You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by lh...@apache.org on 2010/05/09 09:05:57 UTC
svn commit: r942498 [1/2] - in /incubator/shiro/trunk:
core/src/main/java/org/apache/shiro/authc/
core/src/main/java/org/apache/shiro/authc/pam/
core/src/main/java/org/apache/shiro/authz/permission/
core/src/main/java/org/apache/shiro/config/ core/src/...
Author: lhazlewood
Date: Sun May 9 07:05:56 2010
New Revision: 942498
URL: http://svn.apache.org/viewvc?rev=942498&view=rev
Log:
SHIRO-128 - removed all convenience configuration methods and related *Aware and *Registrar interfaces. All configuration can now be done via simple object graph navigation (e.g. securityManager.sessionManager.sessionDAO.blah = someValue). Also added ReflectionBuilder support for configuring byte arrays as String hex-encoded or Base64-encoded values
Added:
incubator/shiro/trunk/core/src/test/java/org/apache/shiro/authc/AbstractAuthenticatorTest.java
- copied, changed from r942483, incubator/shiro/trunk/core/src/test/java/org/apache/shiro/authc/support/AbstractAuthenticatorTest.java
Removed:
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authc/AuthenticationListenerRegistrar.java
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/SecurityManagerAware.java
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/SessionListenerRegistrar.java
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/SessionFactoryAware.java
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/eis/SessionDAOAware.java
incubator/shiro/trunk/core/src/test/java/org/apache/shiro/authc/support/AbstractAuthenticatorTest.java
Modified:
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authc/AbstractAuthenticator.java
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authc/AuthenticationListener.java
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authc/SimpleAuthenticationInfo.java
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authc/pam/ModularRealmAuthenticator.java
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/permission/RolePermissionResolver.java
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/permission/RolePermissionResolverAware.java
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/config/ReflectionBuilder.java
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/AbstractRememberMeManager.java
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/AuthenticatingSecurityManager.java
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/AuthorizingSecurityManager.java
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/DefaultSecurityManager.java
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/RememberMeManager.java
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/SessionsSecurityManager.java
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/realm/AuthorizingRealm.java
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/realm/CachingRealm.java
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/AbstractSessionManager.java
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/AbstractValidatingSessionManager.java
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/DefaultSessionManager.java
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/util/CollectionUtils.java
incubator/shiro/trunk/core/src/test/java/org/apache/shiro/ExceptionTest.java
incubator/shiro/trunk/core/src/test/java/org/apache/shiro/config/CompositeBean.java
incubator/shiro/trunk/core/src/test/java/org/apache/shiro/config/IniSecurityManagerFactoryTest.java
incubator/shiro/trunk/core/src/test/java/org/apache/shiro/config/ReflectionBuilderTest.java
incubator/shiro/trunk/core/src/test/java/org/apache/shiro/config/SimpleBean.java
incubator/shiro/trunk/core/src/test/java/org/apache/shiro/mgt/AbstractRememberMeManagerTest.java
incubator/shiro/trunk/core/src/test/java/org/apache/shiro/session/mgt/DefaultSessionManagerTest.java
incubator/shiro/trunk/samples/aspectj/src/main/java/org/apache/shiro/sample/bank/Account.java
incubator/shiro/trunk/samples/aspectj/src/main/java/org/apache/shiro/sample/bank/AccountTransaction.java
incubator/shiro/trunk/samples/aspectj/src/main/java/org/apache/shiro/sample/bank/SecureBankService.java
incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/DefaultWebSecurityManager.java
incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/WebRememberMeManager.java
incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/config/IniFilterChainResolverFactory.java
incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/mgt/CookieRememberMeManager.java
incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/session/DelegatingWebSessionManager.java
incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/DefaultWebSecurityManagerTest.java
Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authc/AbstractAuthenticator.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authc/AbstractAuthenticator.java?rev=942498&r1=942497&r2=942498&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authc/AbstractAuthenticator.java (original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authc/AbstractAuthenticator.java Sun May 9 07:05:56 2010
@@ -18,51 +18,55 @@
*/
package org.apache.shiro.authc;
-import java.util.ArrayList;
-import java.util.Collection;
-
+import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.apache.shiro.subject.PrincipalCollection;
+import java.util.ArrayList;
+import java.util.Collection;
/**
* Superclass for almost all {@link Authenticator} implementations that performs the common work around authentication
* attempts.
* <p/>
- * <p>This class delegates the actual authentication attempt to subclasses but supports notification for
+ * This class delegates the actual authentication attempt to subclasses but supports notification for
* successful and failed logins as well as logouts. Notification is sent to one or more registered
* {@link AuthenticationListener AuthenticationListener}s to allow for custom processing logic
* when these conditions occur.
* <p/>
- * <p>In most cases, the only thing a subclass needs to do (via its {@link #doAuthenticate} implementation)
- * is perform the actual principal/credential verification process for the submitted <tt>AuthenticationToken</tt>.
+ * In most cases, the only thing a subclass needs to do (via its {@link #doAuthenticate} implementation)
+ * is perform the actual principal/credential verification process for the submitted {@code AuthenticationToken}.
*
* @author Jeremy Haile
* @author Les Hazlewood
* @since 0.1
*/
-public abstract class AbstractAuthenticator implements Authenticator, LogoutAware, AuthenticationListenerRegistrar {
+public abstract class AbstractAuthenticator implements Authenticator, LogoutAware {
- /*--------------------------------------------
+ /*-------------------------------------------
| C O N S T A N T S |
============================================*/
- /** Private class log instance. */
+ /**
+ * Private class log instance.
+ */
private static final Logger log = LoggerFactory.getLogger(AbstractAuthenticator.class);
- /*--------------------------------------------
+ /*-------------------------------------------
| I N S T A N C E V A R I A B L E S |
============================================*/
- /** Any registered listeners that wish to know about things during the authentication process. */
+ /**
+ * Any registered listeners that wish to know about things during the authentication process.
+ */
private Collection<AuthenticationListener> listeners;
- /*--------------------------------------------
+ /*-------------------------------------------
| C O N S T R U C T O R S |
============================================*/
+
/**
* Default no-argument constructor. Ensures the internal
- * {@link AuthenticationListener AuthenticationListener} collection is a non-null <code>ArrayList</code>.
+ * {@link AuthenticationListener AuthenticationListener} collection is a non-null {@code ArrayList}.
*/
public AbstractAuthenticator() {
listeners = new ArrayList<AuthenticationListener>();
@@ -71,6 +75,15 @@ public abstract class AbstractAuthentica
/*--------------------------------------------
| A C C E S S O R S / M O D I F I E R S |
============================================*/
+
+ /**
+ * Sets the {@link AuthenticationListener AuthenticationListener}s that should be notified during authentication
+ * attempts.
+ *
+ * @param listeners one or more {@code AuthenticationListener}s that should be notified due to an
+ * authentication attempt.
+ */
+ @SuppressWarnings({"UnusedDeclaration"})
public void setAuthenticationListeners(Collection<AuthenticationListener> listeners) {
if (listeners == null) {
this.listeners = new ArrayList<AuthenticationListener>();
@@ -79,26 +92,31 @@ public abstract class AbstractAuthentica
}
}
- public void add(AuthenticationListener listener) {
- this.listeners.add(listener);
- }
-
- public boolean remove(AuthenticationListener listener) {
- return this.listeners.remove(listener);
+ /**
+ * Returns the {@link AuthenticationListener AuthenticationListener}s that should be notified during authentication
+ * attempts.
+ *
+ * @return the {@link AuthenticationListener AuthenticationListener}s that should be notified during authentication
+ * attempts.
+ */
+ @SuppressWarnings({"UnusedDeclaration"})
+ public Collection<AuthenticationListener> getAuthenticationListeners() {
+ return this.listeners;
}
/*-------------------------------------------
| M E T H O D S |
============================================*/
+
/**
* Notifies any registered {@link AuthenticationListener AuthenticationListener}s that
- * authentication was successful for the specified <code>token</code> which resulted in the specified
- * <code>info</code>. This implementation merely iterates over the internal <code>listeners</code> collection and
+ * authentication was successful for the specified {@code token} which resulted in the specified
+ * {@code info}. This implementation merely iterates over the internal {@code listeners} collection and
* calls {@link AuthenticationListener#onSuccess(AuthenticationToken, AuthenticationInfo) onSuccess}
* for each.
*
- * @param token the submitted <code>AuthenticationToken</code> that resulted in a successful authentication.
- * @param info the returned <code>AuthenticationInfo</code> resulting from the successful authentication.
+ * @param token the submitted {@code AuthenticationToken} that resulted in a successful authentication.
+ * @param info the returned {@code AuthenticationInfo} resulting from the successful authentication.
*/
protected void notifySuccess(AuthenticationToken token, AuthenticationInfo info) {
for (AuthenticationListener listener : this.listeners) {
@@ -109,13 +127,13 @@ public abstract class AbstractAuthentica
/**
* Notifies any registered {@link AuthenticationListener AuthenticationListener}s that
* authentication failed for the
- * specified <code>token</code> which resulted in the specified <code>ae</code> exception. This implementation merely
- * iterates over the internal <code>listeners</code> collection and calls
+ * specified {@code token} which resulted in the specified {@code ae} exception. This implementation merely
+ * iterates over the internal {@code listeners} collection and calls
* {@link AuthenticationListener#onFailure(AuthenticationToken, AuthenticationException) onFailure}
* for each.
