private Collection<Realm> getRealms(Map<String, ?> instances) { //realms and realm factory might have been created - pull them out first so we can //initialize the securityManager: List<Realm> realms = new ArrayList<Realm>(); //iterate over the map entries to pull out the realm factory(s): for (Map.Entry<String, ?> entry : instances.entrySet()) { String name = entry.getKey(); Object value = entry.getValue(); if (value instanceof RealmFactory) { addToRealms(realms, (RealmFactory) value); } else if (value instanceof Realm) { Realm realm = (Realm) value; //set the name if null: String existingName = realm.getName(); if (existingName == null || existingName.startsWith(realm.getClass().getName())) { if (realm instanceof Nameable) { ((Nameable) realm).setName(name); log.debug("Applied name '{}' to Nameable realm instance {}", name, realm); } else { log.info("Realm does not implement the {} interface. Configured name will not be applied.", Nameable.class.getName()); } } realms.add(realm); } } return realms; }
private Collection<Realm> getRealms(Map<String, ?> instances) { //realms and realm factory might have been created - pull them out first so we can //initialize the securityManager: List<Realm> realms = new ArrayList<Realm>(); //iterate over the map entries to pull out the realm factory(s): for (Map.Entry<String, ?> entry : instances.entrySet()) { String name = entry.getKey(); Object value = entry.getValue(); if (value instanceof RealmFactory) { addToRealms(realms, (RealmFactory) value); } else if (value instanceof Realm) { Realm realm = (Realm) value; //set the name if null: String existingName = realm.getName(); if (existingName == null || existingName.startsWith(realm.getClass().getName())) { if (realm instanceof Nameable) { ((Nameable) realm).setName(name); log.debug("Applied name '{}' to Nameable realm instance {}", name, realm); } else { log.info("Realm does not implement the {} interface. Configured name will not be applied.", Nameable.class.getName()); } } realms.add(realm); } } return realms; }
private void logAndIgnore(Realm realm, Exception e) { logger.trace("Realm '{}' failure", realm.getName(), e); } }
for (Realm realm : ((RealmSecurityManager) SecurityUtils.getSecurityManager()).getRealms()) System.out.println(realm.getName());
private void logAndIgnore( Realm realm, Exception e ) { if ( logger.isTraceEnabled() ) { logger.trace( "Realm: '" + realm.getName() + "', caused: " + e.getMessage(), e ); } } }
private static List<Realm> selectOrderedActiveRealms( List<String> configuredRealms, List<Realm> availableRealms ) { List<Realm> orderedActiveRealms = new ArrayList<>( configuredRealms.size() ); for ( String configuredRealmName : configuredRealms ) { for ( Realm realm : availableRealms ) { if ( configuredRealmName.equals( realm.getName() ) ) { orderedActiveRealms.add( realm ); break; } } } return orderedActiveRealms; }
@Override public boolean isValid(final String value, final ConstraintValidatorContext context) { log.trace("Validating realm exists: {}", value); for (Realm realm : realmSecurityManager.getRealms()) { if (value.equals(realm.getName())) { return true; } } return false; } }
public Realms createRealms(Injector injector, Set<Realm> diRealms) { // no configured realms, use DI Realms if (realms == null || realms.isEmpty()) { return new Realms(new ArrayList<>(diRealms)); } // use configured realms... // ignoring DI Realms if at least one config realm exists. This allows to fully override and/or order realms // without recompiling if (!diRealms.isEmpty() && LOGGER.isInfoEnabled()) { String realmNames = diRealms.stream() .map(r -> r.getName() != null ? r.getName() : r.getClass().getSimpleName()).collect(joining(", ")); LOGGER.info("Ignoring DI-originated Realms: " + realmNames + ". Using Realms from configuration instead."); } List<Realm> orderedRealms = new ArrayList<>(diRealms.size()); realms.forEach(rf -> orderedRealms.add(rf.createRealm(injector))); return new Realms(orderedRealms); } }
public Collection<Realm> activeRealms() { Collection<Realm> activeRealms = realms(new DeploymentSimpleFacet(mode())); logger.info("Active realms:"); for (Realm realm : activeRealms) { logger.info(realm.getName()); } return activeRealms; }
private Collection<Realm> getRealms(Map<String, ?> instances) { //realms and realm factory might have been created - pull them out first so we can //initialize the securityManager: List<Realm> realms = new ArrayList<Realm>(); //iterate over the map entries to pull out the realm factory(s): for (Map.Entry<String, ?> entry : instances.entrySet()) { String name = entry.getKey(); Object value = entry.getValue(); if (value instanceof RealmFactory) { addToRealms(realms, (RealmFactory) value); } else if (value instanceof Realm) { Realm realm = (Realm) value; //set the name if null: String existingName = realm.getName(); if (existingName == null || existingName.startsWith(realm.getClass().getName())) { if (realm instanceof Nameable) { ((Nameable) realm).setName(name); log.debug("Applied name '{}' to Nameable realm instance {}", name, realm); } else { log.info("Realm does not implement the {} interface. Configured name will not be applied.", Nameable.class.getName()); } } realms.add(realm); } } return realms; }
