org.apache.shiro.web.mgt.WebSecurityManager Java Examples

The following examples show how to use org.apache.shiro.web.mgt.WebSecurityManager. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ShiroBundle.java    From dropwizard-shiro with Apache License 2.0 6 votes vote down vote up
/**
 * Create the Shiro filter. Overriding this method allows for complete customization of how Shiro is initialized.
 */
protected Filter createFilter(final T configuration) {
    ShiroConfiguration shiroConfig = narrow(configuration);
    final IniWebEnvironment shiroEnv = new IniWebEnvironment();
    shiroEnv.setConfigLocations(shiroConfig.iniConfigs());
    shiroEnv.init();

    AbstractShiroFilter shiroFilter = new AbstractShiroFilter() {
        @Override
        public void init() throws Exception {
            Collection<Realm> realms = createRealms(configuration);
            WebSecurityManager securityManager = realms.isEmpty()
                    ? shiroEnv.getWebSecurityManager()
                    : new DefaultWebSecurityManager(realms);
            setSecurityManager(securityManager);
            setFilterChainResolver(shiroEnv.getFilterChainResolver());
        }
    };
    return shiroFilter;
}
 
Example #2
Source File: ShiroBundle.java    From dropwizard-shiro with Apache License 2.0 6 votes vote down vote up
/**
 * Create the Shiro filter. Overriding this method allows for complete customization of how Shiro is initialized.
 */
protected Filter createFilter(final T configuration) {
    ShiroConfiguration shiroConfig = narrow(configuration);
    final IniWebEnvironment shiroEnv = new IniWebEnvironment();
    shiroEnv.setConfigLocations(shiroConfig.iniConfigs());
    shiroEnv.init();

    AbstractShiroFilter shiroFilter = new AbstractShiroFilter() {
        @Override
        public void init() throws Exception {
            Collection<Realm> realms = createRealms(configuration);
            WebSecurityManager securityManager = realms.isEmpty()
                    ? shiroEnv.getWebSecurityManager()
                    : new DefaultWebSecurityManager(realms);
            setSecurityManager(securityManager);
            setFilterChainResolver(shiroEnv.getFilterChainResolver());
        }
    };
    return shiroFilter;
}
 
Example #3
Source File: SecurityModule.java    From tapestry-security with Apache License 2.0 6 votes vote down vote up
public static void bind(final ServiceBinder binder) {
		binder.bind(WebSecurityManager.class, TapestryRealmSecurityManager.class);
		// TYNAMO-155 It's not enough to identify ModularRealmAuthenticator by it's Authenticator interface only
		// because Shiro tests if the object is an instanceof LogoutAware to call logout handlers
		binder.bind(ModularRealmAuthenticator.class);
		binder.bind(SubjectFactory.class, DefaultWebSubjectFactory.class);
		binder.bind(HttpServletRequestFilter.class, SecurityConfiguration.class).withId("SecurityConfiguration").withMarker(Security.class);
		binder.bind(ClassInterceptorsCache.class, ClassInterceptorsCacheImpl.class);
		binder.bind(SecurityService.class, SecurityServiceImpl.class);
		binder.bind(SecurityFilterChainFactory.class, SecurityFilterChainFactoryImpl.class);
		binder.bind(ComponentRequestFilter.class, SecurityComponentRequestFilter.class);
		binder.bind(SecurityFilterChainHub.class, SecurityFilterChainHubImpl.class);
//		binder.bind(ShiroExceptionHandler.class);
		binder.bind(LoginContextService.class, LoginContextServiceImpl.class);
		binder.bind(Serializer.class, SimplePrincipalSerializer.class);
	}
 
Example #4
Source File: CoreModule.java    From onedev with MIT License 6 votes vote down vote up
private void configureSecurity() {
	contributeFromPackage(Realm.class, AbstractAuthorizingRealm.class);
	
	bind(RememberMeManager.class).to(OneRememberMeManager.class);
	bind(WebSecurityManager.class).to(OneWebSecurityManager.class);
	bind(FilterChainResolver.class).to(OneFilterChainResolver.class);
	bind(BasicAuthenticationFilter.class);
	bind(BearerAuthenticationFilter.class);
	bind(PasswordService.class).to(OnePasswordService.class);
	bind(ShiroFilter.class);
	install(new ShiroAopModule());
       contribute(FilterChainConfigurator.class, new FilterChainConfigurator() {

           @Override
           public void configure(FilterChainManager filterChainManager) {
               filterChainManager.createChain("/**/info/refs", "noSessionCreation, authcBasic, authcBearer");
               filterChainManager.createChain("/**/git-upload-pack", "noSessionCreation, authcBasic, authcBearer");
               filterChainManager.createChain("/**/git-receive-pack", "noSessionCreation, authcBasic, authcBearer");
           }
           
