org.apache.shiro.web.mgt.WebSecurityManager Java Examples

/**
 * Create the Shiro filter. Overriding this method allows for complete customization of how Shiro is initialized.
 */
protected Filter createFilter(final T configuration) {
    ShiroConfiguration shiroConfig = narrow(configuration);
    final IniWebEnvironment shiroEnv = new IniWebEnvironment();
    shiroEnv.setConfigLocations(shiroConfig.iniConfigs());
    shiroEnv.init();

    AbstractShiroFilter shiroFilter = new AbstractShiroFilter() {
        @Override
        public void init() throws Exception {
            Collection<Realm> realms = createRealms(configuration);
            WebSecurityManager securityManager = realms.isEmpty()
                    ? shiroEnv.getWebSecurityManager()
                    : new DefaultWebSecurityManager(realms);
            setSecurityManager(securityManager);
            setFilterChainResolver(shiroEnv.getFilterChainResolver());
        }
    };
    return shiroFilter;
}
 

/**
 * Create the Shiro filter. Overriding this method allows for complete customization of how Shiro is initialized.
 */
protected Filter createFilter(final T configuration) {
    ShiroConfiguration shiroConfig = narrow(configuration);
    final IniWebEnvironment shiroEnv = new IniWebEnvironment();
    shiroEnv.setConfigLocations(shiroConfig.iniConfigs());
    shiroEnv.init();

    AbstractShiroFilter shiroFilter = new AbstractShiroFilter() {
        @Override
        public void init() throws Exception {
            Collection<Realm> realms = createRealms(configuration);
            WebSecurityManager securityManager = realms.isEmpty()
                    ? shiroEnv.getWebSecurityManager()
                    : new DefaultWebSecurityManager(realms);
            setSecurityManager(securityManager);
            setFilterChainResolver(shiroEnv.getFilterChainResolver());
        }
    };
    return shiroFilter;
}
 

public static void bind(final ServiceBinder binder) {
		binder.bind(WebSecurityManager.class, TapestryRealmSecurityManager.class);
		// TYNAMO-155 It's not enough to identify ModularRealmAuthenticator by it's Authenticator interface only
		// because Shiro tests if the object is an instanceof LogoutAware to call logout handlers
		binder.bind(ModularRealmAuthenticator.class);
		binder.bind(SubjectFactory.class, DefaultWebSubjectFactory.class);
		binder.bind(HttpServletRequestFilter.class, SecurityConfiguration.class).withId("SecurityConfiguration").withMarker(Security.class);
		binder.bind(ClassInterceptorsCache.class, ClassInterceptorsCacheImpl.class);
		binder.bind(SecurityService.class, SecurityServiceImpl.class);
		binder.bind(SecurityFilterChainFactory.class, SecurityFilterChainFactoryImpl.class);
		binder.bind(ComponentRequestFilter.class, SecurityComponentRequestFilter.class);
		binder.bind(SecurityFilterChainHub.class, SecurityFilterChainHubImpl.class);
//		binder.bind(ShiroExceptionHandler.class);
		binder.bind(LoginContextService.class, LoginContextServiceImpl.class);
		binder.bind(Serializer.class, SimplePrincipalSerializer.class);
	}
 

private void configureSecurity() {
	contributeFromPackage(Realm.class, AbstractAuthorizingRealm.class);
	
	bind(RememberMeManager.class).to(OneRememberMeManager.class);
	bind(WebSecurityManager.class).to(OneWebSecurityManager.class);
	bind(FilterChainResolver.class).to(OneFilterChainResolver.class);
	bind(BasicAuthenticationFilter.class);
	bind(BearerAuthenticationFilter.class);
	bind(PasswordService.class).to(OnePasswordService.class);
	bind(ShiroFilter.class);
	install(new ShiroAopModule());
       contribute(FilterChainConfigurator.class, new FilterChainConfigurator() {

