/** * Sets all object-based permissions assigned directly to this Account (not any of its realms). * * @param permissions the object-based permissions to assign directly to this Account. */ public void setObjectPermissions(Set<Permission> permissions) { this.authzInfo.setObjectPermissions(permissions); }
/** * Constructs a SimpleAccount instance from the given principals and credentials, with the * the assigned roles and permissions. * * @param principals the identifying attributes of the account, at least one of which should be considered the * account's 'primary' identifying attribute, for example, a user id or username. * @param credentials the credentials that verify identity for the account * @param roleNames the names of the roles assigned to this account. * @param permissions the permissions assigned to this account directly (not those assigned to any of the realms). */ public SimpleAccount(PrincipalCollection principals, Object credentials, Set<String> roleNames, Set<Permission> permissions) { this.authcInfo = new SimpleAuthenticationInfo(principals, credentials); this.authzInfo = new SimpleAuthorizationInfo(roleNames); this.authzInfo.setObjectPermissions(permissions); }
/** * Constructs a SimpleAccount instance for the specified realm with the given principal and credentials, with the * the assigned roles and permissions. * * @param principal the 'primary' identifying attributes of the account, for example, a user id or username. * @param credentials the credentials that verify identity for the account * @param realmName the name of the realm that accesses this account data * @param roleNames the names of the roles assigned to this account. * @param permissions the permissions assigned to this account directly (not those assigned to any of the realms). */ public SimpleAccount(Object principal, Object credentials, String realmName, Set<String> roleNames, Set<Permission> permissions) { this.authcInfo = new SimpleAuthenticationInfo(new SimplePrincipalCollection(principal, realmName), credentials); this.authzInfo = new SimpleAuthorizationInfo(roleNames); this.authzInfo.setObjectPermissions(permissions); }
/** * Constructs a SimpleAccount instance for the specified realm with the given principals and credentials, with the * the assigned roles and permissions. * * @param principals the identifying attributes of the account, at least one of which should be considered the * account's 'primary' identifying attribute, for example, a user id or username. * @param credentials the credentials that verify identity for the account * @param realmName the name of the realm that accesses this account data * @param roleNames the names of the roles assigned to this account. * @param permissions the permissions assigned to this account directly (not those assigned to any of the realms). */ public SimpleAccount(Collection principals, Object credentials, String realmName, Set<String> roleNames, Set<Permission> permissions) { this.authcInfo = new SimpleAuthenticationInfo(new SimplePrincipalCollection(principals, realmName), credentials); this.authzInfo = new SimpleAuthorizationInfo(roleNames); this.authzInfo.setObjectPermissions(permissions); }
/** * Sets all object-based permissions assigned directly to this Account (not any of its realms). * * @param permissions the object-based permissions to assign directly to this Account. */ public void setObjectPermissions(Set<Permission> permissions) { this.authzInfo.setObjectPermissions(permissions); }
/** * Constructs a SimpleAccount instance from the given principals and credentials, with the * the assigned roles and permissions. * * @param principals the identifying attributes of the account, at least one of which should be considered the * account's 'primary' identifying attribute, for example, a user id or username. * @param credentials the credentials that verify identity for the account * @param roleNames the names of the roles assigned to this account. * @param permissions the permissions assigned to this account directly (not those assigned to any of the realms). */ public SimpleAccount(PrincipalCollection principals, Object credentials, Set<String> roleNames, Set<Permission> permissions) { this.authcInfo = new SimpleAuthenticationInfo(principals, credentials); this.authzInfo = new SimpleAuthorizationInfo(roleNames); this.authzInfo.setObjectPermissions(permissions); }
/** * Constructs a SimpleAccount instance for the specified realm with the given principal and credentials, with the * the assigned roles and permissions. * * @param principal the 'primary' identifying attributes of the account, for example, a user id or username. * @param credentials the credentials that verify identity for the account * @param realmName the name of the realm that accesses this account data * @param roleNames the names of the roles assigned to this account. * @param permissions the permissions assigned to this account directly (not those assigned to any of the realms). */ public SimpleAccount(Object principal, Object credentials, String realmName, Set<String> roleNames, Set<Permission> permissions) { this.authcInfo = new SimpleAuthenticationInfo(new SimplePrincipalCollection(principal, realmName), credentials); this.authzInfo = new SimpleAuthorizationInfo(roleNames); this.authzInfo.setObjectPermissions(permissions); }
/** * Constructs a SimpleAccount instance for the specified realm with the given principals and credentials, with the * the assigned roles and permissions. * * @param principals the identifying attributes of the account, at least one of which should be considered the * account's 'primary' identifying attribute, for example, a user id or username. * @param credentials the credentials that verify identity for the account * @param realmName the name of the realm that accesses this account data * @param roleNames the names of the roles assigned to this account. * @param permissions the permissions assigned to this account directly (not those assigned to any of the realms). */ public SimpleAccount(Collection principals, Object credentials, String realmName, Set<String> roleNames, Set<Permission> permissions) { this.authcInfo = new SimpleAuthenticationInfo(new SimplePrincipalCollection(principals, realmName), credentials); this.authzInfo = new SimpleAuthorizationInfo(roleNames); this.authzInfo.setObjectPermissions(permissions); }
