use of org.apache.shiro.realm.Realm in project zeppelin by apache.
the class SecurityRestApi method getUserList.
/**
* Get userlist
* Returns list of all user from available realms
*
* @return 200 response
*/
@GET
@Path("userlist/{searchText}")
public Response getUserList(@PathParam("searchText") final String searchText) {
List<String> usersList = new ArrayList<>();
List<String> rolesList = new ArrayList<>();
try {
GetUserList getUserListObj = new GetUserList();
Collection realmsList = SecurityUtils.getRealmsList();
if (realmsList != null) {
for (Iterator<Realm> iterator = realmsList.iterator(); iterator.hasNext(); ) {
Realm realm = iterator.next();
String name = realm.getClass().getName();
if (LOG.isDebugEnabled()) {
LOG.debug("RealmClass.getName: " + name);
}
if (name.equals("org.apache.shiro.realm.text.IniRealm")) {
usersList.addAll(getUserListObj.getUserList((IniRealm) realm));
rolesList.addAll(getUserListObj.getRolesList((IniRealm) realm));
} else if (name.equals("org.apache.zeppelin.realm.LdapGroupRealm")) {
usersList.addAll(getUserListObj.getUserList((JndiLdapRealm) realm, searchText));
} else if (name.equals("org.apache.zeppelin.realm.LdapRealm")) {
usersList.addAll(getUserListObj.getUserList((LdapRealm) realm, searchText));
rolesList.addAll(getUserListObj.getRolesList((LdapRealm) realm));
} else if (name.equals("org.apache.zeppelin.realm.ActiveDirectoryGroupRealm")) {
usersList.addAll(getUserListObj.getUserList((ActiveDirectoryGroupRealm) realm, searchText));
} else if (name.equals("org.apache.shiro.realm.jdbc.JdbcRealm")) {
usersList.addAll(getUserListObj.getUserList((JdbcRealm) realm));
}
}
}
} catch (Exception e) {
LOG.error("Exception in retrieving Users from realms ", e);
}
List<String> autoSuggestUserList = new ArrayList<>();
List<String> autoSuggestRoleList = new ArrayList<>();
Collections.sort(usersList);
Collections.sort(rolesList);
Collections.sort(usersList, new Comparator<String>() {
@Override
public int compare(String o1, String o2) {
if (o1.matches(searchText + "(.*)") && o2.matches(searchText + "(.*)")) {
return 0;
} else if (o1.matches(searchText + "(.*)")) {
return -1;
}
return 0;
}
});
int maxLength = 0;
for (String user : usersList) {
if (StringUtils.containsIgnoreCase(user, searchText)) {
autoSuggestUserList.add(user);
maxLength++;
}
if (maxLength == 5) {
break;
}
}
for (String role : rolesList) {
if (StringUtils.containsIgnoreCase(role, searchText)) {
autoSuggestRoleList.add(role);
}
}
Map<String, List> returnListMap = new HashMap<>();
returnListMap.put("users", autoSuggestUserList);
returnListMap.put("roles", autoSuggestRoleList);
return new JsonResponse<>(Response.Status.OK, "", returnListMap).build();
}
use of org.apache.shiro.realm.Realm in project zeppelin by apache.
the class SecurityUtils method getRoles.
/**
* Return the roles associated with the authenticated user if any otherwise returns empty set
* TODO(prasadwagle) Find correct way to get user roles (see SHIRO-492)
*
* @return shiro roles
*/
public static HashSet<String> getRoles() {
if (!isEnabled) {
return EMPTY_HASHSET;
}
Subject subject = org.apache.shiro.SecurityUtils.getSubject();
HashSet<String> roles = new HashSet<>();
Map allRoles = null;
if (subject.isAuthenticated()) {
Collection realmsList = SecurityUtils.getRealmsList();
for (Iterator<Realm> iterator = realmsList.iterator(); iterator.hasNext(); ) {
Realm realm = iterator.next();
String name = realm.getClass().getName();
if (name.equals("org.apache.shiro.realm.text.IniRealm")) {
allRoles = ((IniRealm) realm).getIni().get("roles");
break;
} else if (name.equals("org.apache.zeppelin.realm.LdapRealm")) {
allRoles = ((LdapRealm) realm).getListRoles();
break;
}
}
if (allRoles != null) {
Iterator it = allRoles.entrySet().iterator();
while (it.hasNext()) {
Map.Entry pair = (Map.Entry) it.next();
if (subject.hasRole((String) pair.getKey())) {
roles.add((String) pair.getKey());
}
}
}
}
return roles;
}
use of org.apache.shiro.realm.Realm in project killbill by killbill.
the class ModularRealmAuthenticatorWith540 method doMultiRealmAuthentication.
/**
* Performs the multi-realm authentication attempt by calling back to a {@link AuthenticationStrategy} object
* as each realm is consulted for {@code AuthenticationInfo} for the specified {@code token}.
*
* @param realms the multiple realms configured on this Authenticator instance.
* @param token the submitted AuthenticationToken representing the subject's (user's) log-in principals and credentials.
