public SecurityManagerProvider(String shiroConfig) { this.securityManager = null; IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:" + shiroConfig); // we will need to make sure that shiro uses a case sensitive permission resolver Ini.Section main = factory.getIni().addSection("main"); main.put("geodePermissionResolver", GeodePermissionResolver.class.getName()); if (!main.containsKey("iniRealm.permissionResolver")) { main.put("iniRealm.permissionResolver", "$geodePermissionResolver"); } shiroManager = factory.getInstance(); }
@Test public void testVMSingleton() { DefaultSecurityManager sm = new DefaultSecurityManager(); Ini ini = new Ini(); Ini.Section section = ini.addSection(IniRealm.USERS_SECTION_NAME); section.put("guest", "guest"); sm.setRealm(new IniRealm(ini)); SecurityUtils.setSecurityManager(sm); try { Subject subject = SecurityUtils.getSubject(); AuthenticationToken token = new UsernamePasswordToken("guest", "guest"); subject.login(token); subject.getSession().setAttribute("key", "value"); assertTrue(subject.getSession().getAttribute("key").equals("value")); subject = SecurityUtils.getSubject(); assertTrue(subject.isAuthenticated()); assertTrue(subject.getSession().getAttribute("key").equals("value")); } finally { sm.destroy(); //SHIRO-270: SecurityUtils.setSecurityManager(null); } } }
/** * Sets a name/value pair for the section with the given {@code sectionName}. If the section does not yet exist, * it will be created. If the {@code sectionName} is null or empty, the name/value pair will be placed in the * default (unnamed, empty string) section. * * @param sectionName the name of the section to add the name/value pair * @param propertyName the name of the property to add * @param propertyValue the property value */ public void setSectionProperty(String sectionName, String propertyName, String propertyValue) { String name = cleanName(sectionName); Section section = getSection(name); if (section == null) { section = addSection(name); } section.put(propertyName, propertyValue); }
protected void configureShiro() { final Ini config = new Ini(); config.addSection("users"); config.getSection("users").put("EntitlementUser", "password, entitlement"); config.addSection("roles"); config.getSection("roles").put("entitlement", Permission.ACCOUNT_CAN_CREATE.toString() + "," + Permission.ENTITLEMENT_CAN_CREATE.toString() + "," + Permission.ENTITLEMENT_CAN_CHANGE_PLAN.toString() + "," + Permission.ENTITLEMENT_CAN_PAUSE_RESUME.toString() + "," + Permission.ENTITLEMENT_CAN_TRANSFER.toString() + "," + Permission.ENTITLEMENT_CAN_CANCEL.toString()); // Reset the security manager ThreadContext.unbindSecurityManager(); final Factory<SecurityManager> factory = new IniSecurityManagerFactory(config); final SecurityManager securityManager = factory.getInstance(); SecurityUtils.setSecurityManager(securityManager); }
protected void configureShiro() { final Ini config = new Ini(); config.addSection("users"); config.getSection("users").put("pierre", "password, creditor"); config.getSection("users").put("stephane", "password, refunder"); config.addSection("roles"); config.getSection("roles").put("creditor", Permission.INVOICE_CAN_CREDIT.toString() + "," + Permission.INVOICE_CAN_ITEM_ADJUST.toString()); config.getSection("roles").put("refunder", Permission.PAYMENT_CAN_REFUND.toString()); // Reset the security manager ThreadContext.unbindSecurityManager(); final Factory<SecurityManager> factory = new IniSecurityManagerFactory(config); final SecurityManager securityManager = factory.getInstance(); SecurityUtils.setSecurityManager(securityManager); } }
/** * A hook for installing custom default RBAC rules for security purposes. * * @param ini */ private void appendCustomIniRules(final Ini ini) { final String INSTALL_MESSAGE = "Installing the RBAC rule: %s"; Section urlSection = getOrCreateUrlSection(ini); Collection<RBACRule> rbacRules = DefaultRBACRules.getInstance().getRBACRules(); for (RBACRule rbacRule : rbacRules) { urlSection.put(rbacRule.getUrlPattern(), rbacRule.getRolesInShiroFormat()); Accounter.output(String.format(INSTALL_MESSAGE, rbacRule)); } }
protected void configureShiro() { final Ini config = new Ini(); config.addSection("users"); config.getSection("users").put("pierre", "password, creditor"); config.getSection("users").put("stephane", "password, refunder"); config.addSection("roles"); config.getSection("roles").put("creditor", Permission.INVOICE_CAN_CREDIT.toString() + "," + Permission.INVOICE_CAN_ITEM_ADJUST.toString()); config.getSection("roles").put("refunder", Permission.PAYMENT_CAN_REFUND.toString()); // Reset the security manager ThreadContext.unbindSecurityManager(); final Factory<SecurityManager> factory = new IniSecurityManagerFactory(config); final SecurityManager securityManager = factory.getInstance(); SecurityUtils.setSecurityManager(securityManager); } }
