- accountExists
bool accountExists(string username)
Undocumented in source. Be warned that the author may not have intended to support it.
- add
void add(SimpleAccount account)
Undocumented in source. Be warned that the author may not have intended to support it.
- add
void add(SimpleRole role)
Undocumented in source. Be warned that the author may not have intended to support it.
- addAccount
void addAccount(string username, string password)
Undocumented in source. Be warned that the author may not have intended to support it.
- addAccount
void addAccount(string username, string password, string[] roles)
Undocumented in source. Be warned that the author may not have intended to support it.
- addRole
void addRole(string name)
Undocumented in source. Be warned that the author may not have intended to support it.
- doGetAuthenticationInfo
AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
Undocumented in source. Be warned that the author may not have intended to support it.
- doGetAuthorizationInfo
AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals)
Undocumented in source. Be warned that the author may not have intended to support it.
- getRole
SimpleRole getRole(string rolename)
Undocumented in source. Be warned that the author may not have intended to support it.
- getUser
SimpleAccount getUser(string username)
Undocumented in source. Be warned that the author may not have intended to support it.
- getUsername
string getUsername(SimpleAccount account)
Undocumented in source. Be warned that the author may not have intended to support it.
- getUsername
string getUsername(PrincipalCollection principals)
Undocumented in source. Be warned that the author may not have intended to support it.
- roleExists
bool roleExists(string name)
Undocumented in source. Be warned that the author may not have intended to support it.
- setName
void setName(string name)
Undocumented in source. Be warned that the author may not have intended to support it.
- setAuthorizationCache
void setAuthorizationCache(Cache!(Object, AuthorizationInfo) authorizationCache)
Undocumented in source. Be warned that the author may not have intended to support it.
- getAuthorizationCache
Cache!(Object, AuthorizationInfo) getAuthorizationCache()
Undocumented in source. Be warned that the author may not have intended to support it.
- getAuthorizationCacheName
string getAuthorizationCacheName()
Undocumented in source. Be warned that the author may not have intended to support it.
- setAuthorizationCacheName
void setAuthorizationCacheName(string authorizationCacheName)
Undocumented in source. Be warned that the author may not have intended to support it.
- isAuthorizationCachingEnabled
bool isAuthorizationCachingEnabled()
Returns {@code true} if authorization caching should be utilized if a {@link CacheManager} has been
{@link #setCacheManager(hunt.shiro.cache.CacheManager) configured}, {@code false} otherwise.
<p/>
The default value is {@code true}.
- setAuthorizationCachingEnabled
void setAuthorizationCachingEnabled(bool authenticationCachingEnabled)
Sets whether or not authorization caching should be utilized if a {@link CacheManager} has been
{@link #setCacheManager(hunt.shiro.cache.CacheManager) configured}, {@code false} otherwise.
<p/>
The default value is {@code true}.
- getPermissionResolver
PermissionResolver getPermissionResolver()
Undocumented in source. Be warned that the author may not have intended to support it.
- setPermissionResolver
void setPermissionResolver(PermissionResolver permissionResolver)
Undocumented in source. Be warned that the author may not have intended to support it.
- getRolePermissionResolver
RolePermissionResolver getRolePermissionResolver()
Undocumented in source. Be warned that the author may not have intended to support it.
- setRolePermissionResolver
void setRolePermissionResolver(RolePermissionResolver permissionRoleResolver)
Undocumented in source. Be warned that the author may not have intended to support it.
- onInit
void onInit()
Initializes this realm and potentially enables a cache, depending on configuration.
<p/>
When this method is called, the following logic is executed:
<ol>
<li>If the {@link #setAuthorizationCache cache} property has been set, it will be
used to cache the AuthorizationInfo objects returned from {@link #getAuthorizationInfo}
method invocations.
All future calls to {@code getAuthorizationInfo} will attempt to use this cache first
to alleviate any potentially unnecessary calls to an underlying data store.</li>
<li>If the {@link #setAuthorizationCache cache} property has <b>not</b> been set,
the {@link #setCacheManager cacheManager} property will be checked.
If a {@code cacheManager} has been set, it will be used to create an authorization
{@code cache}, and this newly created cache which will be used as specified in #1.</li>
<li>If neither the {@link #setAuthorizationCache (hunt.shiro.cache.Cache) cache}
or {@link #setCacheManager(hunt.shiro.cache.CacheManager) cacheManager}
properties are set, caching will be disabled and authorization look-ups will be delegated to
subclass implementations for each authorization check.</li>
</ol>
- afterCacheManagerSet
void afterCacheManagerSet()
Undocumented in source. Be warned that the author may not have intended to support it.
