Example 1 with RolePermissionResolver
use of org.apache.shiro.authz.permission.RolePermissionResolver in project shiro by apache.
the class ModularRealmAuthorizer method applyRolePermissionResolverToRealms.
/**
* Sets the internal {@link #getRolePermissionResolver} on any internal configured
* {@link #getRealms Realms} that implement the {@link org.apache.shiro.authz.permission.RolePermissionResolverAware RolePermissionResolverAware} interface.
* <p/>
* This method is called after setting a rolePermissionResolver on this ModularRealmAuthorizer via the
* {@link #setRolePermissionResolver(org.apache.shiro.authz.permission.RolePermissionResolver) setRolePermissionResolver} method.
* <p/>
* It is also called after setting one or more realms via the {@link #setRealms setRealms} method to allow these
* newly available realms to be given the <code>RolePermissionResolver</code> already in use.
*
* @since 1.0
*/
protected void applyRolePermissionResolverToRealms() {
RolePermissionResolver resolver = getRolePermissionResolver();
Collection<Realm> realms = getRealms();
if (resolver != null && realms != null && !realms.isEmpty()) {
for (Realm realm : realms) {
if (realm instanceof RolePermissionResolverAware) {
((RolePermissionResolverAware) realm).setRolePermissionResolver(resolver);
}
}
}
}
Also used :
RolePermissionResolver(org.apache.shiro.authz.permission.RolePermissionResolver)
RolePermissionResolverAware(org.apache.shiro.authz.permission.RolePermissionResolverAware)
Realm(org.apache.shiro.realm.Realm)
Example 2 with RolePermissionResolver
use of org.apache.shiro.authz.permission.RolePermissionResolver in project shiro by apache.
the class AuthorizingRealmTest method testRealmWithRolePermissionResolver.
@Test
public void testRealmWithRolePermissionResolver() {
Principal principal = new UsernamePrincipal("rolePermResolver");
PrincipalCollection pCollection = new SimplePrincipalCollection(principal, "testRealmWithRolePermissionResolver");
AuthorizingRealm realm = new AllowAllRealm();
realm.setRolePermissionResolver(new RolePermissionResolver() {
public Collection<Permission> resolvePermissionsInRole(String roleString) {
Collection<Permission> permissions = new HashSet<Permission>();
if (roleString.equals(ROLE)) {
permissions.add(new WildcardPermission(ROLE + ":perm1"));
permissions.add(new WildcardPermission(ROLE + ":perm2"));
permissions.add(new WildcardPermission("other:*:foo"));
}
return permissions;
}
});
assertTrue(realm.hasRole(pCollection, ROLE));
assertTrue(realm.isPermitted(pCollection, ROLE + ":perm1"));
assertTrue(realm.isPermitted(pCollection, ROLE + ":perm2"));
assertFalse(realm.isPermitted(pCollection, ROLE + ":perm3"));
assertTrue(realm.isPermitted(pCollection, "other:bar:foo"));
}
Also used :
RolePermissionResolver(org.apache.shiro.authz.permission.RolePermissionResolver)
Permission(org.apache.shiro.authz.Permission)
WildcardPermission(org.apache.shiro.authz.permission.WildcardPermission)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
WildcardPermission(org.apache.shiro.authz.permission.WildcardPermission)
Principal(java.security.Principal)
Test(org.junit.Test)
Example 3 with RolePermissionResolver
use of org.apache.shiro.authz.permission.RolePermissionResolver in project ddf by codice.
the class AuthzRealm method resolveRolePermissions.
/**
* Returns a collection of {@link Permission} objects that are built from the associated
* collection of Strings that represent the roles that a user possesses.
*
* @param roleNames user roles.
