You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by bd...@apache.org on 2018/04/02 22:38:46 UTC
[1/5] shiro git commit: Changes to configure realm
Repository: shiro
Updated Branches:
refs/heads/master f326fd381 -> ea92a76f6
Changes to configure realm
Project: http://git-wip-us.apache.org/repos/asf/shiro/repo
Commit: http://git-wip-us.apache.org/repos/asf/shiro/commit/523dd733
Tree: http://git-wip-us.apache.org/repos/asf/shiro/tree/523dd733
Diff: http://git-wip-us.apache.org/repos/asf/shiro/diff/523dd733
Branch: refs/heads/master
Commit: 523dd7335c49068f9cc4e5bff843f4eb41fbdaf5
Parents: f326fd3
Author: claude <cl...@claude-XPS-15-9560>
Authored: Tue Jan 9 10:28:57 2018 +0000
Committer: claude <cl...@claude-XPS-15-9560>
Committed: Tue Jan 9 10:28:57 2018 +0000
----------------------------------------------------------------------
.../permission/WildcardPermissionResolver.java | 29 ++++++-
.../org/apache/shiro/realm/text/IniRealm.java | 8 ++
.../realm/text/TextConfigurationRealm.java | 63 +++++++++++++-
.../realm/text/TextConfigurationRealmTest.java | 89 ++++++++++++++++++++
4 files changed, 187 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/shiro/blob/523dd733/core/src/main/java/org/apache/shiro/authz/permission/WildcardPermissionResolver.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/shiro/authz/permission/WildcardPermissionResolver.java b/core/src/main/java/org/apache/shiro/authz/permission/WildcardPermissionResolver.java
index b6af40e..3d6fd6a 100644
--- a/core/src/main/java/org/apache/shiro/authz/permission/WildcardPermissionResolver.java
+++ b/core/src/main/java/org/apache/shiro/authz/permission/WildcardPermissionResolver.java
@@ -28,8 +28,35 @@ import org.apache.shiro.authz.Permission;
* @since 0.9
*/
public class WildcardPermissionResolver implements PermissionResolver {
+ boolean caseSensitive;
+
+ /**
+ * Constructor to specify case sensitivity for the resolved premissions.
+ * @param caseSensitive true if permissions should be case sensitive.
+ */
+ public WildcardPermissionResolver(boolean caseSensitive) {
+ this.caseSensitive=caseSensitive;
+ }
+
+ /**
+ * Default constructor.
+ * Equivalent to calling WildcardPermissionResolver(false)
+ *
+ * @see WildcardPermissionResolver#WildcardPermissionResolver(boolean)
+ */
+ public WildcardPermissionResolver() {
+ this(false);
+ }
/**
+ * Return true if this resolver produces case sensitive permissions.
+ * @return true if this resolver produces case sensitive permissions.
+ */
+ public boolean isCaseSensitive() {
+ return caseSensitive;
+ }
+
+ /**
* Returns a new {@link WildcardPermission WildcardPermission} instance constructed based on the specified
* <tt>permissionString</tt>.
*
@@ -38,6 +65,6 @@ public class WildcardPermissionResolver implements PermissionResolver {
* <tt>permissionString</tt>
*/
public Permission resolvePermission(String permissionString) {
- return new WildcardPermission(permissionString);
+ return new WildcardPermission(permissionString, caseSensitive);
}
}
http://git-wip-us.apache.org/repos/asf/shiro/blob/523dd733/core/src/main/java/org/apache/shiro/realm/text/IniRealm.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/shiro/realm/text/IniRealm.java b/core/src/main/java/org/apache/shiro/realm/text/IniRealm.java
index 3a0540c..2d440c0 100644
--- a/core/src/main/java/org/apache/shiro/realm/text/IniRealm.java
+++ b/core/src/main/java/org/apache/shiro/realm/text/IniRealm.java
@@ -46,6 +46,7 @@ public class IniRealm extends TextConfigurationRealm {
public static final String USERS_SECTION_NAME = "users";
public static final String ROLES_SECTION_NAME = "roles";
+ public static final String ROLES_CONFIG_SECTION_NAME = "roles.config";
private static transient final Logger log = LoggerFactory.getLogger(IniRealm.class);
@@ -168,12 +169,19 @@ public class IniRealm extends TextConfigurationRealm {
processDefinitions(ini);
}
+
private void processDefinitions(Ini ini) {
if (CollectionUtils.isEmpty(ini)) {
log.warn("{} defined, but the ini instance is null or empty.", getClass().getSimpleName());
return;
}
+ Ini.Section rolesConfigSection = ini.getSection(ROLES_CONFIG_SECTION_NAME);
+ if (!CollectionUtils.isEmpty(rolesConfigSection)) {
+ log.debug("Discovered the [{}] section. Processing...", ROLES_CONFIG_SECTION_NAME);
+ processRoleConfigDefinitions(rolesConfigSection);
+ }
+
Ini.Section rolesSection = ini.getSection(ROLES_SECTION_NAME);
if (!CollectionUtils.isEmpty(rolesSection)) {
log.debug("Discovered the [{}] section. Processing...", ROLES_SECTION_NAME);
http://git-wip-us.apache.org/repos/asf/shiro/blob/523dd733/core/src/main/java/org/apache/shiro/realm/text/TextConfigurationRealm.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/shiro/realm/text/TextConfigurationRealm.java b/core/src/main/java/org/apache/shiro/realm/text/TextConfigurationRealm.java
index 2b9344d..d04e8b6 100644
--- a/core/src/main/java/org/apache/shiro/realm/text/TextConfigurationRealm.java
+++ b/core/src/main/java/org/apache/shiro/realm/text/TextConfigurationRealm.java
@@ -21,11 +21,15 @@ package org.apache.shiro.realm.text;
import org.apache.shiro.authc.SimpleAccount;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.SimpleRole;
+import org.apache.shiro.authz.permission.PermissionResolver;
+import org.apache.shiro.authz.permission.WildcardPermissionResolver;
import org.apache.shiro.config.ConfigurationException;
import org.apache.shiro.realm.SimpleAccountRealm;
import org.apache.shiro.util.PermissionUtils;
import org.apache.shiro.util.StringUtils;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.InvocationTargetException;
import java.text.ParseException;
import java.util.Collection;
import java.util.HashMap;
@@ -54,6 +58,7 @@ public class TextConfigurationRealm extends SimpleAccountRealm {
private volatile String userDefinitions;
private volatile String roleDefinitions;
+ private volatile String roleConfigDefinitions;
public TextConfigurationRealm() {
super();
@@ -98,7 +103,7 @@ public class TextConfigurationRealm extends SimpleAccountRealm {
public String getRoleDefinitions() {
return roleDefinitions;
}
-
+
/**
* Sets a newline (\n) delimited String that defines role-to-permission definitions.
