List of usage examples for org.apache.shiro.subject PrincipalCollection byType
<T> Collection<T> byType(Class<T> type);
From source file:com.github.richardwilly98.esdms.shiro.EsRealm.java
License:Open Source License
@Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { log.trace("*** doGetAuthorizationInfo ***"); Collection<User> principalList = principals.byType(User.class); if (principals.isEmpty()) { throw new AuthorizationException("Empty principal list!"); }/* www . j av a2 s . c o m*/ User principal = Iterables.get(principalList, 0);//.iterator().next(); log.debug(String.format("getAuthorization for %s", principal.getId())); Set<String> roles = new HashSet<String>(); Set<String> permissions = new HashSet<String>(); for (Role role : principal.getRoles()) { log.trace(String.format("add role %s to %s", role.getId(), principal.getId())); roles.add(role.getId()); try { role = roleService.get(role.getId()); for (Permission permission : role.getPermissions()) { log.trace(String.format("add permission %s to %s", permission.getId(), principal.getId())); permissions.add(permission.getId()); } } catch (ServiceException ex) { log.error(String.format("Cannot get role from id [%s]", role.getId()), ex); } } SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); info.setRoles(roles); info.setStringPermissions(permissions); return info; }
From source file:com.obal.web.shiro.AuthorRealm.java
@Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { Set<String> roles = new HashSet<String>(); Set<Permission> permissions = new HashSet<Permission>(); Collection<Principal> principalsList = principals.byType(Principal.class); if (principalsList.isEmpty()) { throw new AuthorizationException("Empty principals list!"); }/* w w w. j av a2 s. co m*/ //LOADING STUFF FOR PRINCIPAL for (Principal userPrincipal : principalsList) { // Only when dctm standard mode we try to fetch the group and role information //if(ServiceConstants.REALM_TYPE_DCTM.equals(userPrincipal.getRealm())){ // ignore group query processing //} } //THIS IS THE MAIN CODE YOU NEED TO DO !!!! SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roles); info.setRoles(roles); //fill in roles info.setObjectPermissions(permissions); //add permisions (MUST IMPLEMENT SHIRO PERMISSION INTERFACE) return info; }
From source file:com.zrk.oauthclient.shiro.support.UsernamePasswordAndClientRealm.java
License:Apache License
/** * ??/*w w w. j ava2s.c om*/ */ @Override protected AuthorizationInfo doGetAuthorizationInfo(final PrincipalCollection principals) { Set<String> roles = new HashSet<String>(split(this.defaultRoles)); Set<String> permissions = new HashSet<String>(split(this.defaultPermissions)); // get roles and permissions from principals Collection<CommonProfile> profiles = principals.byType(CommonProfile.class); if (profiles != null) { for (CommonProfile profile : profiles) { if (profile != null) { roles.addAll(profile.getRoles()); permissions.addAll(profile.getPermissions()); } } } // create simple authorization info final SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo(); simpleAuthorizationInfo.addRoles(roles); simpleAuthorizationInfo.addStringPermissions(permissions); return simpleAuthorizationInfo; }
From source file:ddf.catalog.security.plugin.SecurityPluginTest.java
License:Open Source License
private Subject setupMockSubject() { List<String> listOfAttributeValues = Arrays.asList(TEST_USER); Attribute mockAttribute = mock(Attribute.class); when(mockAttribute.getName()).thenReturn(SubjectUtils.EMAIL_ADDRESS_CLAIM_URI); when(mockAttribute.getValues()).thenReturn(listOfAttributeValues); List<Attribute> listOfAttributes = Arrays.asList(mockAttribute); AttributeStatement mockAttributeStatement = mock(AttributeStatement.class); when(mockAttributeStatement.getAttributes()).thenReturn(listOfAttributes); List<AttributeStatement> listOfAttributeStatements = Arrays.asList(mockAttributeStatement); Subject mockSubject = mock(Subject.class); PrincipalCollection mockPrincipals = mock(PrincipalCollection.class); SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class); when(mockSecurityAssertion.getAttributeStatements()).thenReturn(listOfAttributeStatements); when(mockPrincipals.byType(SecurityAssertion.class)) .thenReturn(Collections.singletonList(mockSecurityAssertion)); when(mockSubject.getPrincipals()).thenReturn(mockPrincipals); return mockSubject; }
