List of usage examples for org.apache.shiro.authz SimpleAuthorizationInfo setObjectPermissions
public void setObjectPermissions(Set<Permission> objectPermissions)
From source file:com.bennavetta.appsite.security.ObjectifyRealm.java
License:Apache License
@Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { log.trace("Loading authorization info for {}", principals); Set<String> roles = new HashSet<>(); Set<Permission> permissions = new HashSet<>(); for (Object principal : principals.fromRealm(REALM_NAME)) // they're each strings {//from ww w . j a v a 2 s. co m User user = ofy().load().type(User.class).id(principal.toString()).get(); log.trace("Found user {}", user); roles.addAll(user.getRoles()); for (String permStr : user.getPermissions()) { if (permStr.equals("all")) { permissions.add(new AllPermission()); } else { permissions.add(new WildcardPermission(permStr)); } } } SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); info.setRoles(roles); info.setObjectPermissions(permissions); log.trace("Authorization info loaded: {}", info); return info; }
From source file:com.josue.kingdom.security.application.ApplicationlRealm.java
@Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); Object availablePrincipal = getAvailablePrincipal(principals); KingdomSecurity kingdomSecurity = (KingdomSecurity) availablePrincipal; Manager currentManager;//from w w w . j ava2s .c o m try {//TODO hidding exception ? how to throw to REST endpoint currentManager = kingdomSecurity.getCurrentManager(); } catch (RestException ex) { return info; } List<ManagerMembership> memberships = persistence .getManagerMemberships(kingdomSecurity.getCurrentApplication().getUuid(), currentManager.getUuid()); Map<Object, DomainPermission> permissions = new HashMap<>(); for (ManagerMembership membership : memberships) { permissions.put(membership.getDomain().getUuid(), membership.getPermission()); } AccessLevelPermission permissionsLevel = new AccessLevelPermission(permissions); Set<Permission> permSet = new HashSet<>(); permSet.add(permissionsLevel); info.setObjectPermissions(permSet); return info; }
From source file:com.josue.kingdom.security.manager.ManagerRealm.java
@Override //TODO implement ? i think is not needed protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); Object availablePrincipal = getAvailablePrincipal(principals); KingdomSecurity kingdomSecurity = (KingdomSecurity) availablePrincipal; Manager currentManager;/*from w w w.j a va 2s . c o m*/ try {//TODO hidding exception ? how to throw to REST endpoint currentManager = kingdomSecurity.getCurrentManager(); } catch (RestException ex) { return info; } List<ManagerMembership> memberships = persistence .getManagerMemberships(kingdomSecurity.getCurrentApplication().getUuid(), currentManager.getUuid()); Map<Object, DomainPermission> permissions = new HashMap<>(); for (ManagerMembership membership : memberships) { permissions.put(membership.getDomain().getUuid(), membership.getPermission()); } AccessLevelPermission permissionsLevel = new AccessLevelPermission(permissions); Set<Permission> permSet = new HashSet<>(); permSet.add(permissionsLevel); info.setObjectPermissions(permSet); return info; }
From source file:com.josue.shiro.authorization.custom.CustomRealm.java
@Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); String principalUsername = (String) getAvailablePrincipal(principals); //FETCH FROM DATABASE.. OR SO. RoleLevel fetchedPermission = RoleLevel.LEVEL_1; String fetchedDomainName = "uuid-doc-123-TODO-check-if-OK"; // ... multiple permissions map AccessLevelPermission perm = new AccessLevelPermission(); perm.addAccessLevel(fetchedDomainName, fetchedPermission); Set<Permission> permissions = new HashSet<>(); permissions.add(perm);/* w ww .j a va 2 s . c o m*/ info.setObjectPermissions(permissions); //TODO each map key is mapped as a role, jus a example of use info.setRoles(new HashSet<>(Arrays.asList(fetchedDomainName))); return info; }
From source file:com.obal.web.shiro.AuthorRealm.java
@Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { Set<String> roles = new HashSet<String>(); Set<Permission> permissions = new HashSet<Permission>(); Collection<Principal> principalsList = principals.byType(Principal.class); if (principalsList.isEmpty()) { throw new AuthorizationException("Empty principals list!"); }/* ww w . jav a2 s.c o m*/ //LOADING STUFF FOR PRINCIPAL for (Principal userPrincipal : principalsList) { // Only when dctm standard mode we try to fetch the group and role information //if(ServiceConstants.REALM_TYPE_DCTM.equals(userPrincipal.getRealm())){ // ignore group query processing //} } //THIS IS THE MAIN CODE YOU NEED TO DO !!!! SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roles); info.setRoles(roles); //fill in roles info.setObjectPermissions(permissions); //add permisions (MUST IMPLEMENT SHIRO PERMISSION INTERFACE) return info; }
From source file:ddf.security.pdp.realm.xacml.XacmlPdpTest.java
License:Open Source License
