Example usage for org.apache.shiro.authz ModularRealmAuthorizer ModularRealmAuthorizer

List of usage examples for org.apache.shiro.authz ModularRealmAuthorizer ModularRealmAuthorizer

  1. HOME
  2. Java
  3. org.apache.shiro
  4. org.apache.shiro.authz.*
  5. ModularRealmAuthorizer
  6. ModularRealmAuthorizer

Introduction

In this page you can find the example usage for org.apache.shiro.authz ModularRealmAuthorizer ModularRealmAuthorizer.

Prototype

public ModularRealmAuthorizer(Collection<Realm> realms)

Source Link

Document

Constructor that accepts the Realms to consult during an authorization check.

Usage

From source file:org.graylog2.bindings.providers.DefaultSecurityManagerProvider.java

License:Open Source License

@Inject
public DefaultSecurityManagerProvider(MongoDbSessionDAO mongoDbSessionDAO,
        PasswordAuthenticator passwordAuthenticator, MongoDbAuthorizationRealm mongoDbAuthorizationRealm,
        LdapUserAuthenticator ldapUserAuthenticator, SessionAuthenticator sessionAuthenticator,
        AccessTokenAuthenticator accessTokenAuthenticator, Configuration configuration) {
    final GraylogSimpleAccountRealm inMemoryRealm = new GraylogSimpleAccountRealm();
    inMemoryRealm.setCachingEnabled(false);
    inMemoryRealm.addRootAccount(configuration.getRootUsername(), configuration.getRootPasswordSha2());
    inMemoryRealm.setCredentialsMatcher(new HashedCredentialsMatcher("SHA-256"));

    passwordAuthenticator.setCachingEnabled(false);
    passwordAuthenticator.setCredentialsMatcher(new HashedCredentialsMatcher("SHA-1"));
    mongoDbAuthorizationRealm.setCachingEnabled(false);

    ldapUserAuthenticator.setCachingEnabled(false);

    sessionAuthenticator.setCachingEnabled(false);
    accessTokenAuthenticator.setCachingEnabled(false);

    sm = new DefaultSecurityManager(Lists.<Realm>newArrayList(sessionAuthenticator, accessTokenAuthenticator,
            ldapUserAuthenticator, passwordAuthenticator, inMemoryRealm));
    final Authenticator authenticator = sm.getAuthenticator();
    if (authenticator instanceof ModularRealmAuthenticator) {
        ((ModularRealmAuthenticator) authenticator).setAuthenticationStrategy(new FirstSuccessfulStrategy());
    }//w w w.j  a va  2s .c  om
    sm.setAuthorizer(
            new ModularRealmAuthorizer(Lists.<Realm>newArrayList(mongoDbAuthorizationRealm, inMemoryRealm)));

    final DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
    final DefaultSessionStorageEvaluator sessionStorageEvaluator = new DefaultSessionStorageEvaluator() {
        @Override
        public boolean isSessionStorageEnabled(Subject subject) {
            // save to session if we already have a session. do not create on just for saving the subject
            return (subject.getSession(false) != null);
        }
    };
    sessionStorageEvaluator.setSessionStorageEnabled(false);
    subjectDAO.setSessionStorageEvaluator(sessionStorageEvaluator);
    sm.setSubjectDAO(subjectDAO);

    final DefaultSessionManager defaultSessionManager = (DefaultSessionManager) sm.getSessionManager();
    defaultSessionManager.setSessionDAO(mongoDbSessionDAO);
    defaultSessionManager.setDeleteInvalidSessions(true);
    defaultSessionManager.setCacheManager(new MemoryConstrainedCacheManager());
    // DO NOT USE global session timeout!!! It's fucky.
    //defaultSessionManager.setGlobalSessionTimeout(TimeUnit.SECONDS.toMillis(5));

    SecurityUtils.setSecurityManager(sm);
}

From source file:org.owasp.dependencytrack.config.SecurityConfiguration.java

License:Open Source License

@Bean
public Authorizer authorizer(DataSource datasource, Realm realm) {
    ModularRealmAuthorizer modularRealmAuthorizer = new ModularRealmAuthorizer(Arrays.asList(realm));
    modularRealmAuthorizer.setPermissionResolver(permissionResolver());
    return modularRealmAuthorizer;
}