| <!DOCTYPE HTML> |
| <!-- NewPage --> |
| <html lang="en"> |
| <head> |
| <!-- Generated by javadoc --> |
| <title>Permission (Apache Shiro :: Core 1.9.1 API)</title> |
| <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> |
| <link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="Style"> |
| <link rel="stylesheet" type="text/css" href="../../../../jquery/jquery-ui.css" title="Style"> |
| <script type="text/javascript" src="../../../../script.js"></script> |
| <script type="text/javascript" src="../../../../jquery/jszip/dist/jszip.min.js"></script> |
| <script type="text/javascript" src="../../../../jquery/jszip-utils/dist/jszip-utils.min.js"></script> |
| <!--[if IE]> |
| <script type="text/javascript" src="../../../../jquery/jszip-utils/dist/jszip-utils-ie.min.js"></script> |
| <![endif]--> |
| <script type="text/javascript" src="../../../../jquery/jquery-3.5.1.js"></script> |
| <script type="text/javascript" src="../../../../jquery/jquery-ui.js"></script> |
| </head> |
| <body> |
| <script type="text/javascript"><!-- |
| try { |
| if (location.href.indexOf('is-external=true') == -1) { |
| parent.document.title="Permission (Apache Shiro :: Core 1.9.1 API)"; |
| } |
| } |
| catch(err) { |
| } |
| //--> |
| var data = {"i0":6}; |
| var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],4:["t3","Abstract Methods"]}; |
| var altColor = "altColor"; |
| var rowColor = "rowColor"; |
| var tableTab = "tableTab"; |
| var activeTableTab = "activeTableTab"; |
| var pathtoroot = "../../../../"; |
| var useModuleDirectories = true; |
| loadScripts(document, 'script');</script> |
| <noscript> |
| <div>JavaScript is disabled on your browser.</div> |
| </noscript> |
| <header role="banner"> |
| <nav role="navigation"> |
| <div class="fixedNav"><!-- Matomo --> <script> var _paq = window._paq = window._paq || []; /* tracker methods like "setCustomDimension" should be called before "trackPageView" */ /* We explicitly disable cookie tracking to avoid privacy issues */ _paq.push(['disableCookies']); _paq.push(['trackPageView']); _paq.push(['enableLinkTracking']); (function() { var u="//matomo.privacy.apache.org/"; _paq.push(['setTrackerUrl', u+'matomo.php']); _paq.push(['setSiteId', '2']); var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0]; g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s); })(); </script> <!-- End Matomo Code --> |
| <!-- ========= START OF TOP NAVBAR ======= --> |
| <div class="topNav"><a id="navbar.top"> |
| <!-- --> |
| </a> |
| <div class="skipNav"><a href="#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div> |
| <a id="navbar.top.firstrow"> |
| <!-- --> |
| </a> |
| <ul class="navList" title="Navigation"> |
| <li><a href="../../../../index.html">Overview</a></li> |
| <li><a href="package-summary.html">Package</a></li> |
| <li class="navBarCell1Rev">Class</li> |
| <li><a href="class-use/Permission.html">Use</a></li> |
| <li><a href="package-tree.html">Tree</a></li> |
| <li><a href="../../../../deprecated-list.html">Deprecated</a></li> |
| <li><a href="../../../../index-all.html">Index</a></li> |
| <li><a href="../../../../help-doc.html">Help</a></li> |
| </ul> |
| </div> |
| <div class="subNav"> |
| <ul class="navList" id="allclasses_navbar_top"> |
| <li><a href="../../../../allclasses.html">All Classes</a></li> |
| </ul> |
| <ul class="navListSearch"> |
| <li><label for="search">SEARCH:</label> |
| <input type="text" id="search" value="search" disabled="disabled"> |
| <input type="reset" id="reset" value="reset" disabled="disabled"> |
| </li> |
| </ul> |
| <div> |
| <script type="text/javascript"><!-- |
| allClassesLink = document.getElementById("allclasses_navbar_top"); |
| if(window==top) { |
| allClassesLink.style.display = "block"; |
| } |
| else { |
| allClassesLink.style.display = "none"; |
| } |
| //--> |
| </script> |
| <noscript> |
| <div>JavaScript is disabled on your browser.</div> |
| </noscript> |
| </div> |
| <div> |
| <ul class="subNavList"> |
| <li>Summary: </li> |
| <li>Nested | </li> |
| <li>Field | </li> |
| <li>Constr | </li> |
| <li><a href="#method.summary">Method</a></li> |
| </ul> |
| <ul class="subNavList"> |
| <li>Detail: </li> |
| <li>Field | </li> |
| <li>Constr | </li> |
| <li><a href="#method.detail">Method</a></li> |
| </ul> |
| </div> |
| <a id="skip.navbar.top"> |
| <!-- --> |
| </a></div> |
| <!-- ========= END OF TOP NAVBAR ========= --> |
| </div> |
| <div class="navPadding"> </div> |
| <script type="text/javascript"><!-- |
| $('.navPadding').css('padding-top', $('.fixedNav').css("height")); |
| //--> |
| </script> |
| </nav> |
| </header> |
| <!-- ======== START OF CLASS DATA ======== --> |
| <main role="main"> |
| <div class="header"> |
| <div class="subTitle"><span class="packageLabelInType">Package</span> <a href="package-summary.html">org.apache.shiro.authz</a></div> |
| <h2 title="Interface Permission" class="title">Interface Permission</h2> |
| </div> |
| <div class="contentContainer"> |