*
- * @param token the submitted <code>AuthenticationToken</code> that resulted in a failed authentication.
- * @param ae the resulting <code>AuthenticationException<code> that caused the authentication to fail.
+ * @param token the submitted {@code AuthenticationToken} that resulted in a failed authentication.
+ * @param ae the resulting {@code AuthenticationException} that caused the authentication to fail.
*/
protected void notifyFailure(AuthenticationToken token, AuthenticationException ae) {
for (AuthenticationListener listener : this.listeners) {
@@ -125,12 +143,12 @@ public abstract class AbstractAuthentica
/**
* Notifies any registered {@link AuthenticationListener AuthenticationListener}s that a
- * <code>Subject</code> has logged-out. This implementation merely
- * iterates over the internal <code>listeners</code> collection and calls
+ * {@code Subject} has logged-out. This implementation merely
+ * iterates over the internal {@code listeners} collection and calls
* {@link AuthenticationListener#onLogout(org.apache.shiro.subject.PrincipalCollection) onLogout}
* for each.
*
- * @param principals the identifying principals of the <code>Subject</code>/account logging out.
+ * @param principals the identifying principals of the {@code Subject}/account logging out.
*/
protected void notifyLogout(PrincipalCollection principals) {
for (AuthenticationListener listener : this.listeners) {
@@ -143,7 +161,7 @@ public abstract class AbstractAuthentica
* {@link #notifyLogout(org.apache.shiro.subject.PrincipalCollection) notifyLogout} to allow any registered listeners
* to react to the logout.
*
- * @param principals the identifying principals of the <code>Subject</code>/account logging out.
+ * @param principals the identifying principals of the {@code Subject}/account logging out.
*/
public void onLogout(PrincipalCollection principals) {
notifyLogout(principals);
@@ -151,18 +169,17 @@ public abstract class AbstractAuthentica
/**
* Implementation of the {@link Authenticator} interface that functions in the following manner:
- * <p/>
* <ol>
* <li>Calls template {@link #doAuthenticate doAuthenticate} method for subclass execution of the actual
* authentication behavior.</li>
- * <li>If an <tt>AuthenticationException</tt> is thrown during <tt>doAuthenticate</tt>,
+ * <li>If an {@code AuthenticationException} is thrown during {@code doAuthenticate},
* {@link #notifyFailure(AuthenticationToken, AuthenticationException) notify} any registered
* {@link AuthenticationListener AuthenticationListener}s of the exception and then propogate the exception
* for the caller to handle.</li>
* <li>If no exception is thrown (indicating a successful login),
* {@link #notifySuccess(AuthenticationToken, AuthenticationInfo) notify} any registered
* {@link AuthenticationListener AuthenticationListener}s of the successful attempt.</li>
- * <li>Return the <tt>AuthenticationInfo</tt></li>
+ * <li>Return the {@code AuthenticationInfo}</li>
* </ol>
*
* @param token the submitted token representing the subject's (user's) login principals and credentials.
@@ -170,8 +187,7 @@ public abstract class AbstractAuthentica
* @throws AuthenticationException if there is any problem during the authentication process - see the
* interface's JavaDoc for a more detailed explanation.
*/
- public final AuthenticationInfo authenticate(AuthenticationToken token)
- throws AuthenticationException {
+ public final AuthenticationInfo authenticate(AuthenticationToken token) throws AuthenticationException {
if (token == null) {
throw new IllegalArgumentException("Method argumet (authentication token) cannot be null.");
@@ -213,8 +229,8 @@ public abstract class AbstractAuthentica
throw ae;
}
-
- log.debug("Authentication successful for token [{}]. Returned account [{}]", token, info );
+
+ log.debug("Authentication successful for token [{}]. Returned account [{}]", token, info);
notifySuccess(token, info);
@@ -224,17 +240,17 @@ public abstract class AbstractAuthentica
/**
* Template design pattern hook for subclasses to implement specific authentication behavior.
* <p/>
- * <p>Common behavior for most authentication attempts is encapsulated in the
+ * Common behavior for most authentication attempts is encapsulated in the
* {@link #authenticate} method and that method invokes this one for custom behavior.
* <p/>
- * <p><b>N.B.</b> Subclasses <em>should</em> throw some kind of
- * <tt>AuthenticationException</tt> if there is a problem during
- * authentication instead of returning <tt>null</tt>. A <tt>null</tt> return value indicates
- * a configuration or programming error, since <tt>AuthenticationException</tt>s should
+ * <b>N.B.</b> Subclasses <em>should</em> throw some kind of
+ * {@code AuthenticationException} if there is a problem during
+ * authentication instead of returning {@code null}. A {@code null} return value indicates
+ * a configuration or programming error, since {@code AuthenticationException}s should
* indicate any expected problem (such as an unknown account or username, or invalid password, etc).
*
* @param token the authentication token encapsulating the user's login information.
- * @return an <tt>AuthenticationInfo</tt> object encapsulating the user's account information
+ * @return an {@code AuthenticationInfo} object encapsulating the user's account information
* important to Shiro.
* @throws AuthenticationException if there is a problem logging in the user.
*/
Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authc/AuthenticationListener.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authc/AuthenticationListener.java?rev=942498&r1=942497&r2=942498&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authc/AuthenticationListener.java (original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authc/AuthenticationListener.java Sun May 9 07:05:56 2010
@@ -50,5 +50,4 @@ public interface AuthenticationListener
* @param principals the identifying principals of the Subject logging out.
*/
void onLogout(PrincipalCollection principals);
- //TODO - should this method receive the PrincipalCollection? Or the original AuthenticationInfo?
}
Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authc/SimpleAuthenticationInfo.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authc/SimpleAuthenticationInfo.java?rev=942498&r1=942497&r2=942498&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authc/SimpleAuthenticationInfo.java (original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authc/SimpleAuthenticationInfo.java Sun May 9 07:05:56 2010
@@ -18,23 +18,23 @@
*/
package org.apache.shiro.authc;
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Set;
-
import org.apache.shiro.subject.MutablePrincipalCollection;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
+
/**
* Simple implementation of the {@link org.apache.shiro.authc.MergableAuthenticationInfo} interface that holds the principals and
* credentials.
*
- * @see org.apache.shiro.realm.AuthenticatingRealm
- * @since 0.9
* @author Jeremy Haile
* @author Les Hazlewood
+ * @see org.apache.shiro.realm.AuthenticatingRealm
+ * @since 0.9
*/
public class SimpleAuthenticationInfo implements MergableAuthenticationInfo {
@@ -60,9 +60,9 @@ public class SimpleAuthenticationInfo im
* This is a convenience constructor and will construct a {@link PrincipalCollection PrincipalCollection} based
* on the <code>principal</code> and <code>realmName</code> argument.
*
- * @param principal the 'primary' principal associated with the specified realm.
+ * @param principal the 'primary' principal associated with the specified realm.
* @param credentials the credentials that verify the given principal.
- * @param realmName the realm from where the principal and credentials were acquired.
+ * @param realmName the realm from where the principal and credentials were acquired.
*/
public SimpleAuthenticationInfo(Object principal, Object credentials, String realmName) {
this.principals = new SimplePrincipalCollection(principal, realmName);
@@ -72,7 +72,8 @@ public class SimpleAuthenticationInfo im
/**
* Constructor that takes in an account's identifying principal(s) and its corresponding credentials that verify
* the principals.
- * @param principals a Realm's account's identifying principal(s)
+ *
+ * @param principals a Realm's account's identifying principal(s)
* @param credentials the accounts corresponding principals that verify the principals.
*/
public SimpleAuthenticationInfo(PrincipalCollection principals, Object credentials) {
@@ -100,6 +101,7 @@ public class SimpleAuthenticationInfo im
/**
* Sets the credentials that verify the principals/identity of the associated Realm account.
+ *
* @param credentials attribute(s) that verify the account's identity/principals, such as a password or private key.
*/
public void setCredentials(Object credentials) {
@@ -108,6 +110,7 @@ public class SimpleAuthenticationInfo im
/**
* Takes the specified <code>info</code> argument and adds its principals and credentials into this instance.
+ *
* @param info the <code>AuthenticationInfo</code> to add into this instance.
*/
@SuppressWarnings("unchecked")
@@ -156,9 +159,10 @@ public class SimpleAuthenticationInfo im
/**
* Returns <code>true</code> if the Object argument is an <code>instanceof SimpleAuthenticationInfo</code> and
* its {@link #getPrincipals() principals} are equal to this instance's principals, <code>false</code> otherwise.
+ *
* @param o the object to compare for equality.
* @return <code>true</code> if the Object argument is an <code>instanceof SimpleAuthenticationInfo</code> and
- * its {@link #getPrincipals() principals} are equal to this instance's principals, <code>false</code> otherwise.
+ * its {@link #getPrincipals() principals} are equal to this instance's principals, <code>false</code> otherwise.
