You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by gchristman <gc...@cardaddy.com> on 2012/05/02 19:22:21 UTC

Re: Shiro and LDAP authorization

Hi Les, is there any chance you could provide an example of how to construct
and cache an AuthorizationInfo object during authentication? I"d like to
share a piece of my code, perhaps you could help me out. 

Page Class,

I get user roles from authenticate as authenticate.getRoles(); I need to
pass them into shiro. 

            //Remote authentication
            RemoteLoginClient client = new RemoteLoginClient();
            RemoteSubject authenticate = client.authenticate(username,
password);

            //tapestry security authentication
            Subject currentUser = SecurityUtils.getSubject();
            System.out.println(currentUser);
            CustomAuthenticationToken token = new CustomAuthenticationToken
(authenticate.getUsername());

            System.out.println("roles" +
currentUser.hasRoles(authenticate.getRoles()));            
            currentUser.login(token);


This is my realm,

public class CustomRealm extends AuthorizingRealm {

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken
token) throws AuthenticationException {
        CustomAuthenticationToken upToken = (CustomAuthenticationToken )
token;
        String email = upToken.getUsername();

        ApplicationUser applicationUser = (ApplicationUser)
session.createCriteria(ApplicationUser.class)
                .add(Restrictions.like("email", email + "%"))
                .uniqueResult();

        if (applicationUser == null) {
            throw new UnknownAccountException("User doesn't exist in EPRS
database");
        }

        return buildAuthenticationInfo(applicationUser.getId());
    }


    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection
principals) {

        return new SimpleAuthorizationInfo(roleNames);
    }

Thanks Les.

--
View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-and-LDAP-authorization-tp7096956p7520967.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: Shiro and LDAP authorization

Posted by gchristman <gc...@cardaddy.com>.

I answered my own question and wanted to post this in case someone else
needed help or for possible improvement on my solution. 

Login.class method

    Object onSubmit() {
        try {
            //Remote Authentication
            RemoteLoginClient client = new RemoteLoginClient ();
            RemoteSubject authenticate =
client.authenticate(formatUsername(username), password);

            //tapestry security authentication
            Subject currentUser = SecurityUtils.getSubject();
            CustomAuthenticationToken token = new
CustomAuthenticationToken(authenticate.getUsername(),
authenticate.getRoles());
            
            currentUser.login(token);
        } //catch errors
    }


//Custom token used to hold username and roles which are set from remote
authentication service.
public class CustomAuthenticationToken implements AuthenticationToken {

    private String username;
    private List<String> roles;
        
    public CustomAuthenticationToken(String username, List<String> roles) {
        this.username = username;
        this.roles = roles;
    }

getters/setters

//Custom Realm used to handle local authentication and authorization.
public class CustomRealm extends AuthorizingRealm {

    //Hibernate Session
    private final Session session;
    public static final String EMPTY_PASSWORD = "";

    public CustomRealm(Session session) {
        this.session = session;
        setCredentialsMatcher(new AllowAllCredentialsMatcher());
        setAuthenticationTokenClass(CustomAuthenticationToken.class);
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken
token) throws AuthenticationException {
        CustomAuthenticationToken customToken = (CustomAuthenticationToken)
token;
        String email = customToken .getUsername();
        List<String> roles = customToken .getRoles();

        User user = (User) session.createCriteria(User.class)
                .add(Restrictions.like("email", emai l+ "%"))
                .uniqueResult();
        
        if (user == null) {
            throw new UnknownAccountException("User doesn't exist in local
database");
        }

        return new SimpleAuthenticationInfo(new HRIPrincipal(user, roles),
EMPTY_PASSWORD, getName());
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection
principals) {
        Set<String> roleNames = new LinkedHashSet<String>();
        
        CustomPrincipal primaryPrincipal = (CustomPrincipal)
principals.getPrimaryPrincipal();

        for(String role : primaryPrincipal.getRoles()) {
            roleNames.add(role);
        }     
        
        return new SimpleAuthorizationInfo(roleNames);
    }
}

//Custom principal used to hold user object and roles
public class CustomPrincipal {
    
    private User user;
    private List<String> roles;

    public CustomPrincipal() {
    }

    public CustomPrincipal(User user, List<String> roles) {
        this.user = user;
        this.roles = roles;
    }

getters/setters

--
View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-and-LDAP-authorization-tp7096956p7523553.html
Sent from the Shiro User mailing list archive at Nabble.com.