* <p/>
@@ -124,9 +129,19 @@ public class TextConfigurationRealm extends SimpleAccountRealm {
public void setRoleDefinitions(String roleDefinitions) {
this.roleDefinitions = roleDefinitions;
}
+
+ public String getRoleConfigDefinitions() {
+ return roleConfigDefinitions;
+ }
+
+ public void setRoleConfigDefinitions(String roleConfigDefinitions)
+ {
+ this.roleConfigDefinitions = roleConfigDefinitions;
+ }
protected void processDefinitions() {
try {
+ processRoleConfigDefinitions();
processRoleDefinitions();
processUserDefinitions();
} catch (ParseException e) {
@@ -135,6 +150,51 @@ public class TextConfigurationRealm extends SimpleAccountRealm {
}
}
+ protected void processRoleConfigDefinitions() throws ParseException {
+ String roleConfigDefinitions = getRoleConfigDefinitions();
+ if (roleConfigDefinitions == null) {
+ return;
+ }
+ Map<String, String> roleConfigs = toMap(toLines(roleConfigDefinitions));
+ processRoleConfigDefinitions(roleConfigs);
+ }
+
+ protected void processRoleConfigDefinitions(Map<String, String> roleDefs) {
+ if (roleDefs == null || roleDefs.isEmpty()) {
+ return;
+ }
+ for (String cfgOption : roleDefs.keySet()) {
+ // use a no-arg permission resolver.
+ if (cfgOption.equals( "permissionsResolver" ))
+ {
+ try {
+ Class<?> clazz = Thread.currentThread().getContextClassLoader().loadClass( roleDefs.get(cfgOption) );
+ Constructor<?> c = clazz.getConstructor();
+ setPermissionResolver( (PermissionResolver) c.newInstance() );
+ } catch (ClassNotFoundException e) {
+ throw new IllegalArgumentException( String.format( "Unable to construct %s",roleDefs.get(cfgOption) ), e );
+ } catch (NoSuchMethodException e) {
+ throw new IllegalArgumentException( String.format( "Unable to construct %s",roleDefs.get(cfgOption) ), e );
+ } catch (SecurityException e) {
+ throw new IllegalArgumentException( String.format( "Unable to construct %s",roleDefs.get(cfgOption) ), e );
+ } catch (InstantiationException e) {
+ throw new IllegalArgumentException( String.format( "Unable to construct %s",roleDefs.get(cfgOption) ), e );
+ } catch (IllegalAccessException e) {
+ throw new IllegalArgumentException( String.format( "Unable to construct %s",roleDefs.get(cfgOption) ), e );
+ } catch (IllegalArgumentException e) {
+ throw new IllegalArgumentException( String.format( "Unable to construct %s",roleDefs.get(cfgOption) ), e );
+ } catch (InvocationTargetException e) {
+ throw new IllegalArgumentException( String.format( "Unable to construct %s",roleDefs.get(cfgOption) ), e );
+ }
+
+ }
+ if (cfgOption.equals( "caseSensitiveWildCardPermissions" ))
+ {
+ boolean b = Boolean.valueOf( roleDefs.get(cfgOption).trim() );
+ setPermissionResolver( new WildcardPermissionResolver( b ));
+ }
+ }
+ }
protected void processRoleDefinitions() throws ParseException {
String roleDefinitions = getRoleDefinitions();
if (roleDefinitions == null) {
@@ -144,6 +204,7 @@ public class TextConfigurationRealm extends SimpleAccountRealm {
processRoleDefinitions(roleDefs);
}
+
protected void processRoleDefinitions(Map<String, String> roleDefs) {
if (roleDefs == null || roleDefs.isEmpty()) {
return;
http://git-wip-us.apache.org/repos/asf/shiro/blob/523dd733/core/src/test/java/org/apache/shiro/realm/text/TextConfigurationRealmTest.java
----------------------------------------------------------------------
diff --git a/core/src/test/java/org/apache/shiro/realm/text/TextConfigurationRealmTest.java b/core/src/test/java/org/apache/shiro/realm/text/TextConfigurationRealmTest.java
index 4b0b8c2..6dae812 100644
--- a/core/src/test/java/org/apache/shiro/realm/text/TextConfigurationRealmTest.java
+++ b/core/src/test/java/org/apache/shiro/realm/text/TextConfigurationRealmTest.java
@@ -19,6 +19,9 @@
package org.apache.shiro.realm.text;
import org.apache.shiro.authz.AuthorizationException;
+import org.apache.shiro.authz.Permission;
+import org.apache.shiro.authz.permission.PermissionResolver;
+import org.apache.shiro.authz.permission.WildcardPermissionResolver;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.junit.Test;
@@ -247,6 +250,77 @@ public class TextConfigurationRealmTest {
assertTrue("account doesn't exist when it should", realm.accountExists("user1"));
testThread.test();
}
+
+ @Test
+ public void testProcessRoleConfigurationDefinitions_caseSensitive() throws InterruptedException {
+ realm = new TestRealm() {
+ public void test(Thread runnable) throws InterruptedException {
+// // While the realm's lock is held by this thread user definitions cannot be processed
