Example usage for org.apache.shiro.guice.web ShiroWebModule NO_SESSION_CREATION

List of usage examples for org.apache.shiro.guice.web ShiroWebModule NO_SESSION_CREATION

Introduction

In this page you can find the example usage for org.apache.shiro.guice.web ShiroWebModule NO_SESSION_CREATION.

Prototype

Key NO_SESSION_CREATION

To view the source code for org.apache.shiro.guice.web ShiroWebModule NO_SESSION_CREATION.

Click Source Link

Usage

From source file:org.apache.aurora.scheduler.http.api.security.ApiSecurityModule.java

License:Apache License

private void doConfigureServlets() {
    install(ShiroWebModule.guiceFilterModule(ApiModule.API_PATH));
    install(new ShiroWebModule(getServletContext()) {
        @Override//  w  w  w  .ja  va  2  s  .c o m
        @SuppressWarnings("unchecked")
        protected void configureShiroWeb() {
            for (Module module : shiroConfigurationModules) {
                // We can't wrap this in a PrivateModule because Guice Multibindings don't work with them
                // and we need a Set<Realm>.
                install(module);
            }

            switch (HTTP_AUTHENTICATION_MECHANISM.get()) {
            case BASIC:
                addFilterChain("/**", ShiroWebModule.NO_SESSION_CREATION,
                        config(ShiroWebModule.AUTHC_BASIC, BasicHttpAuthenticationFilter.PERMISSIVE));
                break;

            case NEGOTIATE:
                addFilterChain("/**", ShiroWebModule.NO_SESSION_CREATION,
                        Key.get(ShiroKerberosAuthenticationFilter.class));
                break;

            default:
                addError("Unrecognized HTTP authentication mechanism.");
                break;
            }
        }
    });

    bindConstant().annotatedWith(Names.named("shiro.applicationName")).to(HTTP_REALM_NAME);

    // TODO(ksweeney): Disable session cookie.
    // TODO(ksweeney): Disable RememberMe cookie.

    install(new ShiroAopModule());

    // It is important that authentication happen before authorization is attempted, otherwise
    // the authorizing interceptor will always fail.
    MethodInterceptor authenticatingInterceptor = new ShiroAuthenticatingThriftInterceptor();
    requestInjection(authenticatingInterceptor);
    bindInterceptor(Matchers.subclassesOf(AuroraSchedulerManager.Iface.class),
            AURORA_SCHEDULER_MANAGER_SERVICE.or(AURORA_ADMIN_SERVICE), authenticatingInterceptor);

    MethodInterceptor apiInterceptor = new ShiroAuthorizingParamInterceptor(THRIFT_AURORA_SCHEDULER_MANAGER);
    requestInjection(apiInterceptor);
    bindInterceptor(Matchers.subclassesOf(AuroraSchedulerManager.Iface.class), AURORA_SCHEDULER_MANAGER_SERVICE,
            apiInterceptor);

    MethodInterceptor adminInterceptor = new ShiroAuthorizingInterceptor(THRIFT_AURORA_ADMIN);
    requestInjection(adminInterceptor);
    bindInterceptor(Matchers.subclassesOf(AnnotatedAuroraAdmin.class), AURORA_ADMIN_SERVICE, adminInterceptor);
}