org.apache.shiro.config.ConfigurationException Java Examples

@Override
public Ini convert(String raw) {
  Ini ini;
  try {
    ini = Ini.fromResourcePath(raw);
  } catch (ConfigurationException e) {
    throw new ParameterException(getErrorString(raw, e.getMessage()), e);
  }

  Set<String> presentSections = ImmutableSortedSet.copyOf(ini.getSectionNames());
  if (presentSections.isEmpty()) {
    throw new MissingSectionsException();
  }

  Set<String> extraSections = Sets.difference(presentSections, ALLOWED_SECTION_NAMES);
  if (!extraSections.isEmpty()) {
    throw new ExtraSectionsException(extraSections);
  }

  return ini;
}
 

@VisibleForTesting
public static Iterable<SearchModelAuthorizable> parsePrivilege(String string) {
  List<SearchModelAuthorizable> result = Lists.newArrayList();
  System.err.println("privilege = " + string);
  for(String section : AUTHORIZABLE_SPLITTER.split(string)) {
    // XXX this ugly hack is because action is not an authorizable
    if(!section.toLowerCase().startsWith(PRIVILEGE_PREFIX)) {
      SearchModelAuthorizable authorizable = SearchModelAuthorizables.from(section);
      if(authorizable == null) {
        String msg = "No authorizable found for " + section;
        throw new ConfigurationException(msg);
      }
      result.add(authorizable);
    }
  }
  return result;
}
 

/**
 * 返回配置文件流 避免ehcache配置文件一直被占用，无法完全销毁项目重新部署
 */
protected InputStream getCacheManagerConfigFileInputStream()
{
    String configFile = "classpath:ehcache/ehcache-shiro.xml";
    InputStream inputStream = null;
    try
    {
        inputStream = ResourceUtils.getInputStreamForPath(configFile);
        byte[] b = IOUtils.toByteArray(inputStream);
        InputStream in = new ByteArrayInputStream(b);
        return in;
    }
    catch (IOException e)
    {
        throw new ConfigurationException(
                "Unable to obtain input stream for cacheManagerConfigFile [" + configFile + "]", e);
    }
    finally
    {
        IOUtils.closeQuietly(inputStream);
    }
}
 

/**
 * 返回配置文件流 避免ehcache配置文件一直被占用，无法完全销毁项目重新部署
 */
protected InputStream getCacheManagerConfigFileInputStream()
{
    String configFile = "classpath:ehcache/ehcache-shiro.xml";
    InputStream inputStream = null;
    try
    {
        inputStream = ResourceUtils.getInputStreamForPath(configFile);
        byte[] b = IOUtils.toByteArray(inputStream);
        return new ByteArrayInputStream(b);
    }
    catch (IOException e)
    {
        throw new ConfigurationException(
                "Unable to obtain input stream for cacheManagerConfigFile [" + configFile + "]", e);
    }
    finally
    {
        IOUtils.closeQuietly(inputStream);
    }
}
 

@Override
public void validate(PrivilegeValidatorContext context)
    throws ConfigurationException {
  Iterable<SqoopAuthorizable> authorizables = parsePrivilege(context.getPrivilege());
  boolean match = false;
  for (SqoopAuthorizable authorizable : authorizables) {
    if (authorizable instanceof Server && authorizable.getName().equalsIgnoreCase(sqoopServerName)) {
      match = true;
      break;
    }
  }
  if (!match) {
    String msg = "server=[name] in " + context.getPrivilege()
        + " is required. The name is expected " + sqoopServerName;
    throw new ConfigurationException(msg);
  }
}
 

@VisibleForTesting
public static Iterable<IndexerModelAuthorizable> parsePrivilege(String string) {
  List<IndexerModelAuthorizable> result = Lists.newArrayList();
  for(String section : AUTHORIZABLE_SPLITTER.split(string)) {
    // XXX this ugly hack is because action is not an authorizable
    if(!section.toLowerCase().startsWith(PRIVILEGE_PREFIX)) {
      IndexerModelAuthorizable authorizable = IndexerModelAuthorizables.from(section);
      if(authorizable == null) {
        String msg = "No authorizable found for " + section;
        throw new ConfigurationException(msg);
      }
      result.add(authorizable);
    }
  }
  return result;
}
 

