Returns all type-safe {@link Permission Permission}s assigned to the corresponding Subject. The permissions returned from this method plus any returned from {@link #getStringPermissions() getStringPermissions()} represent the total set of permissions. The aggregate set is used to perform a permission authorization check.
Returns the names of all roles assigned to a corresponding Subject.
Returns all string-based permissions assigned to the corresponding Subject. The permissions here plus those returned from {@link #getObjectPermissions() getObjectPermissions()} represent the total set of permissions assigned. The aggregate set is used to perform a permission authorization check. <p/> This method is a convenience mechanism that allows Realms to represent permissions as Strings if they choose. When performing a security check, a <code>Realm</code> usually converts these strings to object {@link Permission Permission}s via an internal {@link hunt.shiro.authz.permission.PermissionResolver PermissionResolver} in order to perform the actual permission check. This is not a requirement of course, since <code>Realm</code>s can perform security checks in whatever manner deemed necessary, but this explains the conversion mechanism that most Shiro Realms execute for string-based permission checks.
<code>AuthorizationInfo</code> represents a single Subject's stored authorization data (roles, permissions, etc) used during authorization (access control) checks only. <p/> Roles are represented as a <code>Collection</code> of Strings ({@link java.util.Collection Collection}<{@link string string}>), typically each element being the Role name. <p/> {@link Permission Permission}s are provided in two ways: <ul> <li>A <code>Collection</code> of Strings, where each string can usually be converted into <code>Permission</code> objects by a <code>Realm</code>'s {@link hunt.shiro.authz.permission.PermissionResolver PermissionResolver}</li> <li>A <code>Collection</code> of {@link Permission Permission} objects</li> </ul> Both permission collections together represent the total aggregate collection of permissions. You may use one or both depending on your preference and needs. <p/> Because the act of authorization (access control) is orthogonal to authentication (log-in), this interface is intended to represent only the account data needed by Shiro during an access control check (role, permission, etc). Shiro also has a parallel {@link hunt.shiro.authc.AuthenticationInfo AuthenticationInfo} interface for use during the authentication process that represents identity data such as principals and credentials. <p/> Because many if not most {@link hunt.shiro.realm.Realm Realm}s store both sets of data for a Subject, it might be convenient for a <code>Realm</code> implementation to utilize an implementation of the {@link hunt.shiro.authc.Account Account} interface instead, which is a convenience interface that combines both <code>AuthenticationInfo</code> and <code>AuthorizationInfo</code>. Whether you choose to implement these two interfaces separately or implement the one <code>Account</code> interface for a given <code>Realm</code> is entirely based on your application's needs or your preferences.
@see hunt.shiro.authc.AuthenticationInfo AuthenticationInfo @see hunt.shiro.authc.Account