public interface Authorizer
AuthenticationManager consults the configured Authorizer to determine which additional
Role principals should be added to the user's Session. To determine which roles should be
injected, the Authorizer is queried for the roles it knows about by calling getRoles(). Then,
each role returned by the Authorizer is tested by calling isUserInRole(Session, Principal).
If this check fails, and the Authorizer is of type WebAuthorizer, AuthenticationManager checks the role again by calling
WebAuthorizer.isUserInRole(javax.servlet.http.HttpServletRequest, Principal)).
Any roles that pass the test are injected into the Subject by firing appropriate authentication events.| Modifier and Type | Method and Description |
|---|---|
java.security.Principal |
findRole(java.lang.String role)
Looks up and returns a role Principal matching a given String.
|
java.security.Principal[] |
getRoles()
Returns an array of role Principals this Authorizer knows about.
|
void |
initialize(Engine engine,
java.util.Properties props)
Initializes the authorizer.
|
boolean |
isUserInRole(Session session,
java.security.Principal role)
Determines whether the Subject associated with a WikiSession is in a particular role.
|
java.security.Principal[] getRoles()
java.security.Principal findRole(java.lang.String role)
null. Note that it may not always be feasible for an Authorizer implementation to return a role Principal.role - the name of the role to retrievevoid initialize(Engine engine, java.util.Properties props) throws WikiSecurityException
engine - the current wiki engineprops - the wiki engine initialization propertiesWikiSecurityException - if the Authorizer could not be initializedboolean isUserInRole(Session session, java.security.Principal role)
null,
this method must return false.session - the current WikiSessionrole - the role to checktrue if the user is considered to be in the role, false otherwiseCopyright (c) 2001-2022 The Apache Software Foundation. All rights reserved.