*/
public boolean equals(Object o) {
if (this == o) return true;
@@ -166,6 +170,7 @@ public class SimpleAuthenticationInfo im
SimpleAuthenticationInfo that = (SimpleAuthenticationInfo) o;
+ //noinspection RedundantIfStatement
if (principals != null ? !principals.equals(that.principals) : that.principals != null) return false;
return true;
@@ -173,6 +178,7 @@ public class SimpleAuthenticationInfo im
/**
* Returns the hashcode of the internal {@link #getPrincipals() principals} instance.
+ *
* @return the hashcode of the internal {@link #getPrincipals() principals} instance.
*/
public int hashCode() {
@@ -181,6 +187,7 @@ public class SimpleAuthenticationInfo im
/**
* Simple implementation that merely returns <code>{@link #getPrincipals() principals}.toString()</code>
+ *
* @return <code>{@link #getPrincipals() principals}.toString()</code>
*/
public String toString() {
Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authc/pam/ModularRealmAuthenticator.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authc/pam/ModularRealmAuthenticator.java?rev=942498&r1=942497&r2=942498&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authc/pam/ModularRealmAuthenticator.java (original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authc/pam/ModularRealmAuthenticator.java Sun May 9 07:05:56 2010
@@ -24,24 +24,22 @@ import org.apache.shiro.subject.Principa
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.util.ArrayList;
import java.util.Collection;
-import java.util.List;
/**
* A {@code ModularRealmAuthenticator} delgates account lookups to a pluggable (modular) collection of
* {@link Realm}s. This enables PAM (Pluggable Authentication Module) behavior in Shiro.
* In addition to authorization duties, a Shiro Realm can also be thought of a PAM 'module'.
* <p/>
- * <p>Using this Authenticator allows you to "plug-in" your own
+ * Using this Authenticator allows you to "plug-in" your own
* {@code Realm}s as you see fit. Common realms are those based on accessing
* LDAP, relational databases, file systems, etc.
* <p/>
- * <p>If only one realm is configured (this is often the case for most applications), authentication success is naturally
+ * If only one realm is configured (this is often the case for most applications), authentication success is naturally
* only dependent upon invoking this one Realm's
* {@link Realm#getAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)} method.
* <p/>
- * <p>But if two or more realms are configured, PAM behavior is implemented by iterating over the collection of realms
+ * But if two or more realms are configured, PAM behavior is implemented by iterating over the collection of realms
* and interacting with each over the course of the authentication attempt. As this is more complicated, this
* authenticator allows customized behavior for interpreting what happens when interacting with multiple realms - for
* example, you might require all realms to be successful during the attempt, or perhaps only at least one must be
@@ -49,11 +47,11 @@ import java.util.List;
* {@link #setAuthenticationStrategy(AuthenticationStrategy) AuthenticationStrategy}, which
* you can inject as a property of this class.
* <p/>
- * <p>The strategy object provides callback methods that allow you to
+ * The strategy object provides callback methods that allow you to
* determine what constitutes a success or failure in a multi-realm (PAM) scenario. And because this only makes sense
* in a mult-realm scenario, the strategy object is only utilized when more than one Realm is configured.
* <p/>
- * <p>As most multi-realm applications require at least one Realm authenticates successfully, the default
+ * As most multi-realm applications require at least one Realm authenticates successfully, the default
* implementation is the {@link AtLeastOneSuccessfulStrategy}.
*
* @author Jeremy Haile
@@ -92,54 +90,17 @@ public class ModularRealmAuthenticator e
/**
* Default no-argument constructor which
* {@link #setAuthenticationStrategy(AuthenticationStrategy) enables} an
- * {@link org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy}
- * by default.
+ * {@link org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy} by default.
*/
public ModularRealmAuthenticator() {
this.authenticationStrategy = new AtLeastOneSuccessfulStrategy();
}
- /**
- * Constructor which initializes this {@code Authenticator} with a single realm to use during
- * an authentiation attempt. Because
- * this would set a single realm, no {@link #setAuthenticationStrategy(AuthenticationStrategy)
- * AuthenticationStrategy} would be used during authentication attempts.
- *
- * @param realm the realm to consult during an authentication attempt.
- */
- public ModularRealmAuthenticator(Realm realm) {
- setRealm(realm);
- }
-
- /**
- * Constructor which initializes this {@code Authenticator} with multiple realms that will be
- * consulted during an authentication attempt, effectively enabling PAM (Pluggable Authentication Module)
- * behavior according to the configured
- * {@link #setAuthenticationStrategy(AuthenticationStrategy) AuthenticationStrategy}.
- *
- * @param realms the realms to consult during an authentication attempt.
- */
- public ModularRealmAuthenticator(List<Realm> realms) {
- setRealms(realms);
- }
-
/*--------------------------------------------
| A C C E S S O R S / M O D I F I E R S |
============================================*/
/**
- * Convenience setter for single-realm environments (fairly common). This method just wraps the realm in a
- * collection and then calls {@link #setRealms}.
- *
- * @param realm the realm to consult during authentication attempts.
- */
- public void setRealm(Realm realm) {
- List<Realm> realms = new ArrayList<Realm>(1);
- realms.add(realm);
- setRealms(realms);
- }
-
- /**
* Sets all realms used by this Authenticator, providing PAM (Pluggable Authentication Module) configuration.
*
* @param realms the realms to consult during authentication attempts.
@@ -161,7 +122,7 @@ public class ModularRealmAuthenticator e
* Returns the {@code AuthenticationStrategy} utilized by this modular authenticator during a multi-realm
* log-in attempt. This object is only used when two or more Realms are configured.
* <p/>
- * <p>Unless overridden by
+ * Unless overridden by
* the {@link #setAuthenticationStrategy(AuthenticationStrategy)} method, the default implementation
* is the {@link org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy}.
*
@@ -185,7 +146,6 @@ public class ModularRealmAuthenticator e
/*--------------------------------------------
| M E T H O D S |
- ============================================*/
/**
* Used by the internal {@link #doAuthenticate} implementation to ensure that the {@code realms} property
@@ -193,6 +153,7 @@ public class ModularRealmAuthenticator e
*
* @throws IllegalStateException if the {@code realms} property is configured incorrectly.
*/
+
protected void assertRealmsConfigured() throws IllegalStateException {
Collection<Realm> realms = getRealms();
if (realms == null || realms.isEmpty()) {
@@ -277,7 +238,7 @@ public class ModularRealmAuthenticator e
/**
- * <p>Attempts to authenticate the given token by iterating over the internal collection of
+ * Attempts to authenticate the given token by iterating over the internal collection of
* {@link Realm}s. For each realm, first the {@link Realm#supports(org.apache.shiro.authc.AuthenticationToken)}
* method will be called to determine if the realm supports the {@code authenticationToken} method argument.
* <p/>
@@ -288,7 +249,7 @@ public class ModularRealmAuthenticator e
* the next realm will be consulted. If no realms support the token or all supporting realms return null,
* an {@link AuthenticationException} will be thrown to indicate that the user could not be authenticated.
* <p/>
- * <p>After all realms have been consulted, the information from each realm is aggregated into a single
+ * After all realms have been consulted, the information from each realm is aggregated into a single
* {@link AuthenticationInfo} object and returned.
*
* @param authenticationToken the token containing the authentication principal and credentials for the
@@ -314,7 +275,7 @@ public class ModularRealmAuthenticator e
* <code>((LogoutAware)realm).onLogout(principals)</code> to allow each realm the opportunity to perform
* logout/cleanup operations during an user-logout.
* <p/>
- * <p>Shiro's Realm implementations all implement the {@code LogoutAware} interface by default and can be
+ * Shiro's Realm implementations all implement the {@code LogoutAware} interface by default and can be
* overridden for realm-specific logout logic.
*
* @param principals the application-specific Subject/user identifier.
Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/permission/RolePermissionResolver.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/permission/RolePermissionResolver.java?rev=942498&r1=942497&r2=942498&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/permission/RolePermissionResolver.java (original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/permission/RolePermissionResolver.java Sun May 9 07:05:56 2010
@@ -18,29 +18,26 @@
*/
package org.apache.shiro.authz.permission;
-import java.util.Collection;
-
import org.apache.shiro.authz.Permission;
+import java.util.Collection;
+
/**
- * <p>A RolePermissionResolver resolves a String value and converts it into a Collection of
+ * A RolePermissionResolver resolves a String value and converts it into a Collection of
* {@link org.apache.shiro.authz.Permission} instances.
- * <BR/>
- *
- * In some cases a {@link org.apache.shiro.realm.Realm} my only be able to return a list of roles. This
+ * <p/>
+ * In some cases a {@link org.apache.shiro.realm.Realm} my only be able to return a list of roles. This
* component allows an application to resolve the roles into permissions.
- * <BR/>
- *
- * @author Brian Demers
*
+ * @author Brian Demers
*/
-public interface RolePermissionResolver
-{
+public interface RolePermissionResolver {
+
/**
* Resolves a Collection of Permissions based on the given String representation.
- *
+ *
* @param roleString the String representation of a role name to resolve.
- * @return
+ * @return a Collection of Permissions based on the given String representation.
