You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Les Hazlewood <lh...@apache.org> on 2009/10/28 23:04:13 UTC
Re: [grails-user] Shiro Subject Builder use in grails bootstrap
Hi Scott,
Yep, this is a new feature available in Shiro 1.0. In an effort to
create good documentation (and so I don't get lazy and rely on
archived mailing lists as documentation - yuck!), I've documented this
extensively here:
http://cwiki.apache.org/confluence/display/SHIRO/Subject
Please feel free to offer suggestions or ask questions.
Cheers,
Les
On Wed, Oct 28, 2009 at 2:48 PM, Peter Ledbrook <pe...@cacoethes.co.uk> wrote:
>> Here is the thread I am referring to
>>
>> http://www.nabble.com/BootStrapping-a-class-that-requires-a-Session-for-beforeInsert-to-work-td25788207.html
>
> It's javadoced well, but the docs aren't online yet as far as I can
> tell. If you can read native javadoc format:
>
> http://svn.apache.org/repos/asf/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/subject/Subject.java
>
> Otherwise, I'll leave it to Les to answer this one (I've never used
> Subject.Builder).
>
> Cheers,
>
> Peter
Re: [grails-user] Shiro Subject Builder use in grails bootstrap
Posted by Les Hazlewood <lh...@apache.org>.
No worries Scott - glad to help. This thread could help other people,
so it's a good thing we went through it ;)
Cheers,
Les
On Thu, Oct 29, 2009 at 1:15 PM, Scott Ryan <sr...@gmail.com> wrote:
> That did the trick.
>
> I removed the ThreadState stuff and ran the code inside the subject with a
> closure and it seemed to work. i have another issue but that is most likely
> something else. My creates work but updates do not.
>
> Too many frameworks to understand lol. I am getting there.
>
> I am so sorry this has been such an ordeal. I do appreciate your patience
> with me. I think this is a good final solution.
>
> Thanks again for all the help. Now on to multi-tenant with Shiro.
>
>
> Scott Ryan
> President/CTO
> Soaring Eagle L.L.C.
> scott@theryansplace.com
> (303) 263-3044
>
> On Oct 29, 2009, at 10:52 AM, Peter Ledbrook wrote:
>
>>> Just a note - you should not use the ThreadState stuff as shown in
>>> your code sample. Instead use my example that executes a Runnable and
>>> calls the 'doBootstrap' method (that you implement).
>>
>> As an FYI, closures implement Runnable, so you can replace the
>> anonymous class with a closure in BootStrap.groovy.
>>
>> Cheers,
>>
>> Peter
>
>
Re: [grails-user] Shiro Subject Builder use in grails bootstrap
Posted by Les Hazlewood <lh...@apache.org>.
Nice! Thanks for the tip Peter.
On Thu, Oct 29, 2009 at 12:52 PM, Peter Ledbrook <pe...@cacoethes.co.uk> wrote:
>> Just a note - you should not use the ThreadState stuff as shown in
>> your code sample. Instead use my example that executes a Runnable and
>> calls the 'doBootstrap' method (that you implement).
>
> As an FYI, closures implement Runnable, so you can replace the
> anonymous class with a closure in BootStrap.groovy.
>
> Cheers,
>
> Peter
>
Re: [grails-user] Shiro Subject Builder use in grails bootstrap
Posted by Scott Ryan <sr...@gmail.com>.
That did the trick.
I removed the ThreadState stuff and ran the code inside the subject
with a closure and it seemed to work. i have another issue but that
is most likely something else. My creates work but updates do not.
Too many frameworks to understand lol. I am getting there.
I am so sorry this has been such an ordeal. I do appreciate your
patience with me. I think this is a good final solution.
Thanks again for all the help. Now on to multi-tenant with Shiro.
Scott Ryan
President/CTO
Soaring Eagle L.L.C.
scott@theryansplace.com
(303) 263-3044
On Oct 29, 2009, at 10:52 AM, Peter Ledbrook wrote:
>> Just a note - you should not use the ThreadState stuff as shown in
>> your code sample. Instead use my example that executes a Runnable
>> and
>> calls the 'doBootstrap' method (that you implement).
>
> As an FYI, closures implement Runnable, so you can replace the
> anonymous class with a closure in BootStrap.groovy.
>
> Cheers,
>
> Peter
Re: [grails-user] Shiro Subject Builder use in grails bootstrap
Posted by Peter Ledbrook <pe...@cacoethes.co.uk>.
> Just a note - you should not use the ThreadState stuff as shown in
> your code sample. Instead use my example that executes a Runnable and
> calls the 'doBootstrap' method (that you implement).
As an FYI, closures implement Runnable, so you can replace the
anonymous class with a closure in BootStrap.groovy.
Cheers,
Peter
Re: [grails-user] Shiro Subject Builder use in grails bootstrap
Posted by Les Hazlewood <lh...@apache.org>.
Subject.execute* runs in the existing thread. It does not dispatch to
another thread.
Per Peter's last suggestion (about Closures automatically implementing
Runnable), try this:
subject.execute { doBootstrap(); }
Nice and short. Gotta love Groovy ;)
- Les
On Thu, Oct 29, 2009 at 12:57 PM, Scott Ryan <sr...@gmail.com> wrote:
> That process does not actually work. When the bootstrap is called (not by
> me but by the framework) the thread is already loaded with much of the
> grails stuff. If I spin off a new thread as you suggest (In Grails/Groovy I
> have to use Thread.start) all of the grails loaded stuff on the thread is
> not there and none of my bootstrap stuff works. I don't control the entry
> to the bootstrap and I need the stuff that is on the thread when I enter the
> bootstrap. I was not able to use your Runnable strategy as groovy does
> not like the syntax. Also if I try to clear the thread when i am done
> threadState.clear(); it also unloads the other security managers from the
> thread which were already there and I get some errors. Most of the code
> works ok.
>
> I will try to use your subject.execute strategy but I need to figure out how
> to run on the existing thread so i can keep the grails stuff.
>
> If there a way to tie the subject to the existing thread? I know i can't
> use the manual thread stuff and keep a clean system but this is only for
> development.
>
> I will continue to experiment with different strategies.
>
> I assume the thread I am on is destroyed after the bootstrap process anyway
> so the risk is pretty minimal and this is only used in development.
>
> Scott Ryan
> President/CTO
> Soaring Eagle L.L.C.
> scott@theryansplace.com
> (303) 263-3044
>
> On Oct 29, 2009, at 10:46 AM, Les Hazlewood wrote:
>
>> Just a note - you should not use the ThreadState stuff as shown in
>> your code sample. Instead use my example that executes a Runnable and
>> calls the 'doBootstrap' method (that you implement).
>>
>> As documented in the Subject wiki page, if you use ThreadState
>> objects, you _must_ ensure that a thread is cleaned up after use.
>> Just calling ThreadState.bind() is not good enough - you must also
>> clear() it at the end of the thread execution.
>>
>> The Subject.execute* methods perform this cleanup automatically and
>> you don't need to worry about ThreadState objects - a cleaner
>> approach, and easier to use. For your case, you should the
>> Subject.execute methods instead. Manual ThreadState manipulation is
>> really best left to lower-level framework programming.
>>
>> Best,
>>
>> Les
>>
>> On Thu, Oct 29, 2009 at 12:33 PM, Scott Ryan <sr...@gmail.com> wrote:
>>>
>>> SUCCESS!!!
>>>
>>> I had to attach to the current thread due to all the grailsy stuff going
>>> on
>>> in the bootstrap but here is my code that appears to work. I will clean
>>> it
>>> up quite a lot and publish a solution on the mailing list and on my blog.
