private Collection<Realm> getRealms(Map<String, ?> instances) { //realms and realm factory might have been created - pull them out first so we can //initialize the securityManager: List<Realm> realms = new ArrayList<Realm>(); //iterate over the map entries to pull out the realm factory(s): for (Map.Entry<String, ?> entry : instances.entrySet()) { String name = entry.getKey(); Object value = entry.getValue(); if (value instanceof RealmFactory) { addToRealms(realms, (RealmFactory) value); } else if (value instanceof Realm) { Realm realm = (Realm) value; //set the name if null: String existingName = realm.getName(); if (existingName == null || existingName.startsWith(realm.getClass().getName())) { if (realm instanceof Nameable) { ((Nameable) realm).setName(name); log.debug("Applied name '{}' to Nameable realm instance {}", name, realm); } else { log.info("Realm does not implement the {} interface. Configured name will not be applied.", Nameable.class.getName()); } } realms.add(realm); } } return realms; }
/** * Performs the authentication attempt by interacting with the single configured realm, which is significantly * simpler than performing multi-realm logic. * * @param realm the realm to consult for AuthenticationInfo. * @param token the submitted AuthenticationToken representing the subject's (user's) log-in principals and credentials. * @return the AuthenticationInfo associated with the user account corresponding to the specified {@code token} */ protected AuthenticationInfo doSingleRealmAuthentication(Realm realm, AuthenticationToken token) { if (!realm.supports(token)) { String msg = "Realm [" + realm + "] does not support authentication token [" + token + "]. Please ensure that the appropriate Realm implementation is " + "configured correctly or that the realm accepts AuthenticationTokens of this type."; throw new UnsupportedTokenException(msg); } AuthenticationInfo info = realm.getAuthenticationInfo(token); if (info == null) { String msg = "Realm [" + realm + "] was unable to find account data for the " + "submitted AuthenticationToken [" + token + "]."; throw new UnknownAccountException(msg); } return info; }
/** * This method has protected visibility to allow for custom implementations * in the future that might obtain the list of roles for a principal from * somewhere other than Shiro's {@link RealmSecurityManager}. */ protected List<String> getRoles(final Subject subject, final AuthenticationToken token) { final List<String> roles = Lists.newArrayList(); RealmSecurityManager securityManager = getSecurityManager(); if(securityManager == null) { return roles; } final Set<String> realmNames = realmNamesOf(subject); final Collection<Realm> realms = securityManager.getRealms(); for (final Realm realm : realms) { // only obtain roles from those realm(s) that authenticated this subject if(!realmNames.contains(realm.getName())) { continue; } final AuthenticationInfo authenticationInfo = realm.getAuthenticationInfo(token); if(authenticationInfo instanceof AuthorizationInfo) { final AuthorizationInfo authorizationInfo = (AuthorizationInfo) authenticationInfo; final Collection<String> realmRoles = authorizationInfo.getRoles(); for (final String role : realmRoles) { roles.add(realm.getName() + ":" + role); } } } return roles; }
/** * Because all realms in this strategy must complete successfully, this implementation ensures that the given * <code>Realm</code> {@link org.apache.shiro.realm.Realm#supports(org.apache.shiro.authc.AuthenticationToken) supports} the given * <code>token</code> argument. If it does not, this method throws an * {@link UnsupportedTokenException UnsupportedTokenException} to end the authentication * process immediately. If the realm does support the token, the <code>info</code> argument is returned immediately. */ public AuthenticationInfo beforeAttempt(Realm realm, AuthenticationToken token, AuthenticationInfo info) throws AuthenticationException { if (!realm.supports(token)) { String msg = "Realm [" + realm + "] of type [" + realm.getClass().getName() + "] does not support " + " the submitted AuthenticationToken [" + token + "]. The [" + getClass().getName() + "] implementation requires all configured realm(s) to support and be able to process the submitted " + "AuthenticationToken."; throw new UnsupportedTokenException(msg); } return info; }
/** * Returns <code>true</code> if any of the configured realms' * {@link Realm#hasRole(org.apache.shiro.subject.PrincipalCollection , String)} call returns <code>true</code>, * <code>false</code> otherwise. */ public boolean hasRole(PrincipalCollection principals, String roleIdentifier) { assertRealmsConfigured(); for (Realm realm : getRealms()) { if (realm.hasRole(principals, roleIdentifier)) { return true; } } return false; }
/** * Because all realms in this strategy must complete successfully, this implementation ensures that the given * <code>Realm</code> {@link org.apache.shiro.realm.Realm#supports(org.apache.shiro.authc.AuthenticationToken) supports} the given * <code>token</code> argument. If it does not, this method throws an * {@link UnsupportedTokenException UnsupportedTokenException} to end the authentication * process immediately. If the realm does support the token, the <code>info</code> argument is returned immediately. */ public AuthenticationInfo beforeAttempt(Realm realm, AuthenticationToken token, AuthenticationInfo info) throws AuthenticationException { if (!realm.supports(token)) { String msg = "Realm [" + realm + "] of type [" + realm.getClass().getName() + "] does not support " + " the submitted AuthenticationToken [" + token + "]. The [" + getClass().getName() + "] implementation requires all configured realm(s) to support and be able to process the submitted " + "AuthenticationToken."; throw new UnsupportedTokenException(msg); } return info; }
if (realm.supports(token)) { Throwable t = null; try { info = realm.getAuthenticationInfo(token); } catch (Throwable throwable) { t = throwable;