           @Override
           public void configure(FilterChainManager filterChainManager) {
               filterChainManager.createChain("/**/info/refs", "noSessionCreation, authcBasic, authcBearer");
               filterChainManager.createChain("/**/git-upload-pack", "noSessionCreation, authcBasic, authcBearer");
               filterChainManager.createChain("/**/git-receive-pack", "noSessionCreation, authcBasic, authcBearer");
           }
           
       });
       contributeFromPackage(Authenticator.class, Authenticator.class);
}
 

@Override
protected AbstractShiroFilter createInstance() throws Exception {
	SecurityManager securityManager = getSecurityManager();
	if (securityManager == null){
		throw new BeanInitializationException("SecurityManager property must be set.");
	}

	if (!(securityManager instanceof WebSecurityManager)){
		throw new BeanInitializationException("The security manager does not implement the WebSecurityManager interface.");
	}

	PathMatchingFilterChainResolver chainResolver = new PathMatchingFilterChainResolver();
	FilterChainManager chainManager = createFilterChainManager();
	chainResolver.setFilterChainManager(chainManager);
	return new MySpringShiroFilter((WebSecurityManager)securityManager, chainResolver);
}
 

@Override
protected AbstractShiroFilter createInstance() throws Exception {
    LOGGER.debug("Creating Shiro Filter instance.");
    SecurityManager securityManager = this.getSecurityManager();
    String msg;
    if (securityManager == null) {
        msg = "SecurityManager property must be set.";
        throw new BeanInitializationException(msg);
    } else if (!(securityManager instanceof WebSecurityManager)) {
        msg = "The security manager does not implement the WebSecurityManager interface.";
        throw new BeanInitializationException(msg);
    } else {
        FilterChainManager manager = this.createFilterChainManager();
        RestPathMatchingFilterChainResolver chainResolver = new RestPathMatchingFilterChainResolver();
        chainResolver.setFilterChainManager(manager);
        return new RestShiroFilterFactoryBean.SpringShiroFilter((WebSecurityManager)securityManager, chainResolver);
    }
}
 

public MySpringShiroFilter(
		WebSecurityManager securityManager, PathMatchingFilterChainResolver chainResolver) {
	super();
	if (securityManager == null){
		throw new IllegalArgumentException("WebSecurityManager property cannot be null.");
	}
	setSecurityManager(securityManager);
	if (chainResolver != null){
		setFilterChainResolver(chainResolver);
	}
}
 

public SecurityConfiguration(ApplicationGlobals applicationGlobals, RequestGlobals requestGlobals,
							 final WebSecurityManager securityManager, LoginContextService loginContextService,
							 final List<SecurityFilterChain> chains,
							 final SecurityFilterChainHub securityFilterChainHub) {

	this.securityManager = securityManager;
	this.loginContextService = loginContextService;
	this.securityFilterChainHub = securityFilterChainHub;
	this.servletContext = applicationGlobals.getServletContext();
	this.requestGlobals = requestGlobals;
	this.chains = chains;
}
 

@Inject
public SecurityFilter(final WebSecurityManager webSecurityManager,
                      final FilterChainResolver filterChainResolver)
{
  checkNotNull(webSecurityManager);
  log.trace("Security manager: {}", webSecurityManager);
  setSecurityManager(webSecurityManager);

  checkNotNull(filterChainResolver);
  log.trace("Filter chain resolver: {}", filterChainResolver);
  setFilterChainResolver(filterChainResolver);
}
 

@Override
protected void bindWebSecurityManager(final AnnotatedBindingBuilder<? super WebSecurityManager> bind) {
  bind(NexusWebSecurityManager.class).asEagerSingleton();

  // bind RealmSecurityManager and WebSecurityManager to _same_ component
  bind(RealmSecurityManager.class).to(NexusWebSecurityManager.class);
  bind.to(NexusWebSecurityManager.class);