*/
Collection<Permission> resolvePermissionsInRole(String roleString);
Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/permission/RolePermissionResolverAware.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/permission/RolePermissionResolverAware.java?rev=942498&r1=942497&r2=942498&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/permission/RolePermissionResolverAware.java (original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/permission/RolePermissionResolverAware.java Sun May 9 07:05:56 2010
@@ -35,7 +35,7 @@ public interface RolePermissionResolverA
/**
* Sets the specified <tt>RolePermissionResolver</tt> on this instance.
*
- * @param pr the <tt>RolePermissionResolver</tt> being set.
+ * @param rpr the <tt>RolePermissionResolver</tt> being set.
*/
public void setRolePermissionResolver(RolePermissionResolver rpr);
}
Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/config/ReflectionBuilder.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/config/ReflectionBuilder.java?rev=942498&r1=942497&r2=942498&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/config/ReflectionBuilder.java (original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/config/ReflectionBuilder.java Sun May 9 07:05:56 2010
@@ -20,6 +20,8 @@ package org.apache.shiro.config;
import org.apache.commons.beanutils.BeanUtils;
import org.apache.commons.beanutils.PropertyUtils;
+import org.apache.shiro.codec.Base64;
+import org.apache.shiro.codec.Hex;
import org.apache.shiro.util.ClassUtils;
import org.apache.shiro.util.CollectionUtils;
import org.apache.shiro.util.Nameable;
@@ -50,6 +52,7 @@ public class ReflectionBuilder {
private static final String ESCAPED_OBJECT_REFERENCE_BEGIN_TOKEN = "\\$";
private static final String GLOBAL_PROPERTY_PREFIX = "shiro";
private static final char MAP_KEY_VALUE_DELIMITER = ':';
+ private static final String HEX_BEGIN_TOKEN = "0x";
private Map<String, ?> objects;
@@ -231,13 +234,16 @@ public class ReflectionBuilder {
return getReferencedObject(id);
}
- protected boolean isSetProperty(Object object, String propertyName) {
+ protected boolean isTypedProperty(Object object, String propertyName, Class clazz) {
+ if (clazz == null) {
+ throw new NullPointerException("type (class) argument cannot be null.");
+ }
try {
PropertyDescriptor descriptor = PropertyUtils.getPropertyDescriptor(object, propertyName);
- Class clazz = descriptor.getPropertyType();
- return Set.class.isAssignableFrom(clazz);
+ Class propertyClazz = descriptor.getPropertyType();
+ return clazz.isAssignableFrom(propertyClazz);
} catch (Exception e) {
- String msg = "Unable to determine if property [" + propertyName + "] represents a java.util.Set";
+ String msg = "Unable to determine if property [" + propertyName + "] represents a " + clazz.getName();
throw new ConfigurationException(msg, e);
}
}
@@ -258,43 +264,6 @@ public class ReflectionBuilder {
return values;
}
- protected boolean isListProperty(Object object, String propertyName) {
- try {
- PropertyDescriptor descriptor = PropertyUtils.getPropertyDescriptor(object, propertyName);
- Class clazz = descriptor.getPropertyType();
- return List.class.isAssignableFrom(clazz);
- } catch (Exception e) {
- String msg = "Unable to determine if property [" + propertyName + "] represents a java.util.List";
- throw new ConfigurationException(msg, e);
- }
- }
-
- protected List<?> toList(String sValue) {
- String[] tokens = StringUtils.split(sValue);
- if (tokens == null || tokens.length <= 0) {
- return null;
- }
-
- //now convert into correct values and/or references:
- List<Object> values = new ArrayList<Object>(tokens.length);
- for (String token : tokens) {
- Object value = resolveValue(token);
- values.add(value);
- }
- return values;
- }
-
- protected boolean isMapProperty(Object object, String propertyName) {
- try {
- PropertyDescriptor descriptor = PropertyUtils.getPropertyDescriptor(object, propertyName);
- Class clazz = descriptor.getPropertyType();
- return Map.class.isAssignableFrom(clazz);
- } catch (Exception e) {
- String msg = "Unable to determine if property [" + propertyName + "] represents a java.util.Map";
- throw new ConfigurationException(msg, e);
- }
- }
-
protected Map<?, ?> toMap(String sValue) {
String[] tokens = StringUtils.split(sValue, StringUtils.DEFAULT_DELIMITER_CHAR,
StringUtils.DEFAULT_QUOTE_CHAR, StringUtils.DEFAULT_QUOTE_CHAR, true, true);
@@ -324,6 +293,37 @@ public class ReflectionBuilder {
return map;
}
+
+ protected List<?> toList(String sValue) {
+ String[] tokens = StringUtils.split(sValue);
+ if (tokens == null || tokens.length <= 0) {
+ return null;
+ }
+
+ //now convert into correct values and/or references:
+ List<Object> values = new ArrayList<Object>(tokens.length);
+ for (String token : tokens) {
+ Object value = resolveValue(token);
+ values.add(value);
+ }
+ return values;
+ }
+
+ protected byte[] toBytes(String sValue) {
+ if (sValue == null) {
+ return null;
+ }
+ byte[] bytes;
+ if (sValue.startsWith(HEX_BEGIN_TOKEN)) {
+ String hex = sValue.substring(HEX_BEGIN_TOKEN.length());
+ bytes = Hex.decode(hex);
+ } else {
+ //assume base64 encoded:
+ bytes = Base64.decode(sValue);
+ }
+ return bytes;
+ }
+
protected Object resolveValue(String stringValue) {
Object value;
if (isReference(stringValue)) {
@@ -339,12 +339,15 @@ public class ReflectionBuilder {
Object value;
- if (isSetProperty(object, propertyName)) {
+ if (isTypedProperty(object, propertyName, Set.class)) {
value = toSet(stringValue);
- } else if (isListProperty(object, propertyName)) {
- value = toList(stringValue);
- } else if (isMapProperty(object, propertyName)) {
+ } else if (isTypedProperty(object, propertyName, Map.class)) {
value = toMap(stringValue);
+ } else if (isTypedProperty(object, propertyName, List.class) ||
+ isTypedProperty(object, propertyName, Collection.class)) {
+ value = toList(stringValue);
+ } else if (isTypedProperty(object, propertyName, byte[].class)) {
+ value = toBytes(stringValue);
} else {
value = resolveValue(stringValue);
}
Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/AbstractRememberMeManager.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/AbstractRememberMeManager.java?rev=942498&r1=942497&r2=942498&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/AbstractRememberMeManager.java (original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/AbstractRememberMeManager.java Sun May 9 07:05:56 2010
@@ -23,7 +23,6 @@ import org.apache.shiro.authc.Authentica
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.RememberMeAuthenticationToken;
import org.apache.shiro.codec.Base64;
-import org.apache.shiro.codec.Hex;
import org.apache.shiro.crypto.AesCipherService;
import org.apache.shiro.crypto.CipherService;
import org.apache.shiro.io.DefaultSerializer;
@@ -157,26 +156,11 @@ public abstract class AbstractRememberMe
* inspection of Subject identity data.
* <p/>
* If the CipherService is a symmetric CipherService (using the same key for both encryption and decryption), you
- * should set your key via one of the three following methods:
- * <ul>
- * <li>{@link #setCipherKey(byte[])}</li>
- * <li>{@link #setCipherKeyBase64(String)}, or</li>
- * <li>{@link #setCipherKeyHex(String)}</li>
- * </ul>
+ * should set your key via the {@link #setCipherKey(byte[])} method.
* <p/>
* If the CipherService is an asymmetric CipherService (different keys for encryption and decryption, such as
- * public/private key pairs), you should set your encryption key via one of these methods:
- * <ul>
- * <li>{@link #setEncryptionCipherKey(byte[])}</li>
- * <li>{@link #setEncryptionCipherKeyHex(String)}, or</li>
- * <li>{@link #setEncryptionCipherKeyBase64(String)}</li>
- * </ul>
- * Similarly, you can set the decryption key via one of these methods:
- * <ul>
- * <li>{@link #setDecryptionCipherKey(byte[])}</li>
- * <li>{@link #setDecryptionCipherKeyHex(String)}, or</li>
- * <li>{@link #setDecryptionCipherKeyBase64(String)}</li>
- * </ul>
+ * public/private key pairs), you should set your encryption and decryption key via the respective
+ * {@link #setEncryptionCipherKey(byte[])} and {@link #setDecryptionCipherKey(byte[])} methods.
* <p/>
* <b>N.B.</b> Unless overridden by this method, the default CipherService instance is an
* {@link AesCipherService}. This {@code RememberMeManager} implementation already has a configured symmetric key
@@ -201,9 +185,7 @@ public abstract class AbstractRememberMe
}
/**
- * Sets the encryption key to use for encryption operations. If setting the key via text configuration mechanisms,
- * the {@link #setEncryptionCipherKeyHex(String) encryptionCipherKeyHex} or
- * {@link #setEncryptionCipherKeyBase64(String) encryptionCipherKeyBase64} methods are probably more convenient.
+ * Sets the encryption key to use for encryption operations.
*
* @param encryptionCipherKey the encryption key to use for encryption operations.
* @see #setCipherService for a description of the various {@code get/set*Key} methods.
