protected boolean isAutoApplyRealms(SecurityManager securityManager) { boolean autoApply = true; if (securityManager instanceof RealmSecurityManager) { //only apply realms if they haven't been explicitly set by the user: RealmSecurityManager realmSecurityManager = (RealmSecurityManager) securityManager; Collection<Realm> realms = realmSecurityManager.getRealms(); if (!CollectionUtils.isEmpty(realms)) { log.info("Realms have been explicitly set on the SecurityManager instance - auto-setting of " + "realms will not occur."); autoApply = false; } } return autoApply; }
/** * Convenience method for applications using a single realm that merely wraps the realm in a list and then invokes * the {@link #setRealms} method. * * @param realm the realm to set for a single-realm application. * @since 0.2 */ public void setRealm(Realm realm) { if (realm == null) { throw new IllegalArgumentException("Realm argument cannot be null"); } Collection<Realm> realms = new ArrayList<Realm>(1); realms.add(realm); setRealms(realms); }
public void destroy() { LifecycleUtils.destroy(getAuthenticator()); this.authenticator = null; super.destroy(); } }
/** * Sets the internal {@link #getCacheManager CacheManager} on any internal configured * {@link #getRealms Realms} that implement the {@link org.apache.shiro.cache.CacheManagerAware CacheManagerAware} interface. * <p/> * This method is called after setting a cacheManager on this securityManager via the * {@link #setCacheManager(org.apache.shiro.cache.CacheManager) setCacheManager} method to allow it to be propagated * down to all the internal Realms that would need to use it. * <p/> * It is also called after setting one or more realms via the {@link #setRealm setRealm} or * {@link #setRealms setRealms} methods to allow these newly available realms to be given the cache manager * already in use. */ protected void applyCacheManagerToRealms() { CacheManager cacheManager = getCacheManager(); Collection<Realm> realms = getRealms(); if (cacheManager != null && realms != null && !realms.isEmpty()) { for (Realm realm : realms) { if (realm instanceof CacheManagerAware) { ((CacheManagerAware) realm).setCacheManager(cacheManager); } } } }
/** * Sets the internal {@link #getEventBus EventBus} on any internal configured * {@link #getRealms Realms} that implement the {@link EventBusAware} interface. * <p/> * This method is called after setting an eventBus on this securityManager via the * {@link #setEventBus(org.apache.shiro.event.EventBus) setEventBus} method to allow it to be propagated * down to all the internal Realms that would need to use it. * <p/> * It is also called after setting one or more realms via the {@link #setRealm setRealm} or * {@link #setRealms setRealms} methods to allow these newly available realms to be given the EventBus * already in use. * * @since 1.3 */ protected void applyEventBusToRealms() { EventBus eventBus = getEventBus(); Collection<Realm> realms = getRealms(); if (eventBus != null && realms != null && !realms.isEmpty()) { for(Realm realm : realms) { if (realm instanceof EventBusAware) { ((EventBusAware)realm).setEventBus(eventBus); } } } }
@Override protected WebEnvironment createEnvironment(ServletContext sc) { WebEnvironment webEnvironment = super.createEnvironment(sc); RealmSecurityManager rsm = (RealmSecurityManager) webEnvironment .getSecurityManager(); HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher( HASHING_ALGORITHM); hashedCredentialsMatcher.setStoredCredentialsHexEncoded(true); jpaRealm.setCredentialsMatcher(hashedCredentialsMatcher); Collection<Realm> realms = rsm.getRealms(); realms.add(jpaRealm); rsm.setRealms(realms); ((DefaultWebEnvironment) webEnvironment).setSecurityManager(rsm); return webEnvironment; } }
public void stop() { if ( getSecurityManager().getRealms() != null ) { for ( Realm realm : getSecurityManager().getRealms() ) { if ( AuthenticatingRealm.class.isInstance( realm ) ) { ( (AuthenticatingRealm) realm ).setAuthenticationCache( null ); } if ( AuthorizingRealm.class.isInstance( realm ) ) { ( (AuthorizingRealm) realm ).setAuthorizationCache( null ); } } } // we need to kill caches on stop getSecurityManager().destroy(); // cacheManagerComponent.shutdown(); }