| <div class="description"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <dl> |
| <dt>All Known Implementing Classes:</dt> |
| <dd><code><a href="permission/AllPermission.html" title="class in org.apache.shiro.authz.permission">AllPermission</a></code>, <code><a href="permission/DomainPermission.html" title="class in org.apache.shiro.authz.permission">DomainPermission</a></code>, <code><a href="permission/WildcardPermission.html" title="class in org.apache.shiro.authz.permission">WildcardPermission</a></code></dd> |
| </dl> |
| <hr> |
| <pre>public interface <a href="../../../../src-html/org/apache/shiro/authz/Permission.html#line.66">Permission</a></pre> |
| <div class="block">A Permission represents the ability to perform an action or access a resource. A Permission is the most |
| granular, or atomic, unit in a system's security policy and is the cornerstone upon which fine-grained security |
| models are built. |
| <p/> |
| It is important to understand a Permission instance only represents functionality or access - it does not grant it. |
| Granting access to an application functionality or a particular resource is done by the application's security |
| configuration, typically by assigning Permissions to users, roles and/or groups. |
| <p/> |
| Most typical systems are what the Shiro team calls <em>role-based</em> in nature, where a role represents |
| common behavior for certain user types. For example, a system might have an <em>Administrator</em> role, a |
| <em>User</em> or <em>Guest</em> roles, etc. |
| <p/> |
| But if you have a dynamic security model, where roles can be created and deleted at runtime, you can't hard-code |
| role names in your code. In this environment, roles themselves aren't very useful. What matters is what |
| <em>permissions</em> are assigned to these roles. |
| <p/> |
| Under this paradigm, permissions are immutable and reflect an application's raw functionality |
| (opening files, accessing a web URL, creating users, etc). This is what allows a system's security policy |
| to be dynamic: because Permissions represent raw functionality and only change when the application's |
| source code changes, they are immutable at runtime - they represent 'what' the system can do. Roles, users, and |
| groups are the 'who' of the application. Determining 'who' can do 'what' then becomes a simple exercise of |
| associating Permissions to roles, users, and groups in some way. |
| <p/> |
| Most applications do this by associating a named role with permissions (i.e. a role 'has a' collection of |
| Permissions) and then associate users with roles (i.e. a user 'has a' collection of roles) so that by transitive |
| association, the user 'has' the permissions in their roles. There are numerous variations on this theme |
| (permissions assigned directly to users, or assigned to groups, and users added to groups and these groups in turn |
| have roles, etc, etc). When employing a permission-based security model instead of a role-based one, users, roles, |
| and groups can all be created, configured and/or deleted at runtime. This enables an extremely powerful security |
| model. |
| <p/> |
| A benefit to Shiro is that, although it assumes most systems are based on these types of static role or |
| dynamic role w/ permission schemes, it does not require a system to model their security data this way - all |
| Permission checks are relegated to <a href="../realm/Realm.html" title="interface in org.apache.shiro.realm"><code>Realm</code></a> implementations, and only those |
| implementations really determine how a user 'has' a permission or not. The Realm could use the semantics described |
| here, or it could utilize some other mechanism entirely - it is always up to the application developer. |
| <p/> |
| Shiro provides a very powerful default implementation of this interface in the form of the |
| <a href="permission/WildcardPermission.html" title="class in org.apache.shiro.authz.permission"><code>WildcardPermission</code></a>. We highly recommend that you |
| investigate this class before trying to implement your own <code>Permission</code>s.</div> |
| <dl> |
| <dt><span class="simpleTagLabel">Since:</span></dt> |
| <dd>0.2</dd> |
| <dt><span class="seeLabel">See Also:</span></dt> |
| <dd><a href="permission/WildcardPermission.html" title="class in org.apache.shiro.authz.permission"><code>WildcardPermission</code></a></dd> |
| </dl> |
| </li> |
| </ul> |
| </div> |
| <div class="summary"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <!-- ========== METHOD SUMMARY =========== --> |
| <section role="region"> |
| <ul class="blockList"> |
| <li class="blockList"><a id="method.summary"> |
| <!-- --> |
| </a> |
| <h3>Method Summary</h3> |
| <table class="memberSummary"> |
| <caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd"> </span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd"> </span></span><span id="t3" class="tableTab"><span><a href="javascript:show(4);">Abstract Methods</a></span><span class="tabEnd"> </span></span></caption> |