>>>
>>> import org.apache.shiro.subject.Subject
>>> import org.apache.shiro.subject.PrincipalCollection
>>> import org.apache.shiro.subject.SimplePrincipalCollection
>>> import org.apache.shiro.util.ThreadState
>>> import org.apache.shiro.subject.support.SubjectThreadState
>>> import org.apache.shiro.mgt.DefaultSecurityManager
>>> import org.apache.shiro.mgt.SecurityManager
>>>
>>> class BootStrap
>>> {
>>>
>>> def shiroSecurityManager
>>> def init =
>>> {servletContext ->
>>>
>>> buildSubject()
>>> // RUN ALL your bootstrap code here
>>>
>>> void buildSubject()
>>> {
>>> // TODO Clean this up and add all realms if requirred
>>> Object userIdentity = "admin";
>>> def realms = shiroSecurityManager.realms
>>> println "ralsm cont" + realms?.size()
>>> def realm
>>> realms.each()
>>> {
>>> realm = it
>>> }
>>> // Realm localizedRealm = shiroSecurityManager.realms
>>> SecurityManager bootstrapSecurityManager = new
>>> DefaultSecurityManager(realm);
>>> PrincipalCollection principals = new
>>> SimplePrincipalCollection(userIdentity, realm.getName());
>>> Subject subject = new
>>>
>>> Subject.Builder(bootstrapSecurityManager).principals(principals).buildSubject();
>>> ThreadState threadState = new SubjectThreadState(subject);
>>> threadState.bind();
>>> }
>>> }
>>>
>>> All of my domain objects extend the BaseDomain
>>>
>>> public abstract class BaseDomain
>>> {
>>> static constraints =
>>> {
>>> // TODO Set some to be required
>>> dateCreated(nullable: true)
>>> createUser(nullable: true)
>>> lastUpdated(nullable: true)
>>> updateUser(nullable: true)
>>> }
>>> /** The date this entry was created */
>>> Date dateCreated
>>> /** The username that created this entry */
>>> String createUser
>>> /** The date this entry was last updated */
>>> Date lastUpdated
>>> /** The username that last updated this entry */
>>> String updateUser
>>> /** Before insert the database should populate the username
>>> * on the createUser. The timestamp will be taken care of by the
>>> * grails framework automatically.
>>> */
>>> transient beforeInsert =
>>> {
>>> try
>>> {
>>> createUser = SecurityUtils?.getSubject()?.getPrincipal()
>>> }
>>> catch (Exception ex)
>>> {
>>>
>>> log.fatal ("Exception in before Insert ", ex)
>>>
>>> }
>>> }
>>> /** Before update the database should populate the username
>>> * on the updateUser. The timestamp will be taken care of by the
>>> * framework automatically.
>>> */
>>> transient beforeUpdate =
>>> {
>>> try
>>> {
>>> updateUser = SecurityUtils?.getSubject()?.getPrincipal()
>>> }
>>> catch (Exception ex)
>>> {
>>>
>>> log.fatal ("Exception in before Update ", ex)
>>>
>>> }
>>> }
>>> }
>>>
>>>
>>> Thanks so much for all your assistance as I know a lot of people have
>>> been
>>> trying to get this to work.
>>>
>>>
>>> Scott Ryan
>>> President/CTO
>>> Soaring Eagle L.L.C.
>>> scott@theryansplace.com
>>> (303) 263-3044
>>>
>>> On Oct 29, 2009, at 9:35 AM, Peter Ledbrook wrote:
>>>
>>>>> Yes I think it is not running in a request/response mode. Just a dumb
>>>>> question as i implement your solution. I tried this earlier but since
>>>>> Runnable is an interface it does not let me create one so I must be
>>>>> missing
>>>>> a parenthesis or something?
>>>>
>>>> Correct, BootStrap is executed during servlet context startup, so
>>>> there is not request or response.
>>>>
>>>>> I will try out your suggestions and offer feedback. I think it would
>>>>> be
>>>>> nice to have access to both security managers from the plugin so you
>>>>> could
>>>>> use the same code during both processes.
>>>>
>>>> The BootStrap instances are auto-wired by Spring, so you have access
>>>> to the Spring application context. I would consider grabbing the
>>>> "shiroSecurityManager" bean and copying the realms from there into
>>>> your own temporary (non-web) security manager. I say copy the realms,
>>>> but I mean the references to them.
>>>>
>>>> That's if you even need the realms.
>>>>
>>>> Cheers,
>>>>
>>>> Peter
>>>
>>>
>
>
Re: [grails-user] Shiro Subject Builder use in grails bootstrap
Posted by Scott Ryan <sr...@gmail.com>.
That process does not actually work. When the bootstrap is called
(not by me but by the framework) the thread is already loaded with
much of the grails stuff. If I spin off a new thread as you suggest
(In Grails/Groovy I have to use Thread.start) all of the grails loaded
stuff on the thread is not there and none of my bootstrap stuff
works. I don't control the entry to the bootstrap and I need the
stuff that is on the thread when I enter the bootstrap. I was not
able to use your Runnable strategy as groovy does not like the
syntax. Also if I try to clear the thread when i am done
threadState.clear(); it also unloads the other security managers from
the thread which were already there and I get some errors. Most of
the code works ok.
I will try to use your subject.execute strategy but I need to figure
out how to run on the existing thread so i can keep the grails stuff.
If there a way to tie the subject to the existing thread? I know i
can't use the manual thread stuff and keep a clean system but this is
only for development.
I will continue to experiment with different strategies.
I assume the thread I am on is destroyed after the bootstrap process
anyway so the risk is pretty minimal and this is only used in
development.
Scott Ryan
President/CTO
Soaring Eagle L.L.C.
scott@theryansplace.com
(303) 263-3044
On Oct 29, 2009, at 10:46 AM, Les Hazlewood wrote:
> Just a note - you should not use the ThreadState stuff as shown in
> your code sample. Instead use my example that executes a Runnable and
> calls the 'doBootstrap' method (that you implement).
>
> As documented in the Subject wiki page, if you use ThreadState
> objects, you _must_ ensure that a thread is cleaned up after use.
> Just calling ThreadState.bind() is not good enough - you must also
> clear() it at the end of the thread execution.
>
> The Subject.execute* methods perform this cleanup automatically and
> you don't need to worry about ThreadState objects - a cleaner
> approach, and easier to use. For your case, you should the
> Subject.execute methods instead. Manual ThreadState manipulation is
> really best left to lower-level framework programming.
>
> Best,
>
> Les
>
> On Thu, Oct 29, 2009 at 12:33 PM, Scott Ryan <sr...@gmail.com>
> wrote:
>> SUCCESS!!!
>>
>> I had to attach to the current thread due to all the grailsy stuff
>> going on
>> in the bootstrap but here is my code that appears to work. I will
>> clean it
>> up quite a lot and publish a solution on the mailing list and on my
>> blog.
>>
>> import org.apache.shiro.subject.Subject
>> import org.apache.shiro.subject.PrincipalCollection
>> import org.apache.shiro.subject.SimplePrincipalCollection
>> import org.apache.shiro.util.ThreadState
>> import org.apache.shiro.subject.support.SubjectThreadState
>> import org.apache.shiro.mgt.DefaultSecurityManager
>> import org.apache.shiro.mgt.SecurityManager
>>
>> class BootStrap
>> {
>>
>> def shiroSecurityManager
>> def init =
>> {servletContext ->
>>
>> buildSubject()
>> // RUN ALL your bootstrap code here
>>
>> void buildSubject()
>> {
>> // TODO Clean this up and add all realms if requirred
>> Object userIdentity = "admin";
>> def realms = shiroSecurityManager.realms
>> println "ralsm cont" + realms?.size()
>> def realm
>> realms.each()
>> {
>> realm = it
>> }
>> // Realm localizedRealm = shiroSecurityManager.realms
>> SecurityManager bootstrapSecurityManager = new
>> DefaultSecurityManager(realm);
>> PrincipalCollection principals = new
>> SimplePrincipalCollection(userIdentity, realm.getName());
>> Subject subject = new
>> Subject
>> .Builder
>> (bootstrapSecurityManager).principals(principals).buildSubject();
>> ThreadState threadState = new SubjectThreadState(subject);
>> threadState.bind();
>> }
>> }
>>
>> All of my domain objects extend the BaseDomain
>>
>> public abstract class BaseDomain
>> {
>> static constraints =
>> {
>> // TODO Set some to be required
>> dateCreated(nullable: true)
>> createUser(nullable: true)
>> lastUpdated(nullable: true)
>> updateUser(nullable: true)
>> }
>> /** The date this entry was created */
>> Date dateCreated
>> /** The username that created this entry */
>> String createUser
>> /** The date this entry was last updated */
>> Date lastUpdated
>> /** The username that last updated this entry */
>> String updateUser
>> /** Before insert the database should populate the username
>> * on the createUser. The timestamp will be taken care of by the
>> * grails framework automatically.
