorizer}, that is:
095 * <pre>
096 * if ( this.authorizer instanceof ModularRealmAuthorizer ) {
097 * ((ModularRealmAuthorizer)this.authorizer).setRealms(realms);
098 * }</pre>
099 */
100 protected void afterRealmsSet() {
101 super.afterRealmsSet();
102 if (this.authorizer instanceof ModularRealmAuthorizer) {
103 ((ModularRealmAuthorizer) this.authorizer).setRealms(getRealms());
104 }
105 }
106
107 public void destroy() {
108 LifecycleUtils.destroy(getAuthorizer());
109 this.authorizer = null;
110 super.destroy();
111 }
112
113 public boolean isPermitted(PrincipalCollection principals, String permissionString) {
114 return this.authorizer.isPermitted(principals, permissionString);
115 }
116
117 public boolean isPermitted(PrincipalCollection principals, Permission permission) {
118 return this.authorizer.isPermitted(principals, permission);
119 }
120
121 public boolean[] isPermitted(PrincipalCollection principals, String... permissions) {
122 return this.authorizer.isPermitted(principals, permissions);
123 }
124
125 public boolean[] isPermitted(PrincipalCollection principals, List<Permission> permissions) {
126 return this.authorizer.isPermitted(principals, permissions);
127 }
128
129 public boolean isPermittedAll(PrincipalCollection principals, String... permissions) {
130 return this.authorizer.isPermittedAll(principals, permissions);
131 }
132
133 public boolean isPermittedAll(PrincipalCollection principals, Collection<Permission> permissions) {
134 return this.authorizer.isPermittedAll(principals, permissions);
135 }
136
137 public void checkPermission(PrincipalCollection principals, String permission) throws AuthorizationException {
138 this.authorizer.checkPermission(principals, permission);
139 }
140
141 public void checkPermission(PrincipalCollection principals, Permission permission) throws AuthorizationException {
142 this.authorizer.checkPermission(principals, permission);
143 }
144
145 public void checkPermissions(PrincipalCollection principals, String... permissions) throws AuthorizationException {
146 this.authorizer.checkPermissions(principals, permissions);
147 }
148
149 public void checkPermissions(PrincipalCollection principals, Collection<Permission> permissions) throws AuthorizationException {
150 this.authorizer.checkPermissions(principals, permissions);
151 }
152
153 public boolean hasRole(PrincipalCollection principals, String roleIdentifier) {
154 return this.authorizer.hasRole(principals, roleIdentifier);
155 }
156
157 public boolean[] hasRoles(PrincipalCollection principals, List<String> roleIdentifiers) {
158 return this.authorizer.hasRoles(principals, roleIdentifiers);
159 }
160
161 public boolean hasAllRoles(PrincipalCollection principals, Collection<String> roleIdentifiers) {
162 return this.authorizer.hasAllRoles(principals, roleIdentifiers);
163 }
164
165 public void checkRole(PrincipalCollection principals, String role) throws AuthorizationException {
166 this.authorizer.checkRole(principals, role);
167 }
168
169 public void checkRoles(PrincipalCollection principals, Collection<String> roles) throws AuthorizationException {
170 this.authorizer.checkRoles(principals, roles);
171 }
172 }