- getAuthorizationInfo
AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals)
Returns an account's authorization-specific information for the specified {@code principals},
or {@code null} if no account could be found. The resulting {@code AuthorizationInfo} object is used
by the other method implementations in this class to automatically perform access control checks for the
corresponding {@code Subject}.
<p/>
This implementation obtains the actual {@code AuthorizationInfo} object from the subclass's
implementation of
{@link #doGetAuthorizationInfo(hunt.shiro.subject.PrincipalCollection) doGetAuthorizationInfo}, and then
caches it for efficient reuse if caching is enabled (see below).
<p/>
Invocations of this method should be thought of as completely orthogonal to acquiring
{@link #getAuthenticationInfo(hunt.shiro.authc.AuthenticationToken) authenticationInfo}, since either could
occur in any order.
<p/>
For example, in "Remember Me" scenarios, the user identity is remembered (and
assumed) for their current session and an authentication attempt during that session might never occur.
But because their identity would be remembered, that is sufficient enough information to call this method to
execute any necessary authorization checks. For this reason, authentication and authorization should be
loosely coupled and not depend on each other.
<h3>Caching</h3>
The {@code AuthorizationInfo} values returned from this method are cached for efficient reuse
if caching is enabled. Caching is enabled automatically when an {@link #setAuthorizationCache authorizationCache}
instance has been explicitly configured, or if a {@link #setCacheManager cacheManager} has been configured, which
will be used to lazily create the {@code authorizationCache} as needed.
<p/>
If caching is enabled, the authorization cache will be checked first and if found, will return the cached
{@code AuthorizationInfo} immediately. If caching is disabled, or there is a cache miss, the authorization
info will be looked up from the underlying data store via the
{@link #doGetAuthorizationInfo(hunt.shiro.subject.PrincipalCollection)} method, which must be implemented
by subclasses.
<h4>Changed Data</h4>
If caching is enabled and if any authorization data for an account is changed at
runtime, such as adding or removing roles and/or permissions, the subclass implementation should clear the
cached AuthorizationInfo for that account via the
{@link #clearCachedAuthorizationInfo(hunt.shiro.subject.PrincipalCollection) clearCachedAuthorizationInfo}
method. This ensures that the next call to {@code getAuthorizationInfo(PrincipalCollection)} will
acquire the account's fresh authorization data, where it will then be cached for efficient reuse. This
ensures that stale authorization data will not be reused.
- getAuthorizationCacheKey
Object getAuthorizationCacheKey(PrincipalCollection principals)
Undocumented in source. Be warned that the author may not have intended to support it.
- clearCachedAuthorizationInfo
void clearCachedAuthorizationInfo(PrincipalCollection principals)
Clears out the AuthorizationInfo cache entry for the specified account.
<p/>
This method is provided as a convenience to subclasses so they can invalidate a cache entry when they
change an account's authorization data (add/remove roles or permissions) during runtime. Because an account's
AuthorizationInfo can be cached, there needs to be a way to invalidate the cache for only that account so that
subsequent authorization operations don't used the (old) cached value if account data changes.
<p/>
After this method is called, the next authorization check for that same account will result in a call to
{@link #getAuthorizationInfo(hunt.shiro.subject.PrincipalCollection) getAuthorizationInfo}, and the
resulting return value will be cached before being returned so it can be reused for later authorization checks.
<p/>
If you wish to clear out all associated cached data (and not just authorization data), use the
{@link #clearCache(hunt.shiro.subject.PrincipalCollection)} method instead (which will in turn call this
method by default).
- doGetAuthorizationInfo
AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals)
Retrieves the AuthorizationInfo for the given principals from the underlying data store. When returning
an instance from this method, you might want to consider using an instance of
{@link hunt.shiro.authz.SimpleAuthorizationInfo SimpleAuthorizationInfo}, as it is suitable in most cases.
- getPermissions
Collection!(Permission) getPermissions(AuthorizationInfo info)
Undocumented in source. Be warned that the author may not have intended to support it.
- isPermitted
bool isPermitted(PrincipalCollection principals, string permission)
Undocumented in source. Be warned that the author may not have intended to support it.
- isPermitted
bool isPermitted(PrincipalCollection principals, Permission permission)
Undocumented in source. Be warned that the author may not have intended to support it.
- isPermitted
bool isPermitted(Permission permission, AuthorizationInfo info)
Undocumented in source. Be warned that the author may not have intended to support it.