>> */
>> transient beforeInsert =
>> {
>> try
>> {
>> createUser = SecurityUtils?.getSubject()?.getPrincipal()
>> }
>> catch (Exception ex)
>> {
>>
>> log.fatal ("Exception in before Insert ", ex)
>>
>> }
>> }
>> /** Before update the database should populate the username
>> * on the updateUser. The timestamp will be taken care of by the
>> * framework automatically.
>> */
>> transient beforeUpdate =
>> {
>> try
>> {
>> updateUser = SecurityUtils?.getSubject()?.getPrincipal()
>> }
>> catch (Exception ex)
>> {
>>
>> log.fatal ("Exception in before Update ", ex)
>>
>> }
>> }
>> }
>>
>>
>> Thanks so much for all your assistance as I know a lot of people
>> have been
>> trying to get this to work.
>>
>>
>> Scott Ryan
>> President/CTO
>> Soaring Eagle L.L.C.
>> scott@theryansplace.com
>> (303) 263-3044
>>
>> On Oct 29, 2009, at 9:35 AM, Peter Ledbrook wrote:
>>
>>>> Yes I think it is not running in a request/response mode. Just a
>>>> dumb
>>>> question as i implement your solution. I tried this earlier but
>>>> since
>>>> Runnable is an interface it does not let me create one so I must be
>>>> missing
>>>> a parenthesis or something?
>>>
>>> Correct, BootStrap is executed during servlet context startup, so
>>> there is not request or response.
>>>
>>>> I will try out your suggestions and offer feedback. I think it
>>>> would be
>>>> nice to have access to both security managers from the plugin so
>>>> you
>>>> could
>>>> use the same code during both processes.
>>>
>>> The BootStrap instances are auto-wired by Spring, so you have access
>>> to the Spring application context. I would consider grabbing the
>>> "shiroSecurityManager" bean and copying the realms from there into
>>> your own temporary (non-web) security manager. I say copy the
>>> realms,
>>> but I mean the references to them.
>>>
>>> That's if you even need the realms.
>>>
>>> Cheers,
>>>
>>> Peter
>>
>>
Re: [grails-user] Shiro Subject Builder use in grails bootstrap
Posted by Les Hazlewood <lh...@apache.org>.
Just a note - you should not use the ThreadState stuff as shown in
your code sample. Instead use my example that executes a Runnable and
calls the 'doBootstrap' method (that you implement).
As documented in the Subject wiki page, if you use ThreadState
objects, you _must_ ensure that a thread is cleaned up after use.
Just calling ThreadState.bind() is not good enough - you must also
clear() it at the end of the thread execution.
The Subject.execute* methods perform this cleanup automatically and
you don't need to worry about ThreadState objects - a cleaner
approach, and easier to use. For your case, you should the
Subject.execute methods instead. Manual ThreadState manipulation is
really best left to lower-level framework programming.
Best,
Les
On Thu, Oct 29, 2009 at 12:33 PM, Scott Ryan <sr...@gmail.com> wrote:
> SUCCESS!!!
>
> I had to attach to the current thread due to all the grailsy stuff going on
> in the bootstrap but here is my code that appears to work. I will clean it
> up quite a lot and publish a solution on the mailing list and on my blog.
>
> import org.apache.shiro.subject.Subject
> import org.apache.shiro.subject.PrincipalCollection
> import org.apache.shiro.subject.SimplePrincipalCollection
> import org.apache.shiro.util.ThreadState
> import org.apache.shiro.subject.support.SubjectThreadState
> import org.apache.shiro.mgt.DefaultSecurityManager
> import org.apache.shiro.mgt.SecurityManager
>
> class BootStrap
> {
>
> def shiroSecurityManager
> def init =
> {servletContext ->
>
> buildSubject()
> // RUN ALL your bootstrap code here
>
> void buildSubject()
> {
> // TODO Clean this up and add all realms if requirred
> Object userIdentity = "admin";
> def realms = shiroSecurityManager.realms
> println "ralsm cont" + realms?.size()
> def realm
> realms.each()
> {
> realm = it
> }
> // Realm localizedRealm = shiroSecurityManager.realms
> SecurityManager bootstrapSecurityManager = new
> DefaultSecurityManager(realm);
> PrincipalCollection principals = new
> SimplePrincipalCollection(userIdentity, realm.getName());
> Subject subject = new
> Subject.Builder(bootstrapSecurityManager).principals(principals).buildSubject();
> ThreadState threadState = new SubjectThreadState(subject);
> threadState.bind();
> }
> }
>
> All of my domain objects extend the BaseDomain
>
> public abstract class BaseDomain
> {
> static constraints =
> {
> // TODO Set some to be required
> dateCreated(nullable: true)
> createUser(nullable: true)
> lastUpdated(nullable: true)
> updateUser(nullable: true)
> }
> /** The date this entry was created */
> Date dateCreated
> /** The username that created this entry */
> String createUser
> /** The date this entry was last updated */
> Date lastUpdated
> /** The username that last updated this entry */
> String updateUser
> /** Before insert the database should populate the username
> * on the createUser. The timestamp will be taken care of by the
> * grails framework automatically.
> */
> transient beforeInsert =
> {
> try
> {
> createUser = SecurityUtils?.getSubject()?.getPrincipal()
> }
> catch (Exception ex)
> {
>
> log.fatal ("Exception in before Insert ", ex)
>
> }
> }
> /** Before update the database should populate the username
> * on the updateUser. The timestamp will be taken care of by the
> * framework automatically.
> */
> transient beforeUpdate =
> {
> try
> {
> updateUser = SecurityUtils?.getSubject()?.getPrincipal()
> }
> catch (Exception ex)
> {
>
> log.fatal ("Exception in before Update ", ex)
>
> }
> }
> }
>
>
> Thanks so much for all your assistance as I know a lot of people have been
> trying to get this to work.
>
>
> Scott Ryan
> President/CTO
> Soaring Eagle L.L.C.
> scott@theryansplace.com
> (303) 263-3044
>
> On Oct 29, 2009, at 9:35 AM, Peter Ledbrook wrote:
>
>>> Yes I think it is not running in a request/response mode. Just a dumb
>>> question as i implement your solution. I tried this earlier but since
>>> Runnable is an interface it does not let me create one so I must be
>>> missing
>>> a parenthesis or something?
>>
>> Correct, BootStrap is executed during servlet context startup, so
>> there is not request or response.
>>
>>> I will try out your suggestions and offer feedback. I think it would be
>>> nice to have access to both security managers from the plugin so you
>>> could
>>> use the same code during both processes.
>>
>> The BootStrap instances are auto-wired by Spring, so you have access
>> to the Spring application context. I would consider grabbing the
>> "shiroSecurityManager" bean and copying the realms from there into
>> your own temporary (non-web) security manager. I say copy the realms,
>> but I mean the references to them.
>>
>> That's if you even need the realms.
>>
>> Cheers,
>>
>> Peter
>
>
Re: [grails-user] Shiro Subject Builder use in grails bootstrap
Posted by Scott Ryan <sr...@gmail.com>.
SUCCESS!!!
