| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> |
| <!--NewPage--> |
| <HTML> |
| <HEAD> |
| <!-- Generated by javadoc (build 1.6.0_65) on Fri Mar 04 17:58:55 EST 2016 --> |
| <META http-equiv="Content-Type" content="text/html; charset=UTF-8"> |
| <TITLE> |
| Permission (Apache Shiro 1.2.4 API) |
| </TITLE> |
| |
| <META NAME="date" CONTENT="2016-03-04"> |
| |
| <LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../stylesheet.css" TITLE="Style"> |
| |
| <SCRIPT type="text/javascript"> |
| function windowTitle() |
| { |
| if (location.href.indexOf('is-external=true') == -1) { |
| parent.document.title="Permission (Apache Shiro 1.2.4 API)"; |
| } |
| } |
| </SCRIPT> |
| <NOSCRIPT> |
| </NOSCRIPT> |
| |
| </HEAD> |
| |
| <BODY BGCOLOR="white" onload="windowTitle();"> |
| <HR> |
| |
| |
| <!-- ========= START OF TOP NAVBAR ======= --> |
| <A NAME="navbar_top"><!-- --></A> |
| <A HREF="#skip-navbar_top" title="Skip navigation links"></A> |
| <TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY=""> |
| <TR> |
| <TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> |
| <A NAME="navbar_top_firstrow"><!-- --></A> |
| <TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY=""> |
| <TR ALIGN="center" VALIGN="top"> |
| <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A> </TD> |
| <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A> </TD> |
| <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> <FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT> </TD> |
| <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/Permission.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A> </TD> |
| <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A> </TD> |
| <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A> </TD> |
| <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A> </TD> |
| <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A> </TD> |
| </TR> |
| </TABLE> |
| </TD> |
| <TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM> |
| </EM> |
| </TD> |
| </TR> |
| |
| <TR> |
| <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> |
| <A HREF="../../../../org/apache/shiro/authz/ModularRealmAuthorizer.html" title="class in org.apache.shiro.authz"><B>PREV CLASS</B></A> |
| <A HREF="../../../../org/apache/shiro/authz/SimpleAuthorizationInfo.html" title="class in org.apache.shiro.authz"><B>NEXT CLASS</B></A></FONT></TD> |
| <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> |
| <A HREF="../../../../index.html?org/apache/shiro/authz/Permission.html" target="_top"><B>FRAMES</B></A> |
| <A HREF="Permission.html" target="_top"><B>NO FRAMES</B></A> |
| <SCRIPT type="text/javascript"> |
| <!-- |
| if(window==top) { |
| document.writeln('<A HREF="../../../../allclasses-noframe.html"><B>All Classes</B></A>'); |
| } |
| //--> |
| </SCRIPT> |
| <NOSCRIPT> |
| <A HREF="../../../../allclasses-noframe.html"><B>All Classes</B></A> |
| </NOSCRIPT> |
| |
| |
| </FONT></TD> |
| </TR> |
| <TR> |
| <TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> |
| SUMMARY: NESTED | FIELD | CONSTR | <A HREF="#method_summary">METHOD</A></FONT></TD> |
| <TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> |
| DETAIL: FIELD | CONSTR | <A HREF="#method_detail">METHOD</A></FONT></TD> |
| </TR> |
| </TABLE> |
| <A NAME="skip-navbar_top"></A> |
| <!-- ========= END OF TOP NAVBAR ========= --> |
| |
| <HR> |
| <!-- ======== START OF CLASS DATA ======== --> |
| <H2> |
| <FONT SIZE="-1"> |
| org.apache.shiro.authz</FONT> |
| <BR> |
| Interface Permission</H2> |
| <DL> |
| <DT><B>All Known Implementing Classes:</B> <DD><A HREF="../../../../org/apache/shiro/authz/permission/AllPermission.html" title="class in org.apache.shiro.authz.permission">AllPermission</A>, <A HREF="../../../../org/apache/shiro/authz/permission/DomainPermission.html" title="class in org.apache.shiro.authz.permission">DomainPermission</A>, <A HREF="../../../../org/apache/shiro/authz/permission/WildcardPermission.html" title="class in org.apache.shiro.authz.permission">WildcardPermission</A></DD> |
| </DL> |
| <HR> |
| <DL> |
| <DT><PRE>public interface <A HREF="../../../../src-html/org/apache/shiro/authz/Permission.html#line.66"><B>Permission</B></A></DL> |
| </PRE> |
| |
| <P> |
| A Permission represents the ability to perform an action or access a resource. A Permission is the most |
| granular, or atomic, unit in a system's security policy and is the cornerstone upon which fine-grained security |
| models are built. |
| <p/> |
