1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 */ 19 package org.apache.shiro.web.filter.authz; 20 21 import java.io.IOException; 22 import javax.servlet.ServletRequest; 23 import javax.servlet.ServletResponse; 24 25 import org.apache.shiro.subject.Subject; 26 27 /** 28 * Filter that allows access if the current user has the permissions specified by the mapped value, or denies access 29 * if the user does not have all of the permissions specified. 30 * 31 * @since 0.9 32 */ 33 public class PermissionsAuthorizationFilter extends AuthorizationFilter { 34 35 //TODO - complete JavaDoc 36 37 public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException { 38 39 Subject subject = getSubject(request, response); 40 String[] perms = (String[]) mappedValue; 41 42 boolean isPermitted = true; 43 if (perms != null && perms.length > 0) { 44 if (perms.length == 1) { 45 if (!subject.isPermitted(perms[0])) { 46 isPermitted = false; 47 } 48 } else { 49 if (!subject.isPermittedAll(perms)) { 50 isPermitted = false; 51 } 52 } 53 } 54 55 return isPermitted; 56 } 57 }