Java tutorial
/** * Copyright 2013 Ben Navetta <ben@bennavetta.com> * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.bennavetta.appsite.security; import static com.bennavetta.appsite.util.ObjectifyProvider.ofy; import java.util.HashSet; import java.util.Set; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.CredentialsException; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.Permission; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.authz.permission.AllPermission; import org.apache.shiro.authz.permission.WildcardPermission; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class ObjectifyRealm extends AuthorizingRealm { private static final String REALM_NAME = "objectify"; private Logger log = LoggerFactory.getLogger(getClass()); public ObjectifyRealm() { this.setCredentialsMatcher(new SCryptCredentialsMatcher()); } // http://shiro-user.582556.n2.nabble.com/How-to-add-a-role-to-the-subject-td5562700.html @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { log.trace("Loading authorization info for {}", principals); Set<String> roles = new HashSet<>(); Set<Permission> permissions = new HashSet<>(); for (Object principal : principals.fromRealm(REALM_NAME)) // they're each strings { User user = ofy().load().type(User.class).id(principal.toString()).get(); log.trace("Found user {}", user); roles.addAll(user.getRoles()); for (String permStr : user.getPermissions()) { if (permStr.equals("all")) { permissions.add(new AllPermission()); } else { permissions.add(new WildcardPermission(permStr)); } } } SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); info.setRoles(roles); info.setObjectPermissions(permissions); log.trace("Authorization info loaded: {}", info); return info; } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { log.trace("Loading authentication info for {}", token); UsernamePasswordToken login = (UsernamePasswordToken) token; User user = ofy().load().type(User.class).id(login.getUsername()).get(); log.trace("Loaded user {}", user); if (user != null) { return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), REALM_NAME); } else { throw new CredentialsException("No such user: " + login.getUsername()); } } }