List of usage examples for org.apache.shiro.authc SimpleAccount addObjectPermission
public void addObjectPermission(Permission permission)
From source file:com.freedomotic.security.PluginRealm.java
License:Open Source License
public void addPlugin(String pluginName, String permissions) { SimpleAccount pluginUser = new SimpleAccount(pluginName, UUID.randomUUID().toString(), getName()); pluginUser.addObjectPermission(new WildcardPermission(permissions)); this.add(pluginUser); }
From source file:org.ms123.common.permission.PermissionServiceImpl.java
License:Open Source License
public boolean login(String namespace, String username, String password) { info("PermissionServiceImpl:login:" + username + "/" + password + "/namespace:" + namespace + "/RC:" + org.ms123.common.system.thread.ThreadContext.getThreadContext()); if (org.ms123.common.system.thread.ThreadContext.getThreadContext() == null) { org.ms123.common.system.thread.ThreadContext.loadThreadContext(namespace, username); }/*from w w w . java2s . c o m*/ Map userProps = null; try { if (noAuth()) { userProps = new HashMap(); userProps.put("admin", true); username = m_authService.getAdminUser(); } else { userProps = m_authService.getUserProperties(username); } } catch (Exception e) { e.printStackTrace(); return false; } if (userProps == null) { info("1.There is no user with username of " + username); return false; } debug("PermissionServiceImpl.login:" + userProps); String _password = (String) userProps.get("password"); if (_password != null) { if (password == null) password = ""; if (!_password.trim().equals(password.trim()) && !(_password.equals("") && password.equals("admin"))) { debug("_password:" + password + "/" + _password + "|"); throw new RuntimeException("Login failed"); } } SimpleAccount sa = new SimpleAccount(username, password, namespace); if ("guest".equals(username) && "guest".equals(password)) { sa.addRole("global.guest"); } boolean isAdmin = getBoolean(userProps.get("admin"), false); if (isAdmin) { sa.addRole("admin"); } else { try { //List<Map> permissions = getPermissions(userProps, "^.*:entities:.*"); List<Map> permissions = getPermissions(userProps, null); Iterator<Map> pit = permissions.iterator(); while (pit.hasNext()) { Map p = pit.next(); String permission = p.get("permission") + ":" + p.get("actions"); debug("\tpermission:" + permission); sa.addObjectPermission( new WildcardPermission((String) p.get("permission"), (String) p.get("actions"))); } sa.addObjectPermission(new WildcardPermission("*:entities:aid", "read")); sa.addObjectPermission(new WildcardPermission("*:entities:*:filter", "read,write")); sa.addObjectPermission(new WildcardPermission("*:entities:*:importing", "read,write")); sa.addObjectPermission(new WildcardPermission("*:entities:*:report", "read,write")); sa.addObjectPermission(new WildcardPermission("global", "read")); //if( getBoolean(userProps.get("team_manage"), false)){ sa.addObjectPermission(new WildcardPermission("*:entities:*:teamintern", "read,write")); sa.addObjectPermission(new WildcardPermission("*:entities:*:team", "read")); sa.addObjectPermission(new WildcardPermission("*:entities:*:user:userid", "read")); //} sa.addObjectPermission(new WildcardPermission("*:entities:*:enumeration", "read")); } catch (Exception e) { e.printStackTrace(); return false; } } System.out.println("isAdmin:" + isAdmin); MyRealm realm = new MyRealm(); realm.add(sa); DefaultSecurityManager sm = createSecurityManager(realm); Subject currentUser = newSubject(sm); UsernamePasswordToken token = new UsernamePasswordToken(username, password); try { currentUser.login(token); } catch (UnknownAccountException uae) { info("2.There is no user with username of " + token.getPrincipal() + "/" + uae); return false; } catch (IncorrectCredentialsException ice) { info("Password for account " + token.getPrincipal() + " was incorrect!"); return false; } catch (LockedAccountException lae) { info("The account for username " + token.getPrincipal() + " is locked. " + "Please contact your administrator to unlock it."); return false; } catch (AuthenticationException ae) { ae.printStackTrace(); return false; } return true; }
From source file:org.pepstock.jem.gwt.server.security.Authorizator.java
License:Open Source License
/** * Methods usually used by Shiro to get all authorizations. * //from w w w .j a va2 s. co m * @param realm * realm which is the caller * @param principals * principals to check * @return account with all roles and permissions * @throws JemException * if any errors occurs */ public AuthorizationInfo doGetAuthorizationInfo(Realm realm, PrincipalCollection principals) throws JemException { // gets user object from principal User user = (User) getAvailablePrincipal(realm, principals); // creates account (without credentials) SimpleAccount account = new SimpleAccount(user, "nothing", realm.getName()); // creates Hazelcast predicate to extract all roles and permissions // assigned to user RolesQueuePredicate predicate = new RolesQueuePredicate(); predicate.setUser(user); try { // gets map and performs predicate! IMap<String, Role> roles = SharedObjects.getInstance().getHazelcastClient().getMap(Queues.ROLES_MAP); Collection<Role> myroles = null; boolean isLock = false; Lock lock = SharedObjects.getInstance().getHazelcastClient().getLock(Queues.ROLES_MAP_LOCK); try { isLock = lock.tryLock(10, TimeUnit.SECONDS); if (isLock) { myroles = roles.values(predicate); } else { throw new MessageException(UserInterfaceMessage.JEMG022E, Queues.ROLES_MAP); } } catch (InterruptedException e) { throw new MessageException(UserInterfaceMessage.JEMG022E, e, Queues.ROLES_MAP); } finally { if (isLock) { lock.unlock(); } } Collection<Permission> perms = new ArrayList<Permission>(); // scans roles for (Role role : myroles) { // adds roles account.addRole(role.getName()); // scans permissions for (String permission : role.getPermissions()) { // if the permission is for SEARCH, uses a regular // expression permission if (permission.startsWith(Permissions.SEARCH) || permission.startsWith(Permissions.DATASOURCES) || permission.startsWith(Permissions.FILES_READ) || permission.startsWith(Permissions.FILES_WRITE) || permission.startsWith(Permissions.FILES_EXECUTE) || permission.startsWith(Permissions.SURROGATE)) { RegExpPermission perm = new RegExpPermission(permission); account.addObjectPermission(perm); perms.add(perm); } else { // otherwise a wildcard permisison account.addStringPermission(permission); // at the moment not added } } } user.setPermissions(perms); } catch (MessageException e) { LogAppl.getInstance().emit(UserInterfaceMessage.JEMG031E, e, user.getId()); } return account; }