| It is important to understand a Permission instance only represents functionality or access - it does not grant it. |
| Granting access to an application functionality or a particular resource is done by the application's security |
| configuration, typically by assigning Permissions to users, roles and/or groups. |
| <p/> |
| Most typical systems are what the Shiro team calls <em>role-based</em> in nature, where a role represents |
| common behavior for certain user types. For example, a system might have an <em>Aministrator</em> role, a |
| <em>User</em> or <em>Guest</em> roles, etc. |
| <p/> |
| But if you have a dynamic security model, where roles can be created and deleted at runtime, you can't hard-code |
| role names in your code. In this environment, roles themselves aren't aren't very useful. What matters is what |
| <em>permissions</em> are assigned to these roles. |
| <p/> |
| Under this paradigm, permissions are immutable and reflect an application's raw functionality |
| (opening files, accessing a web URL, creating users, etc). This is what allows a system's security policy |
| to be dynamic: because Permissions represent raw functionality and only change when the application's |
| source code changes, they are immutable at runtime - they represent 'what' the system can do. Roles, users, and |
| groups are the 'who' of the application. Determining 'who' can do 'what' then becomes a simple exercise of |
| associating Permissions to roles, users, and groups in some way. |
| <p/> |
| Most applications do this by associating a named role with permissions (i.e. a role 'has a' collection of |
| Permissions) and then associate users with roles (i.e. a user 'has a' collection of roles) so that by transitive |
| association, the user 'has' the permissions in their roles. There are numerous variations on this theme |
| (permissions assigned directly to users, or assigned to groups, and users added to groups and these groups in turn |
| have roles, etc, etc). When employing a permission-based security model instead of a role-based one, users, roles, |
| and groups can all be created, configured and/or deleted at runtime. This enables an extremely powerful security |
| model. |
| <p/> |
| A benefit to Shiro is that, although it assumes most systems are based on these types of static role or |
| dynamic role w/ permission schemes, it does not require a system to model their security data this way - all |
| Permission checks are relegated to <A HREF="../../../../org/apache/shiro/realm/Realm.html" title="interface in org.apache.shiro.realm"><CODE>Realm</CODE></A> implementations, and only those |
| implementations really determine how a user 'has' a permission or not. The Realm could use the semantics described |
| here, or it could utilize some other mechanism entirely - it is always up to the application developer. |
| <p/> |
| Shiro provides a very powerful default implementation of this interface in the form of the |
| <A HREF="../../../../org/apache/shiro/authz/permission/WildcardPermission.html" title="class in org.apache.shiro.authz.permission"><CODE>WildcardPermission</CODE></A>. We highly recommend that you |
| investigate this class before trying to implement your own <code>Permission</code>s. |
| <P> |
| |
| <P> |
| <DL> |
| <DT><B>Since:</B></DT> |
| <DD>0.2</DD> |
| <DT><B>See Also:</B><DD><A HREF="../../../../org/apache/shiro/authz/permission/WildcardPermission.html" title="class in org.apache.shiro.authz.permission"><CODE>WildcardPermission</CODE></A></DL> |
| <HR> |
| |
| <P> |
| |
| <!-- ========== METHOD SUMMARY =========== --> |
| |
| <A NAME="method_summary"><!-- --></A> |
| <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> |
| <TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> |
| <TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2"> |
| <B>Method Summary</B></FONT></TH> |
| </TR> |
| <TR BGCOLOR="white" CLASS="TableRowColor"> |
| <TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> |
| <CODE> boolean</CODE></FONT></TD> |
| <TD><CODE><B><A HREF="../../../../org/apache/shiro/authz/Permission.html#implies(org.apache.shiro.authz.Permission)">implies</A></B>(<A HREF="../../../../org/apache/shiro/authz/Permission.html" title="interface in org.apache.shiro.authz">Permission</A> p)</CODE> |
| |
| <BR> |
| Returns <code>true</code> if this current instance <em>implies</em> all the functionality and/or resource access |
| described by the specified <code>Permission</code> argument, <code>false</code> otherwise.</TD> |
| </TR> |
| </TABLE> |
| |
| <P> |
| |