I had to attach to the current thread due to all the grailsy stuff
going on in the bootstrap but here is my code that appears to work. I
will clean it up quite a lot and publish a solution on the mailing
list and on my blog.
import org.apache.shiro.subject.Subject
import org.apache.shiro.subject.PrincipalCollection
import org.apache.shiro.subject.SimplePrincipalCollection
import org.apache.shiro.util.ThreadState
import org.apache.shiro.subject.support.SubjectThreadState
import org.apache.shiro.mgt.DefaultSecurityManager
import org.apache.shiro.mgt.SecurityManager
class BootStrap
{
def shiroSecurityManager
def init =
{servletContext ->
buildSubject()
// RUN ALL your bootstrap code here
void buildSubject()
{
// TODO Clean this up and add all realms if requirred
Object userIdentity = "admin";
def realms = shiroSecurityManager.realms
println "ralsm cont" + realms?.size()
def realm
realms.each()
{
realm = it
}
// Realm localizedRealm = shiroSecurityManager.realms
SecurityManager bootstrapSecurityManager = new
DefaultSecurityManager(realm);
PrincipalCollection principals = new
SimplePrincipalCollection(userIdentity, realm.getName());
Subject subject = new
Subject
.Builder
(bootstrapSecurityManager).principals(principals).buildSubject();
ThreadState threadState = new SubjectThreadState(subject);
threadState.bind();
}
}
All of my domain objects extend the BaseDomain
public abstract class BaseDomain
{
static constraints =
{
// TODO Set some to be required
dateCreated(nullable: true)
createUser(nullable: true)
lastUpdated(nullable: true)
updateUser(nullable: true)
}
/** The date this entry was created */
Date dateCreated
/** The username that created this entry */
String createUser
/** The date this entry was last updated */
Date lastUpdated
/** The username that last updated this entry */
String updateUser
/** Before insert the database should populate the username
* on the createUser. The timestamp will be taken care of by the
* grails framework automatically.
*/
transient beforeInsert =
{
try
{
createUser = SecurityUtils?.getSubject()?.getPrincipal()
}
catch (Exception ex)
{
log.fatal ("Exception in before Insert ", ex)
}
}
/** Before update the database should populate the username
* on the updateUser. The timestamp will be taken care of by the
* framework automatically.
*/
transient beforeUpdate =
{
try
{
updateUser = SecurityUtils?.getSubject()?.getPrincipal()
}
catch (Exception ex)
{
log.fatal ("Exception in before Update ", ex)
}
}
}
Thanks so much for all your assistance as I know a lot of people have
been trying to get this to work.
Scott Ryan
President/CTO
Soaring Eagle L.L.C.
scott@theryansplace.com
(303) 263-3044
On Oct 29, 2009, at 9:35 AM, Peter Ledbrook wrote:
>> Yes I think it is not running in a request/response mode. Just a
>> dumb
>> question as i implement your solution. I tried this earlier but
>> since
>> Runnable is an interface it does not let me create one so I must be
>> missing
>> a parenthesis or something?
>
> Correct, BootStrap is executed during servlet context startup, so
> there is not request or response.
>
>> I will try out your suggestions and offer feedback. I think it
>> would be
>> nice to have access to both security managers from the plugin so
>> you could
>> use the same code during both processes.
>
> The BootStrap instances are auto-wired by Spring, so you have access
> to the Spring application context. I would consider grabbing the
> "shiroSecurityManager" bean and copying the realms from there into
> your own temporary (non-web) security manager. I say copy the realms,
> but I mean the references to them.
>
> That's if you even need the realms.
>
> Cheers,
>
> Peter
Re: [grails-user] Shiro Subject Builder use in grails bootstrap
Posted by Les Hazlewood <lh...@apache.org>.
Hi Scott,
The example I wrote already creates the Runnable instance as an
anonymous inner class. Or you could use a Callable in the same way if
you need to react to an exception or return a value.
Don't worry about the ThreadState stuff - that is a mechanism that you
probably don't need. The "Automatic Association" section in the wiki
page (http://cwiki.apache.org/confluence/display/SHIRO/Subject) shows
example code that will work and is easier to deal with.
That is:
subject.execute( new Runnable() {
public void run() {
doBootstrap();
}
});
private void doBootstrap() {
//do work here as the user
}
Cheers,
Les
On Thu, Oct 29, 2009 at 11:49 AM, Scott Ryan <sr...@gmail.com> wrote:
> That is the direction i am going. I just need to figure out how to create
> the runnable since it is an interface. I am close so hope to publish a good
> solution later today.
>
> Scott Ryan
> President/CTO
> Soaring Eagle L.L.C.
> scott@theryansplace.com
> (303) 263-3044
>
> On Oct 29, 2009, at 9:35 AM, Peter Ledbrook wrote:
>
>>> Yes I think it is not running in a request/response mode. Just a dumb
>>> question as i implement your solution. I tried this earlier but since
>>> Runnable is an interface it does not let me create one so I must be
>>> missing
>>> a parenthesis or something?
>>
>> Correct, BootStrap is executed during servlet context startup, so
>> there is not request or response.
>>
>>> I will try out your suggestions and offer feedback. I think it would be
>>> nice to have access to both security managers from the plugin so you
>>> could
>>> use the same code during both processes.
>>
>> The BootStrap instances are auto-wired by Spring, so you have access
>> to the Spring application context. I would consider grabbing the
>> "shiroSecurityManager" bean and copying the realms from there into
>> your own temporary (non-web) security manager. I say copy the realms,
>> but I mean the references to them.
>>
>> That's if you even need the realms.
>>
>> Cheers,
>>
>> Peter
>
>
Re: [grails-user] Shiro Subject Builder use in grails bootstrap
Posted by Scott Ryan <sr...@gmail.com>.
That is the direction i am going. I just need to figure out how to
create the runnable since it is an interface. I am close so hope to
publish a good solution later today.
Scott Ryan
President/CTO
Soaring Eagle L.L.C.
scott@theryansplace.com
(303) 263-3044
On Oct 29, 2009, at 9:35 AM, Peter Ledbrook wrote:
>> Yes I think it is not running in a request/response mode. Just a
>> dumb
>> question as i implement your solution. I tried this earlier but
>> since
>> Runnable is an interface it does not let me create one so I must be
>> missing
>> a parenthesis or something?
>
> Correct, BootStrap is executed during servlet context startup, so
> there is not request or response.
>
>> I will try out your suggestions and offer feedback. I think it
>> would be
>> nice to have access to both security managers from the plugin so
>> you could
>> use the same code during both processes.
>
> The BootStrap instances are auto-wired by Spring, so you have access
> to the Spring application context. I would consider grabbing the
> "shiroSecurityManager" bean and copying the realms from there into
> your own temporary (non-web) security manager. I say copy the realms,
> but I mean the references to them.
>
> That's if you even need the realms.
>
> Cheers,
>
> Peter
Re: [grails-user] Shiro Subject Builder use in grails bootstrap
Posted by Peter Ledbrook <pe...@cacoethes.co.uk>.
> Yes I think it is not running in a request/response mode. Just a dumb
> question as i implement your solution. I tried this earlier but since
> Runnable is an interface it does not let me create one so I must be missing
> a parenthesis or something?
Correct, BootStrap is executed during servlet context startup, so
there is not request or response.
> I will try out your suggestions and offer feedback. I think it would be
> nice to have access to both security managers from the plugin so you could
> use the same code during both processes.
The BootStrap instances are auto-wired by Spring, so you have access
to the Spring application context. I would consider grabbing the
"shiroSecurityManager" bean and copying the realms from there into
your own temporary (non-web) security manager. I say copy the realms,
but I mean the references to them.
That's if you even need the realms.
Cheers,
Peter
Re: [grails-user] Shiro Subject Builder use in grails bootstrap
Posted by Scott Ryan <sr...@gmail.com>.
Yes I think it is not running in a request/response mode. Just a dumb
question as i implement your solution. I tried this earlier but since
Runnable is an interface it does not let me create one so I must be
missing a parenthesis or something?
I will try out your suggestions and offer feedback. I think it would
be nice to have access to both security managers from the plugin so
you could use the same code during both processes.
Scott Ryan
President/CTO
Soaring Eagle L.L.C.
scott@theryansplace.com
(303) 263-3044
On Oct 29, 2009, at 9:17 AM, Les Hazlewood wrote:
> Hi Scott,
>
> You're right that this can be done easily enough. I don't know enough
> about Grails to know if Bootstrap is run during a request or at
> startup before requests come in. If it is the latter, the easiest
> thing to do at the moment is to create a temporary SecurityManager
> just for bootstrap needs - the WebSecurityManager requires the
> presence of a Request/Response pair at the moment, but feel free to
> open a Shiro jira issue if you think it should be an improvement to
> work in either case.
