Annotation Type RequiresRoles


  • @Target({TYPE,METHOD})
    @Retention(RUNTIME)
    public @interface RequiresRoles
    Requires the currently executing Subject to have all of the specified roles. If they do not have the role(s), the method will not be executed and an AuthorizationException is thrown.

    For example,

    @RequiresRoles("aRoleName");
    void someMethod();

    means someMethod() could only be executed by subjects who have been assigned the 'aRoleName' role.

    *Usage Note*: Be careful using this annotation if your application has a dynamic security model where roles can be added and deleted at runtime. If your application allowed the annotated role to be deleted during runtime, the method would not be able to be executed by anyone (at least until a new role with the same name was created again).

    If you require such dynamic functionality, only the RequiresPermissions annotation makes sense - Permission types will not change during runtime for an application since permissions directly correspond to how the application's functionality is programmed (that is, they reflect the application's functionality only, not who is executing the the functionality).

    Since:
    0.1
    See Also:
    Subject.hasRole(String)
    • Required Element Summary

      Required Elements 
      Modifier and Type Required Element Description
      String[] value
      A single String role name or multiple comma-delimited role names required in order for the method invocation to be allowed.
    • Optional Element Summary

      Optional Elements 
      Modifier and Type Optional Element Description
      Logical logical
      The logical operation for the permission check in case multiple roles are specified.
    • Element Detail

      • value

        String[] value
        A single String role name or multiple comma-delimited role names required in order for the method invocation to be allowed.
      • logical

        Logical logical
        The logical operation for the permission check in case multiple roles are specified. AND is the default
        Since:
        1.1.0
        Default:
        org.apache.shiro.authz.annotation.Logical.AND