- isPermitted
bool[] isPermitted(PrincipalCollection subjectIdentifier, string[] permissions)
Undocumented in source. Be warned that the author may not have intended to support it.
- isPermitted
bool[] isPermitted(PrincipalCollection principals, List!(Permission) permissions)
Undocumented in source. Be warned that the author may not have intended to support it.
- isPermitted
bool[] isPermitted(List!(Permission) permissions, AuthorizationInfo info)
Undocumented in source. Be warned that the author may not have intended to support it.
- isPermittedAll
bool isPermittedAll(PrincipalCollection subjectIdentifier, string[] permissions)
Undocumented in source. Be warned that the author may not have intended to support it.
- isPermittedAll
bool isPermittedAll(PrincipalCollection principal, Collection!(Permission) permissions)
Undocumented in source. Be warned that the author may not have intended to support it.
- isPermittedAll
bool isPermittedAll(Collection!(Permission) permissions, AuthorizationInfo info)
Undocumented in source. Be warned that the author may not have intended to support it.
- checkPermission
void checkPermission(PrincipalCollection subjectIdentifier, string permission)
Undocumented in source. Be warned that the author may not have intended to support it.
- checkPermission
void checkPermission(PrincipalCollection principal, Permission permission)
Undocumented in source. Be warned that the author may not have intended to support it.
- checkPermission
void checkPermission(Permission permission, AuthorizationInfo info)
Undocumented in source. Be warned that the author may not have intended to support it.
- checkPermissions
void checkPermissions(PrincipalCollection subjectIdentifier, string[] permissions)
Undocumented in source. Be warned that the author may not have intended to support it.
- checkPermissions
void checkPermissions(PrincipalCollection principal, Collection!(Permission) permissions)
Undocumented in source. Be warned that the author may not have intended to support it.
- checkPermissions
void checkPermissions(Collection!(Permission) permissions, AuthorizationInfo info)
Undocumented in source. Be warned that the author may not have intended to support it.
- hasRole
bool hasRole(PrincipalCollection principal, string roleIdentifier)
Undocumented in source. Be warned that the author may not have intended to support it.
- hasRole
bool hasRole(string roleIdentifier, AuthorizationInfo info)
Undocumented in source. Be warned that the author may not have intended to support it.
- hasRoles
bool[] hasRoles(PrincipalCollection principal, List!(string) roleIdentifiers)
Undocumented in source. Be warned that the author may not have intended to support it.
- hasRoles
bool[] hasRoles(PrincipalCollection principal, string[] roleIdentifiers)
Undocumented in source. Be warned that the author may not have intended to support it.
- hasRoles
bool[] hasRoles(string[] roleIdentifiers, AuthorizationInfo info)
Undocumented in source. Be warned that the author may not have intended to support it.
- hasAllRoles
bool hasAllRoles(PrincipalCollection principal, Collection!(string) roleIdentifiers)
Undocumented in source. Be warned that the author may not have intended to support it.
- hasAllRoles
bool hasAllRoles(PrincipalCollection principal, string[] roleIdentifiers)
Undocumented in source. Be warned that the author may not have intended to support it.
- checkRole
void checkRole(PrincipalCollection principal, string role)
Undocumented in source. Be warned that the author may not have intended to support it.
- checkRole
void checkRole(string role, AuthorizationInfo info)
Undocumented in source. Be warned that the author may not have intended to support it.
- checkRoles
void checkRoles(PrincipalCollection principal, Collection!(string) roles)
Undocumented in source. Be warned that the author may not have intended to support it.
- checkRoles
void checkRoles(PrincipalCollection principal, string[] roles)
Undocumented in source. Be warned that the author may not have intended to support it.
- checkRoles
void checkRoles(Collection!(string) roles, AuthorizationInfo info)
Undocumented in source. Be warned that the author may not have intended to support it.
- doClearCache
void doClearCache(PrincipalCollection principals)
Calls {@code super.doClearCache} to ensure any cached authentication data is removed and then calls
{@link #clearCachedAuthorizationInfo(hunt.shiro.subject.PrincipalCollection)} to remove any cached
authorization data.
<p/>
If overriding in a subclass, be sure to call {@code super.doClearCache} to ensure this behavior is maintained.
A simple implementation of the {@link Realm Realm} interface that uses a set of configured user accounts and roles to support authentication and authorization. Each account entry specifies the username, password, and roles for a user. Roles can also be mapped to permissions and associated with users. <p/> User accounts and roles are stored in two {@code Map}s in memory, so it is expected that the total number of either is not sufficiently large.