001/**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements.  See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License.  You may obtain a copy of the License at
008 *
009 *      http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017package org.apache.activemq.shiro.authz;
018
019import org.apache.shiro.authz.Permission;
020
021import java.util.Collection;
022
023/**
024 * An {@code ActionPermissionResolver} will inspect an {@link Action} and return
025 * {@link Permission}s that must be granted to a {@link org.apache.shiro.subject.Subject Subject} in order for the
026 * {@code Subject} to execute the action.
027 * <p/>
028 * If a {@code Subject} is not granted all of the returned permissions, the {@code Action} will not be executed.
029 *
030 * @since 5.10.0
031 */
032public interface ActionPermissionResolver {
033
034    /**
035     * Returns all {@link Permission}s that must be granted to a
036     * {@link org.apache.shiro.subject.Subject Subject} in order for the {@code Subject} to execute the action, or
037     * an empty collection if no permissions are required.
038     * <p/>
039     * Most implementations will probably return a single Permission, but multiple permissions are possible, especially
040     * if the Action represents behavior attempted on a
041     * <a href="http://activemq.apache.org/composite-destinations.html">Composite Destination</a>.
042     *
043     * @param action the action attempted
044     * @return all {@link Permission}s that must be granted to a
045     *         {@link org.apache.shiro.subject.Subject Subject} in order for the {@code Subject} to execute the action,
046     *         or an empty collection if no permissions are required.
047     */
048    Collection<Permission> getPermissions(Action action);
049
050}