List of usage examples for org.apache.shiro.authc SimpleAccount addStringPermission
public void addStringPermission(String permission)
From source file:com.enioka.jqm.webui.shiro.JpaRealm.java
License:Open Source License
private SimpleAccount getUser(String login) { EntityManager em = null;/* www. j a va 2 s. com*/ try { em = Helpers.getEm(); RUser user = em.createQuery("SELECT u FROM RUser u WHERE UPPER(u.login) = UPPER(:l)", RUser.class) .setParameter("l", login).getSingleResult(); // Credential is a password - in token, it is as a char array SimpleAccount res = new SimpleAccount(user.getLogin(), user.getPassword(), getName()); if (user.getExpirationDate() != null) { res.setCredentialsExpired(user.getExpirationDate().before(Calendar.getInstance())); } else { // No limit = never expires res.setCredentialsExpired(false); } if (user.getHashSalt() != null) { res.setCredentialsSalt(ByteSource.Util.bytes(Hex.decode(user.getHashSalt()))); } else { res.setCredentialsSalt(null); } res.setLocked(user.getLocked()); // Roles for (RRole r : user.getRoles()) { res.addRole(r.getName()); for (RPermission p : r.getPermissions()) { res.addStringPermission(p.getName()); } } return res; } catch (NoResultException e) { // No such user in realm return null; } catch (RuntimeException e) { e.printStackTrace(); throw e; } finally { em.close(); } }
From source file:com.rainy.shiro.demo.MyRealm.java
License:Apache License
/** * Simulates a call to an underlying data store - in a 'real' application, this call would communicate with * an underlying data store via an EIS API (JDBC, JPA, Hibernate, etc). * <p/>//from w w w . j a v a 2s.com * Note that when implementing your own realm, there is no need to check against a password (or other credentials) * in this method. The {@link org.apache.shiro.realm.AuthenticatingRealm AuthenticatingRealm} superclass will do * that automatically via the use of a configured * {@link org.apache.shiro.authc.credential.CredentialsMatcher CredentialsMatcher} (see this example's corresponding * {@code shiro.ini} file to see a configured credentials matcher). * <p/> * All that is required is that the account information include directly the credentials found in the EIS. * * @param username the username for the account data to retrieve * @return the Account information corresponding to the specified username: */ protected SimpleAccount getAccount(String username) { //just create a dummy. A real app would construct one based on EIS access. SimpleAccount account = new SimpleAccount(username, "sha256EncodedPasswordFromDatabase", getName()); //simulate some roles and permissions: account.addRole("user"); account.addRole("admin"); //most applications would assign permissions to Roles instead of users directly because this is much more //flexible (it is easier to configure roles and then change role-to-user assignments than it is to maintain // permissions for each user). // But these next lines assign permissions directly to this trivial account object just for simulation's sake: account.addStringPermission("blogEntry:edit"); //this user is allowed to 'edit' _any_ blogEntry //fine-grained instance level permission: account.addStringPermission("printer:print:laserjet2000"); //allowed to 'print' to the 'printer' identified //by the id 'laserjet2000' return account; }
From source file:org.i3xx.step.zero.security.impl.shiro.NaMyRealm.java
License:Apache License
protected SimpleAccount getAccount(String username, Object credentials) { //TODO: Remove the System.out System.out.println("get account user: " + username); //Account account = new SimpleAccount(username, "sha256EncodedPasswordFromDatabase", getName()); if (username == null) throw new AccountException("Null usernames are not allowed by this realm."); //Account account=_store.getAccounts().get(username); //if (account == null) throw new UnknownAccountException("No account found for user [" + username + "]"); String hash = _hash/*account.getPasswordHash()*/; ByteSource salt = new SimpleByteSource(_salt/*account.getSalt()*/); SimpleAccount account = new SimpleAccount(username, hash, salt, getName()); //SimpleAccount account = new SimpleAccount(username, "sha256EncodedPasswordFromDatabase", getName()); account.addRole("user"); account.addRole("admin"); account.addStringPermission("blogEntry:edit"); account.addStringPermission("printer:print:laserjet"); //The password or private key account.setCredentials(credentials); return account; }
From source file:org.pepstock.jem.gwt.server.security.Authorizator.java
