相关阅读
- Spring Shiro基础组件 AuthorizationInfo
- Spring Shiro基础组件 Permission
- Spring Shiro基础组件 SecurityManager
- Spring Shiro基础组件 Subject
简介
负责应用程序中账户访问控制;
核心方法
/**
* 指定Subject的principal集合是否包含指定的权限
*/
boolean isPermitted(PrincipalCollection principals, String permission);
/**
* 指定Subject的principal集合是否包含指定的权限
*/
boolean isPermitted(PrincipalCollection subjectPrincipal, Permission permission);
/**
* 指定Subject的principal集合是否包含指定的权限列表
*/
boolean[] isPermitted(PrincipalCollection subjectPrincipal, String... permissions);
/**
* 指定Subject的principal集合是否包含指定的权限集合
*/
boolean[] isPermitted(PrincipalCollection subjectPrincipal, List<Permission> permissions);
/**
* 指定Subject的principal集合是否包含所有指定的权限列表
*/
boolean isPermittedAll(PrincipalCollection subjectPrincipal, String... permissions);
/**
* 指定Subject的principal集合是否包含所有指定的权限集合
*/
boolean isPermittedAll(PrincipalCollection subjectPrincipal, Collection<Permission> permissions);
/**
* 校验指定Subject的principal集合是否包含指定的权限
*/
void checkPermission(PrincipalCollection subjectPrincipal, String permission) throws AuthorizationException;
/**
* 校验指定Subject的principal集合是否包含指定的权限
*/
void checkPermission(PrincipalCollection subjectPrincipal, Permission permission) throws AuthorizationException;
/**
* 校验指定Subject的principal集合是否包含所有指定的权限列表
*/
void checkPermissions(PrincipalCollection subjectPrincipal, String... permissions) throws AuthorizationException;
/**
* 校验指定Subject的principal集合是否包含所有指定的权限集合
*/
void checkPermissions(PrincipalCollection subjectPrincipal, Collection<Permission> permissions) throws AuthorizationException;
/**
* 指定Subject的principal集合是否包含指定的角色
*/
boolean hasRole(PrincipalCollection subjectPrincipal, String roleIdentifier);
/**
* 指定Subject的principal集合是否包含指定的角色集合
*/
boolean[] hasRoles(PrincipalCollection subjectPrincipal, List<String> roleIdentifiers);
/**
* 指定Subject的principal集合是否包含所有指定的角色集合
*/
boolean hasAllRoles(PrincipalCollection subjectPrincipal, Collection<String> roleIdentifiers);
/**
* 校验指定Subject的principal集合是否包含指定的角色集合
*/
void checkRole(PrincipalCollection subjectPrincipal, String roleIdentifier) throws AuthorizationException;
/**
* 校验指定Subject的principal集合是否包含所有指定的角色集合
*/
void checkRoles(PrincipalCollection subjectPrincipal, Collection<String> roleIdentifiers) throws AuthorizationException;
/**
* 校验指定Subject的principal集合是否包含所有指定的角色列表
*/
void checkRoles(PrincipalCollection subjectPrincipal, String... roleIdentifiers) throws AuthorizationException;
实现子类
public interface Authorizer
public class ModularRealmAuthorizer implements Authorizer, PermissionResolverAware, RolePermissionResolverAware
public interface SecurityManager extends Authenticator, Authorizer, SessionManager
public abstract class AuthorizingRealm extends AuthenticatingRealm implements Authorizer, Initializable, PermissionResolverAware, RolePermissionResolverAware
ModularRealmAuthorizer
简介
协调配置的一组Realm实现授权行为;
只要有一个Realm授权成功便认为成功;
核心方法
// realm集合
protected Collection<Realm> realms;
// 权限解析器
protected PermissionResolver permissionResolver;
// 角色解析器
protected RolePermissionResolver rolePermissionResolver;
/**
* 设置realm的权限解析器
*/
protected void applyPermissionResolverToRealms() {
PermissionResolver resolver = getPermissionResolver();
Collection<Realm> realms = getRealms();
if (resolver != null && realms != null && !realms.isEmpty()) {
for (Realm realm : realms) {
if (realm instanceof PermissionResolverAware) {
((PermissionResolverAware) realm).setPermissionResolver(resolver);
}
}
}
}
/**
* 设置realm的角色解析器
*/
protected void applyRolePermissionResolverToRealms() {
RolePermissionResolver resolver = getRolePermissionResolver();
Collection<Realm> realms = getRealms();
if (resolver != null && realms != null && !realms.isEmpty()) {
for (Realm realm : realms) {
if (realm instanceof RolePermissionResolverAware) {
((RolePermissionResolverAware) realm).setRolePermissionResolver(resolver);
}
}
}
}
/**
* 校验配置的realm集合有效性
*/
protected void assertRealmsConfigured() throws IllegalStateException {
Collection<Realm> realms = getRealms();
if (realms == null || realms.isEmpty()) {
String msg = "Configuration error: No realms have been configured! One or more realms must be " +
"present to execute an authorization operation.";
throw new IllegalStateException(msg);
}
}
/**
* 指定Subject的principal集合是否包含指定的权限
*/
public boolean isPermitted(PrincipalCollection principals, String permission) {
assertRealmsConfigured();
for (Realm realm : getRealms()) {
if (!(realm instanceof Authorizer)) continue;
if (((Authorizer) realm).isPermitted(principals, permission)) {
return true;
}
}
return false;
}
/**
* 指定Subject的principal集合是否包含指定的权限
*/
public boolean isPermitted(PrincipalCollection principals, Permission permission) {
assertRealmsConfigured();
for (Realm realm : getRealms()) {
if (!(realm instanceof Authorizer)) continue;
if (((Authorizer) realm).isPermitted(principals, permission)) {