@@ -213,30 +195,6 @@ public abstract class AbstractRememberMe
}
/**
- * Convenience method that allows configuration of the encryption cipher key by specifying a
- * {@code hex}-encoded string. The string is {@code hex}-decoded and the resulting byte array is used
- * as the {@link #setEncryptionCipherKey(byte[]) encryptionCipherKey}.
- *
- * @param hex hex-encoded encryption cipher key to decode into the raw encryption cipher key bytes.
- * @see #setCipherService for a description of the various {@code get/set*Key} methods.
- */
- public void setEncryptionCipherKeyHex(String hex) {
- setEncryptionCipherKey(Hex.decode(hex));
- }
-
- /**
- * Convenience method that allows configuration of the encryption cipher key by specifying a
- * {@code BASE 64}-encoded string. The string is {@code BASE 64}-decoded and the resulting byte array is used
- * as the {@link #setEncryptionCipherKey(byte[]) encryptionCipherKey}.
- *
- * @param base64 base64-encoded encryption cipher key to decode into the raw encryption cipher key bytes
- * @see #setCipherService for a description of the various {@code get/set*Key} methods.
- */
- public void setEncryptionCipherKeyBase64(String base64) {
- setEncryptionCipherKey(Base64.decode(base64));
- }
-
- /**
* Returns the decryption cipher key to use for decryption operations.
*
* @return the cipher key to use for decryption operations.
@@ -247,9 +205,7 @@ public abstract class AbstractRememberMe
}
/**
- * Sets the decryption key to use for decryption operations. If setting the key via text configuration mechanisms,
- * the {@link #setDecryptionCipherKeyHex(String) decryptionCipherKeyHex} or
- * {@link #setDecryptionCipherKeyBase64(String) decryptionCipherKeyBase64} methods are probably more convenient.
+ * Sets the decryption key to use for decryption operations.
*
* @param decryptionCipherKey the decryption key to use for decryption operations.
* @see #setCipherService for a description of the various {@code get/set*Key} methods.
@@ -259,30 +215,6 @@ public abstract class AbstractRememberMe
}
/**
- * Convenience method that allows configuration of the decryption cipher key by specifying a
- * {@code hex}-encoded string. The string is {@code hex}-decoded and the resulting byte array is used
- * as the {@link #setDecryptionCipherKey(byte[]) decryptionCipherKey}.
- *
- * @param hex hex-encoded decryption cipher key to decode into the raw decryption cipher key bytes.
- * @see #setCipherService for a description of the various {@code get/set*Key} methods.
- */
- public void setDecryptionCipherKeyHex(String hex) {
- setDecryptionCipherKey(Hex.decode(hex));
- }
-
- /**
- * Convenience method that allows configuration of the decryption cipher key by specifying a
- * {@code BASE 64}-encoded string. The string is {@code BASE 64}-decoded and the resulting byte array is used
- * as the {@link #setDecryptionCipherKey(byte[]) decryptionCipherKey}.
- *
- * @param base64 base64-encoded decryption cipher key to decode into the raw decryption cipher key bytes
- * @see #setCipherService for a description of the various {@code get/set*Key} methods.
- */
- public void setDecryptionCipherKeyBase64(String base64) {
- setDecryptionCipherKey(Base64.decode(base64));
- }
-
- /**
* Convenience method that returns the cipher key to use for <em>both</em> encryption and decryption.
* <p/>
* <b>N.B.</b> This method can only be called if the underlying {@link #getCipherService() cipherService} is a symmetric
@@ -322,53 +254,6 @@ public abstract class AbstractRememberMe
}
/**
- * Convenience method that allows configuration of the (symmetric) cipher key by specifying a
- * {@code hex}-encoded string. The string is {@code hex}-decoded and the resulting byte array is used
- * as the {@link #setCipherKey(byte[]) cipherKey}.
- * <p/>
- * <b>N.B.</b> This is a convenience method to set <em>both</em> the {@link CipherService} encryption key and the
- * decryption key and should only be called if using a symmetric CipherService. If using an asymmetric CipherService
- * (such as a public/private key pair) you cannot call this method and instead should use the
- * {@link #setEncryptionCipherKeyHex(String)} and {@link #setDecryptionCipherKeyHex(String)} methods instead.
- * <p/>
- * The default {@link AesCipherService} instance is a symmetric CipherService, so this method can be used if you are
- * using the default.
- *
- * @param hex hex-encoded symmetric cipher key to decode into the raw cipher key bytes.
- */
- public void setCipherKeyHex(String hex) {
- setCipherKey(Hex.decode(hex));
- }
-
- /**
- * Convenience method that allows configuration of the (symmetric) cipher key
- * by specifying a {@code BASE 64}-encoded string. The string is {@code BASE 64}-decoded and the resulting byte
- * array is used as the {@link #setCipherKey(byte[]) cipherKey}.
- * <p/>
- * <b>N.B.</b> This is a convenience method to set <em>both</em> the {@link CipherService} encryption key and the
- * decryption key and should only be called if using a symmetric CipherService. If using an asymmetric
- * CipherService, you cannot call this method and instead should use the {@link #setEncryptionCipherKeyBase64(String)}
- * and {@link #setDecryptionCipherKeyBase64(String)} methods instead.
- * <p/>
- * The default {@link AesCipherService} instance is a symmetric CipherService, so this method can be used if you are
- * using the default.
- *
- * @param base64 base64-encoded symmetric cipher key to decode into the raw cipher key bytes.
- */
- public void setCipherKeyBase64(String base64) {
- setCipherKey(Base64.decode(base64));
- }
-
- /**
- * Forgets (removes) any remembered identity data for the subject being built by the specified {@code context}
- * argument. The context map is usually populated by a {@link Subject.Builder} implementation.
- *
- * @param subjectContext the contextual data, usually provided by a {@link Subject.Builder} implementation, that
- * is being used to construct a {@link Subject} instance.
- */
- protected abstract void forgetIdentity(SubjectContext subjectContext);
-
- /**
* Forgets (removes) any remembered identity data for the specified {@link Subject} instance.
*
* @param subject the subject instance for which identity data should be forgotten from the underlying persistence
Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/AuthenticatingSecurityManager.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/AuthenticatingSecurityManager.java?rev=942498&r1=942497&r2=942498&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/AuthenticatingSecurityManager.java (original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/AuthenticatingSecurityManager.java Sun May 9 07:05:56 2010
@@ -18,15 +18,10 @@
*/
package org.apache.shiro.mgt;
-import java.util.Collection;
-
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
-import org.apache.shiro.authc.AuthenticationListener;
-import org.apache.shiro.authc.AuthenticationListenerRegistrar;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.Authenticator;
-import org.apache.shiro.authc.pam.AuthenticationStrategy;
import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
import org.apache.shiro.util.LifecycleUtils;
@@ -46,7 +41,7 @@ import org.apache.shiro.util.LifecycleUt
* @author Les Hazlewood
* @since 0.9
*/
-public abstract class AuthenticatingSecurityManager extends RealmSecurityManager implements AuthenticationListenerRegistrar {
+public abstract class AuthenticatingSecurityManager extends RealmSecurityManager {
/**
* The internal <code>Authenticator</code> delegate instance that this SecurityManager instance will use
@@ -95,82 +90,6 @@ public abstract class AuthenticatingSecu
}
/**
- * Sets the {@link org.apache.shiro.authc.pam.AuthenticationStrategy} to use
- * in multi-realm environments.
- *
- * @param strategy the <code>AuthenticationStrategy</code> to use in multi-realm environments.
- */
- public void setAuthenticationStrategy(AuthenticationStrategy strategy) {
- if (!(this.authenticator instanceof ModularRealmAuthenticator)) {
- String msg = "Configuring a AuthenticationStrategy is only applicable when the underlying " +
- "Authenticator implementation is a " + ModularRealmAuthenticator.class.getName() +
- " implementation. This SecurityManager has been configured with an Authenticator of type " +
- this.authenticator.getClass().getName();
- throw new IllegalStateException(msg);
- }
- ((ModularRealmAuthenticator) this.authenticator).setAuthenticationStrategy(strategy);
- }
-
- /**
- * This is a convenience method that allows registration of AuthenticationListeners with the underlying
- * delegate Authenticator instance.
- *
- * <p>This is more convenient than having to configure your own Authenticator instance, inject the listeners on
- * it, and then set that Authenticator instance as an attribute of this class. Instead, you can just rely
- * on the <tt>SecurityManager</tt>'s default initialization logic to create the Authenticator instance for you
- * and then apply these <tt>AuthenticationListener</tt>s on your behalf.
- *
- * <p>One notice however: The underlying Authenticator delegate must implement the
- * {@link org.apache.shiro.authc.AuthenticationListenerRegistrar AuthenticationListenerRegistrar}
- * interface in order for these listeners to be applied. If it does not implement this interface, it is
- * considered a configuration error and an exception will be thrown.
- *
- * <p>All of Shiro's <tt>Authenticator</tt> implementations implement the
- * <tt>AuthenticationListenerRegistrar</tt> interface, so you would only need
- * to worry about an exception being thrown if you provided your own Authenticator instance and did not
- * implement it.