@Test public void testActionGoodSiteName() { SimpleAuthorizationInfo blankUserInfo = new SimpleAuthorizationInfo(new HashSet<String>()); blankUserInfo.setObjectPermissions(new HashSet<Permission>()); RequestType request = testRealm.createXACMLRequest(USER_NAME, blankUserInfo, new KeyValueCollectionPermission(SITE_NAME_ACTION)); assertThat(testRealm.isPermitted(request), equalTo(true)); }
From source file:ddf.security.pdp.realm.xacml.XacmlPdpTest.java
License:Open Source License
private AuthorizationInfo generateSubjectInfo(String country) { SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); Set<Permission> permissions = new HashSet<Permission>(); Set<String> roles = new HashSet<String>(); // add roles/*ww w. j a va2s. co m*/ roles.add("users"); roles.add("admin"); // add permissions KeyValuePermission citizenshipPermission = new KeyValuePermission(COUNTRY); citizenshipPermission.addValue(country); permissions.add(citizenshipPermission); KeyValuePermission typePermission = new KeyValuePermission(SUBJECT_ACCESS); typePermission.addValue(ACCESS_TYPE_A); typePermission.addValue(ACCESS_TYPE_B); KeyValuePermission nameIdentPermission = new KeyValuePermission(NAME_IDENTIFIER); nameIdentPermission.addValue("testuser1"); KeyValuePermission givenNamePermission = new KeyValuePermission(GIVEN_NAME); givenNamePermission.addValue("Test User"); permissions.add(typePermission); permissions.add(nameIdentPermission); permissions.add(givenNamePermission); info.setRoles(roles); info.setObjectPermissions(permissions); return info; }
From source file:ddf.security.pdp.xacml.realm.XACMLRealmTest.java
License:Open Source License
@Test public void testActionGoodSiteName() { SimpleAuthorizationInfo blankUserInfo = new SimpleAuthorizationInfo(new HashSet<String>()); blankUserInfo.setObjectPermissions(new HashSet<Permission>()); RequestType request = testRealm.createActionXACMLRequest(USER_NAME, blankUserInfo, SITE_NAME_ACTION); assertTrue(testRealm.isPermitted(request)); }
From source file:ddf.security.service.impl.AbstractAuthorizingRealm.java
License:Open Source License
/** * Takes the security attributes about the subject of the incoming security token and builds sets * of permissions and roles for use in further checking. * * @param principalCollection holds the security assertions for the primary principal of this * request// w w w.jav a 2 s . c om * @return a new collection of permissions and roles corresponding to the security assertions * @throws AuthorizationException if there are no security assertions associated with this * principal collection or if the token cannot be processed successfully. */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); LOGGER.debug("Retrieving authorization info for {}", principalCollection.getPrimaryPrincipal()); Collection<SecurityAssertion> assertions = principalCollection.byType(SecurityAssertion.class); if (assertions.isEmpty()) { String msg = "No assertion found, cannot retrieve authorization info."; throw new AuthorizationException(msg); } List<AttributeStatement> attributeStatements = assertions.stream() .map(SecurityAssertion::getAttributeStatements).flatMap(List::stream).collect(Collectors.toList()); Set<Permission> permissions = new HashSet<>(); Set<String> roles = new HashSet<>(); Map<String, Set<String>> permissionsMap = new HashMap<>(); Collection<Expansion> expansionServices = getUserExpansionServices(); for (AttributeStatement curStatement : attributeStatements) { addAttributesToMap(curStatement.getAttributes(), permissionsMap, expansionServices); } for (Map.Entry<String, Set<String>> entry : permissionsMap.entrySet()) { permissions.add(new KeyValuePermission(entry.getKey(), entry.getValue())); if (LOGGER.isDebugEnabled()) { LOGGER.debug("Adding permission: {} : {}", entry.getKey(), StringUtils.join(entry.getValue(), ",")); } } if (permissionsMap.containsKey(SAML_ROLE)) { roles.addAll(permissionsMap.get(SAML_ROLE)); if (LOGGER.isDebugEnabled()) { LOGGER.debug("Adding roles to authorization info: {}", StringUtils.join(roles, ",")); } } info.setObjectPermissions(permissions); info.setRoles(roles); return info; }
From source file:org.mobicents.servlet.restcomm.entities.shiro.Realm.java
License:Open Source License
@Override protected AuthorizationInfo doGetAuthorizationInfo(final PrincipalCollection principals) { final Sid sid = new Sid((String) principals.getPrimaryPrincipal()); final ShiroResources services = ShiroResources.getInstance(); final DaoManager daos = services.get(DaoManager.class); final AccountsDao accounts = daos.getAccountsDao(); final Account account = accounts.getAccount(sid); final String roleName = account.getRole(); final Set<String> set = new HashSet<String>(); set.add(roleName);// w ww . j a va 2s . c o m final SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(set); final SimpleRole role = getRole(roleName); if (role != null) { authorizationInfo.setObjectPermissions(role.getPermissions()); } return authorizationInfo; }