| <!-- ============ METHOD DETAIL ========== --> |
| |
| <A NAME="method_detail"><!-- --></A> |
| <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> |
| <TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> |
| <TH ALIGN="left" COLSPAN="1"><FONT SIZE="+2"> |
| <B>Method Detail</B></FONT></TH> |
| </TR> |
| </TABLE> |
| |
| <A NAME="implies(org.apache.shiro.authz.Permission)"><!-- --></A><H3> |
| implies</H3> |
| <PRE> |
| boolean <A HREF="../../../../src-html/org/apache/shiro/authz/Permission.html#line.84"><B>implies</B></A>(<A HREF="../../../../org/apache/shiro/authz/Permission.html" title="interface in org.apache.shiro.authz">Permission</A> p)</PRE> |
| <DL> |
| <DD>Returns <code>true</code> if this current instance <em>implies</em> all the functionality and/or resource access |
| described by the specified <code>Permission</code> argument, <code>false</code> otherwise. |
| <p/> |
| <p>That is, this current instance must be exactly equal to or a <em>superset</em> of the functionalty |
| and/or resource access described by the given <code>Permission</code> argument. Yet another way of saying this |
| would be: |
| <p/> |
| <p>If "permission1 implies permission2", i.e. <code>permission1.implies(permission2)</code> , |
| then any Subject granted <code>permission1</code> would have ability greater than or equal to that defined by |
| <code>permission2</code>. |
| <P> |
| <DD><DL> |
| <DT><B>Parameters:</B><DD><CODE>p</CODE> - the permission to check for behavior/functionality comparison. |
| <DT><B>Returns:</B><DD><code>true</code> if this current instance <em>implies</em> all the functionality and/or resource access |
| described by the specified <code>Permission</code> argument, <code>false</code> otherwise.</DL> |
| </DD> |
| </DL> |
| <!-- ========= END OF CLASS DATA ========= --> |
| <HR> |
| |
| |
| <!-- ======= START OF BOTTOM NAVBAR ====== --> |
| <A NAME="navbar_bottom"><!-- --></A> |
| <A HREF="#skip-navbar_bottom" title="Skip navigation links"></A> |
| <TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY=""> |
| <TR> |
| <TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> |
| <A NAME="navbar_bottom_firstrow"><!-- --></A> |
| <TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY=""> |
| <TR ALIGN="center" VALIGN="top"> |
| <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A> </TD> |
| <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A> </TD> |
| <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> <FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT> </TD> |
| <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/Permission.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A> </TD> |
| <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A> </TD> |
| <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A> </TD> |
| <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A> </TD> |
| <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A> </TD> |
| </TR> |
| </TABLE> |
| </TD> |
| <TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM> |
| </EM> |
| </TD> |
| </TR> |
| |
| <TR> |
| <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> |
| <A HREF="../../../../org/apache/shiro/authz/ModularRealmAuthorizer.html" title="class in org.apache.shiro.authz"><B>PREV CLASS</B></A> |
| <A HREF="../../../../org/apache/shiro/authz/SimpleAuthorizationInfo.html" title="class in org.apache.shiro.authz"><B>NEXT CLASS</B></A></FONT></TD> |
| <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> |
| <A HREF="../../../../index.html?org/apache/shiro/authz/Permission.html" target="_top"><B>FRAMES</B></A> |
| <A HREF="Permission.html" target="_top"><B>NO FRAMES</B></A> |
| <SCRIPT type="text/javascript"> |
| <!-- |
| if(window==top) { |
| document.writeln('<A HREF="../../../../allclasses-noframe.html"><B>All Classes</B></A>'); |
| } |
| //--> |
| </SCRIPT> |
| <NOSCRIPT> |
| <A HREF="../../../../allclasses-noframe.html"><B>All Classes</B></A> |
| </NOSCRIPT> |
| |
| |
| </FONT></TD> |
| </TR> |
| <TR> |
| <TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> |
| SUMMARY: NESTED | FIELD | CONSTR | <A HREF="#method_summary">METHOD</A></FONT></TD> |
| <TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> |
| DETAIL: FIELD | CONSTR | <A HREF="#method_detail">METHOD</A></FONT></TD> |
| </TR> |
| </TABLE> |
| <A NAME="skip-navbar_bottom"></A> |
| <!-- ======== END OF BOTTOM NAVBAR ======= --> |
| |
| <HR> |
| Copyright © 2004-2016 <a href="http://www.apache.org/">The Apache Software Foundation</a>. All Rights Reserved. |
| </BODY> |
| </HTML> |