Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
JSecurity
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.jsecurity.mgt
Class AuthorizingSecurityManager

java.lang.Object
  extended by org.jsecurity.mgt.CachingSecurityManager
      extended by org.jsecurity.mgt.RealmSecurityManager
          extended by org.jsecurity.mgt.AuthenticatingSecurityManager
              extended by org.jsecurity.mgt.AuthorizingSecurityManager
All Implemented Interfaces:
AuthenticationListenerRegistrar, Authenticator, Authorizer, PermissionResolverAware, CacheManagerAware, SecurityManager, SessionFactory, Destroyable
Direct Known Subclasses:
SessionsSecurityManager
public abstract class AuthorizingSecurityManager
extends AuthenticatingSecurityManager
implements PermissionResolverAware

JSecurity support of a SecurityManager class hierarchy that delegates all authorization (access control) operations to a wrapped Authorizer instance. That is, this class implements all the Authorizer methods in the SecurityManager interface, but in reality, those methods are merely passthrough calls to the underlying 'real' Authorizer instance.

All remaining SecurityManager methods not covered by this class or its parents (mostly Session support) are left to be implemented by subclasses.

In keeping with the other classes in this hierarchy and JSecurity's desire to minimize configuration whenever possible, suitable default instances for all dependencies will be created upon instantiation.

Since:
0.9
Author:
Les Hazlewood

Field Summary
protected  Authorizer authorizer
          The wrapped instance to which all of this SecurityManager authorization calls are delegated.
 
Fields inherited from class org.jsecurity.mgt.RealmSecurityManager
realms
 
Fields inherited from class org.jsecurity.mgt.CachingSecurityManager
cacheManager
 
Constructor Summary
AuthorizingSecurityManager()
          Default no-arg constructor.
 
Method Summary
protected  void beforeAuthenticatorDestroyed()
          Implementation of parent class's template hook for destruction/cleanup logic.
protected  void beforeAuthorizerDestroyed()
          Template hook for subclasses to implement destruction/cleanup logic.
 void checkPermission(PrincipalCollection principals, Permission permission)
          Ensures a subject/user Permission.implies(Permission) implies} the specified Permission.
 void checkPermission(PrincipalCollection principals, String permission)
          Ensures the corresponding Subject/user implies the specified permission String.
 void checkPermissions(PrincipalCollection principals, Collection<Permission> permissions)
          Ensures the corresponding Subject/user implies all of the specified permission strings.
 void checkPermissions(PrincipalCollection principals, String... permissions)
          Ensures the corresponding Subject/user implies all of the specified permission strings.
 void checkRole(PrincipalCollection principals, String role)
          Asserts the corresponding Subject/user has the specified role by returning quietly if they do or throwing an AuthorizationException if they do not.
 void checkRoles(PrincipalCollection principals, Collection<String> roles)
          Asserts the corresponding Subject/user has all of the specified roles by returning quietly if they do or throwing an AuthorizationException if they do not.
protected  Authorizer createAuthorizer()
           
protected  void destroyAuthorizer()
          Cleanup method that destroys/cleans up the wrapped Authorizer instance.
protected  void ensureAuthorizer()
           
 Authorizer getAuthorizer()
          Returns the underlying wrapped Authorizer instance to which this SecurityManager implementation delegates all of its authorization calls.
 boolean hasAllRoles(PrincipalCollection principals, Collection<String> roleIdentifiers)
          Returns true if the corresponding Subject/user has all of the specified roles, false otherwise.
 boolean hasRole(PrincipalCollection principals, String roleIdentifier)
          Returns true if the corresponding Subject/user has the specified role, false otherwise.
 boolean[] hasRoles(PrincipalCollection principals, List<String> roleIdentifiers)
          Checks if the corresponding Subject/user has the specified roles, returning a boolean array indicating which roles are associated with the given subject.
 boolean[] isPermitted(PrincipalCollection principals, List<Permission> permissions)
          Checks if the corresponding Subject/user implies the given Permissions and returns a boolean array indicating which permissions are implied.
 boolean isPermitted(PrincipalCollection principals, Permission permission)
          Returns true if the corresponding subject/user is permitted to perform an action or access a resource summarized by the specified permission.
 boolean[] isPermitted(PrincipalCollection principals, String... permissions)
          Checks if the corresponding Subject implies the given permission strings and returns a boolean array indicating which permissions are implied.
 boolean isPermitted(PrincipalCollection principals, String permissionString)
          Returns true if the corresponding subject/user is permitted to perform an action or access a resource summarized by the specified permission string.
 boolean isPermittedAll(PrincipalCollection principals, Collection<Permission> permissions)
          Returns true if the corresponding Subject/user implies all of the specified permissions, false otherwise.
 boolean isPermittedAll(PrincipalCollection principals, String... permissions)
          Returns true if the corresponding Subject/user implies all of the specified permission strings, false otherwise.
 void setAuthorizer(Authorizer authorizer)
          Sets the underlying Authorizer instance to which this SecurityManager implementation will delegate all of its authorization calls.
 void setPermissionResolver(PermissionResolver permissionResolver)
          Sets the PermissionResolver instance that will be passed on to the underlying default wrapped Authorizer.
 void setRealms(Collection<Realm> realms)
          Sets the realms managed by this SecurityManager instance.
 