       });
       contributeFromPackage(Authenticator.class, Authenticator.class);
}
 
Example #5
Source File: MyShiroFilterFactoryBean.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
@Override
protected AbstractShiroFilter createInstance() throws Exception {
	SecurityManager securityManager = getSecurityManager();
	if (securityManager == null){
		throw new BeanInitializationException("SecurityManager property must be set.");
	}

	if (!(securityManager instanceof WebSecurityManager)){
		throw new BeanInitializationException("The security manager does not implement the WebSecurityManager interface.");
	}

	PathMatchingFilterChainResolver chainResolver = new PathMatchingFilterChainResolver();
	FilterChainManager chainManager = createFilterChainManager();
	chainResolver.setFilterChainManager(chainManager);
	return new MySpringShiroFilter((WebSecurityManager)securityManager, chainResolver);
}
 
Example #6
Source File: RestShiroFilterFactoryBean.java    From bootshiro with MIT License 6 votes vote down vote up
@Override
protected AbstractShiroFilter createInstance() throws Exception {
    LOGGER.debug("Creating Shiro Filter instance.");
    SecurityManager securityManager = this.getSecurityManager();
    String msg;
    if (securityManager == null) {
        msg = "SecurityManager property must be set.";
        throw new BeanInitializationException(msg);
    } else if (!(securityManager instanceof WebSecurityManager)) {
        msg = "The security manager does not implement the WebSecurityManager interface.";
        throw new BeanInitializationException(msg);
    } else {
        FilterChainManager manager = this.createFilterChainManager();
        RestPathMatchingFilterChainResolver chainResolver = new RestPathMatchingFilterChainResolver();
        chainResolver.setFilterChainManager(manager);
        return new RestShiroFilterFactoryBean.SpringShiroFilter((WebSecurityManager)securityManager, chainResolver);
    }
}
 
Example #7
Source File: MyShiroFilterFactoryBean.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
public MySpringShiroFilter(
		WebSecurityManager securityManager, PathMatchingFilterChainResolver chainResolver) {
	super();
	if (securityManager == null){
		throw new IllegalArgumentException("WebSecurityManager property cannot be null.");
	}
	setSecurityManager(securityManager);
	if (chainResolver != null){
		setFilterChainResolver(chainResolver);
	}
}
 
Example #8
Source File: SecurityConfiguration.java    From tapestry-security with Apache License 2.0 5 votes vote down vote up
public SecurityConfiguration(ApplicationGlobals applicationGlobals, RequestGlobals requestGlobals,
							 final WebSecurityManager securityManager, LoginContextService loginContextService,
							 final List<SecurityFilterChain> chains,
							 final SecurityFilterChainHub securityFilterChainHub) {

	this.securityManager = securityManager;
	this.loginContextService = loginContextService;
	this.securityFilterChainHub = securityFilterChainHub;
	this.servletContext = applicationGlobals.getServletContext();
	this.requestGlobals = requestGlobals;
	this.chains = chains;
}
 
Example #9
Source File: SecurityFilter.java    From nexus-public with Eclipse Public License 1.0 5 votes vote down vote up
@Inject
public SecurityFilter(final WebSecurityManager webSecurityManager,
                      final FilterChainResolver filterChainResolver)
{
  checkNotNull(webSecurityManager);
  log.trace("Security manager: {}", webSecurityManager);
  setSecurityManager(webSecurityManager);

  checkNotNull(filterChainResolver);
  log.trace("Filter chain resolver: {}", filterChainResolver);
  setFilterChainResolver(filterChainResolver);
}
 
Example #10
Source File: WebSecurityModule.java    From nexus-public with Eclipse Public License 1.0 5 votes vote down vote up
@Override
protected void bindWebSecurityManager(final AnnotatedBindingBuilder<? super WebSecurityManager> bind) {
  bind(NexusWebSecurityManager.class).asEagerSingleton();

  // bind RealmSecurityManager and WebSecurityManager to _same_ component
  bind(RealmSecurityManager.class).to(NexusWebSecurityManager.class);
  bind.to(NexusWebSecurityManager.class);

  // bindings used by external modules
  expose(RealmSecurityManager.class);
  expose(WebSecurityManager.class);
}
 
Example #11
Source File: RestShiroFilterFactoryBean.java    From Shiro-Action with MIT License 5 votes vote down vote up
protected SpringShiroFilter(WebSecurityManager webSecurityManager, FilterChainResolver resolver) {
    super();
    if (webSecurityManager == null) {
        throw new IllegalArgumentException("WebSecurityManager property cannot be null.");
    }
    setSecurityManager(webSecurityManager);
    if (resolver != null) {
        setFilterChainResolver(resolver);
    }
}
 