private void injectRealms(JSON config, SecurityManager currentManager, InjectionContext manager) throws InvocationTargetException { JSON realmsJSON = config.getJSON("realms"); Iterable beans = manager.resolveBeans(AuthorizingRealm.class); for (Object bean : beans) { Object instance = manager.createContext(bean); AuthorizingRealm realm = AuthorizingRealm.class.cast(manager.getInstance(bean, instance)); JSON realmJSON = realmsJSON.getJSON(realm.getClass().getName()); if (realmJSON != null) { if (realmJSON.get("name") != null) { realm.setName(realmJSON.getString("name")); } Collection<Realm> realms = ((RealmSecurityManager)currentManager).getRealms(); if (realms == null) { ((RealmSecurityManager)currentManager).setRealm(realm); } else { ((RealmSecurityManager)currentManager).getRealms().add(realm); } } } } }
public AuthenticationInfo authenticate( AuthenticationToken token ) throws AuthenticationException { try { return this.getSecurityManager().authenticate( token ); } catch ( org.apache.shiro.authc.AuthenticationException e ) { throw new AuthenticationException( e.getMessage(), e ); } }
@Override public void start() { logger.info("Initializing Shiro environment"); WebEnvironment environment = environmentLoader.initEnvironment(servletContext); RealmSecurityManager rsm = (RealmSecurityManager) environment.getWebSecurityManager(); logger.debug("Creating SecurityGroovyRealm"); try { String securityGroovy = new File(groovyClasspath, "Security.groovy").toURI().toString(); logger.debug("Security.groovy URL: {}", securityGroovy); SecurityGroovyRealm realm = new SecurityGroovyRealm(groovyScriptEngine, securityGroovy, servletContext); LifecycleUtils.init(realm); rsm.setRealm(realm); status = ModuleStatus.STARTED; } catch (Exception e) { logger.error("Security.groovy not found or invalid; installing dummy realm", e); SimpleAccountRealm realm = new SimpleAccountRealm(); LifecycleUtils.init(realm); rsm.setRealm(realm); status = ModuleStatus.FAILED; } }
@Override public void contextInitialized( ServletContextEvent sce ) { configuration.refresh(); ShiroIniConfiguration config = configuration.get(); String iniResourcePath = config.iniResourcePath().get() == null ? "classpath:shiro.ini" : config.iniResourcePath().get(); sce.getServletContext().setInitParameter( "shiroConfigLocations", iniResourcePath ); WebEnvironment env = initEnvironment( sce.getServletContext() ); if ( realmsRefs != null && realmsRefs.iterator().hasNext() ) { // Register Realms Services RealmSecurityManager realmSecurityManager = ( RealmSecurityManager ) env.getSecurityManager(); Collection<Realm> iniRealms = new ArrayList<Realm>( realmSecurityManager.getRealms() ); for ( ServiceReference<Realm> realmRef : realmsRefs ) { iniRealms.add( realmRef.get() ); LOG.debug( "Realm Service '{}' registered!", realmRef.identity() ); } realmSecurityManager.setRealms( iniRealms ); } }
/** * Sets the internal {@link #getCacheManager CacheManager} on any internal configured * {@link #getRealms Realms} that implement the {@link org.apache.shiro.cache.CacheManagerAware CacheManagerAware} interface. * <p/> * This method is called after setting a cacheManager on this securityManager via the * {@link #setCacheManager(org.apache.shiro.cache.CacheManager) setCacheManager} method to allow it to be propagated * down to all the internal Realms that would need to use it. * <p/> * It is also called after setting one or more realms via the {@link #setRealm setRealm} or * {@link #setRealms setRealms} methods to allow these newly available realms to be given the cache manager * already in use. */ protected void applyCacheManagerToRealms() { CacheManager cacheManager = getCacheManager(); Collection<Realm> realms = getRealms(); if (cacheManager != null && realms != null && !realms.isEmpty()) { for (Realm realm : realms) { if (realm instanceof CacheManagerAware) { ((CacheManagerAware) realm).setCacheManager(cacheManager); } } } }
