public class DestinationActionPermissionResolver extends Object implements ActionPermissionResolver
DestinationActionPermissionResolver
inspects DestinationAction
s and returns one or more
WildcardPermission
s that must be granted to a Subject
in order for that Subject
to
perform the action being taken on an ActiveMQDestination
.
See the createPermissionString documentation
to see what the
resulting WildcardPermission
instances would look like.)
,
setPermissionStringPrefix(String)
Constructor and Description |
---|
DestinationActionPermissionResolver() |
Modifier and Type | Method and Description |
---|---|
protected org.apache.shiro.authz.Permission |
createPermission(String permissionString) |
protected Collection<org.apache.shiro.authz.Permission> |
createPermissions(ActiveMQDestination dest,
String verb) |
protected String |
createPermissionString(ActiveMQDestination dest,
String verb)
Inspects the specified
destination and verb and returns a WildcardPermission -compatible
String the represents the action. |
Collection<org.apache.shiro.authz.Permission> |
getPermissions(Action action)
Returns all
Permission s that must be granted to a
Subject in order for the Subject to execute the action, or
an empty collection if no permissions are required. |
protected Collection<org.apache.shiro.authz.Permission> |
getPermissions(DestinationAction da) |
String |
getPermissionStringPrefix()
Returns the String prefix that should be automatically prepended to a permission String before the
String is converted to a
WildcardPermission instance. |
boolean |
isPermissionStringCaseSensitive()
Returns
true if returned WildcardPermission instances should be considered case-sensitive,
false otherwise. |
void |
setPermissionStringCaseSensitive(boolean permissionStringCaseSensitive)
Sets whether returned
WildcardPermission instances should be considered case-sensitive. |
void |
setPermissionStringPrefix(String permissionStringPrefix)
Sets the String prefix that should be automatically prepended to a permission String before the
String is converted to a
WildcardPermission instance. |
public DestinationActionPermissionResolver()
public String getPermissionStringPrefix()
WildcardPermission
instance. This is convenient if you want to provide a
'scope' or 'namespace' for ActiveMQ Destinations to clearly distinguish ActiveMQ-specific permissions from any
others you might assign to user accounts. The default value is null
, indicating no prefix will be
set by default.
For example, the default settings might result in permissions Strings that look like this:
topic:TEST:create temp-queue:MyQueue:remove topic:ActiveMQ.Advisory.*:readHowever, if your application has any application-specific permissions that start with the tokens
topic
,
temp-topic
, queue
, or temp-queue
, you wouldn't be able to distinguish between
application-specific permissions and those specific to ActiveMQ. In this case you might set the
permissionStringPrefix
. For example, if you set:
resolver.setPermissionStringPrefix("jms");
, the above permission strings would look like this:
jms:topic:TEST:create jms:temp-queue:MyQueue:remove jms:topic:ActiveMQ.Advisory.*:readSimilarly, if the
permissionStringPrefix
was equal to activeMQ
:
activeMQ:topic:TEST:create activeMQ:temp-queue:MyQueue:remove activeMQ:topic:ActiveMQ.Advisory.*:read
WildcardPermission
instance. Useful for namespacing permissions.public void setPermissionStringPrefix(String permissionStringPrefix)
WildcardPermission
instance. This is convenient if you want to provide a
'scope' or 'namespace' for ActiveMQ Destinations to clearly distinguish ActiveMQ-specific permissions from any
others you might assign to user accounts. The default value is null
, indicating no prefix will be
set by default.
For example, the default settings might result in permissions Strings that look like this:
topic:TEST:create temp-queue:MyQueue:remove topic:ActiveMQ.Advisory.*:readHowever, if your application has any application-specific permissions that start with the tokens
topic
,
temp-topic
, queue
, or temp-queue
, you wouldn't be able to distinguish between
application-specific permissions and those specific to ActiveMQ. In this case you might set the
permissionStringPrefix
. For example, if you set:
resolver.setPermissionStringPrefix("jms");
, the above permission strings would look like this:
jms:topic:TEST:create jms:temp-queue:MyQueue:remove jms:topic:ActiveMQ.Advisory.*:readSimilarly, if the
permissionStringPrefix
was equal to activeMQ
:
activeMQ:topic:TEST:create activeMQ:temp-queue:MyQueue:remove activeMQ:topic:ActiveMQ.Advisory.*:read
permissionStringPrefix
- any String prefix that should be automatically prepended to a permission String
before the String is converted to a WildcardPermission
instance. Useful
for namespacing permissions.public boolean isPermissionStringCaseSensitive()
true
if returned WildcardPermission
instances should be considered case-sensitive,
false
otherwise. The default value is true
, which is not the normal
WildcardPermission
default setting. This default was chosen to reflect ActiveMQ's
case-sensitive destination names.true
if returned WildcardPermission
instances should be considered case-sensitive,
false
otherwise.public void setPermissionStringCaseSensitive(boolean permissionStringCaseSensitive)
WildcardPermission
instances should be considered case-sensitive.
The default value is true
, which is not the normal
WildcardPermission
default setting. This default was chosen to accurately reflect ActiveMQ's
case-sensitive destination names.permissionStringCaseSensitive
- whether returned WildcardPermission
instances should be considered
case-sensitive.public Collection<org.apache.shiro.authz.Permission> getPermissions(Action action)
ActionPermissionResolver
Permission
s that must be granted to a
Subject
in order for the Subject
to execute the action, or
an empty collection if no permissions are required.
Most implementations will probably return a single Permission, but multiple permissions are possible, especially
if the Action represents behavior attempted on a
Composite Destination.getPermissions
in interface ActionPermissionResolver
action
- the action attemptedPermission
s that must be granted to a
Subject
in order for the Subject
to execute the action,
or an empty collection if no permissions are required.protected Collection<org.apache.shiro.authz.Permission> getPermissions(DestinationAction da)
protected Collection<org.apache.shiro.authz.Permission> createPermissions(ActiveMQDestination dest, String verb)
protected String createPermissionString(ActiveMQDestination dest, String verb)
destination
and verb
and returns a WildcardPermission
-compatible
String the represents the action.
optionalPermissionStringPrefix + destinationType + ':' + destinationPhysicalName + ':' + actionVerbwhere:
optionalPermissionStringPrefix
is the permissionStringPrefix
followed by a colon delimiter (':'). This is only present if the permissionStringPrefix
has been
specified and is non-nulldestinationType
is one of the following four string tokens:
topic
temp-topic
queue
temp-queue
destination
is
a topic, temporary topic, queue, or temporary queue (respectively).
destinationPhysicalName
is
destination.getPhysicalName()
actionVerb
is action.getVerb()
permissionStringPrefix
), this might produce
strings that look like the following:
topic:TEST:create temp-queue:MyTempQueue:remove queue:ActiveMQ.Advisory.*:readIf
permissionStringPrefix
was set to jms
, the above examples would
look like this:
jms:topic:TEST:create jms:temp-queue:MyTempQueue:remove jms:queue:ActiveMQ.Advisory.*:read
dest
- the destination to inspect and convert to a WildcardPermission
string.verb
- the behavior taken on the destinationWildcardPermission
string that represents the specified action
.getPermissionStringPrefix() for more on why you might want to set this value
protected org.apache.shiro.authz.Permission createPermission(String permissionString)
Copyright © 2005–2018. All rights reserved.