From source file:ddf.security.service.impl.AbstractAuthorizingRealm.java
License:Open Source License
/** * Takes the security attributes about the subject of the incoming security token and builds sets * of permissions and roles for use in further checking. * * @param principalCollection holds the security assertions for the primary principal of this * request//w w w . ja v a 2 s.c om * @return a new collection of permissions and roles corresponding to the security assertions * @throws AuthorizationException if there are no security assertions associated with this * principal collection or if the token cannot be processed successfully. */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); LOGGER.debug("Retrieving authorization info for {}", principalCollection.getPrimaryPrincipal()); Collection<SecurityAssertion> assertions = principalCollection.byType(SecurityAssertion.class); if (assertions.isEmpty()) { String msg = "No assertion found, cannot retrieve authorization info."; throw new AuthorizationException(msg); } List<AttributeStatement> attributeStatements = assertions.stream() .map(SecurityAssertion::getAttributeStatements).flatMap(List::stream).collect(Collectors.toList()); Set<Permission> permissions = new HashSet<>(); Set<String> roles = new HashSet<>(); Map<String, Set<String>> permissionsMap = new HashMap<>(); Collection<Expansion> expansionServices = getUserExpansionServices(); for (AttributeStatement curStatement : attributeStatements) { addAttributesToMap(curStatement.getAttributes(), permissionsMap, expansionServices); } for (Map.Entry<String, Set<String>> entry : permissionsMap.entrySet()) { permissions.add(new KeyValuePermission(entry.getKey(), entry.getValue())); if (LOGGER.isDebugEnabled()) { LOGGER.debug("Adding permission: {} : {}", entry.getKey(), StringUtils.join(entry.getValue(), ",")); } } if (permissionsMap.containsKey(SAML_ROLE)) { roles.addAll(permissionsMap.get(SAML_ROLE)); if (LOGGER.isDebugEnabled()) { LOGGER.debug("Adding roles to authorization info: {}", StringUtils.join(roles, ",")); } } info.setObjectPermissions(permissions); info.setRoles(roles); return info; }
From source file:ddf.security.soap.impl.SecureProxyServiceFactoryImpl.java
License:Open Source License
private SecurityToken getSecurityToken(WebServiceProperties wsp, Serializable securityAssertion) { SecurityToken securityToken = null;/*from w w w .j av a2s . c o m*/ if (securityAssertion != null) { if (securityAssertion instanceof SecurityAssertion && ((SecurityAssertion) securityAssertion).getToken() instanceof SecurityToken) { securityToken = (SecurityToken) ((SecurityAssertion) securityAssertion).getToken(); } else if (securityAssertion instanceof Subject) { PrincipalCollection principals = ((Subject) securityAssertion).getPrincipals(); if (principals != null) { Collection<SecurityAssertion> assertions = principals.byType(SecurityAssertion.class); securityToken = (SecurityToken) assertions.stream() .filter(assertion -> assertion.getToken() instanceof SecurityToken) .map(SecurityAssertion::getToken).findFirst().orElse(null); } } } return securityToken; }
From source file:ddf.security.SubjectUtils.java
License:Open Source License
/** * Retrieves the user name from a given subject. * * @param subject Subject to get the user name from. * @param defaultName Name to send back if no user name was found. * @param returnDisplayName return formatted user name for displaying * @return String representation of the user name if available or defaultName if no user name * could be found or incoming subject was null. *///from ww w .ja va 2 s.c o m public static String getName(Subject subject, String defaultName, boolean returnDisplayName) { String name = defaultName; if (subject != null) { PrincipalCollection principals = subject.getPrincipals(); if (principals != null) { Collection<SecurityAssertion> assertions = principals.byType(SecurityAssertion.class); if (!assertions.isEmpty()) { List<SecurityAssertion> assertionList = new ArrayList<>(assertions); assertionList.sort(new SecurityAssertionComparator()); for (SecurityAssertion assertion : assertionList) { Principal principal = assertion.getPrincipal(); if (principal instanceof KerberosPrincipal) { StringTokenizer