+// // Obtain the realm's locks
+// USERS_LOCK.writeLock().lock();
+// try {
+ runnable.start();
+// Thread.sleep(500);
+// // No account until lock is released and user definitions are processed
+// assertFalse("account exists when it shouldn't", realm.accountExists("user1"));
+// } finally {
+// USERS_LOCK.writeLock().unlock();
+// }
+ }
+ };
+ TestThread testThread = new TestThread(new Runnable() {
+ public void run() {
+ try {
+ realm.processRoleConfigDefinitions();
+ } catch (ParseException e) {
+ fail("Unable to parse user definitions");
+ }
+ }
+ });
+ realm.setRoleConfigDefinitions( "caseSensitiveWildCardPermissions=true" );
+ Thread testTask = new Thread(testThread);
+ realm.test(testTask);
+ testTask.join(500);
+ PermissionResolver resolver = realm.getPermissionResolver();
+ assertTrue("Resolver does not implement WildCardPermissionsResolver", resolver instanceof WildcardPermissionResolver);
+ assertTrue("WildcardPermissionsResolver is not case sensitive", ((WildcardPermissionResolver) resolver).isCaseSensitive());
+ testThread.test();
+ }
+
+ @Test
+ public void testProcessRoleConfigurationDefinitions_PermissionResolver() throws InterruptedException {
+ realm = new TestRealm() {
+ public void test(Thread runnable) throws InterruptedException {
+// // While the realm's lock is held by this thread user definitions cannot be processed
+// // Obtain the realm's locks
+// USERS_LOCK.writeLock().lock();
+// try {
+ runnable.start();
+// Thread.sleep(500);
+// // No account until lock is released and user definitions are processed
+// assertFalse("account exists when it shouldn't", realm.accountExists("user1"));
+// } finally {
+// USERS_LOCK.writeLock().unlock();
+// }
+ }
+ };
+ TestThread testThread = new TestThread(new Runnable() {
+ public void run() {
+ try {
+ realm.processRoleConfigDefinitions();
+ } catch (ParseException e) {
+ fail("Unable to parse user definitions");
+ }
+ }
+ });
+ realm.setRoleConfigDefinitions( "permissionsResolver="+TestPermissionResolver.class.getName() );
+ Thread testTask = new Thread(testThread);
+ realm.test(testTask);
+ testTask.join(500);
+ PermissionResolver resolver = realm.getPermissionResolver();
+ assertTrue("Resolver is not instance of TestPermissionResolver", resolver instanceof TestPermissionResolver);
+ testThread.test();
+ }
/*
* A Class that captures a thread's assertion error.
@@ -279,4 +353,19 @@ public class TextConfigurationRealmTest {
private abstract class TestRealm extends TextConfigurationRealm {
abstract public void test(Thread runnable) throws InterruptedException;
}
+
+ /*
+ * Provides a class for permisison resolver replacement testing.
+ */
+ private static class TestPermissionResolver implements PermissionResolver {
+
+ public TestPermissionResolver() {}
+
+ @Override
+ public Permission resolvePermission(String permissionString) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ }
}
[2/5] shiro git commit: cleaned up documentation / removed unused code
Posted by bd...@apache.org.
cleaned up documentation / removed unused code
Project: http://git-wip-us.apache.org/repos/asf/shiro/repo
Commit: http://git-wip-us.apache.org/repos/asf/shiro/commit/f66ce5a7
Tree: http://git-wip-us.apache.org/repos/asf/shiro/tree/f66ce5a7
Diff: http://git-wip-us.apache.org/repos/asf/shiro/diff/f66ce5a7
Branch: refs/heads/master
Commit: f66ce5a7fb1e09eff256b266bd7890afa7444037
Parents: 523dd73
Author: claude <cl...@claude-XPS-15-9560>
Authored: Tue Jan 9 11:07:35 2018 +0000
Committer: claude <cl...@claude-XPS-15-9560>
Committed: Tue Jan 9 11:07:35 2018 +0000
----------------------------------------------------------------------
.../org/apache/shiro/realm/text/IniRealm.java | 7 ++++--
.../realm/text/TextConfigurationRealm.java | 21 ++++++++++++++++-
.../realm/text/TextConfigurationRealmTest.java | 24 ++------------------
3 files changed, 27 insertions(+), 25 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/shiro/blob/f66ce5a7/core/src/main/java/org/apache/shiro/realm/text/IniRealm.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/shiro/realm/text/IniRealm.java b/core/src/main/java/org/apache/shiro/realm/text/IniRealm.java
index 2d440c0..15773e7 100644
--- a/core/src/main/java/org/apache/shiro/realm/text/IniRealm.java
+++ b/core/src/main/java/org/apache/shiro/realm/text/IniRealm.java
@@ -29,11 +29,14 @@ import org.slf4j.LoggerFactory;
* {@link org.apache.shiro.authc.SimpleAccount SimpleAccount} instances based on
* {@link Ini} configuration.