Methods inherited from class org.jsecurity.mgt.AuthenticatingSecurityManager
add, authenticate, beforeRealmsDestroyed, createAuthenticator, destroyAuthenticator, ensureAuthenticator, getAuthenticator, remove, setAuthenticationListeners, setAuthenticator, setModularAuthenticationStrategy
 
Methods inherited from class org.jsecurity.mgt.RealmSecurityManager
afterCacheManagerSet, applyCacheManagerToRealms, beforeCacheManagerDestroyed, createDefaultRealm, destroyRealms, ensureRealms, getRealms, setRealm
 
Methods inherited from class org.jsecurity.mgt.CachingSecurityManager
createCacheManager, destroy, destroyCacheManager, ensureCacheManager, getCacheManager, setCacheManager
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.jsecurity.mgt.SecurityManager
getSubject, login, logout
 
Methods inherited from interface org.jsecurity.session.SessionFactory
getSession, start
 

Field Detail

authorizer

protected Authorizer authorizer
The wrapped instance to which all of this SecurityManager authorization calls are delegated.

Constructor Detail

AuthorizingSecurityManager

public AuthorizingSecurityManager()
Default no-arg constructor.

Method Detail

getAuthorizer

public Authorizer getAuthorizer()
Returns the underlying wrapped Authorizer instance to which this SecurityManager implementation delegates all of its authorization calls.

Returns:
the wrapped Authorizer used by this SecurityManager implementation.

setAuthorizer

public void setAuthorizer(Authorizer authorizer)
Sets the underlying Authorizer instance to which this SecurityManager implementation will delegate all of its authorization calls.

Parameters:
authorizer - the Authorizer this SecurityManager should wrap and delegate all of its authorization calls to.

ensureAuthorizer

protected void ensureAuthorizer()

createAuthorizer

protected Authorizer createAuthorizer()

setPermissionResolver

public void setPermissionResolver(PermissionResolver permissionResolver)
Sets the PermissionResolver instance that will be passed on to the underlying default wrapped Authorizer.

This is a convenience method: it allows you to configure an application-wide PermissionResolver on the SecurityManager instance, and it will trickle its way down to the 'real' authorizer and/or underlying Realms. This is easier to configure at the SecurityManager level than constructing your own object graph just to configure a PermissionResolver instance on objects deep in the graph.

Specified by:
setPermissionResolver in interface PermissionResolverAware
Parameters:
permissionResolver - the PermissionResolver instance to set on the wrapped Authorizer
Throws:
IllegalStateException - if the underlying Authorizer does not implement the PermissionResolverAware interface, which ensures that the resolver can be registered.

setRealms

public void setRealms(Collection<Realm> realms)
Description copied from class: RealmSecurityManager
Sets the realms managed by this SecurityManager instance.

Overrides:
setRealms in class AuthenticatingSecurityManager
Parameters:
realms - the realms managed by this SecurityManager instance.

beforeAuthorizerDestroyed

protected void beforeAuthorizerDestroyed()
Template hook for subclasses to implement destruction/cleanup logic. This will be called before this instance's Authorizer instance will be cleaned up.

destroyAuthorizer

protected void destroyAuthorizer()
Cleanup method that destroys/cleans up the wrapped Authorizer instance.

beforeAuthenticatorDestroyed

protected void beforeAuthenticatorDestroyed()
Implementation of parent class's template hook for destruction/cleanup logic.