- *
- * @param listeners the <tt>AuthenticationListener</tt>s to register with the underlying delegate
- * <tt>Authenticator</tt>.
- */
- public void setAuthenticationListeners(Collection<AuthenticationListener> listeners) {
- assertAuthenticatorListenerSupport();
- if (!(this.authenticator instanceof AuthenticationListenerRegistrar)) {
- String msg = "Configuring a AuthenticationStrategy is only applicable when the underlying " +
- "Authenticator implementation is a " + AuthenticationListenerRegistrar.class.getName() +
- " implementation. This SecurityManager has been configured with an Authenticator of type " +
- this.authenticator.getClass().getName() + ", which does not implement that interface.";
- throw new IllegalStateException(msg);
- }
- ((AuthenticationListenerRegistrar) this.authenticator).setAuthenticationListeners(listeners);
- }
-
- public void add(AuthenticationListener listener) {
- assertAuthenticatorListenerSupport();
- ((AuthenticationListenerRegistrar) this.authenticator).add(listener);
- }
-
- public boolean remove(AuthenticationListener listener) {
- return (this.authenticator instanceof AuthenticationListenerRegistrar) &&
- ((AuthenticationListenerRegistrar) this.authenticator).remove(listener);
- }
-
- /**
- * Ensures that <code>this.authenticator</code> implements the
- * {@link org.apache.shiro.authc.AuthenticationListenerRegistrar AuthenticationListenerRegistrar} interface to ensure
- * listeners can be registered.
- */
- private void assertAuthenticatorListenerSupport() {
- if (!(this.authenticator instanceof AuthenticationListenerRegistrar)) {
- String msg = "AuthenticationListener registration failed: The underlying Authenticator instance of " +
- "type [" + this.authenticator.getClass().getName() + "] does not implement the " +
- AuthenticationListenerRegistrar.class.getName() + " interface and therefore cannot support " +
- "runtime registration of AuthenticationListeners.";
- throw new IllegalStateException(msg);
- }
- }
-
- /**
* Passes on the {@link #getRealms() realms} to the internal delegate <code>Authenticator</code> instance so
* that it may use them during authentication attempts.
*/
Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/AuthorizingSecurityManager.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/AuthorizingSecurityManager.java?rev=942498&r1=942497&r2=942498&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/AuthorizingSecurityManager.java (original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/AuthorizingSecurityManager.java Sun May 9 07:05:56 2010
@@ -18,18 +18,16 @@
*/
package org.apache.shiro.mgt;
-import java.util.Collection;
-import java.util.List;
-
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.Authorizer;
import org.apache.shiro.authz.ModularRealmAuthorizer;
import org.apache.shiro.authz.Permission;
-import org.apache.shiro.authz.permission.PermissionResolver;
-import org.apache.shiro.authz.permission.PermissionResolverAware;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.LifecycleUtils;
+import java.util.Collection;
+import java.util.List;
+
/**
* Shiro support of a {@link SecurityManager} class hierarchy that delegates all
@@ -47,7 +45,7 @@ import org.apache.shiro.util.LifecycleUt
* @author Les Hazlewood
* @since 0.9
*/
-public abstract class AuthorizingSecurityManager extends AuthenticatingSecurityManager implements PermissionResolverAware {
+public abstract class AuthorizingSecurityManager extends AuthenticatingSecurityManager {
/**
* The wrapped instance to which all of this <tt>SecurityManager</tt> authorization calls are delegated.
@@ -89,32 +87,6 @@ public abstract class AuthorizingSecurit
}
/**
- * Sets the <tt>PermissionResolver</tt> instance that will be passed on to the underlying default wrapped
- * {@link Authorizer Authorizer}.
- *
- * <p>This is a convenience method: it allows you to configure an application-wide
- * <tt>PermissionResolver</tt> on the <tt>SecurityManager</tt> instance, and it will trickle its way down to the
- * 'real' authorizer and/or underlying Realms. This is easier to configure at the <tt>SecurityManager</tt> level
- * than constructing your own object graph just to configure a <tt>PermissionResolver</tt> instance on objects
- * deep in the graph.
- *
- * @param permissionResolver the <tt>PermissionResolver</tt> instance to set on the wrapped <tt>Authorizer</tt>
- * @throws IllegalStateException if the underlying <code>Authorizer</code> does not implement the
- * {@link PermissionResolverAware PermissionResolverAware} interface, which ensures that the resolver can be registered.
- */
- public void setPermissionResolver(PermissionResolver permissionResolver) {
- Authorizer authz = getAuthorizer();
- if (authz instanceof PermissionResolverAware) {
- ((PermissionResolverAware) authz).setPermissionResolver(permissionResolver);
- } else {
- String msg = "Underlying Authorizer instance does not implement the " +
- PermissionResolverAware.class.getName() + " interface. This is required to support " +
- "passthrough configuration of a PermissionResolver.";
- throw new IllegalStateException(msg);
- }
- }
-
- /**
* First calls <code>super.afterRealmsSet()</code> and then sets these same <code>Realm</code> objects on this
* instance's wrapped {@link Authorizer Authorizer}.
* <p/>
Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/DefaultSecurityManager.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/DefaultSecurityManager.java?rev=942498&r1=942497&r2=942498&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/DefaultSecurityManager.java (original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/DefaultSecurityManager.java Sun May 9 07:05:56 2010
@@ -20,7 +20,6 @@ package org.apache.shiro.mgt;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.Authorizer;
-import org.apache.shiro.crypto.CipherService;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.session.InvalidSessionException;
import org.apache.shiro.session.Session;
@@ -35,15 +34,8 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.Serializable;
-import java.lang.Exception;
-import java.lang.IllegalArgumentException;
-import java.lang.IllegalStateException;
-import java.lang.String;
-import java.lang.SuppressWarnings;
import java.util.Collection;
-import org.apache.shiro.mgt.SecurityManager;
-
/**
* The Shiro framework's default concrete implementation of the {@link SecurityManager} interface,
* based around a collection of {@link org.apache.shiro.realm.Realm}s. This implementation delegates its
@@ -130,56 +122,6 @@ public class DefaultSecurityManager exte
this.rememberMeManager = rememberMeManager;
}
- private AbstractRememberMeManager getRememberMeManagerForCipherAttributes() {
- if (!(this.rememberMeManager instanceof AbstractRememberMeManager)) {
- String msg = "The convenience passthrough methods for setting remember me cipher attributes " +
- "are only available when the underlying RememberMeManager implementation is a subclass of " +
- AbstractRememberMeManager.class.getName() + ".";
- throw new IllegalStateException(msg);
- }
- return (AbstractRememberMeManager) this.rememberMeManager;
- }
-
- public void setRememberMeCipherService(CipherService cipherService) {
- getRememberMeManagerForCipherAttributes().setCipherService(cipherService);
- }
-
- public void setRememberMeCipherKey(byte[] bytes) {
- getRememberMeManagerForCipherAttributes().setCipherKey(bytes);
- }
-
- public void setRememberMeCipherKeyHex(String hex) {
- getRememberMeManagerForCipherAttributes().setCipherKeyHex(hex);
- }
-
- public void setRememberMeCipherKeyBase64(String base64) {
- getRememberMeManagerForCipherAttributes().setCipherKeyBase64(base64);
- }
-
- public void setRememberMeEncryptionCipherKey(byte[] bytes) {
- getRememberMeManagerForCipherAttributes().setEncryptionCipherKey(bytes);
- }
-
- public void setRememberMeEncryptionCipherKeyHex(String hex) {
- getRememberMeManagerForCipherAttributes().setEncryptionCipherKeyHex(hex);
- }
-
- public void setRememberMeEncryptionCipherKeyBase64(String base64) {
- getRememberMeManagerForCipherAttributes().setEncryptionCipherKeyBase64(base64);
- }
-
- public void setRememberMeDecryptionCipherKey(byte[] bytes) {
- getRememberMeManagerForCipherAttributes().setDecryptionCipherKey(bytes);
- }
-
- public void setRememberMeDecryptionCipherKeyHex(String hex) {
- getRememberMeManagerForCipherAttributes().setDecryptionCipherKeyHex(hex);
- }
-
- public void setRememberMeDecryptionCipherKeyBase64(String base64) {
- getRememberMeManagerForCipherAttributes().setDecryptionCipherKeyBase64(base64);
- }
-
protected Session getSession(Serializable id) {
checkValid(id);
return new DelegatingSession(this, id);
@@ -427,7 +369,7 @@ public class DefaultSecurityManager exte
Session session = getSession(sessionId);
context.setSession(session);
} catch (InvalidSessionException e) {
- onInvalidSessionId(sessionId, e);
+ onInvalidSessionId(context, sessionId, e);
log.debug("Referenced sessionId {} is invalid. Ignoring and creating an anonymous " +
"(session-less) Subject instance.", sessionId);
if (log.isTraceEnabled()) {
@@ -475,11 +417,12 @@ public class DefaultSecurityManager exte
* Allows subclasses to react to the fact that a specified/referenced session id was invalid. Default
* implementation does nothing (no-op).
*
- * @param sessionId the session id that was discovered to be invalid (no session, expired, etc).