st = new StringTokenizer(principal.getName(), "@"); st = new StringTokenizer(st.nextToken(), "/"); name = st.nextToken(); } else { name = principal.getName(); } if (returnDisplayName) { name = getDisplayName(principal, name); } if (StringUtils.isNotEmpty(name)) { break; } } } else { // send back the primary principal as a string name = principals.getPrimaryPrincipal().toString(); } } else { LOGGER.debug( "No principals located in the incoming subject, cannot look up user name. Using default name of {}.", defaultName); } } else { LOGGER.debug("Incoming subject was null, cannot look up user name. Using default name of {}.", defaultName); } LOGGER.debug("Sending back name {}.", name); return name; }
From source file:ddf.security.SubjectUtils.java
License:Open Source License
/** * Get any attribute from a subject by key. * * @param subject/*from w ww . ja v a2 s .co m*/ * @param key * @return attribute values or an empty list if not found. */ public static List<String> getAttribute(@Nullable Subject subject, String key) { Validate.notNull(key); if (subject == null) { LOGGER.debug("Incoming subject was null, cannot look up {}.", key); return Collections.emptyList(); } PrincipalCollection principals = subject.getPrincipals(); if (principals == null) { LOGGER.debug("No principals located in the incoming subject, cannot look up {}.", key); return Collections.emptyList(); } Collection<SecurityAssertion> assertions = principals.byType(SecurityAssertion.class); if (assertions.isEmpty()) { LOGGER.debug("Could not find Security Assertion, cannot look up {}.", key); return Collections.emptyList(); } List<SecurityAssertion> assertionList = new ArrayList<>(assertions); assertionList.sort(new SecurityAssertionComparator()); return assertionList.stream().map(SecurityAssertion::getAttributeStatements).flatMap(List::stream) .flatMap(as -> as.getAttributes().stream()).filter(a -> a.getName().equals(key)) .flatMap(a -> a.getValues().stream()).collect(Collectors.toList()); }
From source file:ddf.security.SubjectUtils.java
License:Open Source License
/** * Retrieves the type of the Security Assertion inside the given Subject. * * @param subject Subject to get the user name from. * @return String representation of the user name if available or defaultName if no user name * could be found or incoming subject was null. *///from w w w . j av a 2s . co m public static String getType(Subject subject) { if (subject == null) { LOGGER.debug("Incoming subject was null, cannot look up security assertion type."); return null; } PrincipalCollection principals = subject.getPrincipals(); if (principals == null) { LOGGER.debug("No principals located in the incoming subject, cannot look up security assertion type."); return null; } Collection<SecurityAssertion> assertions = principals.byType(SecurityAssertion.class); if (assertions == null || assertions.isEmpty()) { LOGGER.debug("No principals located in the incoming subject, cannot look up security assertion type."); return null; } List<SecurityAssertion> assertionList = new ArrayList<>(assertions); assertionList.sort(new SecurityAssertionComparator()); return assertionList.get(0).getTokenType(); }
From source file:io.buji.pac4j.ClientRealm.java
License:Apache License
/** * Retrieves the AuthorizationInfo for the given principals. * * @param principals/*from w w w. ja va2 s .c o m*/ * the primary identifying principals of the AuthorizationInfo * that should be retrieved. * @return the AuthorizationInfo associated with this principals. */ @Override protected AuthorizationInfo doGetAuthorizationInfo(final PrincipalCollection principals) { Set<String> roles = new HashSet<>(split(this.defaultRoles)); Set<String> permissions = new HashSet<>(split(this.defaultPermissions)); // get roles and permissions from principals Collection<CommonProfile> profiles = principals.byType(CommonProfile.class); if (profiles != null) { for (CommonProfile profile : profiles) { if (profile != null) { roles.addAll(profile.getRoles()); permissions.addAll(profile.getPermissions()); } } } // create simple authorization info final SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo(); simpleAuthorizationInfo.addRoles(roles); simpleAuthorizationInfo.addStringPermissions(permissions); return simpleAuthorizationInfo; }