shiro源码（shiro-root-1.8.0-source-release.zip）

/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package org.apache.shiro.subject; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authz.AuthorizationException; import org.apache.shiro.authz.Permission; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.mgt.SubjectFactory; import org.apache.shiro.session.Session; import org.apache.shiro.subject.support.DefaultSubjectContext; import org.apache.shiro.util.StringUtils; import java.io.Serializable; import java.util.Collection; import java.util.List; import java.util.concurrent.Callable; /** * A {@code Subject} represents state and security operations for a <em>single</em> application user. * These operations include authentication (login/logout), authorization (access control), and * session access. It is Shiro's primary mechanism for single-user security functionality. * <h3>Acquiring a Subject</h3> * To acquire the currently-executing {@code Subject}, application developers will almost always use * {@code SecurityUtils}: * <pre> * {@link SecurityUtils SecurityUtils}.{@link org.apache.shiro.SecurityUtils#getSubject() getSubject()}</pre> * Almost all security operations should be performed with the {@code Subject} returned from this method. * <h3>Permission methods</h3> * Note that there are many *Permission methods in this interface overloaded to accept String arguments instead of * {@link Permission Permission} instances. They are a convenience allowing the caller to use a String representation of * a {@link Permission Permission} if desired. The underlying Authorization subsystem implementations will usually * simply convert these String values to {@link Permission Permission} instances and then just call the corresponding * type-safe method. (Shiro's default implementations do String-to-Permission conversion for these methods using * {@link org.apache.shiro.authz.permission.PermissionResolver PermissionResolver}s.) * <p/> * These overloaded *Permission methods forgo type-safety for the benefit of convenience and simplicity, * so you should choose which ones to use based on your preferences and needs. * * @since 0.1 */ public interface Subject { /** * Returns this Subject's application-wide uniquely identifying principal, or {@code null} if this * Subject is anonymous because it doesn't yet have any associated account data (for example, * if they haven't logged in). * <p/> * The term <em>principal</em> is just a fancy security term for any identifying attribute(s) of an application * user, such as a username, or user id, or public key, or anything else you might use in your application to * identify a user. * <h4>Uniqueness</h4> * Although given names and family names (first/last) are technically considered principals as well, * Shiro expects the object returned from this method to be an identifying attribute unique across * your entire application. * <p/> * This implies that things like given names and family names are usually poor * candidates as return values since they are rarely guaranteed to be unique; Things often used for this value: * <ul> * <li>A {@code long} RDBMS surrogate primary key</li> * <li>An application-unique username</li> * <li>A {@link java.util.UUID UUID}</li> * <li>An LDAP Unique ID</li> * </ul> * or any other similar suitable unique mechanism valuable to your application. * <p/> * Most implementations will simply return * <code>{@link #getPrincipals()}.{@link org.apache.shiro.subject.PrincipalCollection#getPrimaryPrincipal() getPrimaryPrincipal()}</code> * * @return this Subject's application-specific unique identity. * @see org.apache.shiro.subject.PrincipalCollection#getPrimaryPrincipal() */ Object getPrincipal(); /** * Returns this Subject's principals (identifying attributes) in the form of a {@code PrincipalCollection} or * {@code null} if this Subject is anonymous because it doesn't yet have any associated account data (for example, * if they haven't logged in). * <p/> * The word &quot;principals&quot; is nothing more than a fancy security term for identifying attributes associated * with a Subject, aka, application user. For example, user id, a surname (family/last name), given (first) name, * social security number, nickname, username, etc, are all examples of a principal. * * @return all of this Subject's principals (identifying attributes). * @see #getPrincipal() * @see org.apache.shiro.subject.PrincipalCollection#getPrimaryPrincipal() */ PrincipalCollection getPrincipals(); /** * Returns {@code true} if this Subject is permitted to perform an action or access a resource summarized by the * specified permission string. * <p/> * This is an overloaded method for the corresponding type-safe {@link Permission Permission} variant. * Please see the class-level JavaDoc for more information on these String-based permission methods. * * @param permission the String representation of a Permission that is being checked. * @return true if this Subject is permitted, false otherwise. * @see #isPermitted(Permission permission) * @since 0.9 */ boolean isPermitted(String permission); /** * Returns {@code true} if this Subject is permitted to perform an action or access a resource summarized by the * specified permission. * <p/> * More specifically, this method determines if any {@code Permission}s associated * with the subject {@link Permission#implies(Permission) imply} the specified permission. * * @param permission the permission that is being checked. * @return true if this Subject is permitted, false otherwise. */ boolean isPermitted(Permission permission); /** * Checks if this Subject implies the given permission strings and returns a boolean array indicating which * permissions are implied. * <p/> * This is an overloaded method for the corresponding type-safe {@link Permission Permission} variant. * Please see the class-level JavaDoc for more information on these String-based permission methods. * * @param permissions the String representations of the Permissions that are being checked. * @return a boolean array where indices correspond to the index of the * permissions in the given list. A true value at an index indicates this Subject is permitted for * for the associated {@code Permission} string in the list. A false value at an index * indicates otherwise. * @since 0.9 */ boolean[] isPermitted(String... permissions); /** * Checks if this Subject implies the given Permissions and returns a boolean array indicating which permissions * are implied. * <p/> * More specifically, this method should determine if each {@code Permission} in * the array is {@link Permission#implies(Permission) implied} by permission