* <p/>
- * This implementation looks for two {@link Ini.Section sections} in the {@code Ini} configuration:
+ * This implementation looks for three {@link Ini.Section sections} in the {@code Ini} configuration:
* <pre>
* [users]
* # One or more {@link org.apache.shiro.realm.text.TextConfigurationRealm#setUserDefinitions(String) user definitions}
* ...
+ * [roles_config]
+ * # One or more {@link org.apache.shiro.realm.text.TextConfigurationRealm#setRoleConfigDefinitions(String) role configuration definitions}
+ * ...
* [roles]
* # One or more {@link org.apache.shiro.realm.text.TextConfigurationRealm#setRoleDefinitions(String) role definitions}</pre>
* <p/>
@@ -46,7 +49,7 @@ public class IniRealm extends TextConfigurationRealm {
public static final String USERS_SECTION_NAME = "users";
public static final String ROLES_SECTION_NAME = "roles";
- public static final String ROLES_CONFIG_SECTION_NAME = "roles.config";
+ public static final String ROLES_CONFIG_SECTION_NAME = "roles_config";
private static transient final Logger log = LoggerFactory.getLogger(IniRealm.class);
http://git-wip-us.apache.org/repos/asf/shiro/blob/f66ce5a7/core/src/main/java/org/apache/shiro/realm/text/TextConfigurationRealm.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/shiro/realm/text/TextConfigurationRealm.java b/core/src/main/java/org/apache/shiro/realm/text/TextConfigurationRealm.java
index d04e8b6..c2ef3fe 100644
--- a/core/src/main/java/org/apache/shiro/realm/text/TextConfigurationRealm.java
+++ b/core/src/main/java/org/apache/shiro/realm/text/TextConfigurationRealm.java
@@ -134,6 +134,25 @@ public class TextConfigurationRealm extends SimpleAccountRealm {
return roleConfigDefinitions;
}
+ /**
+ * Sets a newline (\n) delimited String that defines role configuration definitions.
+ * <p/>
+ * <p>Each line in the string must be one of the following name value pairs:</p>
+ * <p/>
+ * <p><code><em>permissionResolver</em> = <em>PermissionResolverClass</em></code></p>
+ * <p/>
+ * <p>where <em>permissionsResolverClass</em> is the name of a class implementing PermissionResolver interface
+ * and that has a no-argument constructor. If not set the WildCardPermissionsResolver is used.</p>
+ * <p/>
+ *
+ * <p><code><em>caseSensitiveWildCardPermissions</em> = <em>true</em></code></p>
+ * <p/>
+ * <p>Sets the cases sensitive flag on the default WildCardPermissionsResolver. Using this paramter
+ * has the side effect of resetting the permissionsResolver to WildCardPermissionsResolver.
+ * <p/>
+ *
+ * @param roleConfigDefinitions the role configuration options to be parsed at initialization
+ */
public void setRoleConfigDefinitions(String roleConfigDefinitions)
{
this.roleConfigDefinitions = roleConfigDefinitions;
@@ -165,7 +184,7 @@ public class TextConfigurationRealm extends SimpleAccountRealm {
}
for (String cfgOption : roleDefs.keySet()) {
// use a no-arg permission resolver.
- if (cfgOption.equals( "permissionsResolver" ))
+ if (cfgOption.equals( "permissionResolver" ))
{
try {
Class<?> clazz = Thread.currentThread().getContextClassLoader().loadClass( roleDefs.get(cfgOption) );
http://git-wip-us.apache.org/repos/asf/shiro/blob/f66ce5a7/core/src/test/java/org/apache/shiro/realm/text/TextConfigurationRealmTest.java
----------------------------------------------------------------------
diff --git a/core/src/test/java/org/apache/shiro/realm/text/TextConfigurationRealmTest.java b/core/src/test/java/org/apache/shiro/realm/text/TextConfigurationRealmTest.java
index 6dae812..2a0892a 100644
--- a/core/src/test/java/org/apache/shiro/realm/text/TextConfigurationRealmTest.java
+++ b/core/src/test/java/org/apache/shiro/realm/text/TextConfigurationRealmTest.java
@@ -255,17 +255,7 @@ public class TextConfigurationRealmTest {
public void testProcessRoleConfigurationDefinitions_caseSensitive() throws InterruptedException {
realm = new TestRealm() {
public void test(Thread runnable) throws InterruptedException {
-// // While the realm's lock is held by this thread user definitions cannot be processed
-// // Obtain the realm's locks
-// USERS_LOCK.writeLock().lock();
-// try {
runnable.start();
-// Thread.sleep(500);
-// // No account until lock is released and user definitions are processed
-// assertFalse("account exists when it shouldn't", realm.accountExists("user1"));
-// } finally {
-// USERS_LOCK.writeLock().unlock();
-// }
}
};
TestThread testThread = new TestThread(new Runnable() {
@@ -291,17 +281,7 @@ public class TextConfigurationRealmTest {
public void testProcessRoleConfigurationDefinitions_PermissionResolver() throws InterruptedException {
realm = new TestRealm() {
public void test(Thread runnable) throws InterruptedException {
-// // While the realm's lock is held by this thread user definitions cannot be processed
-// // Obtain the realm's locks
-// USERS_LOCK.writeLock().lock();
-// try {
- runnable.start();
-// Thread.sleep(500);
-// // No account until lock is released and user definitions are processed
-// assertFalse("account exists when it shouldn't", realm.accountExists("user1"));
-// } finally {
-// USERS_LOCK.writeLock().unlock();
-// }
+ runnable.start();
}
};
TestThread testThread = new TestThread(new Runnable() {
@@ -313,7 +293,7 @@ public class TextConfigurationRealmTest {
}
}
});
- realm.setRoleConfigDefinitions( "permissionsResolver="+TestPermissionResolver.class.getName() );
+ realm.setRoleConfigDefinitions( "permissionResolver="+TestPermissionResolver.class.getName() );
Thread testTask = new Thread(testThread);
realm.test(testTask);
testTask.join(500);
[3/5] shiro git commit: revision of overly complex changes.