@Override
public void validate(PrivilegeValidatorContext context) throws ConfigurationException {
  String database = context.getDatabase();
  String privilege = context.getPrivilege();
  /*
   *  Rule only applies to rules in per database policy file
   */
  if(database != null) {
    Iterable<DBModelAuthorizable> authorizables = parsePrivilege(privilege);
    for(DBModelAuthorizable authorizable : authorizables) {
      if(authorizable instanceof Database &&
          !database.equalsIgnoreCase(authorizable.getName())) {
        String msg = "Privilege " + privilege + " references db " +
            authorizable.getName() + ", but is only allowed to reference "
            + database;
        throw new ConfigurationException(msg);
      }
    }
  }
}
 

public static KafkaAuthorizable from(AuthorizableType type, String name) throws ConfigurationException {
  switch (type) {
    case HOST:
      return new Host(name);
    case CLUSTER: {
      if (!name.equals(Cluster.NAME)) {
        throw new ConfigurationException("Kafka's cluster resource can only have name " + Cluster.NAME);
      }
      return new Cluster();
    }
    case TOPIC:
      return new Topic(name);
    case CONSUMERGROUP:
      return new ConsumerGroup(name);
    default:
      return null;
  }
}
 

@VisibleForTesting
public static Iterable<DBModelAuthorizable> parsePrivilege(String string) {
  List<DBModelAuthorizable> result = Lists.newArrayList();
  for(String section : AUTHORIZABLE_SPLITTER.split(string)) {
    // XXX this ugly hack is because action is not an authorizeable
    if(!section.toLowerCase().startsWith(PRIVILEGE_PREFIX)) {
      DBModelAuthorizable authorizable = DBModelAuthorizables.from(section);
      if(authorizable == null) {
        String msg = "No authorizable found for " + section;
        throw new ConfigurationException(msg);
      }
      result.add(authorizable);
    }
  }
  return result;
}
 

@Test
public void testServerNameMatch() throws Exception {
  ServerNameRequiredMatch serverNameMatch = new ServerNameRequiredMatch("server1");
  try {
    serverNameMatch.validate(new PrivilegeValidatorContext("server=server1->connector=c1->action=read"));
  } catch (ConfigurationException ex) {
    Assert.fail("Not expected ConfigurationException");
  }
}
 

private Iterable<SqoopAuthorizable> parsePrivilege(String string) {
  List<SqoopAuthorizable> result = Lists.newArrayList();
  for(String section : AUTHORIZABLE_SPLITTER.split(string)) {
    if(!section.toLowerCase().startsWith(PRIVILEGE_PREFIX)) {
      SqoopAuthorizable authorizable = SqoopModelAuthorizables.from(section);
      if(authorizable == null) {
        String msg = "No authorizable found for " + section;
        throw new ConfigurationException(msg);
      }
      result.add(authorizable);
    }
  }
  return result;
}
 

public static KafkaAuthorizable from(KeyValue keyValue) throws ConfigurationException {
  String prefix = keyValue.getKey().toLowerCase();
  String name = keyValue.getValue();
  for (AuthorizableType type : AuthorizableType.values()) {
    if (prefix.equalsIgnoreCase(type.name())) {
      return from(type, name);
    }
  }
  return null;
}
 

@Test
public void testClusterResourceNameIsRestricted() throws Exception {
  try {
    KafkaModelAuthorizables.from("Cluster=cluster1");
    fail("Cluster with name other than " + Cluster.NAME + " must not have been created.");
  } catch (ConfigurationException cex) {
    assertEquals("Exception message is not as expected.", "Kafka's cluster resource can only have name " + Cluster.NAME, cex.getMessage());
  } catch (Exception ex) {
    fail("Configuration exception was expected for invalid Cluster name.");
  }
}
 

@Test
public void testOnlyHostResource() {
  KafkaPrivilegeValidator kafkaPrivilegeValidator = new KafkaPrivilegeValidator();
  try {
    kafkaPrivilegeValidator.validate(new PrivilegeValidatorContext("host=host1"));
  } catch (ConfigurationException ex) {
    Assert.assertEquals(KafkaPrivilegeValidator.KafkaPrivilegeHelpMsg, ex.getMessage());
  }
}
 

private void testHostResourceIsChecked(KafkaPrivilegeValidator kafkaPrivilegeValidator, String privilege) {
  try {
    kafkaPrivilegeValidator.validate(new PrivilegeValidatorContext(privilege));
    Assert.fail("Expected ConfigurationException");
  } catch (ConfigurationException ex) {
    Assert.assertEquals("Kafka privilege must begin with host authorizable.\n" + KafkaPrivilegeValidator.KafkaPrivilegeHelpMsg, ex.getMessage());
  }
}
 