return true;
}
}
return false;
}
/**
* 指定Subject的principal集合是否包含指定的权限列表
*/
public boolean[] isPermitted(PrincipalCollection principals, String... permissions) {
assertRealmsConfigured();
if (permissions != null && permissions.length > 0) {
boolean[] isPermitted = new boolean[permissions.length];
for (int i = 0; i < permissions.length; i++) {
isPermitted[i] = isPermitted(principals, permissions[i]);
}
return isPermitted;
}
return new boolean[0];
}
/**
* 指定Subject的principal集合是否包含指定的权限集合
*/
public boolean[] isPermitted(PrincipalCollection principals, List<Permission> permissions) {
assertRealmsConfigured();
if (permissions != null && !permissions.isEmpty()) {
boolean[] isPermitted = new boolean[permissions.size()];
int i = 0;
for (Permission p : permissions) {
isPermitted[i++] = isPermitted(principals, p);
}
return isPermitted;
}
return new boolean[0];
}
/**
* 指定Subject的principal集合是否包含所有指定的权限列表
*/
public boolean isPermittedAll(PrincipalCollection principals, String... permissions) {
assertRealmsConfigured();
if (permissions != null && permissions.length > 0) {
for (String perm : permissions) {
if (!isPermitted(principals, perm)) {
return false;
}
}
}
return true;
}
/**
* 指定Subject的principal集合是否包含所有指定的权限集合
*/
public boolean isPermittedAll(PrincipalCollection principals, Collection<Permission> permissions) {
assertRealmsConfigured();
if (permissions != null && !permissions.isEmpty()) {
for (Permission permission : permissions) {
if (!isPermitted(principals, permission)) {
return false;
}
}
}
return true;
}
/**
* 校验指定Subject的principal集合是否包含指定的权限集合
*/
public void checkPermission(PrincipalCollection principals, String permission) throws AuthorizationException {
assertRealmsConfigured();
if (!isPermitted(principals, permission)) {
throw new UnauthorizedException("Subject does not have permission [" + permission + "]");
}
}
/**
* 校验指定Subject的principal集合是否包含指定的权限集合
*/
public void checkPermission(PrincipalCollection principals, Permission permission) throws AuthorizationException {
assertRealmsConfigured();
if (!isPermitted(principals, permission)) {
throw new UnauthorizedException("Subject does not have permission [" + permission + "]");
}
}
/**
* 校验指定Subject的principal集合是否包含所有指定的权限列表
*/
public void checkPermissions(PrincipalCollection principals, String... permissions) throws AuthorizationException {
assertRealmsConfigured();
if (permissions != null && permissions.length > 0) {
for (String perm : permissions) {
checkPermission(principals, perm);
}
}
}
/**
* 校验指定Subject的principal集合是否包含所有指定的权限集合
*/
public void checkPermissions(PrincipalCollection principals, Collection<Permission> permissions) throws AuthorizationException {
assertRealmsConfigured();
if (permissions != null) {
for (Permission permission : permissions) {
checkPermission(principals, permission);
}
}
}
/**
* 指定Subject的principal集合是否包含指定的角色
*/
public boolean hasRole(PrincipalCollection principals, String roleIdentifier) {
assertRealmsConfigured();
for (Realm realm : getRealms()) {
if (!(realm instanceof Authorizer)) continue;
if (((Authorizer) realm).hasRole(principals, roleIdentifier)) {
return true;
}
}
return false;
}
/**
* 指定Subject的principal集合是否包含指定的角色集合
*/
public boolean[] hasRoles(PrincipalCollection principals, List<String> roleIdentifiers) {
assertRealmsConfigured();
if (roleIdentifiers != null && !roleIdentifiers.isEmpty()) {
boolean[] hasRoles = new boolean[roleIdentifiers.size()];
int i = 0;
for (String roleId : roleIdentifiers) {
hasRoles[i++] = hasRole(principals, roleId);
}
return hasRoles;
}
return new boolean[0];
}
/**
* 指定Subject的principal集合是否包含所有指定的角色集合
*/
public boolean hasAllRoles(PrincipalCollection principals, Collection<String> roleIdentifiers) {
assertRealmsConfigured();
for (String roleIdentifier : roleIdentifiers) {
if (!hasRole(principals, roleIdentifier)) {
return false;
}
}
return true;
}
/**
* 校验指定Subject的principal集合是否包含指定的角色集合
*/
public void checkRole(PrincipalCollection principals, String role) throws AuthorizationException {
assertRealmsConfigured();
if (!hasRole(principals, role)) {
throw new UnauthorizedException("Subject does not have role [" + role + "]");
}
}
/**
* 校验指定Subject的principal集合是否包含所有指定的角色集合
*/
public void checkRoles(PrincipalCollection principals, Collection<String> roles) throws AuthorizationException {
//SHIRO-234 - roles.toArray() -> roles.toArray(new String[roles.size()])
if (roles != null && !roles.isEmpty()) checkRoles(principals, roles.toArray(new String[roles.size()]));
}
/**
* 校验指定Subject的principal集合是否包含所有指定的角色列表
*/
public void checkRoles(PrincipalCollection principals, String... roles) throws AuthorizationException {
assertRealmsConfigured();
if (roles != null) {
for (String role : roles) {
checkRole(principals, role);
}
}
}
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。
文章由极客之音整理,本文链接:https://www.bmabk.com/index.php/post/4795.html
