Example usage for org.apache.shiro.subject PrincipalCollection getRealmNames

List of usage examples for org.apache.shiro.subject PrincipalCollection getRealmNames

  1. HOME
  2. Java
  3. org.apache.shiro
  4. org.apache.shiro.subject.*
  5. PrincipalCollection
  6. getRealmNames

Introduction

In this page you can find the example usage for org.apache.shiro.subject PrincipalCollection getRealmNames.

Prototype

Set<String> getRealmNames();

Source Link

Document

Returns the realm names that this collection has principals for.

Usage

From source file:biz.neustar.nexus.plugins.gitlab.GitlabAuthenticatingRealm.java

License:Open Source License

@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
    // only authorize users from this realm
    if (principals.getRealmNames().contains(this.getName())) {
        GitlabUser user = (GitlabUser) principals.getPrimaryPrincipal();
        LOGGER.debug(GITLAB_MSG + "authorizing {}", user.getUsername());
        Set<String> groups = gitlab.getGitlabPluginConfiguration().getDefaultRoles();
        if (user.isActive()) {
            groups.addAll(gitlab.getGitlabPluginConfiguration().getAdminRoles());
        }/*from  www .j  ava 2 s  .  co m*/
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug(GITLAB_MSG + "User: " + user.getUsername() + " gitlab authorization to groups: "
                    + StringUtils.join(groups.iterator(), ", "));
        }
        return new SimpleAuthorizationInfo(groups);
    }
    return null;
}

From source file:com.github.mike10004.examples.shirostormpath.UserInfoFilter.java

License:Open Source License

/**
 * // w  w  w .j  a v a  2s.com
 * @param subject an authenticated subject
 * @return 
 */
protected Object buildUserObject(Subject subject) {
    PrincipalCollection principals = subject.getPrincipals();
    Set<String> realms = principals.getRealmNames();
    Map<String, Object> principalsByRealm = new TreeMap<>();
    for (String realm : realms) {
        Collection principalsForRealm = principals.fromRealm(realm);
        List<Object> principalsForRealmAsList = Lists.newArrayList(principalsForRealm);
        principalsByRealm.put(realm, principalsForRealmAsList);
    }
    return principalsByRealm;
}

From source file:org.obiba.opal.core.service.SubjectProfileServiceImpl.java

License:Open Source License

@Override
public void ensureProfile(@NotNull PrincipalCollection principalCollection) {
    String principal = principalCollection.getPrimaryPrincipal().toString();
    String realm = principalCollection.getRealmNames().iterator().next();
    ensureProfile(principal, realm);// w w  w .  j a v a  2 s.  c  o m
    ensureUserHomeExists(principal);
    ensureFolderPermissions(principal, "/home/" + principal);
    ensureFolderPermissions(principal, "/tmp");
}

From source file:org.sonatype.nexus.examples.url.UrlRealm.java

License:Open Source License

@Override
protected AuthorizationInfo doGetAuthorizationInfo(final PrincipalCollection principals) {
    // only if authenticated with this realm too
    if (!principals.getRealmNames().contains(getName())) {
        return null;
    }/*from ww  w  .j  a va 2  s  . c om*/
    // add the default role
    final SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
    authorizationInfo.addRole(defaultRole);
    return authorizationInfo;
}

From source file:org.sonatype.nexus.kenai.internal.KenaiRealm.java

License:Open Source License

@Override
protected AuthorizationInfo doGetAuthorizationInfo(final PrincipalCollection principals) {
    // only if authenticated with this realm too
    if (!principals.getRealmNames().contains(getName())) {
        return null;
    }/*from   w  w  w .  ja v a  2 s .  c o m*/
    // add the default role
    final SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
    authorizationInfo.addRole(configuration().getDefaultRole());
    return authorizationInfo;
}

From source file:org.sonatype.nexus.ldap.LdapRealm.java

License:Open Source License

@Override
protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principals,
        LdapContextFactory ldapContextFactory) throws NamingException {
    // only authorize users from this realm
    if (principals.getRealmNames().contains(this.getName())) {

        Set<String> roles = new HashSet<String>();
        String username = principals.getPrimaryPrincipal().toString();
        try {/*from   w  w w  .j  a  va2s . c om*/
            roles = this.ldapManager.getUserRoles(username);
        } catch (LdapDAOException e) {
            this.logger.error(e.getMessage(), e);
            throw new NamingException(e.getMessage());
        } catch (NoLdapUserRolesFoundException e) {
            this.logger.debug("User: " + username + " does not have any ldap roles.", e);
        }

        return new SimpleAuthorizationInfo(roles);
    }
    return null;
}

From source file:org.sonatype.nexus.security.internal.AuthorizingRealmImpl.java

License:Open Source License

@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
    if (principals == null) {
        throw new AuthorizationException("Cannot authorize with no principals.");
    }/* w  w w.java  2s.  c  o m*/

