001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 */ 019package org.apache.shiro.web.filter.authz; 020 021import java.io.IOException; 022import java.util.Set; 023import javax.servlet.ServletRequest; 024import javax.servlet.ServletResponse; 025 026import org.apache.shiro.subject.Subject; 027import org.apache.shiro.util.CollectionUtils; 028 029 030/** 031 * Filter that allows access if the current user has the roles specified by the mapped value, or denies access 032 * if the user does not have all of the roles specified. 033 * 034 * @since 0.9 035 */ 036public class RolesAuthorizationFilter extends AuthorizationFilter { 037 038 //TODO - complete JavaDoc 039 040 @SuppressWarnings({"unchecked"}) 041 public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException { 042 043 Subject subject = getSubject(request, response); 044 String[] rolesArray = (String[]) mappedValue; 045 046 if (rolesArray == null || rolesArray.length == 0) { 047 //no roles specified, so nothing to check - allow access. 048 return true; 049 } 050 051 Set<String> roles = CollectionUtils.asSet(rolesArray); 052 return subject.hasAllRoles(roles); 053 } 054 055}