hunt.shiro.mgt.AuthorizingSecurityManager source code

1 /*
2  * Licensed to the Apache Software Foundation (ASF) under one
3  * or more contributor license agreements.  See the NOTICE file
4  * distributed with this work for additional information
5  * regarding copyright ownership.  The ASF licenses this file
6  * to you under the Apache License, Version 2.0 (the
7  * "License"); you may not use this file except in compliance
8  * with the License.  You may obtain a copy of the License at
9  *
10  *     http://www.apache.org/licenses/LICENSE-2.0
11  *
12  * Unless required by applicable law or agreed to in writing,
13  * software distributed under the License is distributed on an
14  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15  * KIND, either express or implied.  See the License for the
16  * specific language governing permissions and limitations
17  * under the License.
18  */
19 module hunt.shiro.mgt.AuthorizingSecurityManager;
20 
21 import hunt.shiro.mgt.AuthenticatingSecurityManager;
22 
23 import hunt.shiro.Exceptions;
24 import hunt.shiro.authz.Authorizer;
25 import hunt.shiro.authz.ModularRealmAuthorizer;
26 import hunt.shiro.authz.permission.Permission;
27 import hunt.shiro.subject.PrincipalCollection;
28 import hunt.shiro.util.LifecycleUtils;
29 
30 import hunt.collection;
31 import hunt.Exceptions;
32 
33 /**
34  * Shiro support of a {@link SecurityManager} class hierarchy that delegates all
35  * authorization (access control) operations to a wrapped {@link Authorizer Authorizer} instance.  That is,
36  * this class implements all the <tt>Authorizer</tt> methods in the {@link SecurityManager SecurityManager}
37  * interface, but in reality, those methods are merely passthrough calls to the underlying 'real'
38  * <tt>Authorizer</tt> instance.
39  *
40  * <p>All remaining <tt>SecurityManager</tt> methods not covered by this class or its parents (mostly Session support)
41  * are left to be implemented by subclasses.
42  *
43  * <p>In keeping with the other classes in this hierarchy and Shiro's desire to minimize configuration whenever
44  * possible, suitable default instances for all dependencies will be created upon instantiation.
45  *
46  */
47 abstract class AuthorizingSecurityManager : AuthenticatingSecurityManager {
48 
49     /**
50      * The wrapped instance to which all of this <tt>SecurityManager</tt> authorization calls are delegated.
51      */
52     private Authorizer authorizer;
53 
54     /**
55      * Default no-arg constructor that initializes an internal default
56      * {@link hunt.shiro.authz.ModularRealmAuthorizer ModularRealmAuthorizer}.
57      */
58     this() {
59         super();
60         this.authorizer = new ModularRealmAuthorizer();
61     }
62 
63     /**
64      * Returns the underlying wrapped <tt>Authorizer</tt> instance to which this <tt>SecurityManager</tt>
65      * implementation delegates all of its authorization calls.
66      *
67      * @return the wrapped <tt>Authorizer</tt> used by this <tt>SecurityManager</tt> implementation.
68      */
69     Authorizer getAuthorizer() {
70         return authorizer;
71     }
72 
73     /**
74      * Sets the underlying <tt>Authorizer</tt> instance to which this <tt>SecurityManager</tt> implementation will
75      * delegate all of its authorization calls.
76      *
77      * @param authorizer the <tt>Authorizer</tt> this <tt>SecurityManager</tt> should wrap and delegate all of its
78      *                   authorization calls to.
79      */
80     void setAuthorizer(Authorizer authorizer) {
81         if (authorizer is null) {
82             string msg = "Authorizer argument cannot be null.";
83             throw new IllegalArgumentException(msg);
84         }
85         this.authorizer = authorizer;
86     }
87 
88     /**
89      * First calls <code>super.afterRealmsSet()</code> and then sets these same <code>Realm</code> objects on this
90      * instance's wrapped {@link Authorizer Authorizer}.