@Test
public void testInvalidHostResource() throws Exception {
  KafkaPrivilegeValidator kafkaPrivilegeValidator = new KafkaPrivilegeValidator();
  try {
    kafkaPrivilegeValidator.validate(new PrivilegeValidatorContext("hhost=host1->cluster=kafka-cluster->action=read"));
    Assert.fail("Expected ConfigurationException");
  } catch (ConfigurationException ex) {
  }
}
 

@Test
public void testInvalidClusterResource() throws Exception {
  KafkaPrivilegeValidator kafkaPrivilegeValidator = new KafkaPrivilegeValidator();
  try {
    kafkaPrivilegeValidator.validate(new PrivilegeValidatorContext("host=host1->clluster=kafka-cluster->action=read"));
    Assert.fail("Expected ConfigurationException");
  } catch (ConfigurationException ex) {
  }
}
 

@Test
public void testInvalidTopicResource() throws Exception {
  KafkaPrivilegeValidator kafkaPrivilegeValidator = new KafkaPrivilegeValidator();
  try {
    kafkaPrivilegeValidator.validate(new PrivilegeValidatorContext("host=host1->ttopic=t1->action=read"));
    Assert.fail("Expected ConfigurationException");
  } catch (ConfigurationException ex) {
  }
}
 

@Test
public void testInvalidConsumerGroupResource() throws Exception {
  KafkaPrivilegeValidator kafkaPrivilegeValidator = new KafkaPrivilegeValidator();
  try {
    kafkaPrivilegeValidator.validate(new PrivilegeValidatorContext("host=host1->coonsumergroup=g1->action=read"));
    Assert.fail("Expected ConfigurationException");
  } catch (ConfigurationException ex) {
  }
}
 

@Test
public void testPrivilegeMustHaveExcatlyOneHost() {
  KafkaPrivilegeValidator kafkaPrivilegeValidator = new KafkaPrivilegeValidator();
  try {
    kafkaPrivilegeValidator.validate(new PrivilegeValidatorContext("host=host1->host=host2->action=read"));
    Assert.fail("Multiple Host resources are not allowed within a Kafka privilege.");
  } catch (ConfigurationException ex) {
    Assert.assertEquals("Host authorizable can be specified just once in a Kafka privilege.\n" + KafkaPrivilegeValidator.KafkaPrivilegeHelpMsg, ex.getMessage());
  }
}
 

@Test
public void testPrivilegeCanNotStartWithAction() {
  KafkaPrivilegeValidator kafkaPrivilegeValidator = new KafkaPrivilegeValidator();
  try {
    kafkaPrivilegeValidator.validate(new PrivilegeValidatorContext("action=write->host=host1->topic=t1"));
    Assert.fail("Kafka privilege can not start with an action.");
  } catch (ConfigurationException ex) {
    Assert.assertEquals("Kafka privilege can not start with an action.\n" + KafkaPrivilegeValidator.KafkaPrivilegeHelpMsg, ex.getMessage());
  }
}
 

@Test
public void testPrivilegeWithMoreParts() {
  KafkaPrivilegeValidator kafkaPrivilegeValidator = new KafkaPrivilegeValidator();
  try {
    kafkaPrivilegeValidator.validate(new PrivilegeValidatorContext("host=host1->topic=t1->consumergroup=cg1->action=read"));
    Assert.fail("Kafka privilege can have one Host authorizable, at most one non Host authorizable and one action.");
  } catch (ConfigurationException ex) {
    Assert.assertEquals(KafkaPrivilegeValidator.KafkaPrivilegeHelpMsg, ex.getMessage());
  }
}
 

@Test
public void testPrivilegeNotEndingWithAction() {
  KafkaPrivilegeValidator kafkaPrivilegeValidator = new KafkaPrivilegeValidator();
  try {
    kafkaPrivilegeValidator.validate(new PrivilegeValidatorContext("host=host1->topic=t1->consumergroup=cg1"));
    Assert.fail("Kafka privilege must end with a valid action.");
  } catch (ConfigurationException ex) {
    Assert.assertEquals("Kafka privilege must end with a valid action.\n" + KafkaPrivilegeValidator.KafkaPrivilegeHelpMsg, ex.getMessage());
  }
}
 