Example #12
Source File: IamShiroFilterFactoryBean.java    From super-cloudops with Apache License 2.0 5 votes vote down vote up
protected IamSpringShiroFilter(WebSecurityManager webSecurityManager, FilterChainResolver resolver) {
	if (webSecurityManager == null) {
		throw new IllegalArgumentException("WebSecurityManager property cannot be null.");
	}
	setSecurityManager(webSecurityManager);
	if (resolver != null) {
		setFilterChainResolver(resolver);
	}
}
 
Example #13
Source File: RestShiroFilterFactoryBean.java    From bootshiro with MIT License 5 votes vote down vote up
protected SpringShiroFilter(WebSecurityManager webSecurityManager, FilterChainResolver resolver) {
    if (webSecurityManager == null) {
        throw new IllegalArgumentException("WebSecurityManager property cannot be null.");
    } else {
        this.setSecurityManager(webSecurityManager);
        if (resolver != null) {
            this.setFilterChainResolver(resolver);
        }

    }
}
 
Example #14
Source File: SecurityFilterModule.java    From nexus-public with Eclipse Public License 1.0 4 votes vote down vote up
@Override
protected void configure() {
  requireBinding(WebSecurityManager.class);
  requireBinding(FilterChainResolver.class);
}
 
Example #15
Source File: OneWebEnvironment.java    From onedev with MIT License 4 votes vote down vote up
@Override
public void init() throws ShiroException {
	setWebSecurityManager(OneDev.getInstance(WebSecurityManager.class));
	setFilterChainResolver(OneDev.getInstance(FilterChainResolver.class));
}
 
Example #16
Source File: AppModule.java    From tapestry-security with Apache License 2.0 4 votes vote down vote up
@Contribute(HttpServletRequestFilter.class)
	@Security
	public static void setupSecurity(OrderedConfiguration<SecurityFilterChain> configuration,
			SecurityFilterChainFactory factory, WebSecurityManager securityManager) {
//		if (securityManager instanceof DefaultSecurityManager) {
//			DefaultSecurityManager defaultManager = (DefaultSecurityManager) securityManager;
//
//			// BlowfishCipher cipher = new BlowfishCipher();
//			// defaultManager.setRememberMeCipherKey(cipher.getKey().getEncoded());
//			// defaultManager.setRememberMeCipher(cipher);
//			ServletContainerSessionManager sessionManager = new ServletContainerSessionManager();
//			defaultManager.setSessionManager(sessionManager);
//			defaultManager.setSubjectFactory(subjectFactory);
//		}

//		/authc/signup = anon
//		/authc/** = authc
//
//		/user/signup = anon
//		/user/** = user
//		/roles/user/** = roles[user]
//		/roles/manager/** = roles[manager]
//		/perms/view/** = perms[news:view]
//		/perms/edit/** = perms[news:edit]

		configuration.add("authc_signup", factory.createChain("/authc/signup").add(factory.anon()).build());
		configuration.add("authc", factory.createChain("/authc/**").add(factory.authc()).build());
		configuration.add("partlyauthc", factory.createChain("/partlyauthc/**").add(factory.anon()).build());
		configuration.add("contributed", factory.createChain("/contributed/**").add(factory.authc()).build());
		configuration.add("user_signup", factory.createChain("/user/signup").add(factory.anon()).build());
		configuration.add("user", factory.createChain("/user/**").add(factory.user()).build());
		configuration.add("roles_user", factory.createChain("/roles/user/**").add(factory.roles(), "user").build());
		configuration.add("roles_manager", factory.createChain("/roles/manager/**").add(factory.roles(), "manager").build());
		configuration.add("perms_view", factory.createChain("/perms/view/**").add(factory.perms(), "news:view").build());
		configuration.add("perms_edit", factory.createChain("/perms/edit/**").add(factory.perms(), "news:edit").build());

		configuration.add("ports_ssl", factory.createChain("/ports/ssl").add(factory.ssl()).build());
		configuration.add("ports_inuse", factory.createChain("/ports/portinuse").add(factory.port(), String.valueOf(TapestrySecurityIntegrationTest.port)).build());
		configuration.add("ports_9000", factory.createChain("/ports/port9090").add(factory.port(), "9090").build());

		configuration.add("hidden", factory.createChain("/hidden/**").add(factory.notfound()).build());
	}
 
Example #17
Source File: SecurityUtils.java    From onedev with MIT License 4 votes vote down vote up
public static Subject asSubject(Long userId) {
	WebSecurityManager securityManager = AppLoader.getInstance(WebSecurityManager.class);
    return new Subject.Builder(securityManager).principals(asPrincipal(userId)).buildSubject();
}