91      * <p/>
92      * The setting of realms the Authorizer will only occur if it is an instance of
93      * {@link hunt.shiro.authz.ModularRealmAuthorizer ModularRealmAuthorizer}, that is:
94      * <pre>
95      * if ( this.authorizer instanceof ModularRealmAuthorizer ) {
96      *     ((ModularRealmAuthorizer)this.authorizer).setRealms(realms);
97      * }</pre>
98      */
99     override protected void afterRealmsSet() {
100         super.afterRealmsSet();
101         ModularRealmAuthorizer authorizerCast = cast(ModularRealmAuthorizer) this.authorizer;
102         if (authorizerCast !is null) {
103             authorizerCast.setRealms(getRealms());
104         }
105     }
106 
107     override void destroy() {
108         LifecycleUtils.destroy(cast(Object) getAuthorizer());
109         this.authorizer = null;
110         super.destroy();
111     }
112 
113     bool isPermitted(PrincipalCollection principals, string permissionString) {
114         return this.authorizer.isPermitted(principals, permissionString);
115     }
116 
117     bool isPermitted(PrincipalCollection principals, Permission permission) {
118         return this.authorizer.isPermitted(principals, permission);
119     }
120 
121     bool[] isPermitted(PrincipalCollection principals, string[] permissions...) {
122         return this.authorizer.isPermitted(principals, permissions);
123     }
124 
125     bool[] isPermitted(PrincipalCollection principals, List!(Permission) permissions) {
126         return this.authorizer.isPermitted(principals, permissions);
127     }
128 
129     bool isPermittedAll(PrincipalCollection principals, string[] permissions...) {
130         return this.authorizer.isPermittedAll(principals, permissions);
131     }
132 
133     bool isPermittedAll(PrincipalCollection principals, Collection!(Permission) permissions) {
134         return this.authorizer.isPermittedAll(principals, permissions);
135     }
136 
137     void checkPermission(PrincipalCollection principals, string permission) {
138         this.authorizer.checkPermission(principals, permission);
139     }
140 
141     void checkPermission(PrincipalCollection principals, Permission permission) {
142         this.authorizer.checkPermission(principals, permission);
143     }
144 
145     void checkPermissions(PrincipalCollection principals, string[] permissions...) {
146         this.authorizer.checkPermissions(principals, permissions);
147     }
148 
149     void checkPermissions(PrincipalCollection principals, Collection!(Permission) permissions) {
150         this.authorizer.checkPermissions(principals, permissions);
151     }
152 
153     bool hasRole(PrincipalCollection principals, string roleIdentifier) {
154         return this.authorizer.hasRole(principals, roleIdentifier);
155     }
156 
157     bool[] hasRoles(PrincipalCollection principals, List!(string) roleIdentifiers) {
158         return this.authorizer.hasRoles(principals, roleIdentifiers);
159     }
160 
161     bool[] hasRoles(PrincipalCollection principals, string[] roleIdentifiers) {
162         return this.authorizer.hasRoles(principals, roleIdentifiers);
163     }
164 
165     bool hasAllRoles(PrincipalCollection principals, Collection!(string) roleIdentifiers) {
166         return this.authorizer.hasAllRoles(principals, roleIdentifiers);
167     }
168 
169     bool hasAllRoles(PrincipalCollection principals, string[] roleIdentifiers) {
170         return this.authorizer.hasAllRoles(principals, roleIdentifiers);
171     }
172 
173     void checkRole(PrincipalCollection principals, string role) {
174         this.authorizer.checkRole(principals, role);
175     }
176 
177     void checkRoles(PrincipalCollection principals, Collection!(string) roles) {
178         this.authorizer.checkRoles(principals, roles);
179     }
180 
181     void checkRoles(PrincipalCollection principals, string[] roles...) {
182         this.authorizer.checkRoles(principals, roles);
183     }
184 }