Search in sources :

Example 1 with SecurityManager

use of org.apache.geode.security.SecurityManager in project geode by apache.

the class IntegratedSecurityService method initSecurity.

/**
   * initialize Shiro's Security Manager and Security Utilities
   */
public void initSecurity(Properties securityProps) {
    if (securityProps == null) {
        return;
    }
    String shiroConfig = securityProps.getProperty(SECURITY_SHIRO_INIT);
    String securityManagerConfig = securityProps.getProperty(SECURITY_MANAGER);
    String clientAuthenticatorConfig = securityProps.getProperty(SECURITY_CLIENT_AUTHENTICATOR);
    String peerAuthenticatorConfig = securityProps.getProperty(SECURITY_PEER_AUTHENTICATOR);
    if (StringUtils.isNotBlank(shiroConfig)) {
        IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:" + shiroConfig);
        // we will need to make sure that shiro uses a case sensitive permission resolver
        Section main = factory.getIni().addSection("main");
        main.put("geodePermissionResolver", "org.apache.geode.internal.security.shiro.GeodePermissionResolver");
        if (!main.containsKey("iniRealm.permissionResolver")) {
            main.put("iniRealm.permissionResolver", "$geodePermissionResolver");
        }
        org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance();
        SecurityUtils.setSecurityManager(securityManager);
        isIntegratedSecurity = true;
        isClientAuthenticator = false;
        isPeerAuthenticator = false;
    } else // only set up shiro realm if user has implemented SecurityManager
    if (StringUtils.isNotBlank(securityManagerConfig)) {
        SecurityManager securityManager = SecurityService.getObjectOfTypeFromClassName(securityManagerConfig, SecurityManager.class);
        securityManager.init(securityProps);
        this.setSecurityManager(securityManager);
    } else {
        isIntegratedSecurity = null;
        isClientAuthenticator = StringUtils.isNotBlank(clientAuthenticatorConfig);
        isPeerAuthenticator = StringUtils.isNotBlank(peerAuthenticatorConfig);
    }
    // this initializes the post processor
    String customPostProcessor = securityProps.getProperty(SECURITY_POST_PROCESSOR);
    if (StringUtils.isNotBlank(customPostProcessor)) {
        postProcessor = SecurityService.getObjectOfTypeFromClassName(customPostProcessor, PostProcessor.class);
        postProcessor.init(securityProps);
    } else {
        postProcessor = null;
    }
}
Also used : IniSecurityManagerFactory(org.apache.shiro.config.IniSecurityManagerFactory) DefaultSecurityManager(org.apache.shiro.mgt.DefaultSecurityManager) SecurityManager(org.apache.geode.security.SecurityManager) Section(org.apache.shiro.config.Ini.Section) PostProcessor(org.apache.geode.security.PostProcessor)

Aggregations

PostProcessor (org.apache.geode.security.PostProcessor)1 SecurityManager (org.apache.geode.security.SecurityManager)1 Section (org.apache.shiro.config.Ini.Section)1 IniSecurityManagerFactory (org.apache.shiro.config.IniSecurityManagerFactory)1 DefaultSecurityManager (org.apache.shiro.mgt.DefaultSecurityManager)1