* @return collection of Permissions
*/
private Collection<Permission> resolveRolePermissions(Collection<String> roleNames) {
Collection<Permission> perms = Collections.emptySet();
RolePermissionResolver resolver = getRolePermissionResolver();
if (resolver != null && !CollectionUtils.isEmpty(roleNames)) {
perms = new HashSet<>(roleNames.size());
for (String roleName : roleNames) {
Collection<Permission> resolved = resolver.resolvePermissionsInRole(roleName);
if (!CollectionUtils.isEmpty(resolved)) {
perms.addAll(resolved);
}
}
}
return perms;
}
Also used :
CollectionPermission(ddf.security.permission.CollectionPermission)
KeyValuePermission(ddf.security.permission.KeyValuePermission)
Permission(org.apache.shiro.authz.Permission)
MatchOneCollectionPermission(ddf.security.permission.impl.MatchOneCollectionPermission)
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
RolePermissionResolver(org.apache.shiro.authz.permission.RolePermissionResolver)
Example 4 with RolePermissionResolver
use of org.apache.shiro.authz.permission.RolePermissionResolver in project shiro by apache.
the class ModularRealmAuthorizerTest method testSettingOfRolePermissionResolver.
@Test
public void testSettingOfRolePermissionResolver() {
Collection<Realm> realms = new ArrayList<Realm>();
realms.add(new MockAuthorizingRealm());
realms.add(new MockAuthorizingRealm());
// its null to start with
for (Realm realm : realms) {
Assert.assertNull(((AuthorizingRealm) realm).getRolePermissionResolver());
}
ModularRealmAuthorizer modRealmAuthz = new ModularRealmAuthorizer();
modRealmAuthz.setRealms(realms);
// make sure they are still null
for (Realm realm : realms) {
Assert.assertNull(((AuthorizingRealm) realm).getRolePermissionResolver());
}
// now set the RolePermissionResolver
RolePermissionResolver rolePermissionResolver = new RolePermissionResolver() {
public Collection<Permission> resolvePermissionsInRole(String roleString) {
return null;
}
};
modRealmAuthz.setRolePermissionResolver(rolePermissionResolver);
// make sure they are set
for (Realm realm : realms) {
// check for same instance
Assert.assertTrue(((AuthorizingRealm) realm).getRolePermissionResolver() == rolePermissionResolver);
}
// add a new realm and make sure the RolePermissionResolver is set
MockAuthorizingRealm mockRealm = new MockAuthorizingRealm();
realms.add(mockRealm);
modRealmAuthz.setRealms(realms);
assertTrue(((AuthorizingRealm) mockRealm).getRolePermissionResolver() == rolePermissionResolver);
// TODO: no way to unset them, not sure if that is a valid use case, but this is conistent with the PermissionResolver logic
// // now just to be sure, unset them
// modRealmAuthz.setRolePermissionResolver( null );
// for ( Realm realm : realms )
// {
// Assert.assertNull( ((AuthorizingRealm)realm).getRolePermissionResolver() );
// }
}
Also used :
ArrayList(java.util.ArrayList)
RolePermissionResolver(org.apache.shiro.authz.permission.RolePermissionResolver)
Realm(org.apache.shiro.realm.Realm)
AuthorizingRealm(org.apache.shiro.realm.AuthorizingRealm)
AuthorizingRealm(org.apache.shiro.realm.AuthorizingRealm)
Test(org.junit.Test)
Aggregations
RolePermissionResolver (org.apache.shiro.authz.permission.RolePermissionResolver)4
Permission (org.apache.shiro.authz.Permission)2
Realm (org.apache.shiro.realm.Realm)2
Test (org.junit.Test)2
CollectionPermission (ddf.security.permission.CollectionPermission)1
KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)1
KeyValuePermission (ddf.security.permission.KeyValuePermission)1
MatchOneCollectionPermission (ddf.security.permission.impl.MatchOneCollectionPermission)1
Principal (java.security.Principal)1
ArrayList (java.util.ArrayList)1
RolePermissionResolverAware (org.apache.shiro.authz.permission.RolePermissionResolverAware)1
WildcardPermission (org.apache.shiro.authz.permission.WildcardPermission)1
AuthorizingRealm (org.apache.shiro.realm.AuthorizingRealm)1
PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)1
SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)1