Posted by bd...@apache.org.
revision of overly complex changes.
Reverted the [role_config] options from text configuration and
associated testing.
Added ability to set the case sensitivity on WildcardPermissionsResolver
so that it can be set from the Shiro.ini [main] section.
Project: http://git-wip-us.apache.org/repos/asf/shiro/repo
Commit: http://git-wip-us.apache.org/repos/asf/shiro/commit/2f949c77
Tree: http://git-wip-us.apache.org/repos/asf/shiro/tree/2f949c77
Diff: http://git-wip-us.apache.org/repos/asf/shiro/diff/2f949c77
Branch: refs/heads/master
Commit: 2f949c779b1c68cd8ce7cfadaeb62e3b45ac00d3
Parents: f66ce5a
Author: claude <cl...@claude-XPS-15-9560>
Authored: Thu Jan 11 11:10:21 2018 +0000
Committer: claude <cl...@claude-XPS-15-9560>
Committed: Thu Jan 11 11:10:21 2018 +0000
----------------------------------------------------------------------
.../permission/WildcardPermissionResolver.java | 7 ++
.../org/apache/shiro/realm/text/IniRealm.java | 13 +---
.../realm/text/TextConfigurationRealm.java | 82 +-------------------
.../realm/text/TextConfigurationRealmTest.java | 69 ----------------
4 files changed, 9 insertions(+), 162 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/shiro/blob/2f949c77/core/src/main/java/org/apache/shiro/authz/permission/WildcardPermissionResolver.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/shiro/authz/permission/WildcardPermissionResolver.java b/core/src/main/java/org/apache/shiro/authz/permission/WildcardPermissionResolver.java
index 3d6fd6a..db0f8d2 100644
--- a/core/src/main/java/org/apache/shiro/authz/permission/WildcardPermissionResolver.java
+++ b/core/src/main/java/org/apache/shiro/authz/permission/WildcardPermissionResolver.java
@@ -49,6 +49,13 @@ public class WildcardPermissionResolver implements PermissionResolver {
}
/**
+ * Set the case sensitivity of the resolved Wildcard permissions.
+ * @param state the caseSensitive flag state for resolved permissions.
+ */
+ public void setCaseSensitive(boolean state) {
+ this.caseSensitive = state;
+ }
+ /**
* Return true if this resolver produces case sensitive permissions.
* @return true if this resolver produces case sensitive permissions.
*/
http://git-wip-us.apache.org/repos/asf/shiro/blob/2f949c77/core/src/main/java/org/apache/shiro/realm/text/IniRealm.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/shiro/realm/text/IniRealm.java b/core/src/main/java/org/apache/shiro/realm/text/IniRealm.java
index 15773e7..3a0540c 100644
--- a/core/src/main/java/org/apache/shiro/realm/text/IniRealm.java
+++ b/core/src/main/java/org/apache/shiro/realm/text/IniRealm.java
@@ -29,14 +29,11 @@ import org.slf4j.LoggerFactory;
* {@link org.apache.shiro.authc.SimpleAccount SimpleAccount} instances based on
* {@link Ini} configuration.
* <p/>
- * This implementation looks for three {@link Ini.Section sections} in the {@code Ini} configuration:
+ * This implementation looks for two {@link Ini.Section sections} in the {@code Ini} configuration:
* <pre>
* [users]
* # One or more {@link org.apache.shiro.realm.text.TextConfigurationRealm#setUserDefinitions(String) user definitions}
* ...
- * [roles_config]
- * # One or more {@link org.apache.shiro.realm.text.TextConfigurationRealm#setRoleConfigDefinitions(String) role configuration definitions}
- * ...
