You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by ah...@apache.org on 2019/08/02 09:07:49 UTC
[isis] branch v2 updated: ISIS-2157 minor: code cleanup and
deduplication
This is an automated email from the ASF dual-hosted git repository.
ahuber pushed a commit to branch v2
in repository https://gitbox.apache.org/repos/asf/isis.git
The following commit(s) were added to refs/heads/v2 by this push:
new dadc9ce ISIS-2157 minor: code cleanup and deduplication
dadc9ce is described below
commit dadc9ce315ff3aa80214792a3e5d7a2e6d0b6063
Author: Andi Huber <ah...@apache.org>
AuthorDate: Fri Aug 2 11:07:40 2019 +0200
ISIS-2157 minor: code cleanup and deduplication
---
.../secman/shiro/IsisModuleSecurityRealm.java | 62 ++++++++++------------
1 file changed, 27 insertions(+), 35 deletions(-)
diff --git a/extensions/secman/realm-shiro/src/main/java/org/apache/isis/extensions/secman/shiro/IsisModuleSecurityRealm.java b/extensions/secman/realm-shiro/src/main/java/org/apache/isis/extensions/secman/shiro/IsisModuleSecurityRealm.java
index e18344a..8645a79 100644
--- a/extensions/secman/realm-shiro/src/main/java/org/apache/isis/extensions/secman/shiro/IsisModuleSecurityRealm.java
+++ b/extensions/secman/realm-shiro/src/main/java/org/apache/isis/extensions/secman/shiro/IsisModuleSecurityRealm.java
@@ -45,10 +45,15 @@ import org.apache.shiro.realm.AuthenticatingRealm;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
+import lombok.Getter;
+import lombok.Setter;
import lombok.val;
public class IsisModuleSecurityRealm extends AuthorizingRealm implements SecurityRealm {
+ @Getter @Setter private AuthenticatingRealm delegateAuthenticationRealm;
+ @Getter @Setter private boolean autoCreateUser = true;
+
/**
* Configures a {@link org.apache.shiro.authz.permission.PermissionResolver} that knows how to process the
* permission strings that are provided by Isis'
@@ -58,7 +63,6 @@ public class IsisModuleSecurityRealm extends AuthorizingRealm implements Securit
setPermissionResolver(new PermissionResolverForIsisShiroAuthorizor());
}
-
/**
* In order to provide an attacker with additional information, the exceptions thrown here deliberately have
* few (or no) details in their exception message. Similarly, the generic
@@ -79,7 +83,7 @@ public class IsisModuleSecurityRealm extends AuthorizingRealm implements Securit
// lookup from database, for roles/perms
val principal = lookupPrincipal_inApplicationUserRepository(username);
- val autoCreateUserWhenDelegatedAuthentication = hasDelegateAuthenticationRealm() && getAutoCreateUser();
+ val autoCreateUserWhenDelegatedAuthentication = hasDelegateAuthenticationRealm() && isAutoCreateUser();
if (principal == null && autoCreateUserWhenDelegatedAuthentication) {
// When using delegated authentication, desired behavior is to auto-create user accounts in the
// DB only if these do successfully authenticate with the delegated authentication mechanism,
@@ -94,8 +98,7 @@ public class IsisModuleSecurityRealm extends AuthorizingRealm implements Securit
}
if (principal == null) {
- // if no delegate authentication
- throw new CredentialsException("Unknown user/password combination");
+ throw credentialsException();
}
if (principal.isDisabled()) {
@@ -132,10 +135,24 @@ public class IsisModuleSecurityRealm extends AuthorizingRealm implements Securit
return urp;
}
+ @Override
+ public EnumSet<SecurityRealmCharacteristic> getCharacteristics() {
+ if(hasDelegateAuthenticationRealm()) {
+ return EnumSet.of(SecurityRealmCharacteristic.DELEGATING);
+ }
+ return EnumSet.noneOf(SecurityRealmCharacteristic.class);
+ }
+
+ // -- HELPER
+
private DisabledAccountException disabledAccountException(String username) {
return new DisabledAccountException(String.format("username='%s'", username));
}
+ private CredentialsException credentialsException() {
+ return new CredentialsException("Unknown user/password combination");
+ }
+
private void authenticateElseThrow_usingDelegatedMechanism(AuthenticationToken token) {
AuthenticationInfo delegateAccount = null;
try {
@@ -144,7 +161,7 @@ public class IsisModuleSecurityRealm extends AuthorizingRealm implements Securit
// fall through
}
if(delegateAccount == null) {
- throw new CredentialsException("Unknown user/password combination");
+ throw credentialsException();
}
}
@@ -195,28 +212,10 @@ public class IsisModuleSecurityRealm extends AuthorizingRealm implements Securit
});
}
- private AuthenticatingRealm delegateAuthenticationRealm;
- public AuthenticatingRealm getDelegateAuthenticationRealm() {
- return delegateAuthenticationRealm;
- }
- public void setDelegateAuthenticationRealm(AuthenticatingRealm delegateRealm) {
- this.delegateAuthenticationRealm = delegateRealm;
- }
-
- public boolean hasDelegateAuthenticationRealm() {
+ private boolean hasDelegateAuthenticationRealm() {
return delegateAuthenticationRealm != null;
}
-
- private boolean autoCreateUser = true;
-
- public boolean getAutoCreateUser() {
- return autoCreateUser;
- }
-
- public void setAutoCreateUser(boolean autoCreateUser) {
- this.autoCreateUser = autoCreateUser;
- }
-
+
<V> V execute(final Supplier<V> closure) {
return getSessionFactory().doInSession(
new Callable<V>() {
@@ -234,7 +233,9 @@ public class IsisModuleSecurityRealm extends AuthorizingRealm implements Securit
val txTemplate = IsisContext.createTransactionTemplate();
return txTemplate.execute(status->closure.get());
}
-
+
+ // -- DEPENDENCIES
+
protected PersistenceSession getPersistenceSession() {
return IsisContext.getPersistenceSession().orElse(null);
}
@@ -244,13 +245,4 @@ public class IsisModuleSecurityRealm extends AuthorizingRealm implements Securit
return IsisContext.getSessionFactory();
}
-
- @Override
- public EnumSet<SecurityRealmCharacteristic> getCharacteristics() {
- if(hasDelegateAuthenticationRealm()) {
- return EnumSet.of(SecurityRealmCharacteristic.DELEGATING);
- }
- return EnumSet.noneOf(SecurityRealmCharacteristic.class);
- }
-
}