/** * Sets the internal {@link #getEventBus EventBus} on any internal configured * {@link #getRealms Realms} that implement the {@link EventBusAware} interface. * <p/> * This method is called after setting an eventBus on this securityManager via the * {@link #setEventBus(org.apache.shiro.event.EventBus) setEventBus} method to allow it to be propagated * down to all the internal Realms that would need to use it. * <p/> * It is also called after setting one or more realms via the {@link #setRealm setRealm} or * {@link #setRealms setRealms} methods to allow these newly available realms to be given the EventBus * already in use. * * @since 1.3 */ protected void applyEventBusToRealms() { EventBus eventBus = getEventBus(); Collection<Realm> realms = getRealms(); if (eventBus != null && realms != null && !realms.isEmpty()) { for(Realm realm : realms) { if (realm instanceof EventBusAware) { ((EventBusAware)realm).setEventBus(eventBus); } } } }
@Override public void changePassword(String userId, String oldPassword, String newPassword) throws UserNotFoundException, InvalidCredentialsException { // first authenticate the user try { UsernamePasswordToken authenticationToken = new UsernamePasswordToken(userId, oldPassword); if (realmSecurityManager.authenticate(authenticationToken) == null) { throw new InvalidCredentialsException(); } } catch (AuthenticationException e) { log.debug("User failed to change password reason: " + e.getMessage(), e); throw new InvalidCredentialsException(); } // if that was good just change the password changePassword(userId, newPassword); }
SecurityClassRealm realm = new SecurityClassRealm(codeBase, "Security", applicationContext); LifecycleUtils.init(realm); rsm.setRealm(realm); status = ModuleStatus.STARTED; } catch (Exception e) { SimpleAccountRealm realm = new SimpleAccountRealm(); LifecycleUtils.init(realm); rsm.setRealm(realm); status = ModuleStatus.FAILED;
public void destroy() { LifecycleUtils.destroy(getRealms()); this.realms = null; super.destroy(); }
@Override public void contextInitialized( ServletContextEvent sce ) { configuration.refresh(); ShiroIniConfiguration config = configuration.get(); String iniResourcePath = config.iniResourcePath().get() == null ? "classpath:shiro.ini" : config.iniResourcePath().get(); sce.getServletContext().setInitParameter( "shiroConfigLocations", iniResourcePath ); WebEnvironment env = initEnvironment( sce.getServletContext() ); if ( realmsRefs != null && realmsRefs.iterator().hasNext() ) { // Register Realms Services RealmSecurityManager realmSecurityManager = ( RealmSecurityManager ) env.getSecurityManager(); Collection<Realm> iniRealms = new ArrayList<Realm>( realmSecurityManager.getRealms() ); for ( ServiceReference<Realm> realmRef : realmsRefs ) { iniRealms.add( realmRef.get() ); LOG.debug( "Realm Service '{}' registered!", realmRef.identity() ); } realmSecurityManager.setRealms( iniRealms ); } }
/** * Sets the internal {@link #getCacheManager CacheManager} on any internal configured * {@link #getRealms Realms} that implement the {@link org.apache.shiro.cache.CacheManagerAware CacheManagerAware} interface. * <p/> * This method is called after setting a cacheManager on this securityManager via the * {@link #setCacheManager(org.apache.shiro.cache.CacheManager) setCacheManager} method to allow it to be propagated * down to all the internal Realms that would need to use it. * <p/> * It is also called after setting one or more realms via the {@link #setRealm setRealm} or * {@link #setRealms setRealms} methods to allow these newly available realms to be given the cache manager * already in use. */ protected void applyCacheManagerToRealms() { CacheManager cacheManager = getCacheManager(); Collection<Realm> realms = getRealms(); if (cacheManager != null && realms != null && !realms.isEmpty()) { for (Realm realm : realms) { if (realm instanceof CacheManagerAware) { ((CacheManagerAware) realm).setCacheManager(cacheManager); } } } }
protected void applyRealmsToSecurityManager(Collection<Realm> realms, SecurityManager securityManager) { assertRealmSecurityManager(securityManager); ((RealmSecurityManager) securityManager).setRealms(realms); }
sm.authenticate(new UsernamePasswordToken(username, password));