>
> For now, try to do this:
>
> Realm localizedRealm = //acquire your realm
> SecurityManager bootstrapSecurityManager = new
> DefaultSecurityManager(localizedRealm);
> PrincipalCollection principals = new
> SimplePrincipalCollection(userIdentity, localizedRealm.getName());
> Subject subject = new
> Subject.Builder().principals(principals).buildSubject();
> subject.execute( new Runnable() {
> public void run() {
> doBootstrap();
> }
> }
> private void doBootstrap() {
> //do whatever logic you need to be done as the above Subject.
> }
>
> HTH,
>
> Les
>
> On Thu, Oct 29, 2009 at 10:57 AM, Scott Ryan <sr...@gmail.com>
> wrote:
>> HI,
>> Sorry it took me a while to get back to you but we had 4 feet of
>> snow last
>> night and I had to dig out lol.
>>
>> I think maybe I am going down the wrong path. I am using the
>> Grails Shiro
>> plugin which appears to implement a DefaultWebSecurityManager and
>> that is
>> the security manager I am picking up in the bootstrap execution
>> within
>> grails. Now I don't think the bootstrap runs within a request so I
>> don't
>> have request response available in the bootstrap class just the
>> servlet
>> context. So no matter which type of subject i create I get an
>> error. In
>> order to create a Websubject I need a request and response which I
>> do not
>> have.
>>
>> Object userIdentity = "admin";
>> String realmName = "localizedRealm";
>> PrincipalCollection principals = new
>> SimplePrincipalCollection(userIdentity, realmName);
>> Subject subject = new
>> WebSubject
>> .Builder
>> (shiroSecurityManager
>> ,request,response).principals(principals).buildSubject();
>> ThreadState threadState = new SubjectThreadState(subject);
>> threadState.bind();
>>
>> If I try to create a normal subject I get complaints from the
>> security
>> manager that there is not request.
>>
>> Object userIdentity = "admin";
>> String realmName = "localizedRealm";
>> PrincipalCollection principals = new
>> SimplePrincipalCollection(userIdentity, realmName);
>> Subject subject = new
>> Subject
>> .Builder(shiroSecurityManager).principals(principals).buildSubject();
>> ThreadState threadState = new SubjectThreadState(subject);
>> threadState.bind();
>>
>> Is there a way to get a normal security manager from the shiro
>> plugin or do
>> i need to create my own security manager for this case or can i
>> actually get
>> a request and response from the bootstrap class in grails. I am a
>> little
>> over my head at the level of the frameworks i am at now.
>>
>> Any ideas on what to explore next? I think this can be done I am
>> just
>> missing one critical part.
>>
>>
>> Scott Ryan
>> President/CTO
>> Soaring Eagle L.L.C.
>> scott@theryansplace.com
>> (303) 263-3044
>>
>> On Oct 28, 2009, at 6:35 PM, Les Hazlewood wrote:
>>
>>> Hi Scott,
>>>
>>> Good catch on the build() mistake. I've updated the wiki. I also
>>> made some changes to break out the Thread Association sections
>>> into 3
>>> approaches (not 2). Please check it again (I _just_ finished these
>>> changes like 2 minutes ago) and see if that helps.
>>>
>>> Also, you caught an interesting scenario and I updated the wiki to
>>> note this scenario - you're absolutely right that the standard
>>> Subject.Builder can't be used during a web request. Because the
>>> Subject and Subject.Builder have no knowledge of web APIs to
>>> ensure a
>>> clean separation of concerns, the WebSubject and WebSubject.Builder
>>> exist for this reason.
>>>
>>> They are located in the org.apache.shiro.web.subject package and are
>>> used in the exact same way:
>>>
>>> Subject subject = WebSubject.Builder(...). ... .buildSubject();
>>>
>>> Also, per the wiki documentation, just building the Subject instance
>>> is not enough - it must be bound to the currently executing thread
>>> so
>>> any SecurityUtils.getSubject() calls work properly. The wiki page I
>>> wrote covers all 3 approaches to show you how to do this.
>>>
>>> I recommend that you use the "Automatic Association" approach - it
>>> is
>>> the easiest to use.
>>>
>>> Let me know how that goes!
>>>
>>> Cheers,
>>>
>>> Les
>>>
>>> On Wed, Oct 28, 2009 at 7:54 PM, Scott Ryan <sr...@gmail.com>
>>> wrote:
>>>>
>>>> Thank you for the information. I am close but still scratching
>>>> my head
>>>> on
>>>> what is wrong.
>>>>
>>>> Note there is a line in the wiki help that reads
>>>>
>>>> Subject subject = new
>>>> Subject.Builder().principals(principals).build();
>>>>
>>>> but should it not read
>>>>
>>>> Subject subject = new
>>>> Subject.Builder().principals(principals).buildSubject();
>>>>
>>>>
>>>> So here is what I have so far in my bootstrap.groovy
>>>>
>>>> class BootStrap
>>>> {
>>>> def shiroSecurityManager
>>>> def init =
>>>> {servletContext ->
>>>> void buildSubject()
>>>> {
>>>> Object userIdentity = "admin";
>>>> String realmName = "localizedRealm";
>>>> PrincipalCollection principals = new
>>>> SimplePrincipalCollection(userIdentity, realmName);
>>>> Subject subject = new
>>>>
>>>> Subject
>>>> .Builder
>>>> (shiroSecurityManager).principals(principals).buildSubject();
>>>> // This is line 164
>>>> }
>>>> }
>>>> }
>>>>
>>>> I assume since I am in a servletContext it is a web request and
>>>> therefore
>>>> I
>>>> don't have to bind the subject to the Thread?
>>>>
>>>> I am getting the following errors:
>>>>
>>>> Caused by: java.lang.IllegalStateException: ServletRequest is not
>>>> available!
>>>> A ServletRequest must be present in either the Subject context
>>>> map, on
>>>> an
>>>> existing WebSubject or via the thread context. This exception is
>>>> probably
>>>> indicative of an erroneous application configuration.
>>>> at
>>>>
>>>> org
>>>> .apache
>>>> .shiro
>>>> .web
>>>> .mgt
>>>> .DefaultWebSubjectFactory
>>>> .getServletRequest(DefaultWebSubjectFactory.java:72)
>>>> at
>>>>
>>>> org
>>>> .apache
>>>> .shiro
>>>> .web
>>>> .mgt
>>>> .DefaultWebSubjectFactory
>>>> .getInetAddress(DefaultWebSubjectFactory.java:108)
>>>> at
>>>>
>>>> org
>>>> .apache
>>>> .shiro
>>>> .web
>>>> .mgt
>>>> .DefaultWebSubjectFactory
>>>> .createSubject(DefaultWebSubjectFactory.java:118)
>>>> at
>>>>
>>>> org
>>>> .apache
>>>> .shiro
>>>> .mgt
>>>> .DefaultSecurityManager.createSubject(DefaultSecurityManager.java:
>>>> 347)
>>>> at
>>>> org.apache.shiro.subject.Subject
>>>> $Builder.buildSubject(Subject.java:684)
>>>> at BootStrap.buildSubject(BootStrap.groovy:164)
>>>> at BootStrap$_closure1.doCall(BootStrap.groovy:108)
>>>>
>>>>
>>>> Is there something I am missing in the setup?
>>>>
>>>> It looks like the following thread discusses this but it is
>>>> unclear on
>>>> the
>>>> solution
>>>>
>>>> http://www.mail-archive.com/shiro-dev@incubator.apache.org/msg00172.html
>>>>
>>>> It is to hard to locate any of the referenced classes as they
>>>> seem to
>>>> keep
>>>> moving packages and there is no javadoc to help me find them. i
>>>> can't
>>>> even
>>>> find the SVN repo to look there. I assume I am supposed to use
>>>> WebSubjectBuilder instead of the above but not sure how. What
>>>> package is
>>>> WebSubjectBuilder in currently?
>>>>
>>>> The next step is to insert data in to the database using the
>>>> subject that
>>>> was created.