- * @param e the exception thrown upon encountering the invalid session id
+ * @param subjectContext the subjectContext from where the sessionId was discovered
+ * @param sessionId the session id that was discovered to be invalid (no session, expired, etc).
+ * @param e the exception thrown upon encountering the invalid session id
* @since 1.0
*/
- protected void onInvalidSessionId(Serializable sessionId, InvalidSessionException e) {
+ protected void onInvalidSessionId(SubjectContext subjectContext, Serializable sessionId, InvalidSessionException e) {
}
/**
Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/RememberMeManager.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/RememberMeManager.java?rev=942498&r1=942497&r2=942498&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/RememberMeManager.java (original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/RememberMeManager.java Sun May 9 07:05:56 2010
@@ -49,6 +49,18 @@ public interface RememberMeManager {
PrincipalCollection getRememberedPrincipals(SubjectContext subjectContext);
/**
+ * Forgets any remembered identity corresponding to the subject context map being used to build a subject instance.
+ * <p/>
+ * The context map is usually populated by a {@link Subject.Builder} implementation.
+ * See the {@link SubjectFactory} class constants for Shiro's known map keys.
+ *
+ * @param subjectContext the contextual data, usually provided by a {@link Subject.Builder} implementation, that
+ * is being used to construct a {@link Subject} instance.
+ * @since 1.0
+ */
+ void forgetIdentity(SubjectContext subjectContext);
+
+ /**
* Reacts to a successful authentication attempt, typically saving the principals to be retrieved ('remembered')
* for future system access.
*
Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/SessionsSecurityManager.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/SessionsSecurityManager.java?rev=942498&r1=942497&r2=942498&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/SessionsSecurityManager.java (original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/SessionsSecurityManager.java Sun May 9 07:05:56 2010
@@ -22,11 +22,8 @@ import org.apache.shiro.authz.Authorizat
import org.apache.shiro.cache.CacheManagerAware;
import org.apache.shiro.session.InvalidSessionException;
import org.apache.shiro.session.Session;
-import org.apache.shiro.session.SessionListener;
-import org.apache.shiro.session.SessionListenerRegistrar;
-import org.apache.shiro.session.mgt.*;
-import org.apache.shiro.session.mgt.eis.SessionDAO;
-import org.apache.shiro.session.mgt.eis.SessionDAOAware;
+import org.apache.shiro.session.mgt.DefaultSessionManager;
+import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.util.LifecycleUtils;
import java.io.Serializable;
@@ -51,8 +48,7 @@ import java.util.Map;
* @author Les Hazlewood
* @since 0.9
*/
-public abstract class SessionsSecurityManager extends AuthorizingSecurityManager
- implements SessionListenerRegistrar, SessionFactoryAware, SessionDAOAware {
+public abstract class SessionsSecurityManager extends AuthorizingSecurityManager {
/**
* The internal delegate <code>SessionManager</code> used by this security manager that manages all the
@@ -113,36 +109,6 @@ public abstract class SessionsSecurityMa
}
/**
- * @since 1.0
- */
- public void setSessionFactory(SessionFactory sessionFactory) {
- SessionManager sm = getSessionManager();
- if (sm instanceof SessionFactoryAware) {
- ((SessionFactoryAware) sm).setSessionFactory(sessionFactory);
- } else {
- String msg = "The underlying session manager is null or does not implement the " +
- SessionFactory.class.getName() + " interface, which is required if the underlying " +
- "instance is to receive the sessionFactory argument.";
- throw new IllegalArgumentException(msg);
- }
- }
-
- /**
- * @since 1.0
- */
- public void setSessionDAO(SessionDAO sessionDAO) {
- SessionManager sm = getSessionManager();
- if (sm instanceof SessionDAOAware) {
- ((SessionDAOAware) sm).setSessionDAO(sessionDAO);
- } else {
- String msg = "The underlying SessionManager is null or does not implement the " +
- SessionDAOAware.class.getName() + " interface, which is required if it is " +
- "to receive the sessionDAO argument.";
- throw new IllegalArgumentException(msg);
- }
- }
-
- /**
* Ensures the internal delegate <code>SessionManager</code> is injected with the newly set
* {@link #setCacheManager CacheManager} so it may use it for its internal caching needs.
* <p/>
@@ -155,120 +121,6 @@ public abstract class SessionsSecurityMa
}
}
- /**
- * This is a convenience method that allows registration of SessionListeners with the underlying delegate
- * SessionManager at startup.
- * <p/>
- * This is more convenient than having to configure your own SessionManager instance, inject the listeners on
- * it, and then set that SessionManager instance as an attribute of this class. Instead, you can just rely
- * on the <tt>SecurityManager</tt> to apply these <tt>SessionListener</tt>s on your behalf.
- * <p/>
- * One notice however: The underlying SessionManager delegate must implement the
- * {@link SessionListenerRegistrar SessionListenerRegistrar} interface in order for these listeners to
- * be applied. If it does not implement this interface, it is considered a configuration error and an exception
- * will be thrown.
- *
- * @param sessionListeners the <tt>SessionListener</tt>s to register with the underlying delegate
- * <tt>SessionManager</tt> at startup.
- */
- public void setSessionListeners(Collection<SessionListener> sessionListeners) {
- assertSessionListenerSupport();
- ((SessionListenerRegistrar) this.sessionManager).setSessionListeners(sessionListeners);
- }
-
- private void assertSessionManager(Class<? extends SessionManager> requiredType) {
- if (this.sessionManager == null) {
- throw new IllegalStateException("SessionManager is null - cannot configure property!");
- }
- if (!(requiredType.isInstance(this.sessionManager))) {
- String msg = "Property configuration failed. The target property is only configurable when the " +
- "underlying SessionManager instance is a part of the " +
- "[" + requiredType.getName() + "] class hierarchy. " +
- "The current SessionManager is of type [" + this.sessionManager.getClass().getName() + "]. " +
- "This might occur for example if you're trying to set the validation interval or auto session " +
- "creation in a servlet container-backed session environment ('http' session mode). If that is " +
- "the case however, that property is only useful when using 'native' session mode and using " +
- "Shiro enterprise sessions which do not rely on a servlet container.";
- throw new IllegalStateException(msg);
- }
- }
-
- /**
- * Passthrough configuration property to the underlying {@link AbstractSessionManager AbstractSessionManager}
- * instance. Please read the
- * {@link org.apache.shiro.session.mgt.AbstractSessionManager#getGlobalSessionTimeout() AbstractSessionManager.getGlobalSessionTimeout()}
- * for more.
- *
- * @return the time in milliseconds that any {@link Session Session} may remain idle before expiring.
- * @throws IllegalStateException if the underlying {@code SessionManager} instance is not a subclass of
- * {@link AbstractSessionManager AbstractSessionManager}.
- * @see org.apache.shiro.session.mgt.AbstractSessionManager#getGlobalSessionTimeout()
- */
- public long getGlobalSessionTimeout() {
- assertSessionManager(AbstractSessionManager.class);
- return ((AbstractSessionManager) this.sessionManager).getGlobalSessionTimeout();
- }
-
- /**
- * Passthrough configuration property to the underlying {@link AbstractSessionManager AbstractSessionManager}
- * instance. Please read the
- * {@link org.apache.shiro.session.mgt.AbstractSessionManager#setGlobalSessionTimeout(long) AbstractSessionManager.setGlobalSessionTimeout(long)}
- * for more.
- *
- * @param globalSessionTimeout the time in milliseconds that any {@link Session Session} may remain idle before expiring.
- * @throws IllegalStateException if the underlying {@code SessionManager} instance is not a subclass of
- * {@link org.apache.shiro.session.mgt.AbstractSessionManager AbstractSessionManager}.
- * @see org.apache.shiro.session.mgt.AbstractSessionManager#setGlobalSessionTimeout(long)
- */
- public void setGlobalSessionTimeout(long globalSessionTimeout) {
- assertSessionManager(AbstractSessionManager.class);
- ((AbstractSessionManager) this.sessionManager).setGlobalSessionTimeout(globalSessionTimeout);
- }
-
- /**
- * Ensures the internal SessionManager instance is an <code>instanceof</code>
- * {@link org.apache.shiro.session.SessionListenerRegistrar SessionListenerRegistrar} to ensure that any
- * listeners attempting to be registered can actually do so with the internal delegate instance.
- *
- * @throws IllegalStateException if the internal delegate SessionManager instance does not implement the
- * <code>SessionListenerRegistrar</code> interface.
- */
- private void assertSessionListenerSupport() throws IllegalStateException {
- if (!(this.sessionManager instanceof SessionListenerRegistrar)) {
- String msg = "SessionListener registration failed: The underlying SessionManager instance of " +
- "type [" + sessionManager.getClass().getName() + "] does not implement the " +
- SessionListenerRegistrar.class.getName() + " interface and therefore cannot support " +
- "session notifications.";
- throw new IllegalStateException(msg);
- }
- }
-
- /**
- * Asserts the internal delegate <code>SessionManager</code> instance
- * {@link #assertSessionListenerSupport() supports session listener registration} and then
- * {@link SessionListenerRegistrar#add adds} the listener to the
- * delegate instance.
- *
- * @param listener the <code>SessionListener</code> to register for session events.