/** * Sets all object-based permissions assigned directly to this Account (not any of its realms). * * @param permissions the object-based permissions to assign directly to this Account. */ public void setObjectPermissions(Set<Permission> permissions) { this.authzInfo.setObjectPermissions(permissions); }
/** * Constructs a SimpleAccount instance from the given principals and credentials, with the * the assigned roles and permissions. * * @param principals the identifying attributes of the account, at least one of which should be considered the * account's 'primary' identifying attribute, for example, a user id or username. * @param credentials the credentials that verify identity for the account * @param roleNames the names of the roles assigned to this account. * @param permissions the permissions assigned to this account directly (not those assigned to any of the realms). */ public SimpleAccount(PrincipalCollection principals, Object credentials, Set<String> roleNames, Set<Permission> permissions) { this.authcInfo = new SimpleAuthenticationInfo(principals, credentials); this.authzInfo = new SimpleAuthorizationInfo(roleNames); this.authzInfo.setObjectPermissions(permissions); }
/** * {@inheritDoc} * <p>This default implementation handles built-in groups (all, anonymous, registered, etc.), delegating * to loadAuthorizationInfo method the actual loading of application-specific groups.</p> * * @return */ public AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { Object principal = principals.getPrimaryPrincipal(); Set<String> groups = getGroups(principal); SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(groups); if(groups.contains(SecurityLogic.getAdministratorsGroup(portofinoConfiguration))) { info.addStringPermission("*"); } Permission permission = new GroupPermission(groups); info.setObjectPermissions(Collections.singleton(permission)); return info; }
/** * Constructs a SimpleAccount instance for the specified realm with the given principals and credentials, with the * the assigned roles and permissions. * * @param principals the identifying attributes of the account, at least one of which should be considered the * account's 'primary' identifying attribute, for example, a user id or username. * @param credentials the credentials that verify identity for the account * @param realmName the name of the realm that accesses this account data * @param roleNames the names of the roles assigned to this account. * @param permissions the permissions assigned to this account directly (not those assigned to any of the realms). */ public SimpleAccount(Collection principals, Object credentials, String realmName, Set<String> roleNames, Set<Permission> permissions) { this.authcInfo = new SimpleAuthenticationInfo(new SimplePrincipalCollection(principals, realmName), credentials); this.authzInfo = new SimpleAuthorizationInfo(roleNames); this.authzInfo.setObjectPermissions(permissions); }
/** * Constructs a SimpleAccount instance for the specified realm with the given principal and credentials, with the * the assigned roles and permissions. * * @param principal the 'primary' identifying attributes of the account, for example, a user id or username. * @param credentials the credentials that verify identity for the account * @param realmName the name of the realm that accesses this account data * @param roleNames the names of the roles assigned to this account. * @param permissions the permissions assigned to this account directly (not those assigned to any of the realms). */ public SimpleAccount(Object principal, Object credentials, String realmName, Set<String> roleNames, Set<Permission> permissions) { this.authcInfo = new SimpleAuthenticationInfo(new SimplePrincipalCollection(principal, realmName), credentials); this.authzInfo = new SimpleAuthorizationInfo(roleNames); this.authzInfo.setObjectPermissions(permissions); }
@Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { try { AuthorizationInfo info = (AuthorizationInfo) getAuthorizationInfoMethod.invoke(realm, principals); if(info.getObjectPermissions() != null) { for(Permission p : info.getObjectPermissions()) { if(p instanceof RolesPermission) { return info; } } info.getObjectPermissions().add(new RolesPermission(info.getRoles())); } else if(info instanceof SimpleAuthorizationInfo) { ((SimpleAuthorizationInfo) info).setObjectPermissions( Collections.singleton((Permission) new RolesPermission(info.getRoles()))); } else if(info instanceof SimpleAccount) { ((SimpleAccount) info).setObjectPermissions( Collections.singleton((Permission) new RolesPermission(info.getRoles()))); } else { logger.warn("Cannot add RolesPermission to the AuthorizationInfo {}", info); } return info; } catch (Exception e) { throw new RuntimeException(e); } }
/** * {@inheritDoc} * <p>This default implementation handles built-in groups (all, anonymous, registered, etc.), delegating * to loadAuthorizationInfo method the actual loading of application-specific groups.</p> * * @return */ public AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { Object principal = principals.getPrimaryPrincipal(); Set<String> groups = new HashSet<String>(); groups.add(SecurityLogic.getAllGroup(portofinoConfiguration)); if (principal == null) { groups.add(SecurityLogic.getAnonymousGroup(portofinoConfiguration)); } else if (principal instanceof Serializable) { groups.add(SecurityLogic.getRegisteredGroup(portofinoConfiguration)); groups.addAll(loadAuthorizationInfo((Serializable) principal)); } else { throw new AuthorizationException("Invalid principal: " + principal); } SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(groups); if(groups.contains(SecurityLogic.getAdministratorsGroup(portofinoConfiguration))) { info.addStringPermission("*"); } Permission permission = new GroupPermission(groups); info.setObjectPermissions(Collections.singleton(permission)); return info; }
@Override protected AuthorizationInfo doGetAuthorizationInfo(final PrincipalCollection principals) { final Sid sid = new Sid((String) principals.getPrimaryPrincipal()); final ShiroResources services = ShiroResources.getInstance(); final DaoManager daos = services.get(DaoManager.class); final AccountsDao accounts = daos.getAccountsDao(); final Account account = accounts.getAccount(sid); final String roleName = account.getRole(); final Set<String> set = new HashSet<String>(); set.add(roleName); final SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(set); final SimpleRole role = getRole(roleName); if (role != null) { authorizationInfo.setObjectPermissions(role.getPermissions()); } return authorizationInfo; }