public List<String> getRoles() throws InvocationTargetException, IllegalAccessException { assertRealmsConfigured(); PrincipalCollection principals = SecurityUtils.getSubject().getPrincipals(); List<String> roles = new ArrayList<>(); for (Realm realm : getRealms()) { if (!(realm instanceof Authorizer) || principals.fromRealm(realm.getName()).isEmpty()) continue; Method getAuthorizationInfoMethod = ClassUtils.getMethod(realm.getClass(), "getAuthorizationInfo", PrincipalCollection.class); getAuthorizationInfoMethod.setAccessible(true); roles.addAll(((AuthorizationInfo) getAuthorizationInfoMethod.invoke(realm, principals)).getRoles()); } return roles; }
public List<String> getPermissions() throws InvocationTargetException, IllegalAccessException { assertRealmsConfigured(); PrincipalCollection principals = SecurityUtils.getSubject().getPrincipals(); List<String> permissions = new ArrayList<>(); for (Realm realm : getRealms()) { if (!(realm instanceof Authorizer) || principals.fromRealm(realm.getName()).isEmpty()) continue; Method getAuthorizationInfoMethod = ClassUtils.getMethod(realm.getClass(), "getAuthorizationInfo", PrincipalCollection.class); getAuthorizationInfoMethod.setAccessible(true); permissions.addAll(((AuthorizationInfo) getAuthorizationInfoMethod.invoke(realm, principals)).getStringPermissions()); } return permissions; } }
public boolean hasRole(PrincipalCollection principals, String roleIdentifier) { assertRealmsConfigured(); for (Realm realm : getRealms()) { if (!(realm instanceof Authorizer) || principals.fromRealm(realm.getName()).isEmpty()) continue; if (((Authorizer) realm).hasRole(principals, roleIdentifier)) return true; } return false; }
/** * This method has protected visibility to allow for custom implementations * in the future that might obtain the list of roles for a principal from * somewhere other than Shiro's {@link RealmSecurityManager}. */ protected List<String> getRoles(final Subject subject, final AuthenticationToken token) { final List<String> roles = Lists.newArrayList(); RealmSecurityManager securityManager = getSecurityManager(); if(securityManager == null) { return roles; } final Set<String> realmNames = realmNamesOf(subject); final Collection<Realm> realms = securityManager.getRealms(); for (final Realm realm : realms) { // only obtain roles from those realm(s) that authenticated this subject if(!realmNames.contains(realm.getName())) { continue; } final AuthenticationInfo authenticationInfo = realm.getAuthenticationInfo(token); if(authenticationInfo instanceof AuthorizationInfo) { final AuthorizationInfo authorizationInfo = (AuthorizationInfo) authenticationInfo; final Collection<String> realmRoles = authorizationInfo.getRoles(); for (final String role : realmRoles) { roles.add(realm.getName() + ":" + role); } } } return roles; }
@Override public boolean isPermitted(PrincipalCollection subjectPrincipal, String permission) { for (Realm realm : getRealms()) { if (!(realm instanceof Authorizer)) { continue; // ignore non-authorizing realms } try { if (((Authorizer) realm).isPermitted(subjectPrincipal, permission)) { if (logger.isTraceEnabled()) { logger.trace("Realm: " + realm.getName() + " user: " + subjectPrincipal.iterator().next() + " has permission: " + permission); } return true; } else { if (logger.isTraceEnabled()) { logger.trace("Realm: " + realm.getName() + " user: " + subjectPrincipal.iterator().next() + " does NOT have permission: " + permission); } } } catch (AuthorizationException e) { logAndIgnore(realm, e); } catch (RuntimeException e) { logAndIgnore(realm, e); } } return false; }
@Override public boolean isPermitted(PrincipalCollection principals, String permission) { assertRealmsConfigured(); for (Realm realm : getRealms()) { if (!(realm instanceof Authorizer) || principals.fromRealm(realm.getName()).isEmpty()) continue; if (((Authorizer) realm).isPermitted(principals, permission)) { return true; } } return false; }
public boolean isPermitted(PrincipalCollection principals, Permission permission) { assertRealmsConfigured(); for (Realm realm : getRealms()) { if (!(realm instanceof Authorizer) || principals.fromRealm(realm.getName()).isEmpty()) continue; if (((Authorizer) realm).isPermitted(principals, permission)) return true; } return false; }
HashMap<String,Realm> realmHashMap=new HashMap<>(realms.size()); for (Realm realm : realms) { realmHashMap.put(realm.getName(),realm);