* [roles]
* # One or more {@link org.apache.shiro.realm.text.TextConfigurationRealm#setRoleDefinitions(String) role definitions}</pre>
* <p/>
@@ -49,7 +46,6 @@ public class IniRealm extends TextConfigurationRealm {
public static final String USERS_SECTION_NAME = "users";
public static final String ROLES_SECTION_NAME = "roles";
- public static final String ROLES_CONFIG_SECTION_NAME = "roles_config";
private static transient final Logger log = LoggerFactory.getLogger(IniRealm.class);
@@ -172,19 +168,12 @@ public class IniRealm extends TextConfigurationRealm {
processDefinitions(ini);
}
-
private void processDefinitions(Ini ini) {
if (CollectionUtils.isEmpty(ini)) {
log.warn("{} defined, but the ini instance is null or empty.", getClass().getSimpleName());
return;
}
- Ini.Section rolesConfigSection = ini.getSection(ROLES_CONFIG_SECTION_NAME);
- if (!CollectionUtils.isEmpty(rolesConfigSection)) {
- log.debug("Discovered the [{}] section. Processing...", ROLES_CONFIG_SECTION_NAME);
- processRoleConfigDefinitions(rolesConfigSection);
- }
-
Ini.Section rolesSection = ini.getSection(ROLES_SECTION_NAME);
if (!CollectionUtils.isEmpty(rolesSection)) {
log.debug("Discovered the [{}] section. Processing...", ROLES_SECTION_NAME);
http://git-wip-us.apache.org/repos/asf/shiro/blob/2f949c77/core/src/main/java/org/apache/shiro/realm/text/TextConfigurationRealm.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/shiro/realm/text/TextConfigurationRealm.java b/core/src/main/java/org/apache/shiro/realm/text/TextConfigurationRealm.java
index c2ef3fe..2b9344d 100644
--- a/core/src/main/java/org/apache/shiro/realm/text/TextConfigurationRealm.java
+++ b/core/src/main/java/org/apache/shiro/realm/text/TextConfigurationRealm.java
@@ -21,15 +21,11 @@ package org.apache.shiro.realm.text;
import org.apache.shiro.authc.SimpleAccount;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.SimpleRole;
-import org.apache.shiro.authz.permission.PermissionResolver;
-import org.apache.shiro.authz.permission.WildcardPermissionResolver;
import org.apache.shiro.config.ConfigurationException;
import org.apache.shiro.realm.SimpleAccountRealm;
import org.apache.shiro.util.PermissionUtils;
import org.apache.shiro.util.StringUtils;
-import java.lang.reflect.Constructor;
-import java.lang.reflect.InvocationTargetException;
import java.text.ParseException;
import java.util.Collection;
import java.util.HashMap;
@@ -58,7 +54,6 @@ public class TextConfigurationRealm extends SimpleAccountRealm {
private volatile String userDefinitions;
private volatile String roleDefinitions;
- private volatile String roleConfigDefinitions;
public TextConfigurationRealm() {
super();
@@ -103,7 +98,7 @@ public class TextConfigurationRealm extends SimpleAccountRealm {
public String getRoleDefinitions() {
return roleDefinitions;
}
-
+
/**
* Sets a newline (\n) delimited String that defines role-to-permission definitions.
* <p/>
@@ -129,38 +124,9 @@ public class TextConfigurationRealm extends SimpleAccountRealm {
public void setRoleDefinitions(String roleDefinitions) {
this.roleDefinitions = roleDefinitions;
}
-
- public String getRoleConfigDefinitions() {
- return roleConfigDefinitions;
- }
-
- /**
- * Sets a newline (\n) delimited String that defines role configuration definitions.
- * <p/>
- * <p>Each line in the string must be one of the following name value pairs:</p>
- * <p/>
- * <p><code><em>permissionResolver</em> = <em>PermissionResolverClass</em></code></p>
- * <p/>
- * <p>where <em>permissionsResolverClass</em> is the name of a class implementing PermissionResolver interface
- * and that has a no-argument constructor. If not set the WildCardPermissionsResolver is used.</p>
- * <p/>
- *
- * <p><code><em>caseSensitiveWildCardPermissions</em> = <em>true</em></code></p>
- * <p/>
- * <p>Sets the cases sensitive flag on the default WildCardPermissionsResolver. Using this paramter
- * has the side effect of resetting the permissionsResolver to WildCardPermissionsResolver.
- * <p/>
- *
- * @param roleConfigDefinitions the role configuration options to be parsed at initialization
- */
- public void setRoleConfigDefinitions(String roleConfigDefinitions)
- {
- this.roleConfigDefinitions = roleConfigDefinitions;
- }
protected void processDefinitions() {
try {
- processRoleConfigDefinitions();
processRoleDefinitions();
processUserDefinitions();
} catch (ParseException e) {
@@ -169,51 +135,6 @@ public class TextConfigurationRealm extends SimpleAccountRealm {
}
}
- protected void processRoleConfigDefinitions() throws ParseException {
- String roleConfigDefinitions = getRoleConfigDefinitions();
- if (roleConfigDefinitions == null) {
- return;
- }
- Map<String, String> roleConfigs = toMap(toLines(roleConfigDefinitions));
- processRoleConfigDefinitions(roleConfigs);
- }
-
- protected void processRoleConfigDefinitions(Map<String, String> roleDefs) {
- if (roleDefs == null || roleDefs.isEmpty()) {
- return;
- }
- for (String cfgOption : roleDefs.keySet()) {
- // use a no-arg permission resolver.