    String username = principals.getPrimaryPrincipal().toString();
    Set<String> roles = new HashSet<String>();

    Set<String> realmNames = new HashSet<String>(principals.getRealmNames());

    // if the user belongs to this realm, we are most likely using this realm stand alone, or for testing
    if (!realmNames.contains(this.getName())) {
        // make sure the realm is enabled
        Collection<Realm> configureadRealms = this.securitySystem.getRealmSecurityManager().getRealms();
        boolean foundRealm = false;
        for (Realm realm : configureadRealms) {
            if (realmNames.contains(realm.getName())) {
                foundRealm = true;
                break;
            }
        }
        if (!foundRealm) {
            // user is from a realm that is NOT enabled
            throw new AuthorizationException("User for principals: " + principals.getPrimaryPrincipal()
                    + " belongs to a disabled realm(s): " + principals.getRealmNames() + ".");
        }
    }

    // clean up the realm names for processing (replace the Nexus*Realm with default)
    cleanUpRealmList(realmNames);

    if (RoleMappingUserManager.class.isInstance(userManager)) {
        for (String realmName : realmNames) {
            try {
                for (RoleIdentifier roleIdentifier : ((RoleMappingUserManager) userManager)
                        .getUsersRoles(username, realmName)) {
                    roles.add(roleIdentifier.getRoleId());
                }
            } catch (UserNotFoundException e) {
                logger.trace("Failed to find role mappings for user: {} realm: {}", username, realmName);
            }
        }
    } else if (realmNames.contains("default")) {
        try {
            for (RoleIdentifier roleIdentifier : userManager.getUser(username).getRoles()) {
                roles.add(roleIdentifier.getRoleId());
            }
        } catch (UserNotFoundException e) {
            throw new AuthorizationException(
                    "User for principals: " + principals.getPrimaryPrincipal() + " could not be found.", e);
        }

    } else
    // user not managed by this Realm
    {
        throw new AuthorizationException(
                "User for principals: " + principals.getPrimaryPrincipal() + " not manged by Nexus realm.");
    }

    return new SimpleAuthorizationInfo(roles);
}

From source file:org.sonatype.nexus.security.UserPrincipalsHelper.java

License:Open Source License

/**
 * Searches for the {@link UserManager} associated with the given principals.
 *
 * @param principals Identifying principals
 * @return UserManager component// w  ww . j a  v a2 s  .  c  o m
 */
public UserManager findUserManager(final PrincipalCollection principals) throws NoSuchUserManagerException {
    String primaryRealmName = null;
    if (principals != null) {
        final Iterator<String> itr = principals.getRealmNames().iterator();
        if (itr.hasNext()) {
            primaryRealmName = itr.next();
            for (final UserManager userManager : userManagers) {
                if (primaryRealmName.equals(userManager.getAuthenticationRealmName())) {
                    return userManager;
                }
            }
        }
    }
    throw new NoSuchUserManagerException(primaryRealmName);
}

From source file:org.sonatype.nexus.security.UserPrincipalsHelperTest.java

License:Open Source License

@Test
public void testFindUserManager() throws NoSuchUserManagerException, AuthenticationException {
    final Subject subject = login("deployment", "deployment123");
    try {//  w w  w . j a v  a 2  s  .c  o m
        final PrincipalCollection principals = subject.getPrincipals();
        final UserManager userManager = helper().findUserManager(principals);

        assertThat(principals.getPrimaryPrincipal().toString(), isIn(userManager.listUserIds()));
        assertThat(userManager.getAuthenticationRealmName(), isIn(principals.getRealmNames()));
    } finally {
        subject.logout();
    }
}

From source file:org.sonatype.nexus.security.UserPrincipalsHelperTest.java

License:Open Source License

@Test
public void testFindUserManagerNonDefaultRealm() throws Exception {
    final List<String> realms = securitySystem.getRealms();
    realms.add("TestPrincipalsRealm");
    securitySystem.setRealms(realms);/*w w w .ja  v a2s.  c om*/

    final Subject subject = login("tempUser", "tempPass");
    try {
        final PrincipalCollection principals = subject.getPrincipals();
        final UserManager userManager = helper().findUserManager(principals);

        assertThat(principals.getPrimaryPrincipal().toString(), isIn(userManager.listUserIds()));
        assertThat(userManager.getAuthenticationRealmName(), isIn(principals.getRealmNames()));
    } finally {
        subject.logout();
    }
}