>>>>
>>>>
>>>>
>>>> Scott Ryan
>>>> President/CTO
>>>> Soaring Eagle L.L.C.
>>>> scott@theryansplace.com
>>>> (303) 263-3044
>>>>
>>>> On Oct 28, 2009, at 4:04 PM, Les Hazlewood wrote:
>>>>
>>>>> Hi Scott,
>>>>>
>>>>> Yep, this is a new feature available in Shiro 1.0. In an effort
>>>>> to
>>>>> create good documentation (and so I don't get lazy and rely on
>>>>> archived mailing lists as documentation - yuck!), I've
>>>>> documented this
>>>>> extensively here:
>>>>>
>>>>> http://cwiki.apache.org/confluence/display/SHIRO/Subject
>>>>>
>>>>> Please feel free to offer suggestions or ask questions.
>>>>>
>>>>> Cheers,
>>>>>
>>>>> Les
>>>>>
>>>>> On Wed, Oct 28, 2009 at 2:48 PM, Peter Ledbrook <peter@cacoethes.co.uk
>>>>> >
>>>>> wrote:
>>>>>>>
>>>>>>> Here is the thread I am referring to
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> http://www.nabble.com/BootStrapping-a-class-that-requires-a-Session-for-beforeInsert-to-work-td25788207.html
>>>>>>
>>>>>> It's javadoced well, but the docs aren't online yet as far as I
>>>>>> can
>>>>>> tell. If you can read native javadoc format:
>>>>>>
>>>>>>
>>>>>>
>>>>>> http://svn.apache.org/repos/asf/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/subject/Subject.java
>>>>>>
>>>>>> Otherwise, I'll leave it to Les to answer this one (I've never
>>>>>> used
>>>>>> Subject.Builder).
>>>>>>
>>>>>> Cheers,
>>>>>>
>>>>>> Peter
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe from this list, please visit:
>>>>>
>>>>> http://xircles.codehaus.org/manage_email
>>>>>
>>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe from this list, please visit:
>>>>
>>>> http://xircles.codehaus.org/manage_email
>>>>
>>>>
>>>>
>>
>>
Re: [grails-user] Shiro Subject Builder use in grails bootstrap
Posted by Les Hazlewood <lh...@apache.org>.
Hi Scott,
You're right that this can be done easily enough. I don't know enough
about Grails to know if Bootstrap is run during a request or at
startup before requests come in. If it is the latter, the easiest
thing to do at the moment is to create a temporary SecurityManager
just for bootstrap needs - the WebSecurityManager requires the
presence of a Request/Response pair at the moment, but feel free to
open a Shiro jira issue if you think it should be an improvement to
work in either case.
For now, try to do this:
Realm localizedRealm = //acquire your realm
SecurityManager bootstrapSecurityManager = new
DefaultSecurityManager(localizedRealm);
PrincipalCollection principals = new
SimplePrincipalCollection(userIdentity, localizedRealm.getName());
Subject subject = new Subject.Builder().principals(principals).buildSubject();
subject.execute( new Runnable() {
public void run() {
doBootstrap();
}
}
private void doBootstrap() {
//do whatever logic you need to be done as the above Subject.
}
HTH,
Les
On Thu, Oct 29, 2009 at 10:57 AM, Scott Ryan <sr...@gmail.com> wrote:
> HI,
> Sorry it took me a while to get back to you but we had 4 feet of snow last
> night and I had to dig out lol.
>
> I think maybe I am going down the wrong path. I am using the Grails Shiro
> plugin which appears to implement a DefaultWebSecurityManager and that is
> the security manager I am picking up in the bootstrap execution within
> grails. Now I don't think the bootstrap runs within a request so I don't
> have request response available in the bootstrap class just the servlet
> context. So no matter which type of subject i create I get an error. In
> order to create a Websubject I need a request and response which I do not
> have.
>
> Object userIdentity = "admin";
> String realmName = "localizedRealm";
> PrincipalCollection principals = new
> SimplePrincipalCollection(userIdentity, realmName);
> Subject subject = new
> WebSubject.Builder(shiroSecurityManager,request,response).principals(principals).buildSubject();
> ThreadState threadState = new SubjectThreadState(subject);
> threadState.bind();
>
> If I try to create a normal subject I get complaints from the security
> manager that there is not request.
>
> Object userIdentity = "admin";
> String realmName = "localizedRealm";
> PrincipalCollection principals = new
> SimplePrincipalCollection(userIdentity, realmName);
> Subject subject = new
> Subject.Builder(shiroSecurityManager).principals(principals).buildSubject();
> ThreadState threadState = new SubjectThreadState(subject);
> threadState.bind();
>
> Is there a way to get a normal security manager from the shiro plugin or do
> i need to create my own security manager for this case or can i actually get
> a request and response from the bootstrap class in grails. I am a little
> over my head at the level of the frameworks i am at now.
>
> Any ideas on what to explore next? I think this can be done I am just
> missing one critical part.
>
>
> Scott Ryan
> President/CTO
> Soaring Eagle L.L.C.
> scott@theryansplace.com
> (303) 263-3044
>
> On Oct 28, 2009, at 6:35 PM, Les Hazlewood wrote:
>
>> Hi Scott,
>>
>> Good catch on the build() mistake. I've updated the wiki. I also
>> made some changes to break out the Thread Association sections into 3
>> approaches (not 2). Please check it again (I _just_ finished these
>> changes like 2 minutes ago) and see if that helps.
>>
>> Also, you caught an interesting scenario and I updated the wiki to
>> note this scenario - you're absolutely right that the standard
>> Subject.Builder can't be used during a web request. Because the
>> Subject and Subject.Builder have no knowledge of web APIs to ensure a
>> clean separation of concerns, the WebSubject and WebSubject.Builder
>> exist for this reason.
>>
>> They are located in the org.apache.shiro.web.subject package and are
>> used in the exact same way:
>>
>> Subject subject = WebSubject.Builder(...). ... .buildSubject();
>>
>> Also, per the wiki documentation, just building the Subject instance
>> is not enough - it must be bound to the currently executing thread so
>> any SecurityUtils.getSubject() calls work properly. The wiki page I
>> wrote covers all 3 approaches to show you how to do this.
>>
>> I recommend that you use the "Automatic Association" approach - it is
>> the easiest to use.
>>
>> Let me know how that goes!
>>
>> Cheers,
>>
>> Les
>>
>> On Wed, Oct 28, 2009 at 7:54 PM, Scott Ryan <sr...@gmail.com> wrote:
>>>
>>> Thank you for the information. I am close but still scratching my head
>>> on
>>> what is wrong.
>>>
>>> Note there is a line in the wiki help that reads
>>>
>>> Subject subject = new Subject.Builder().principals(principals).build();
>>>
>>> but should it not read
>>>
>>> Subject subject = new
>>> Subject.Builder().principals(principals).buildSubject();
>>>
>>>
>>> So here is what I have so far in my bootstrap.groovy
>>>
>>> class BootStrap
>>> {
>>> def shiroSecurityManager
>>> def init =
>>> {servletContext ->
>>> void buildSubject()
>>> {
>>> Object userIdentity = "admin";
>>> String realmName = "localizedRealm";
>>> PrincipalCollection principals = new
>>> SimplePrincipalCollection(userIdentity, realmName);
>>> Subject subject = new
>>>
>>> Subject.Builder(shiroSecurityManager).principals(principals).buildSubject();
>>> // This is line 164
>>> }
>>> }
>>> }
>>>
>>> I assume since I am in a servletContext it is a web request and therefore
>>> I
>>> don't have to bind the subject to the Thread?
>>>
>>> I am getting the following errors:
>>>
>>> Caused by: java.lang.IllegalStateException: ServletRequest is not
>>> available!
>>> A ServletRequest must be present in either the Subject context map, on
>>> an
>>> existing WebSubject or via the thread context. This exception is
>>> probably
>>> indicative of an erroneous application configuration.