- if (cfgOption.equals( "permissionResolver" ))
- {
- try {
- Class<?> clazz = Thread.currentThread().getContextClassLoader().loadClass( roleDefs.get(cfgOption) );
- Constructor<?> c = clazz.getConstructor();
- setPermissionResolver( (PermissionResolver) c.newInstance() );
- } catch (ClassNotFoundException e) {
- throw new IllegalArgumentException( String.format( "Unable to construct %s",roleDefs.get(cfgOption) ), e );
- } catch (NoSuchMethodException e) {
- throw new IllegalArgumentException( String.format( "Unable to construct %s",roleDefs.get(cfgOption) ), e );
- } catch (SecurityException e) {
- throw new IllegalArgumentException( String.format( "Unable to construct %s",roleDefs.get(cfgOption) ), e );
- } catch (InstantiationException e) {
- throw new IllegalArgumentException( String.format( "Unable to construct %s",roleDefs.get(cfgOption) ), e );
- } catch (IllegalAccessException e) {
- throw new IllegalArgumentException( String.format( "Unable to construct %s",roleDefs.get(cfgOption) ), e );
- } catch (IllegalArgumentException e) {
- throw new IllegalArgumentException( String.format( "Unable to construct %s",roleDefs.get(cfgOption) ), e );
- } catch (InvocationTargetException e) {
- throw new IllegalArgumentException( String.format( "Unable to construct %s",roleDefs.get(cfgOption) ), e );
- }
-
- }
- if (cfgOption.equals( "caseSensitiveWildCardPermissions" ))
- {
- boolean b = Boolean.valueOf( roleDefs.get(cfgOption).trim() );
- setPermissionResolver( new WildcardPermissionResolver( b ));
- }
- }
- }
protected void processRoleDefinitions() throws ParseException {
String roleDefinitions = getRoleDefinitions();
if (roleDefinitions == null) {
@@ -223,7 +144,6 @@ public class TextConfigurationRealm extends SimpleAccountRealm {
processRoleDefinitions(roleDefs);
}
-
protected void processRoleDefinitions(Map<String, String> roleDefs) {
if (roleDefs == null || roleDefs.isEmpty()) {
return;
http://git-wip-us.apache.org/repos/asf/shiro/blob/2f949c77/core/src/test/java/org/apache/shiro/realm/text/TextConfigurationRealmTest.java
----------------------------------------------------------------------
diff --git a/core/src/test/java/org/apache/shiro/realm/text/TextConfigurationRealmTest.java b/core/src/test/java/org/apache/shiro/realm/text/TextConfigurationRealmTest.java
index 2a0892a..4b0b8c2 100644
--- a/core/src/test/java/org/apache/shiro/realm/text/TextConfigurationRealmTest.java
+++ b/core/src/test/java/org/apache/shiro/realm/text/TextConfigurationRealmTest.java
@@ -19,9 +19,6 @@
package org.apache.shiro.realm.text;
import org.apache.shiro.authz.AuthorizationException;
-import org.apache.shiro.authz.Permission;
-import org.apache.shiro.authz.permission.PermissionResolver;
-import org.apache.shiro.authz.permission.WildcardPermissionResolver;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.junit.Test;
@@ -250,57 +247,6 @@ public class TextConfigurationRealmTest {
assertTrue("account doesn't exist when it should", realm.accountExists("user1"));
testThread.test();
}
-
- @Test
- public void testProcessRoleConfigurationDefinitions_caseSensitive() throws InterruptedException {
- realm = new TestRealm() {
- public void test(Thread runnable) throws InterruptedException {
- runnable.start();
- }
- };
- TestThread testThread = new TestThread(new Runnable() {
- public void run() {
- try {
- realm.processRoleConfigDefinitions();
- } catch (ParseException e) {
- fail("Unable to parse user definitions");
- }
- }
- });
- realm.setRoleConfigDefinitions( "caseSensitiveWildCardPermissions=true" );
- Thread testTask = new Thread(testThread);
- realm.test(testTask);
- testTask.join(500);
- PermissionResolver resolver = realm.getPermissionResolver();
- assertTrue("Resolver does not implement WildCardPermissionsResolver", resolver instanceof WildcardPermissionResolver);
- assertTrue("WildcardPermissionsResolver is not case sensitive", ((WildcardPermissionResolver) resolver).isCaseSensitive());
- testThread.test();
- }
-
- @Test
- public void testProcessRoleConfigurationDefinitions_PermissionResolver() throws InterruptedException {
- realm = new TestRealm() {
- public void test(Thread runnable) throws InterruptedException {
- runnable.start();
- }
- };
- TestThread testThread = new TestThread(new Runnable() {
- public void run() {
- try {
- realm.processRoleConfigDefinitions();
- } catch (ParseException e) {
- fail("Unable to parse user definitions");
- }
- }
- });
- realm.setRoleConfigDefinitions( "permissionResolver="+TestPermissionResolver.class.getName() );
- Thread testTask = new Thread(testThread);
- realm.test(testTask);
- testTask.join(500);
- PermissionResolver resolver = realm.getPermissionResolver();
- assertTrue("Resolver is not instance of TestPermissionResolver", resolver instanceof TestPermissionResolver);
- testThread.test();
- }
/*
* A Class that captures a thread's assertion error.
@@ -333,19 +279,4 @@ public class TextConfigurationRealmTest {
private abstract class TestRealm extends TextConfigurationRealm {
abstract public void test(Thread runnable) throws InterruptedException;
}
-
- /*
- * Provides a class for permisison resolver replacement testing.
- */
- private static class TestPermissionResolver implements PermissionResolver {
-
- public TestPermissionResolver() {}
-
- @Override
- public Permission resolvePermission(String permissionString) {
- // TODO Auto-generated method stub
- return null;
- }
-
- }
}
[5/5] shiro git commit: Switch to using DEFAULT_CASE_SENSITIVE in
WildcardPermissionResolver default constructor
Posted by bd...@apache.org.