public static void addToList(Ini ini, String sectionName, String key, String value) { Ini.Section section = ini.get(sectionName); String currentValue = section.get(key); section.remove(key); // Otherwise the key stays on the same place in the list and references the new value too early if (currentValue == null) { section.put(key, value); } else { section.put(key, currentValue + "," + value); } } }
@Override public void addConfiguration(Ini ini) { Ini.Section mainSection = ini.get(IniSecurityManagerFactory.MAIN_SECTION_NAME); for (GlobalFilterConfiguration globalFilterConfiguration : globalFilterConfigurations) { for (Map.Entry<String, Class<? extends AdviceFilter>> entry : globalFilterConfiguration.getGlobalFilters().entrySet()) { mainSection.put(entry.getKey(), entry.getValue().getName()); } } } }
private void addHashedCredentialsConfig(Ini ini, String someHashAlgorithmName) { Ini.Section mainSection = ini.get(IniSecurityManagerFactory.MAIN_SECTION_NAME); mainSection.put("hashedMatcher", OctopusHashedCredentialsMatcher.class.getName()); mainSection.put("hashedMatcher.hashAlgorithmName", someHashAlgorithmName); if (config.getHashEncoding() != HashEncoding.HEX) { mainSection.put("hashedMatcher.storedCredentialsHexEncoded", "false"); } mainSection.put("hashedMatcher.hashIterations", String.valueOf(config.getHashIterations())); ConfigurationPluginHelper.addToList(ini, IniSecurityManagerFactory.MAIN_SECTION_NAME, "credentialsMatcher.matchers", "$hashedMatcher"); }
@Override protected void configure(CentralDogmaBuilder builder) { builder.authProviderFactory(new ShiroAuthProviderFactory(unused -> { final Ini iniConfig = new Ini(); iniConfig.addSection("users").put(USERNAME, PASSWORD); return iniConfig; })); builder.webAppEnabled(true); } };
private void configureSessionStorageEvaluator(Ini ini) { Ini.Section mainSection = ini.get(IniSecurityManagerFactory.MAIN_SECTION_NAME); mainSection.put("octopusSessionStorageEvaluator", OctopusSessionStorageEvaluator.class.getName()); mainSection.put("securityManager.subjectDAO.sessionStorageEvaluator", "$octopusSessionStorageEvaluator"); }
private void configureCache(Ini ini) { Ini.Section mainSection = ini.get(IniSecurityManagerFactory.MAIN_SECTION_NAME); mainSection.put("cacheManager", config.getCacheManager()); mainSection.put("appRealm.cacheManager", "$cacheManager"); mainSection.put("securityManager.cacheManager", "$cacheManager"); }
/** * Sets a name/value pair for the section with the given {@code sectionName}. If the section does not yet exist, * it will be created. If the {@code sectionName} is null or empty, the name/value pair will be placed in the * default (unnamed, empty string) section. * * @param sectionName the name of the section to add the name/value pair * @param propertyName the name of the property to add * @param propertyValue the property value */ public void setSectionProperty(String sectionName, String propertyName, String propertyValue) { String name = cleanName(sectionName); Section section = getSection(name); if (section == null) { section = addSection(name); } section.put(propertyName, propertyValue); }
protected void configureShiro() { final Ini config = new Ini(); config.addSection("users"); config.getSection("users").put("pierre", "password, creditor"); config.getSection("users").put("stephane", "password, refunder"); config.addSection("roles"); config.getSection("roles").put("creditor", Permission.INVOICE_CAN_CREDIT.toString() + "," + Permission.INVOICE_CAN_ITEM_ADJUST.toString()); config.getSection("roles").put("refunder", Permission.PAYMENT_CAN_REFUND.toString()); // Reset the security manager ThreadContext.unbindSecurityManager(); final Factory<SecurityManager> factory = new IniSecurityManagerFactory(config); final SecurityManager securityManager = factory.getInstance(); SecurityUtils.setSecurityManager(securityManager); } }
@Before public void setup() { sm = new DefaultSecurityManager(); Ini ini = new Ini(); Ini.Section section = ini.addSection(IniRealm.USERS_SECTION_NAME); section.put("guest", "guest, guest"); section.put("lonestarr", "vespa, goodguy"); sm.setRealm(new IniRealm(ini)); SecurityUtils.setSecurityManager(sm); }