>>> at
>>>
>>> org.apache.shiro.web.mgt.DefaultWebSubjectFactory.getServletRequest(DefaultWebSubjectFactory.java:72)
>>> at
>>>
>>> org.apache.shiro.web.mgt.DefaultWebSubjectFactory.getInetAddress(DefaultWebSubjectFactory.java:108)
>>> at
>>>
>>> org.apache.shiro.web.mgt.DefaultWebSubjectFactory.createSubject(DefaultWebSubjectFactory.java:118)
>>> at
>>>
>>> org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:347)
>>> at
>>> org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:684)
>>> at BootStrap.buildSubject(BootStrap.groovy:164)
>>> at BootStrap$_closure1.doCall(BootStrap.groovy:108)
>>>
>>>
>>> Is there something I am missing in the setup?
>>>
>>> It looks like the following thread discusses this but it is unclear on
>>> the
>>> solution
>>>
>>> http://www.mail-archive.com/shiro-dev@incubator.apache.org/msg00172.html
>>>
>>> It is to hard to locate any of the referenced classes as they seem to
>>> keep
>>> moving packages and there is no javadoc to help me find them. i can't
>>> even
>>> find the SVN repo to look there. I assume I am supposed to use
>>> WebSubjectBuilder instead of the above but not sure how. What package is
>>> WebSubjectBuilder in currently?
>>>
>>> The next step is to insert data in to the database using the subject that
>>> was created.
>>>
>>>
>>>
>>> Scott Ryan
>>> President/CTO
>>> Soaring Eagle L.L.C.
>>> scott@theryansplace.com
>>> (303) 263-3044
>>>
>>> On Oct 28, 2009, at 4:04 PM, Les Hazlewood wrote:
>>>
>>>> Hi Scott,
>>>>
>>>> Yep, this is a new feature available in Shiro 1.0. In an effort to
>>>> create good documentation (and so I don't get lazy and rely on
>>>> archived mailing lists as documentation - yuck!), I've documented this
>>>> extensively here:
>>>>
>>>> http://cwiki.apache.org/confluence/display/SHIRO/Subject
>>>>
>>>> Please feel free to offer suggestions or ask questions.
>>>>
>>>> Cheers,
>>>>
>>>> Les
>>>>
>>>> On Wed, Oct 28, 2009 at 2:48 PM, Peter Ledbrook <pe...@cacoethes.co.uk>
>>>> wrote:
>>>>>>
>>>>>> Here is the thread I am referring to
>>>>>>
>>>>>>
>>>>>>
>>>>>> http://www.nabble.com/BootStrapping-a-class-that-requires-a-Session-for-beforeInsert-to-work-td25788207.html
>>>>>
>>>>> It's javadoced well, but the docs aren't online yet as far as I can
>>>>> tell. If you can read native javadoc format:
>>>>>
>>>>>
>>>>>
>>>>> http://svn.apache.org/repos/asf/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/subject/Subject.java
>>>>>
>>>>> Otherwise, I'll leave it to Les to answer this one (I've never used
>>>>> Subject.Builder).
>>>>>
>>>>> Cheers,
>>>>>
>>>>> Peter
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe from this list, please visit:
>>>>
>>>> http://xircles.codehaus.org/manage_email
>>>>
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe from this list, please visit:
>>>
>>> http://xircles.codehaus.org/manage_email
>>>
>>>
>>>
>
>
Re: [grails-user] Shiro Subject Builder use in grails bootstrap
Posted by Scott Ryan <sr...@gmail.com>.
HI,
Sorry it took me a while to get back to you but we had 4 feet of snow
last night and I had to dig out lol.
I think maybe I am going down the wrong path. I am using the Grails
Shiro plugin which appears to implement a DefaultWebSecurityManager
and that is the security manager I am picking up in the bootstrap
execution within grails. Now I don't think the bootstrap runs within
a request so I don't have request response available in the bootstrap
class just the servlet context. So no matter which type of subject i
create I get an error. In order to create a Websubject I need a
request and response which I do not have.
Object userIdentity = "admin";
String realmName = "localizedRealm";
PrincipalCollection principals = new
SimplePrincipalCollection(userIdentity, realmName);
Subject subject = new
WebSubject
.Builder
(shiroSecurityManager
,request,response).principals(principals).buildSubject();
ThreadState threadState = new SubjectThreadState(subject);
threadState.bind();
If I try to create a normal subject I get complaints from the security
manager that there is not request.
Object userIdentity = "admin";
String realmName = "localizedRealm";
PrincipalCollection principals = new
SimplePrincipalCollection(userIdentity, realmName);
Subject subject = new
Subject
.Builder(shiroSecurityManager).principals(principals).buildSubject();
ThreadState threadState = new SubjectThreadState(subject);
threadState.bind();
Is there a way to get a normal security manager from the shiro plugin
or do i need to create my own security manager for this case or can i
actually get a request and response from the bootstrap class in
grails. I am a little over my head at the level of the frameworks i
am at now.
Any ideas on what to explore next? I think this can be done I am just
missing one critical part.
Scott Ryan
President/CTO
Soaring Eagle L.L.C.
scott@theryansplace.com
(303) 263-3044
On Oct 28, 2009, at 6:35 PM, Les Hazlewood wrote:
> Hi Scott,
>
> Good catch on the build() mistake. I've updated the wiki. I also
> made some changes to break out the Thread Association sections into 3
> approaches (not 2). Please check it again (I _just_ finished these
> changes like 2 minutes ago) and see if that helps.
>
> Also, you caught an interesting scenario and I updated the wiki to
> note this scenario - you're absolutely right that the standard
> Subject.Builder can't be used during a web request. Because the
> Subject and Subject.Builder have no knowledge of web APIs to ensure a
> clean separation of concerns, the WebSubject and WebSubject.Builder
> exist for this reason.
>
> They are located in the org.apache.shiro.web.subject package and are
> used in the exact same way:
>
> Subject subject = WebSubject.Builder(...). ... .buildSubject();
>
> Also, per the wiki documentation, just building the Subject instance
> is not enough - it must be bound to the currently executing thread so
> any SecurityUtils.getSubject() calls work properly. The wiki page I
> wrote covers all 3 approaches to show you how to do this.
>
> I recommend that you use the "Automatic Association" approach - it is
> the easiest to use.
>
> Let me know how that goes!
>
> Cheers,
>
> Les
>
> On Wed, Oct 28, 2009 at 7:54 PM, Scott Ryan <sr...@gmail.com>
> wrote:
>> Thank you for the information. I am close but still scratching my
>> head on
>> what is wrong.
>>
>> Note there is a line in the wiki help that reads
>>
>> Subject subject = new
>> Subject.Builder().principals(principals).build();
>>
>> but should it not read
>>
>> Subject subject = new
>> Subject.Builder().principals(principals).buildSubject();
>>
>>
>> So here is what I have so far in my bootstrap.groovy
>>
>> class BootStrap
>> {
>> def shiroSecurityManager
>> def init =
>> {servletContext ->
>> void buildSubject()
>> {
>> Object userIdentity = "admin";
>> String realmName = "localizedRealm";
>> PrincipalCollection principals = new
>> SimplePrincipalCollection(userIdentity, realmName);
>> Subject subject = new
>> Subject
>> .Builder(shiroSecurityManager).principals(principals).buildSubject();
>> // This is line 164
>> }
>> }
>> }
>>
>> I assume since I am in a servletContext it is a web request and
>> therefore I
>> don't have to bind the subject to the Thread?
>>
>> I am getting the following errors:
>>
>> Caused by: java.lang.IllegalStateException: ServletRequest is not
>> available!
>> A ServletRequest must be present in either the Subject context
>> map, on an
>> existing WebSubject or via the thread context. This exception is
>> probably
>> indicative of an erroneous application configuration.