| <tr> |
| <th class="colFirst" scope="col">Modifier and Type</th> |
| <th class="colSecond" scope="col">Method</th> |
| <th class="colLast" scope="col">Description</th> |
| </tr> |
| <tr id="i0" class="altColor"> |
| <td class="colFirst"><code>boolean</code></td> |
| <th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#implies(org.apache.shiro.authz.Permission)">implies</a></span>​(<a href="Permission.html" title="interface in org.apache.shiro.authz">Permission</a> p)</code></th> |
| <td class="colLast"> |
| <div class="block">Returns <code>true</code> if this current instance <em>implies</em> all the functionality and/or resource access |
| described by the specified <code>Permission</code> argument, <code>false</code> otherwise.</div> |
| </td> |
| </tr> |
| </table> |
| </li> |
| </ul> |
| </section> |
| </li> |
| </ul> |
| </div> |
| <div class="details"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <!-- ============ METHOD DETAIL ========== --> |
| <section role="region"> |
| <ul class="blockList"> |
| <li class="blockList"><a id="method.detail"> |
| <!-- --> |
| </a> |
| <h3>Method Detail</h3> |
| <a id="implies(org.apache.shiro.authz.Permission)"> |
| <!-- --> |
| </a> |
| <ul class="blockListLast"> |
| <li class="blockList"> |
| <h4>implies</h4> |
| <pre class="methodSignature">boolean <a href="../../../../src-html/org/apache/shiro/authz/Permission.html#line.84">implies</a>​(<a href="Permission.html" title="interface in org.apache.shiro.authz">Permission</a> p)</pre> |
| <div class="block">Returns <code>true</code> if this current instance <em>implies</em> all the functionality and/or resource access |
| described by the specified <code>Permission</code> argument, <code>false</code> otherwise. |
| <p/> |
| <p>That is, this current instance must be exactly equal to or a <em>superset</em> of the functionality |
| and/or resource access described by the given <code>Permission</code> argument. Yet another way of saying this |
| would be: |
| <p/> |
| <p>If "permission1 implies permission2", i.e. <code>permission1.implies(permission2)</code> , |
| then any Subject granted <code>permission1</code> would have ability greater than or equal to that defined by |
| <code>permission2</code>.</div> |
| <dl> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>p</code> - the permission to check for behavior/functionality comparison.</dd> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd><code>true</code> if this current instance <em>implies</em> all the functionality and/or resource access |
| described by the specified <code>Permission</code> argument, <code>false</code> otherwise.</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </section> |
| </li> |
| </ul> |
| </div> |
| </div> |
| </main> |
| <!-- ========= END OF CLASS DATA ========= --> |
| <footer role="contentinfo"> |
| <nav role="navigation"> |
| <!-- ======= START OF BOTTOM NAVBAR ====== --> |
| <div class="bottomNav"><a id="navbar.bottom"> |
| <!-- --> |
| </a> |
| <div class="skipNav"><a href="#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div> |
| <a id="navbar.bottom.firstrow"> |
| <!-- --> |
| </a> |
| <ul class="navList" title="Navigation"> |
| <li><a href="../../../../index.html">Overview</a></li> |
| <li><a href="package-summary.html">Package</a></li> |
| <li class="navBarCell1Rev">Class</li> |
| <li><a href="class-use/Permission.html">Use</a></li> |
| <li><a href="package-tree.html">Tree</a></li> |
| <li><a href="../../../../deprecated-list.html">Deprecated</a></li> |
| <li><a href="../../../../index-all.html">Index</a></li> |
| <li><a href="../../../../help-doc.html">Help</a></li> |
| </ul> |
| </div> |
| <div class="subNav"> |
| <ul class="navList" id="allclasses_navbar_bottom"> |
| <li><a href="../../../../allclasses.html">All Classes</a></li> |
| </ul> |
| <div> |
| <script type="text/javascript"><!-- |
| allClassesLink = document.getElementById("allclasses_navbar_bottom"); |
| if(window==top) { |
| allClassesLink.style.display = "block"; |
| } |
| else { |
| allClassesLink.style.display = "none"; |
| } |
| //--> |
| </script> |
| <noscript> |
| <div>JavaScript is disabled on your browser.</div> |
| </noscript> |
| </div> |
| <div> |
| <ul class="subNavList"> |
| <li>Summary: </li> |
| <li>Nested | </li> |
| <li>Field | </li> |
| <li>Constr | </li> |
| <li><a href="#method.summary">Method</a></li> |
| </ul> |
| <ul class="subNavList"> |
| <li>Detail: </li> |
| <li>Field | </li> |
| <li>Constr | </li> |
| <li><a href="#method.detail">Method</a></li> |
| </ul> |
| </div> |
| <a id="skip.navbar.bottom"> |
| <!-- --> |
| </a></div> |
| <!-- ======== END OF BOTTOM NAVBAR ======= --> |
| </nav> |
| <p class="legalCopy"><small>Copyright © 2004–2022 <a href="https://www.apache.org/">The Apache Software Foundation</a>. All rights reserved.</small></p> |
| </footer> |
| </body> |
| </html> |