This implementation ensures subclasses are cleaned up first by calling beforeAuthorizerDestroyed() and then actually cleans up the wrapped Authorizer via the desroyAuthorizer() method.

Overrides:
beforeAuthenticatorDestroyed in class AuthenticatingSecurityManager

isPermitted

public boolean isPermitted(PrincipalCollection principals,
                           String permissionString)
Description copied from interface: Authorizer
Returns true if the corresponding subject/user is permitted to perform an action or access a resource summarized by the specified permission string.

This is an overloaded method for the corresponding type-safe Permission variant. Please see the class-level JavaDoc for more information on these String-based permission methods.

Specified by:
isPermitted in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
permissionString - the String representation of a Permission that is being checked.
Returns:
true if the corresponding Subject/user is permitted, false otherwise.
See Also:
Authorizer.isPermitted(PrincipalCollection principals,Permission permission)

isPermitted

public boolean isPermitted(PrincipalCollection principals,
                           Permission permission)
Description copied from interface: Authorizer
Returns true if the corresponding subject/user is permitted to perform an action or access a resource summarized by the specified permission.

More specifically, this method determines if any Permissions associated with the subject imply the specified permission.

Specified by:
isPermitted in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
permission - the permission that is being checked.
Returns:
true if the corresponding Subject/user is permitted, false otherwise.

isPermitted

public boolean[] isPermitted(PrincipalCollection principals,
                             String... permissions)
Description copied from interface: Authorizer
Checks if the corresponding Subject implies the given permission strings and returns a boolean array indicating which permissions are implied.

This is an overloaded method for the corresponding type-safe Permission variant. Please see the class-level JavaDoc for more information on these String-based permission methods.

Specified by:
isPermitted in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
permissions - the String representations of the Permissions that are being checked.
Returns:
an array of booleans whose indices correspond to the index of the permissions in the given list. A true value at an index indicates the user is permitted for for the associated Permission string in the list. A false value at an index indicates otherwise.

isPermitted

public boolean[] isPermitted(PrincipalCollection principals,
                             List<Permission> permissions)
Description copied from interface: Authorizer
Checks if the corresponding Subject/user implies the given Permissions and returns a boolean array indicating which permissions are implied.

More specifically, this method should determine if each Permission in the array is implied by permissions already associated with the subject.

This is primarily a performance-enhancing method to help reduce the number of Authorizer.isPermitted(org.jsecurity.subject.PrincipalCollection, java.lang.String) invocations over the wire in client/server systems.

Specified by:
isPermitted in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
permissions - the permissions that are being checked.
Returns:
an array of booleans whose indices correspond to the index of the permissions in the given list. A true value at an index indicates the user is permitted for for the associated Permission object in the list. A false value at an index indicates otherwise.

isPermittedAll

public boolean isPermittedAll(PrincipalCollection principals,
                              String... permissions)
Description copied from interface: Authorizer
Returns true if the corresponding Subject/user implies all of the specified permission strings, false otherwise.

This is an overloaded method for the corresponding type-safe Permission variant. Please see the class-level JavaDoc for more information on these String-based permission methods.

Specified by:
isPermittedAll in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
permissions - the String representations of the Permissions that are being checked.
Returns:
true if the user has all of the specified permissions, false otherwise.
See Also:
Authorizer.isPermittedAll(PrincipalCollection,Collection)

isPermittedAll

public boolean isPermittedAll(PrincipalCollection principals,
                              Collection<Permission> permissions)
Description copied from interface: Authorizer
Returns true if the corresponding Subject/user implies all of the specified permissions, false otherwise.

More specifically, this method determines if all of the given Permissions are implied by permissions already associated with the subject.

Specified by:
isPermittedAll in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
permissions - the permissions to check.
Returns:
true if the user has all of the specified permissions, false otherwise.

checkPermission

public void checkPermission(PrincipalCollection principals,
                            String permission)
                     throws AuthorizationException
Description copied from interface: Authorizer
Ensures the corresponding Subject/user implies the specified permission String.

If the subject's existing associated permissions do not Permission.implies(Permission) imply} the given permission, an AuthorizationException will be thrown.