>> at
>> org
>> .apache
>> .shiro
>> .web
>> .mgt
>> .DefaultWebSubjectFactory
>> .getServletRequest(DefaultWebSubjectFactory.java:72)
>> at
>> org
>> .apache
>> .shiro
>> .web
>> .mgt
>> .DefaultWebSubjectFactory
>> .getInetAddress(DefaultWebSubjectFactory.java:108)
>> at
>> org
>> .apache
>> .shiro
>> .web
>> .mgt
>> .DefaultWebSubjectFactory
>> .createSubject(DefaultWebSubjectFactory.java:118)
>> at
>> org
>> .apache
>> .shiro
>> .mgt
>> .DefaultSecurityManager.createSubject(DefaultSecurityManager.java:
>> 347)
>> at
>> org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:
>> 684)
>> at BootStrap.buildSubject(BootStrap.groovy:164)
>> at BootStrap$_closure1.doCall(BootStrap.groovy:108)
>>
>>
>> Is there something I am missing in the setup?
>>
>> It looks like the following thread discusses this but it is unclear
>> on the
>> solution
>>
>> http://www.mail-archive.com/shiro-dev@incubator.apache.org/msg00172.html
>>
>> It is to hard to locate any of the referenced classes as they seem
>> to keep
>> moving packages and there is no javadoc to help me find them. i
>> can't even
>> find the SVN repo to look there. I assume I am supposed to use
>> WebSubjectBuilder instead of the above but not sure how. What
>> package is
>> WebSubjectBuilder in currently?
>>
>> The next step is to insert data in to the database using the
>> subject that
>> was created.
>>
>>
>>
>> Scott Ryan
>> President/CTO
>> Soaring Eagle L.L.C.
>> scott@theryansplace.com
>> (303) 263-3044
>>
>> On Oct 28, 2009, at 4:04 PM, Les Hazlewood wrote:
>>
>>> Hi Scott,
>>>
>>> Yep, this is a new feature available in Shiro 1.0. In an effort to
>>> create good documentation (and so I don't get lazy and rely on
>>> archived mailing lists as documentation - yuck!), I've documented
>>> this
>>> extensively here:
>>>
>>> http://cwiki.apache.org/confluence/display/SHIRO/Subject
>>>
>>> Please feel free to offer suggestions or ask questions.
>>>
>>> Cheers,
>>>
>>> Les
>>>
>>> On Wed, Oct 28, 2009 at 2:48 PM, Peter Ledbrook <peter@cacoethes.co.uk
>>> >
>>> wrote:
>>>>>
>>>>> Here is the thread I am referring to
>>>>>
>>>>>
>>>>> http://www.nabble.com/BootStrapping-a-class-that-requires-a-Session-for-beforeInsert-to-work-td25788207.html
>>>>
>>>> It's javadoced well, but the docs aren't online yet as far as I can
>>>> tell. If you can read native javadoc format:
>>>>
>>>>
>>>> http://svn.apache.org/repos/asf/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/subject/Subject.java
>>>>
>>>> Otherwise, I'll leave it to Les to answer this one (I've never used
>>>> Subject.Builder).
>>>>
>>>> Cheers,
>>>>
>>>> Peter
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe from this list, please visit:
>>>
>>> http://xircles.codehaus.org/manage_email
>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this list, please visit:
>>
>> http://xircles.codehaus.org/manage_email
>>
>>
>>
Re: [grails-user] Shiro Subject Builder use in grails bootstrap
Posted by Les Hazlewood <lh...@apache.org>.
Hi Scott,
Good catch on the build() mistake. I've updated the wiki. I also
made some changes to break out the Thread Association sections into 3
approaches (not 2). Please check it again (I _just_ finished these
changes like 2 minutes ago) and see if that helps.
Also, you caught an interesting scenario and I updated the wiki to
note this scenario - you're absolutely right that the standard
Subject.Builder can't be used during a web request. Because the
Subject and Subject.Builder have no knowledge of web APIs to ensure a
clean separation of concerns, the WebSubject and WebSubject.Builder
exist for this reason.
They are located in the org.apache.shiro.web.subject package and are
used in the exact same way:
Subject subject = WebSubject.Builder(...). ... .buildSubject();
Also, per the wiki documentation, just building the Subject instance
is not enough - it must be bound to the currently executing thread so
any SecurityUtils.getSubject() calls work properly. The wiki page I
wrote covers all 3 approaches to show you how to do this.
I recommend that you use the "Automatic Association" approach - it is
the easiest to use.
Let me know how that goes!
Cheers,
Les
On Wed, Oct 28, 2009 at 7:54 PM, Scott Ryan <sr...@gmail.com> wrote:
> Thank you for the information. I am close but still scratching my head on
> what is wrong.
>
> Note there is a line in the wiki help that reads
>
> Subject subject = new Subject.Builder().principals(principals).build();
>
> but should it not read
>
> Subject subject = new
> Subject.Builder().principals(principals).buildSubject();
>
>
> So here is what I have so far in my bootstrap.groovy
>
> class BootStrap
> {
> def shiroSecurityManager
> def init =
> {servletContext ->
> void buildSubject()
> {
> Object userIdentity = "admin";
> String realmName = "localizedRealm";
> PrincipalCollection principals = new
> SimplePrincipalCollection(userIdentity, realmName);
> Subject subject = new
> Subject.Builder(shiroSecurityManager).principals(principals).buildSubject();
> // This is line 164
> }
> }
> }
>
> I assume since I am in a servletContext it is a web request and therefore I
> don't have to bind the subject to the Thread?
>
> I am getting the following errors:
>
> Caused by: java.lang.IllegalStateException: ServletRequest is not available!
> A ServletRequest must be present in either the Subject context map, on an
> existing WebSubject or via the thread context. This exception is probably
> indicative of an erroneous application configuration.
> at
> org.apache.shiro.web.mgt.DefaultWebSubjectFactory.getServletRequest(DefaultWebSubjectFactory.java:72)
> at
> org.apache.shiro.web.mgt.DefaultWebSubjectFactory.getInetAddress(DefaultWebSubjectFactory.java:108)
> at
> org.apache.shiro.web.mgt.DefaultWebSubjectFactory.createSubject(DefaultWebSubjectFactory.java:118)
> at
> org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:347)
> at
> org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:684)
> at BootStrap.buildSubject(BootStrap.groovy:164)
> at BootStrap$_closure1.doCall(BootStrap.groovy:108)
>
>
> Is there something I am missing in the setup?
>
> It looks like the following thread discusses this but it is unclear on the
> solution
>
> http://www.mail-archive.com/shiro-dev@incubator.apache.org/msg00172.html
>
> It is to hard to locate any of the referenced classes as they seem to keep
> moving packages and there is no javadoc to help me find them. i can't even
> find the SVN repo to look there. I assume I am supposed to use
> WebSubjectBuilder instead of the above but not sure how. What package is
> WebSubjectBuilder in currently?
>
> The next step is to insert data in to the database using the subject that
> was created.
>
>
>
> Scott Ryan
> President/CTO
> Soaring Eagle L.L.C.
> scott@theryansplace.com
> (303) 263-3044
>
> On Oct 28, 2009, at 4:04 PM, Les Hazlewood wrote:
>
>> Hi Scott,
>>
>> Yep, this is a new feature available in Shiro 1.0. In an effort to
>> create good documentation (and so I don't get lazy and rely on
>> archived mailing lists as documentation - yuck!), I've documented this
>> extensively here:
>>
>> http://cwiki.apache.org/confluence/display/SHIRO/Subject
>>
>> Please feel free to offer suggestions or ask questions.
>>
>> Cheers,
>>
>> Les
>>
>> On Wed, Oct 28, 2009 at 2:48 PM, Peter Ledbrook <pe...@cacoethes.co.uk>
>> wrote:
>>>>
>>>> Here is the thread I am referring to
>>>>
>>>>
>>>> http://www.nabble.com/BootStrapping-a-class-that-requires-a-Session-for-beforeInsert-to-work-td25788207.html
>>>
>>> It's javadoced well, but the docs aren't online yet as far as I can
>>> tell. If you can read native javadoc format:
>>>
>>>
>>> http://svn.apache.org/repos/asf/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/subject/Subject.java
>>>
>>> Otherwise, I'll leave it to Les to answer this one (I've never used
>>> Subject.Builder).
>>>
>>> Cheers,
>>>
>>> Peter
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this list, please visit:
>>
>> http://xircles.codehaus.org/manage_email
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
> http://xircles.codehaus.org/manage_email
>
>
>