You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by gchristman <gc...@cardaddy.com> on 2012/05/02 19:22:21 UTC
Re: Shiro and LDAP authorization
Hi Les, is there any chance you could provide an example of how to construct
and cache an AuthorizationInfo object during authentication? I"d like to
share a piece of my code, perhaps you could help me out.
Page Class,
I get user roles from authenticate as authenticate.getRoles(); I need to
pass them into shiro.
//Remote authentication
RemoteLoginClient client = new RemoteLoginClient();
RemoteSubject authenticate = client.authenticate(username,
password);
//tapestry security authentication
Subject currentUser = SecurityUtils.getSubject();
System.out.println(currentUser);
CustomAuthenticationToken token = new CustomAuthenticationToken
(authenticate.getUsername());
System.out.println("roles" +
currentUser.hasRoles(authenticate.getRoles()));
currentUser.login(token);
This is my realm,
public class CustomRealm extends AuthorizingRealm {
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken
token) throws AuthenticationException {
CustomAuthenticationToken upToken = (CustomAuthenticationToken )
token;
String email = upToken.getUsername();
ApplicationUser applicationUser = (ApplicationUser)
session.createCriteria(ApplicationUser.class)
.add(Restrictions.like("email", email + "%"))
.uniqueResult();
if (applicationUser == null) {
throw new UnknownAccountException("User doesn't exist in EPRS
database");
}
return buildAuthenticationInfo(applicationUser.getId());
}
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection
principals) {
return new SimpleAuthorizationInfo(roleNames);
}
Thanks Les.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-and-LDAP-authorization-tp7096956p7520967.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Shiro and LDAP authorization
Posted by gchristman <gc...@cardaddy.com>.
I answered my own question and wanted to post this in case someone else
needed help or for possible improvement on my solution.
Login.class method
Object onSubmit() {
try {
//Remote Authentication
RemoteLoginClient client = new RemoteLoginClient ();
RemoteSubject authenticate =
client.authenticate(formatUsername(username), password);
//tapestry security authentication
Subject currentUser = SecurityUtils.getSubject();
CustomAuthenticationToken token = new
CustomAuthenticationToken(authenticate.getUsername(),
authenticate.getRoles());
currentUser.login(token);
} //catch errors
}
//Custom token used to hold username and roles which are set from remote
authentication service.
public class CustomAuthenticationToken implements AuthenticationToken {
private String username;
private List<String> roles;
public CustomAuthenticationToken(String username, List<String> roles) {
this.username = username;
this.roles = roles;
}
getters/setters
//Custom Realm used to handle local authentication and authorization.
public class CustomRealm extends AuthorizingRealm {
//Hibernate Session
private final Session session;
public static final String EMPTY_PASSWORD = "";
public CustomRealm(Session session) {
this.session = session;
setCredentialsMatcher(new AllowAllCredentialsMatcher());
setAuthenticationTokenClass(CustomAuthenticationToken.class);
}
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken
token) throws AuthenticationException {
CustomAuthenticationToken customToken = (CustomAuthenticationToken)
token;
String email = customToken .getUsername();
List<String> roles = customToken .getRoles();
User user = (User) session.createCriteria(User.class)
.add(Restrictions.like("email", emai l+ "%"))
.uniqueResult();
if (user == null) {
throw new UnknownAccountException("User doesn't exist in local
database");
}
return new SimpleAuthenticationInfo(new HRIPrincipal(user, roles),
EMPTY_PASSWORD, getName());
}
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection
principals) {
Set<String> roleNames = new LinkedHashSet<String>();
CustomPrincipal primaryPrincipal = (CustomPrincipal)
principals.getPrimaryPrincipal();
for(String role : primaryPrincipal.getRoles()) {
roleNames.add(role);
}
return new SimpleAuthorizationInfo(roleNames);
}
}
//Custom principal used to hold user object and roles
public class CustomPrincipal {
private User user;
private List<String> roles;
public CustomPrincipal() {
}
public CustomPrincipal(User user, List<String> roles) {
this.user = user;
this.roles = roles;
}
getters/setters
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-and-LDAP-authorization-tp7096956p7523553.html
Sent from the Shiro User mailing list archive at Nabble.com.