- */
- public void add(SessionListener listener) {
- assertSessionListenerSupport();
- ((SessionListenerRegistrar) this.sessionManager).add(listener);
- }
-
- /**
- * Removes the specified listener from receiving session events from the internal delegate
- * {@link org.apache.shiro.session.mgt.SessionManager} instance.
- *
- * @param listener the listener to remove that no longer wishes to be notified of session events.
- * @return <code>true</code> if the listener was removed from the internal delegate <code>SessionManager</code>
- * instance, <code>false</code> otherwise.
- */
- public boolean remove(SessionListener listener) {
- return (this.sessionManager instanceof SessionListenerRegistrar) &&
- ((SessionListenerRegistrar) this.sessionManager).remove(listener);
- }
-
public Serializable start(String host) throws AuthorizationException {
return this.sessionManager.start(host);
}
Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/realm/AuthorizingRealm.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/realm/AuthorizingRealm.java?rev=942498&r1=942497&r2=942498&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/realm/AuthorizingRealm.java (original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/realm/AuthorizingRealm.java Sun May 9 07:05:56 2010
@@ -18,32 +18,20 @@
*/
package org.apache.shiro.realm;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-import java.util.concurrent.atomic.AtomicInteger;
-
import org.apache.shiro.authc.credential.CredentialsMatcher;
-import org.apache.shiro.authz.AuthorizationException;
-import org.apache.shiro.authz.AuthorizationInfo;
-import org.apache.shiro.authz.AuthorizingAccount;
-import org.apache.shiro.authz.Permission;
-import org.apache.shiro.authz.UnauthorizedException;
-import org.apache.shiro.authz.permission.PermissionResolver;
-import org.apache.shiro.authz.permission.PermissionResolverAware;
-import org.apache.shiro.authz.permission.RolePermissionResolver;
-import org.apache.shiro.authz.permission.RolePermissionResolverAware;
-import org.apache.shiro.authz.permission.WildcardPermissionResolver;
+import org.apache.shiro.authz.*;
+import org.apache.shiro.authz.permission.*;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.subject.PrincipalCollection;
+import org.apache.shiro.util.CollectionUtils;
import org.apache.shiro.util.Initializable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.util.*;
+import java.util.concurrent.atomic.AtomicInteger;
+
/**
* An {@code AuthorizingRealm} extends the {@code AuthenticatingRealm}'s capabilities by adding Authorization
@@ -66,7 +54,8 @@ import org.slf4j.LoggerFactory;
* @see org.apache.shiro.authz.SimpleAuthorizationInfo
* @since 0.2
*/
-public abstract class AuthorizingRealm extends AuthenticatingRealm implements Initializable, PermissionResolverAware, RolePermissionResolverAware {
+public abstract class AuthorizingRealm extends AuthenticatingRealm
+ implements Initializable, PermissionResolverAware, RolePermissionResolverAware {
//TODO - complete JavaDoc
@@ -88,18 +77,21 @@ public abstract class AuthorizingRealm e
/**
* The cache used by this realm to store AuthorizationInfo instances associated with individual Subject principals.
*/
- private boolean authorizationCachingEnabled = true;
- private Cache authorizationCache = null;
- private String authorizationCacheName = null;
-
- private PermissionResolver permissionResolver = new WildcardPermissionResolver();
-
- private RolePermissionResolver permissionRoleResolver = null;
+ private boolean authorizationCachingEnabled;
+ private Cache authorizationCache;
+ private String authorizationCacheName;
+
+ private PermissionResolver permissionResolver;
+
+ private RolePermissionResolver permissionRoleResolver;
/*--------------------------------------------
| C O N S T R U C T O R S |
============================================*/
+
public AuthorizingRealm() {
+ this.authorizationCachingEnabled = true;
+ this.permissionResolver = new WildcardPermissionResolver();
}
public AuthorizingRealm(CacheManager cacheManager) {
@@ -117,6 +109,7 @@ public abstract class AuthorizingRealm e
/*--------------------------------------------
| A C C E S S O R S / M O D I F I E R S |
============================================*/
+
public void setAuthorizationCache(Cache authorizationCache) {
this.authorizationCache = authorizationCache;
if (this.authorizationCache != null) {
@@ -156,6 +149,7 @@ public abstract class AuthorizingRealm e
*
* @param authorizationCachingEnabled the value to set
*/
+ @SuppressWarnings({"UnusedDeclaration"})
public void setAuthorizationCachingEnabled(boolean authorizationCachingEnabled) {
this.authorizationCachingEnabled = authorizationCachingEnabled;
if (authorizationCachingEnabled) {
@@ -170,7 +164,7 @@ public abstract class AuthorizingRealm e
public void setPermissionResolver(PermissionResolver permissionResolver) {
this.permissionResolver = permissionResolver;
}
-
+
public RolePermissionResolver getRolePermissionResolver() {
return permissionRoleResolver;
}
@@ -178,10 +172,11 @@ public abstract class AuthorizingRealm e
public void setRolePermissionResolver(RolePermissionResolver permissionRoleResolver) {
this.permissionRoleResolver = permissionRoleResolver;
}
-
+
/*--------------------------------------------
| M E T H O D S |
============================================*/
+
/**
* Initializes this realm and potentially enables a cache, depending on configuration.
* <p/>
@@ -407,21 +402,18 @@ public abstract class AuthorizingRealm e
Set<Permission> permissions = new HashSet<Permission>();
if (info != null) {
- if (info.getObjectPermissions() != null) {
- permissions.addAll(info.getObjectPermissions());
+ Collection<Permission> perms = info.getObjectPermissions();
+ if (!CollectionUtils.isEmpty(perms)) {
+ permissions.addAll(perms);
+ }
+ perms = resolvePermissions(info.getStringPermissions());
+ if (!CollectionUtils.isEmpty(perms)) {
+ permissions.addAll(perms);
}
- if (info.getStringPermissions() != null) {
- for (String strPermission : info.getStringPermissions()) {
- Permission permission = getPermissionResolver().resolvePermission(strPermission);
- permissions.add(permission);
- }
- }
- if(info.getRoles() != null && getRolePermissionResolver() != null ) {
- for (String role : info.getRoles()) {
- Collection<Permission> rolesPermissions = getRolePermissionResolver().resolvePermissionsInRole( role );
- permissions.addAll( rolesPermissions );
- }
+ perms = resolveRolePermissions(info.getRoles());
+ if (!CollectionUtils.isEmpty(perms)) {
+ permissions.addAll(perms);
}
}
@@ -432,6 +424,34 @@ public abstract class AuthorizingRealm e
}
}
+ private Collection<Permission> resolvePermissions(Collection<String> stringPerms) {
+ Collection<Permission> perms = Collections.emptySet();
+ PermissionResolver resolver = getPermissionResolver();
+ if (resolver != null && !CollectionUtils.isEmpty(stringPerms)) {
+ perms = new LinkedHashSet<Permission>(stringPerms.size());
+ for (String strPermission : stringPerms) {
+ Permission permission = getPermissionResolver().resolvePermission(strPermission);
+ perms.add(permission);
+ }
+ }
+ return perms;
+ }
+
+ private Collection<Permission> resolveRolePermissions(Collection<String> roleNames) {
+ Collection<Permission> perms = Collections.emptySet();
+ RolePermissionResolver resolver = getRolePermissionResolver();
+ if (resolver != null && !CollectionUtils.isEmpty(roleNames)) {
+ perms = new LinkedHashSet<Permission>(roleNames.size());
+ for (String roleName : roleNames) {
+ Collection<Permission> resolved = resolver.resolvePermissionsInRole(roleName);
+ if (!CollectionUtils.isEmpty(resolved)) {
+ perms.addAll(resolved);
+ }
+ }
+ }
+ return perms;
+ }
+
public boolean isPermitted(PrincipalCollection principals, String permission) {
Permission p = getPermissionResolver().resolvePermission(permission);
return isPermitted(principals, p);
Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/realm/CachingRealm.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/realm/CachingRealm.java?rev=942498&r1=942497&r2=942498&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/realm/CachingRealm.java (original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/realm/CachingRealm.java Sun May 9 07:05:56 2010
@@ -42,16 +42,13 @@ public abstract class CachingRealm imple
/*--------------------------------------------
| I N S T A N C E V A R I A B L E S |
============================================*/
- private String name = getClass().getName() + "_" + INSTANCE_COUNT.getAndIncrement();
-
- private boolean cachingEnabled = true;
+ private String name;
+ private boolean cachingEnabled;
private CacheManager cacheManager;
public CachingRealm() {
- }
-
- public CachingRealm(CacheManager cacheManager) {
- setCacheManager(cacheManager);
+ this.cachingEnabled = true;
+ this.name = getClass().getName() + "_" + INSTANCE_COUNT.getAndIncrement();
}
/**
@@ -102,9 +99,6 @@ public abstract class CachingRealm imple
this.cachingEnabled = cachingEnabled;
}
- protected void afterCacheManagerSet() {
- }
-
public String getName() {
return name;
}
@@ -112,4 +106,7 @@ public abstract class CachingRealm imple
public void setName(String name) {
this.name = name;
}
+
+ protected void afterCacheManagerSet() {
+ }
}