Search in sources :

Example 1 with SimpleAuthorizationInfo

use of org.apache.shiro.authz.SimpleAuthorizationInfo in project neo4j by neo4j.

the class InternalFlatFileRealm method doGetAuthorizationInfo.

@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) throws AuthenticationException {
    if (!authorizationEnabled) {
        return null;
    }
    String username = (String) getAvailablePrincipal(principals);
    if (username == null) {
        return null;
    }
    User user = userRepository.getUserByName(username);
    if (user == null) {
        return null;
    }
    if (user.passwordChangeRequired() || user.hasFlag(IS_SUSPENDED)) {
        return new SimpleAuthorizationInfo();
    } else {
        Set<String> roles = roleRepository.getRoleNamesByUsername(user.name());
        return new SimpleAuthorizationInfo(roles);
    }
}
Also used : User(org.neo4j.kernel.impl.security.User) SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo)

Example 2 with SimpleAuthorizationInfo

use of org.apache.shiro.authz.SimpleAuthorizationInfo in project neo4j by neo4j.

the class LdapRealm method cacheAuthorizationInfo.

private void cacheAuthorizationInfo(String username, Set<String> roleNames) {
    // Use the existing authorizationCache in our base class
    Cache<Object, AuthorizationInfo> authorizationCache = getAuthorizationCache();
    authorizationCache.put(username, new SimpleAuthorizationInfo(roleNames));
}
Also used : SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo) AuthorizationInfo(org.apache.shiro.authz.AuthorizationInfo) SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo)

Example 3 with SimpleAuthorizationInfo

use of org.apache.shiro.authz.SimpleAuthorizationInfo in project neo4j by neo4j.

the class LdapRealm method queryForAuthorizationInfo.

@Override
protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principals, LdapContextFactory ldapContextFactory) throws NamingException {
    if (authorizationEnabled) {
        String username = getUsername(principals);
        if (username == null) {
            return null;
        }
        if (useSystemAccountForAuthorization) {
            // Perform context search using the system context
            LdapContext ldapContext = useStartTls ? getSystemLdapContextUsingStartTls(ldapContextFactory) : ldapContextFactory.getSystemLdapContext();
            Set<String> roleNames;
            try {
                roleNames = findRoleNamesForUser(username, ldapContext);
            } finally {
                LdapUtils.closeContext(ldapContext);
            }
            return new SimpleAuthorizationInfo(roleNames);
        } else {
            // Authorization info is cached during authentication
            Cache<Object, AuthorizationInfo> authorizationCache = getAuthorizationCache();
            AuthorizationInfo authorizationInfo = authorizationCache.get(username);
            if (authorizationInfo == null) {
                // so that the client can react by re-authenticating.
                throw new AuthorizationExpiredException("LDAP authorization info expired.");
            }
            return authorizationInfo;
        }
    }
    return null;
}
Also used : SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo) AuthorizationExpiredException(org.neo4j.graphdb.security.AuthorizationExpiredException) AuthorizationInfo(org.apache.shiro.authz.AuthorizationInfo) SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo) InitialLdapContext(javax.naming.ldap.InitialLdapContext) LdapContext(javax.naming.ldap.LdapContext)

Example 4 with SimpleAuthorizationInfo

use of org.apache.shiro.authz.SimpleAuthorizationInfo in project bamboobsc by billchen198318.

the class GreenStepBaseAuthorizingLdapRealm method getSimpleAuthorizationInfo.

private SimpleAuthorizationInfo getSimpleAuthorizationInfo(String username) throws Exception {
    Map<String, Object> params = new HashMap<String, Object>();
    params.put("account", username);
    List<TbUserRole> roleList = userRoleService.findListByParams(params);
    if (roleList == null) {
        return null;
    }
    SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
    for (TbUserRole userRole : roleList) {
        info.addRole(userRole.getRole());
        params.clear();
        params.put("role", userRole.getRole());
        List<TbRolePermission> rolePermissionList = rolePermissionService.findListByParams(params);
        if (rolePermissionList == null) {
            continue;
        }
        for (TbRolePermission rolePermission : rolePermissionList) {
            info.addStringPermission(rolePermission.getPermission());
        }
    }
    return info;
}
Also used : SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo) HashMap(java.util.HashMap) TbRolePermission(com.netsteadfast.greenstep.po.hbm.TbRolePermission) TbUserRole(com.netsteadfast.greenstep.po.hbm.TbUserRole)

Example 5 with SimpleAuthorizationInfo

use of org.apache.shiro.authz.SimpleAuthorizationInfo in project tesla by linking12.

the class TeslaUserRealm method doGetAuthorizationInfo.

@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
    if (principals == null) {
        throw new AuthorizationException("PrincipalCollection method argument cannot be null.");
    }
    Long userId = (Long) principals.getPrimaryPrincipal();
    List<String> permissions = userDao.findPermissonByUserId(userId);
    List<String> roles = userDao.findRoleByUserId(userId);
    SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
    info.addRoles(roles);
    info.addStringPermissions(permissions);
    return info;
}
Also used : SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo) AuthorizationException(org.apache.shiro.authz.AuthorizationException)

Aggregations

SimpleAuthorizationInfo (org.apache.shiro.authz.SimpleAuthorizationInfo)48 Permission (org.apache.shiro.authz.Permission)8 AuthorizationException (org.apache.shiro.authz.AuthorizationException)6 KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)5 KeyValuePermission (ddf.security.permission.KeyValuePermission)5 ArrayList (java.util.ArrayList)5 HashSet (java.util.HashSet)5 AuthenticationException (org.apache.shiro.authc.AuthenticationException)5 AuthorizationInfo (org.apache.shiro.authz.AuthorizationInfo)5 KeyValuePermissionImpl (ddf.security.permission.impl.KeyValuePermissionImpl)4 CollectionPermission (ddf.security.permission.CollectionPermission)3 HashMap (java.util.HashMap)3 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)3 Group (com.ganster.cms.core.pojo.Group)2 Permission (com.ganster.cms.core.pojo.Permission)2 User (com.ganster.cms.core.pojo.User)2 UserExample (com.ganster.cms.core.pojo.UserExample)2 TbRolePermission (com.netsteadfast.greenstep.po.hbm.TbRolePermission)2 TbUserRole (com.netsteadfast.greenstep.po.hbm.TbUserRole)2 Set (java.util.Set)2