private Collection<Realm> getRealms(Map<String, ?> instances) { //realms and realm factory might have been created - pull them out first so we can //initialize the securityManager: List<Realm> realms = new ArrayList<Realm>(); //iterate over the map entries to pull out the realm factory(s): for (Map.Entry<String, ?> entry : instances.entrySet()) { String name = entry.getKey(); Object value = entry.getValue(); if (value instanceof RealmFactory) { addToRealms(realms, (RealmFactory) value); } else if (value instanceof Realm) { Realm realm = (Realm) value; //set the name if null: String existingName = realm.getName(); if (existingName == null || existingName.startsWith(realm.getClass().getName())) { if (realm instanceof Nameable) { ((Nameable) realm).setName(name); log.debug("Applied name '{}' to Nameable realm instance {}", name, realm); } else { log.info("Realm does not implement the {} interface. Configured name will not be applied.", Nameable.class.getName()); } } realms.add(realm); } } return realms; }
/** * Because all realms in this strategy must complete successfully, this implementation ensures that the given * <code>Realm</code> {@link org.apache.shiro.realm.Realm#supports(org.apache.shiro.authc.AuthenticationToken) supports} the given * <code>token</code> argument. If it does not, this method throws an * {@link UnsupportedTokenException UnsupportedTokenException} to end the authentication * process immediately. If the realm does support the token, the <code>info</code> argument is returned immediately. */ public AuthenticationInfo beforeAttempt(Realm realm, AuthenticationToken token, AuthenticationInfo info) throws AuthenticationException { if (!realm.supports(token)) { String msg = "Realm [" + realm + "] of type [" + realm.getClass().getName() + "] does not support " + " the submitted AuthenticationToken [" + token + "]. The [" + getClass().getName() + "] implementation requires all configured realm(s) to support and be able to process the submitted " + "AuthenticationToken."; throw new UnsupportedTokenException(msg); } return info; }
/** * Performs the authentication attempt by interacting with the single configured realm, which is significantly * simpler than performing multi-realm logic. * * @param realm the realm to consult for AuthenticationInfo. * @param token the submitted AuthenticationToken representing the subject's (user's) log-in principals and credentials. * @return the AuthenticationInfo associated with the user account corresponding to the specified {@code token} */ protected AuthenticationInfo doSingleRealmAuthentication(Realm realm, AuthenticationToken token) { if (!realm.supports(token)) { String msg = "Realm [" + realm + "] does not support authentication token [" + token + "]. Please ensure that the appropriate Realm implementation is " + "configured correctly or that the realm accepts AuthenticationTokens of this type."; throw new UnsupportedTokenException(msg); } AuthenticationInfo info = realm.getAuthenticationInfo(token); if (info == null) { String msg = "Realm [" + realm + "] was unable to find account data for the " + "submitted AuthenticationToken [" + token + "]."; throw new UnknownAccountException(msg); } return info; }
private void logAndIgnore(Realm realm, Exception e) { logger.trace("Realm '{}' failure", realm.getName(), e); } }
@Override protected AuthenticationInfo doAuthenticate(AuthenticationToken authenticationToken) throws AuthenticationException { assertRealmsConfigured(); List<Realm> realms = this.getRealms() .stream() .filter(realm -> { return realm.supports(authenticationToken); }) .collect(toList()); return realms.size() == 1 ? this.doSingleRealmAuthentication(realms.iterator().next(), authenticationToken) : this.doMultiRealmAuthentication(realms, authenticationToken); } }
if (realm.supports(token)) { Throwable t = null; try { info = realm.getAuthenticationInfo(token); } catch (Throwable throwable) { t = throwable;
for (Realm realm : ((RealmSecurityManager) SecurityUtils.getSecurityManager()).getRealms()) System.out.println(realm.getName());
if (realm.supports(token)) { log.trace("Attempting to authenticate token [{}] using realm of type [{}]", token, realm); AuthenticationInfo info = realm.getAuthenticationInfo(token); if (info != null) { return info;
private void logAndIgnore( Realm realm, Exception e ) { if ( logger.isTraceEnabled() ) { logger.trace( "Realm: '" + realm.getName() + "', caused: " + e.getMessage(), e ); } } }
/** * Performs the authentication attempt by interacting with the single configured realm, which is significantly * simpler than performing multi-realm logic. * * @param realm the realm to consult for AuthenticationInfo. * @param token the submitted AuthenticationToken representing the subject's (user's) log-in principals and credentials. * @return the AuthenticationInfo associated with the user account corresponding to the specified {@code token} */ protected AuthenticationInfo doSingleRealmAuthentication(Realm realm, AuthenticationToken token) { if (!realm.supports(token)) { String msg = "Realm [" + realm + "] does not support authentication token [" + token + "]. Please ensure that the appropriate Realm implementation is " + "configured correctly or that the realm accepts AuthenticationTokens of this type."; throw new UnsupportedTokenException(msg); } AuthenticationInfo info = realm.getAuthenticationInfo(token); if (info == null) { String msg = "Realm [" + realm + "] was unable to find account data for the " + "submitted AuthenticationToken [" + token + "]."; throw new UnknownAccountException(msg); } return info; }
@Override public boolean isValid(final String value, final ConstraintValidatorContext context) { log.trace("Validating realm exists: {}", value); for (Realm realm : realmSecurityManager.getRealms()) { if (value.equals(realm.getName())) { return true; } } return false; } }
if (realm.supports(token)) { return realm.getAuthenticationInfo(token); } catch (Throwable throwable) { if (log.isDebugEnabled()) {
private static List<Realm> selectOrderedActiveRealms( List<String> configuredRealms, List<Realm> availableRealms ) { List<Realm> orderedActiveRealms = new ArrayList<>( configuredRealms.size() ); for ( String configuredRealmName : configuredRealms ) { for ( Realm realm : availableRealms ) { if ( configuredRealmName.equals( realm.getName() ) ) { orderedActiveRealms.add( realm ); break; } } } return orderedActiveRealms; }