This is an overloaded method for the corresponding type-safe Permission variant. Please see the class-level JavaDoc for more information on these String-based permission methods.

Specified by:
checkPermission in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
permission - the String representation of the Permission to check.
Throws:
AuthorizationException - if the user does not have the permission.

checkPermission

public void checkPermission(PrincipalCollection principals,
                            Permission permission)
                     throws AuthorizationException
Description copied from interface: Authorizer
Ensures a subject/user Permission.implies(Permission) implies} the specified Permission. If the subject's exisiting associated permissions do not Permission.implies(Permission) imply} the given permission, an AuthorizationException will be thrown.

Specified by:
checkPermission in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
permission - the Permission to check.
Throws:
AuthorizationException - if the user does not have the permission.

checkPermissions

public void checkPermissions(PrincipalCollection principals,
                             String... permissions)
                      throws AuthorizationException
Description copied from interface: Authorizer
Ensures the corresponding Subject/user implies all of the specified permission strings. If the subject's exisiting associated permissions do not imply all of the given permissions, an AuthorizationException will be thrown.

This is an overloaded method for the corresponding type-safe Permission variant. Please see the class-level JavaDoc for more information on these String-based permission methods.

Specified by:
checkPermissions in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
permissions - the string representations of Permissions to check.
Throws:
AuthorizationException - if the user does not have all of the given permissions.

checkPermissions

public void checkPermissions(PrincipalCollection principals,
                             Collection<Permission> permissions)
                      throws AuthorizationException
Description copied from interface: Authorizer
Ensures the corresponding Subject/user implies all of the specified permission strings. If the subject's exisiting associated permissions do not imply all of the given permissions, an AuthorizationException will be thrown.

Specified by:
checkPermissions in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
permissions - the Permissions to check.
Throws:
AuthorizationException - if the user does not have all of the given permissions.

hasRole

public boolean hasRole(PrincipalCollection principals,
                       String roleIdentifier)
Description copied from interface: Authorizer
Returns true if the corresponding Subject/user has the specified role, false otherwise.

Specified by:
hasRole in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
roleIdentifier - the application-specific role identifier (usually a role id or role name).
Returns:
true if the corresponding subject has the specified role, false otherwise.

hasRoles

public boolean[] hasRoles(PrincipalCollection principals,
                          List<String> roleIdentifiers)
Description copied from interface: Authorizer
Checks if the corresponding Subject/user has the specified roles, returning a boolean array indicating which roles are associated with the given subject.

This is primarily a performance-enhancing method to help reduce the number of Authorizer.hasRole(org.jsecurity.subject.PrincipalCollection, java.lang.String) invocations over the wire in client/server systems.

Specified by:
hasRoles in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
roleIdentifiers - the application-specific role identifiers to check (usually role ids or role names).
Returns:
an array of booleans whose indices correspond to the index of the roles in the given identifiers. A true value indicates the user has the role at that index. False indicates the user does not have the role at that index.

hasAllRoles

public boolean hasAllRoles(PrincipalCollection principals,
                           Collection<String> roleIdentifiers)
Description copied from interface: Authorizer
Returns true if the corresponding Subject/user has all of the specified roles, false otherwise.

Specified by:
hasAllRoles in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
roleIdentifiers - the application-specific role identifiers to check (usually role ids or role names).
Returns:
true if the user has all the roles, false otherwise.

checkRole

public void checkRole(PrincipalCollection principals,
                      String role)
               throws AuthorizationException
Description copied from interface: Authorizer
Asserts the corresponding Subject/user has the specified role by returning quietly if they do or throwing an AuthorizationException if they do not.

Specified by:
checkRole in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
role - the application-specific role identifier (usually a role id or role name ).
Throws:
AuthorizationException - if the user does not have the role.

checkRoles

public void checkRoles(PrincipalCollection principals,
                       Collection<String> roles)
                throws AuthorizationException
Description copied from interface: Authorizer
Asserts the corresponding Subject/user has all of the specified roles by returning quietly if they do or throwing an AuthorizationException if they do not.

Specified by:
checkRoles in interface Authorizer
Parameters:
principals - the application-specific subject/user identifier.
roles - the application-specific role identifiers to check (usually role ids or role names).
Throws:
AuthorizationException - if the user does not have all of the specified roles.
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
JSecurity
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004-2008 JSecurity.