  // bindings used by external modules
  expose(RealmSecurityManager.class);
  expose(WebSecurityManager.class);
}
 

protected SpringShiroFilter(WebSecurityManager webSecurityManager, FilterChainResolver resolver) {
    super();
    if (webSecurityManager == null) {
        throw new IllegalArgumentException("WebSecurityManager property cannot be null.");
    }
    setSecurityManager(webSecurityManager);
    if (resolver != null) {
        setFilterChainResolver(resolver);
    }
}
 

protected IamSpringShiroFilter(WebSecurityManager webSecurityManager, FilterChainResolver resolver) {
	if (webSecurityManager == null) {
		throw new IllegalArgumentException("WebSecurityManager property cannot be null.");
	}
	setSecurityManager(webSecurityManager);
	if (resolver != null) {
		setFilterChainResolver(resolver);
	}
}
 

protected SpringShiroFilter(WebSecurityManager webSecurityManager, FilterChainResolver resolver) {
    if (webSecurityManager == null) {
        throw new IllegalArgumentException("WebSecurityManager property cannot be null.");
    } else {
        this.setSecurityManager(webSecurityManager);
        if (resolver != null) {
            this.setFilterChainResolver(resolver);
        }

    }
}
 

@Override
protected void configure() {
  requireBinding(WebSecurityManager.class);
  requireBinding(FilterChainResolver.class);
}
 

@Override
public void init() throws ShiroException {
	setWebSecurityManager(OneDev.getInstance(WebSecurityManager.class));
	setFilterChainResolver(OneDev.getInstance(FilterChainResolver.class));
}
 

@Contribute(HttpServletRequestFilter.class)
	@Security
	public static void setupSecurity(OrderedConfiguration<SecurityFilterChain> configuration,
			SecurityFilterChainFactory factory, WebSecurityManager securityManager) {
//		if (securityManager instanceof DefaultSecurityManager) {
//			DefaultSecurityManager defaultManager = (DefaultSecurityManager) securityManager;
//
//			// BlowfishCipher cipher = new BlowfishCipher();
//			// defaultManager.setRememberMeCipherKey(cipher.getKey().getEncoded());
//			// defaultManager.setRememberMeCipher(cipher);
//			ServletContainerSessionManager sessionManager = new ServletContainerSessionManager();
//			defaultManager.setSessionManager(sessionManager);
//			defaultManager.setSubjectFactory(subjectFactory);
//		}

//		/authc/signup = anon
//		/authc/** = authc
//
//		/user/signup = anon
//		/user/** = user
//		/roles/user/** = roles[user]
//		/roles/manager/** = roles[manager]
//		/perms/view/** = perms[news:view]
//		/perms/edit/** = perms[news:edit]

		configuration.add("authc_signup", factory.createChain("/authc/signup").add(factory.anon()).build());
		configuration.add("authc", factory.createChain("/authc/**").add(factory.authc()).build());
		configuration.add("partlyauthc", factory.createChain("/partlyauthc/**").add(factory.anon()).build());
		configuration.add("contributed", factory.createChain("/contributed/**").add(factory.authc()).build());
		configuration.add("user_signup", factory.createChain("/user/signup").add(factory.anon()).build());
		configuration.add("user", factory.createChain("/user/**").add(factory.user()).build());
		configuration.add("roles_user", factory.createChain("/roles/user/**").add(factory.roles(), "user").build());
		configuration.add("roles_manager", factory.createChain("/roles/manager/**").add(factory.roles(), "manager").build());
		configuration.add("perms_view", factory.createChain("/perms/view/**").add(factory.perms(), "news:view").build());
		configuration.add("perms_edit", factory.createChain("/perms/edit/**").add(factory.perms(), "news:edit").build());

		configuration.add("ports_ssl", factory.createChain("/ports/ssl").add(factory.ssl()).build());
		configuration.add("ports_inuse", factory.createChain("/ports/portinuse").add(factory.port(), String.valueOf(TapestrySecurityIntegrationTest.port)).build());
		configuration.add("ports_9000", factory.createChain("/ports/port9090").add(factory.port(), "9090").build());

		configuration.add("hidden", factory.createChain("/hidden/**").add(factory.notfound()).build());
	}
 

public static Subject asSubject(Long userId) {
	WebSecurityManager securityManager = AppLoader.getInstance(WebSecurityManager.class);
    return new Subject.Builder(securityManager).principals(asPrincipal(userId)).buildSubject();
}