License:Open Source License
/** * Methods usually used by Shiro to get all authorizations. * /* w w w . j a v a2 s . c om*/ * @param realm * realm which is the caller * @param principals * principals to check * @return account with all roles and permissions * @throws JemException * if any errors occurs */ public AuthorizationInfo doGetAuthorizationInfo(Realm realm, PrincipalCollection principals) throws JemException { // gets user object from principal User user = (User) getAvailablePrincipal(realm, principals); // creates account (without credentials) SimpleAccount account = new SimpleAccount(user, "nothing", realm.getName()); // creates Hazelcast predicate to extract all roles and permissions // assigned to user RolesQueuePredicate predicate = new RolesQueuePredicate(); predicate.setUser(user); try { // gets map and performs predicate! IMap<String, Role> roles = SharedObjects.getInstance().getHazelcastClient().getMap(Queues.ROLES_MAP); Collection<Role> myroles = null; boolean isLock = false; Lock lock = SharedObjects.getInstance().getHazelcastClient().getLock(Queues.ROLES_MAP_LOCK); try { isLock = lock.tryLock(10, TimeUnit.SECONDS); if (isLock) { myroles = roles.values(predicate); } else { throw new MessageException(UserInterfaceMessage.JEMG022E, Queues.ROLES_MAP); } } catch (InterruptedException e) { throw new MessageException(UserInterfaceMessage.JEMG022E, e, Queues.ROLES_MAP); } finally { if (isLock) { lock.unlock(); } } Collection<Permission> perms = new ArrayList<Permission>(); // scans roles for (Role role : myroles) { // adds roles account.addRole(role.getName()); // scans permissions for (String permission : role.getPermissions()) { // if the permission is for SEARCH, uses a regular // expression permission if (permission.startsWith(Permissions.SEARCH) || permission.startsWith(Permissions.DATASOURCES) || permission.startsWith(Permissions.FILES_READ) || permission.startsWith(Permissions.FILES_WRITE) || permission.startsWith(Permissions.FILES_EXECUTE) || permission.startsWith(Permissions.SURROGATE)) { RegExpPermission perm = new RegExpPermission(permission); account.addObjectPermission(perm); perms.add(perm); } else { // otherwise a wildcard permisison account.addStringPermission(permission); // at the moment not added } } } user.setPermissions(perms); } catch (MessageException e) { LogAppl.getInstance().emit(UserInterfaceMessage.JEMG031E, e, user.getId()); } return account; }
From source file:org.wicketstuff.shiro.example.realm.SillyRealm.java
License:Apache License
/** * Simulates a call to an underlying data store - in a 'real' application, this call would * communicate with an underlying data store via an EIS API (JDBC, JPA, Hibernate, etc). * <p/>//w w w . j a v a2 s . com * Note that when implementing your own realm, there is no need to check against a password (or * other credentials) in this method. The {@link org.apache.shiro.realm.AuthenticatingRealm * AuthenticatingRealm} superclass will do that automatically via the use of a configured * {@link org.apache.shiro.authc.credential.CredentialsMatcher CredentialsMatcher} (see this * example's corresponding <code>shiro.ini</code> file to see a configured credentials matcher). * <p/> * All that is required is that the account information include directly the credentials found * in the EIS. * * @param username * the username for the account data to retrieve * @return the Account information corresponding to the specified username: */ protected SimpleAccount getAccount(String username) { log.info("get account: " + username); // just create a dummy. A real app would construct one based on EIS access. SimpleAccount account = new SimpleAccount(username, "pass", getName()); // simulate some roles and permissions: account.addRole("user"); if ("admin".equals(username)) { account.addRole("admin"); } // most applications would assign permissions to Roles instead of users directly because // this is much more // flexible (it is easier to configure roles and then change role-to-user assignments than // it is to maintain // permissions for each user). // But these next lines assign permissions directly to this trivial account object just for // simulation's sake: account.addStringPermission("blogEntry:edit"); // this user is allowed to 'edit' _any_ // blogEntry // fine-grained instance level permission: account.addStringPermission("printer:print:laserjet2000"); // allowed to 'print' to the // 'printer' identified // by the id 'laserjet2000' account.addStringPermission("view"); // all users have view permission return account; }