Switch to using DEFAULT_CASE_SENSITIVE in WildcardPermissionResolver default constructor
Fixes: #77
Project: http://git-wip-us.apache.org/repos/asf/shiro/repo
Commit: http://git-wip-us.apache.org/repos/asf/shiro/commit/ea92a76f
Tree: http://git-wip-us.apache.org/repos/asf/shiro/tree/ea92a76f
Diff: http://git-wip-us.apache.org/repos/asf/shiro/diff/ea92a76f
Branch: refs/heads/master
Commit: ea92a76f6330a7398eaa2e8d3f0682d7fccba9ac
Parents: 3ac4c0c
Author: Brian Demers <bd...@apache.org>
Authored: Mon Apr 2 18:38:03 2018 -0400
Committer: Brian Demers <bd...@apache.org>
Committed: Mon Apr 2 18:38:03 2018 -0400
----------------------------------------------------------------------
.../apache/shiro/authz/permission/WildcardPermissionResolver.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/shiro/blob/ea92a76f/core/src/main/java/org/apache/shiro/authz/permission/WildcardPermissionResolver.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/shiro/authz/permission/WildcardPermissionResolver.java b/core/src/main/java/org/apache/shiro/authz/permission/WildcardPermissionResolver.java
index db0f8d2..0822735 100644
--- a/core/src/main/java/org/apache/shiro/authz/permission/WildcardPermissionResolver.java
+++ b/core/src/main/java/org/apache/shiro/authz/permission/WildcardPermissionResolver.java
@@ -45,7 +45,7 @@ public class WildcardPermissionResolver implements PermissionResolver {
* @see WildcardPermissionResolver#WildcardPermissionResolver(boolean)
*/
public WildcardPermissionResolver() {
- this(false);
+ this(WildcardPermission.DEFAULT_CASE_SENSITIVE);
}
/**
[4/5] shiro git commit: added test cases
Posted by bd...@apache.org.
added test cases
Project: http://git-wip-us.apache.org/repos/asf/shiro/repo
Commit: http://git-wip-us.apache.org/repos/asf/shiro/commit/3ac4c0c2
Tree: http://git-wip-us.apache.org/repos/asf/shiro/tree/3ac4c0c2
Diff: http://git-wip-us.apache.org/repos/asf/shiro/diff/3ac4c0c2
Branch: refs/heads/master
Commit: 3ac4c0c2c0a91824c9694253c0653cc5e406d9e6
Parents: 2f949c7
Author: claude <cl...@claude-XPS-15-9560>
Authored: Tue Jan 23 10:31:30 2018 +0000
Committer: claude <cl...@claude-XPS-15-9560>
Committed: Tue Jan 23 10:31:30 2018 +0000
----------------------------------------------------------------------
.../WildcardPermissionResolverTest.java | 57 ++++++++++++++++++++
1 file changed, 57 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/shiro/blob/3ac4c0c2/core/src/test/java/org/apache/shiro/authz/permission/WildcardPermissionResolverTest.java
----------------------------------------------------------------------
diff --git a/core/src/test/java/org/apache/shiro/authz/permission/WildcardPermissionResolverTest.java b/core/src/test/java/org/apache/shiro/authz/permission/WildcardPermissionResolverTest.java
new file mode 100644
index 0000000..551512e
--- /dev/null
+++ b/core/src/test/java/org/apache/shiro/authz/permission/WildcardPermissionResolverTest.java
@@ -0,0 +1,57 @@
+package org.apache.shiro.authz.permission;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import javax.naming.spi.Resolver;
+
+import org.junit.Test;
+
+public class WildcardPermissionResolverTest {
+
+ @Test
+ public void testDefaultIsNonCaseSensitive()
+ {
+ WildcardPermissionResolver resolver = new WildcardPermissionResolver();
+ assertFalse( "Default sensitivity should be false", resolver.isCaseSensitive());
+ /* this is a round-about test as permissions don't store case sensitivity just lower case
+ the string. */
+ WildcardPermission permission = (WildcardPermission) resolver.resolvePermission( "Foo:*" );
+ assertEquals( "string should be lowercase", "foo:*", permission.toString());
+ }
+
+ @Test
+ public void testCaseSensitive()
+ {
+ WildcardPermissionResolver resolver = new WildcardPermissionResolver(true);
+ assertTrue( "Sensitivity should be true", resolver.isCaseSensitive());
+ /* this is a round-about test as permissions don't store case sensitivity just lower case
+ the string. */
+ WildcardPermission permission = (WildcardPermission) resolver.resolvePermission( "Foo:*" );
+ assertEquals( "string should be mixed case", "Foo:*", permission.toString());
+ }
+
+ @Test
+ public void testCaseInsensitive()
+ {
+ WildcardPermissionResolver resolver = new WildcardPermissionResolver(false);
+ assertFalse( "Sensitivity should be false", resolver.isCaseSensitive());
+ /* this is a round-about test as permissions don't store case sensitivity just lower case
+ the string. */
+ WildcardPermission permission = (WildcardPermission) resolver.resolvePermission( "Foo:*" );
+ assertEquals( "string should be lowercase", "foo:*", permission.toString());
+ }
+
+ @Test
+ public void testCaseSensitiveToggle()
+ {
+ WildcardPermissionResolver resolver = new WildcardPermissionResolver();
+ assertFalse( "Default sensitivity should be false", resolver.isCaseSensitive());
+ resolver.setCaseSensitive( true );
+ assertTrue( "Sensitivity should be true", resolver.isCaseSensitive());
+ resolver.setCaseSensitive( false );
+ assertFalse( "Sensitivity should be false", resolver.isCaseSensitive());
+ }
+
+}