@Test
public void testPrivilegeNotEndingWithValidAction() {
  KafkaPrivilegeValidator kafkaPrivilegeValidator = new KafkaPrivilegeValidator();
  try {
    kafkaPrivilegeValidator.validate(new PrivilegeValidatorContext("host=host1->topic=t1->action=bla"));
    Assert.fail("Kafka privilege must end with a valid action.");
  } catch (ConfigurationException ex) {
    Assert.assertEquals("Kafka privilege must end with a valid action.\n" + KafkaPrivilegeValidator.KafkaPrivilegeHelpMsg, ex.getMessage());
  }
}
 

protected int toPort(Object mappedValue) {
	String[] ports = (String[]) mappedValue;
	if (ports == null || ports.length == 0) {
		return getPort();
	}
	if (ports.length > 1) {
		throw new ConfigurationException("PortFilter can only be configured with a single port.  You have " +
				"configured " + ports.length + ": " + StringUtils.toString(ports));
	}
	return Integer.parseInt(ports[0]);
}
 

/**
 * 返回配置文件流 避免ehcache配置文件一直被占用，无法完全销毁项目重新部署
 */
protected InputStream getCacheManagerConfigFileInputStream() {
    String configFile = "classpath:ehcache/ehcache-shiro.xml";
    try {
        @Cleanup InputStream inputStream = ResourceUtils.getInputStreamForPath(configFile);
        byte[] readBytes = IoUtil.readBytes(inputStream);
        InputStream in = new ByteArrayInputStream(readBytes);
        return in;
    } catch (IOException e) {
        throw new ConfigurationException(
                "Unable to obtain input stream for cacheManagerConfigFile [" + configFile + "]", e);
    }
}
 

@Override
protected void bindSecurityManager(AnnotatedBindingBuilder<? super SecurityManager> bind) {
	try {
		bind.toConstructor(DefaultSecurityManager.class.getConstructor(Collection.class)).asEagerSingleton();
  } catch (NoSuchMethodException e) {
      throw new ConfigurationException("This really shouldn't happen.  Either something has changed in Shiro, or there's a bug in " + ShiroModule.class.getSimpleName(), e);
  }
}
 

@Override
public void afterPropertiesSet() throws Exception {
	// Remove duplicate.
	if (!isEmpty(excludeValidUriPatterns)) {
		Collections2.disDupCollection(excludeValidUriPatterns);
	}

	// Check algorithm.
	try {
		DigestUtils2.getDigest(getSignatureAlg());
	} catch (Exception e) {
		if (e instanceof NoSuchAlgorithmException)
			throw new ConfigurationException("Replay attacks protect config error.", e);
		else
			throw e;
	}

	// Check termTimeMs.
	if (getTermTimeMs() < DEFAULT_REPLAY_TOKEN_TERM_TIME) {
		log.warn("Term time: {} of replay attack token signature is too short, It is recommended to set is > {}ms",
				getTermTimeMs(), DEFAULT_REPLAY_TOKEN_TERM_TIME);
	}

	// Check header name with cors allowed.
	corsConfig.assertCorsHeaders(singletonList(getReplayTokenHeaderName()));

}
 

/**
 * 返回配置文件流 避免ehcache配置文件一直被占用，无法完全销毁项目重新部署
 */
private InputStream getCacheManagerConfigFileInputStream(){
    String configFile = "classpath:ehcache/ehcache-shiro.xml";
    try(InputStream inputStream = ResourceUtils.getInputStreamForPath(configFile)){
        byte[] b = IOUtils.toByteArray(inputStream);
        return new ByteArrayInputStream(b);
    }catch (IOException e){
        throw new ConfigurationException(
                "Unable to obtain input stream for cacheManagerConfigFile [" + configFile + "]", e);
    }
}
 

/**
 * @return Public constructor with given parameterTypes; wraps checked exceptions
 */
private static <T> Constructor<T> ctor(final Class<T> clazz, final Class<?>... parameterTypes) {
  try {
    return clazz.getConstructor(parameterTypes);
  }
  catch (Exception e) {
    Throwables.throwIfUnchecked(e);
    throw new ConfigurationException(e);
  }
}