* @return an aggregated AuthenticationInfo instance representing account data across all the successfully
* consulted realms.
*/
protected AuthenticationInfo doMultiRealmAuthentication(final Collection<Realm> realms, final AuthenticationToken token) {
final AuthenticationStrategy strategy = getAuthenticationStrategy();
AuthenticationInfo aggregate = strategy.beforeAllAttempts(realms, token);
if (log.isTraceEnabled()) {
log.trace("Iterating through {} realms for PAM authentication", realms.size());
}
for (final Realm realm : realms) {
aggregate = strategy.beforeAttempt(realm, token, aggregate);
if (realm.supports(token)) {
log.trace("Attempting to authenticate token [{}] using realm [{}]", token, realm);
AuthenticationInfo info = null;
Throwable t = null;
try {
info = realm.getAuthenticationInfo(token);
} catch (final Throwable throwable) {
t = throwable;
if (log.isDebugEnabled()) {
final String msg = "Realm [" + realm + "] threw an exception during a multi-realm authentication attempt:";
log.debug(msg, t);
}
}
aggregate = strategy.afterAttempt(realm, token, info, aggregate, t);
if (strategy instanceof FirstSuccessfulStrategyWith540) {
// check if we should check the next realm, or just stop here.
if (!((FirstSuccessfulStrategyWith540) strategy).continueAfterAttempt(info, aggregate, t)) {
log.trace("Will not consult any other realms for authentication, last realm [{}].", realm);
break;
}
}
} else {
log.debug("Realm [{}] does not support token {}. Skipping realm.", realm, token);
}
}
aggregate = strategy.afterAllAttempts(token, aggregate);
return aggregate;
}
use of org.apache.shiro.realm.Realm in project neo4j by neo4j.
the class EnterpriseSecurityModule method createPluginRealms.
private static List<PluginRealm> createPluginRealms(Config config, SecurityLog securityLog, SecureHasher secureHasher, SecurityConfig securityConfig) {
List<PluginRealm> availablePluginRealms = new ArrayList<>();
Set<Class> excludedClasses = new HashSet<>();
if (securityConfig.pluginAuthentication && securityConfig.pluginAuthorization) {
for (AuthPlugin plugin : Service.load(AuthPlugin.class)) {
PluginRealm pluginRealm = new PluginRealm(plugin, config, securityLog, Clocks.systemClock(), secureHasher);
availablePluginRealms.add(pluginRealm);
}
}
if (securityConfig.pluginAuthentication) {
for (AuthenticationPlugin plugin : Service.load(AuthenticationPlugin.class)) {
PluginRealm pluginRealm;
if (securityConfig.pluginAuthorization && plugin instanceof AuthorizationPlugin) {
// This plugin implements both interfaces, create a combined plugin
pluginRealm = new PluginRealm(plugin, (AuthorizationPlugin) plugin, config, securityLog, Clocks.systemClock(), secureHasher);
// We need to make sure we do not add a duplicate when the AuthorizationPlugin service gets loaded
// so we allow only one instance per combined plugin class
excludedClasses.add(plugin.getClass());
} else {
pluginRealm = new PluginRealm(plugin, null, config, securityLog, Clocks.systemClock(), secureHasher);
}
availablePluginRealms.add(pluginRealm);
}
}
if (securityConfig.pluginAuthorization) {
for (AuthorizationPlugin plugin : Service.load(AuthorizationPlugin.class)) {
if (!excludedClasses.contains(plugin.getClass())) {
availablePluginRealms.add(new PluginRealm(null, plugin, config, securityLog, Clocks.systemClock(), secureHasher));
}
}
}
for (String pluginRealmName : securityConfig.pluginAuthProviders) {
if (!availablePluginRealms.stream().anyMatch(r -> r.getName().equals(pluginRealmName))) {
throw illegalConfiguration(format("Failed to load auth plugin '%s'.", pluginRealmName));
}
}
List<PluginRealm> realms = availablePluginRealms.stream().filter(realm -> securityConfig.pluginAuthProviders.contains(realm.getName())).collect(Collectors.toList());
boolean missingAuthenticatingRealm = securityConfig.onlyPluginAuthentication() && !realms.stream().anyMatch(PluginRealm::canAuthenticate);
boolean missingAuthorizingRealm = securityConfig.onlyPluginAuthorization() && !realms.stream().anyMatch(PluginRealm::canAuthorize);
if (missingAuthenticatingRealm || missingAuthorizingRealm) {
String missingProvider = (missingAuthenticatingRealm && missingAuthorizingRealm) ? "authentication or authorization" : missingAuthenticatingRealm ? "authentication" : "authorization";
throw illegalConfiguration(format("No plugin %s provider loaded even though required by configuration.", missingProvider));
}
return realms;
}
use of org.apache.shiro.realm.Realm in project neo4j by neo4j.
the class LdapCachingTest method setup.
@Before
public void setup() throws Throwable {
SecurityLog securityLog = mock(SecurityLog.class);
InternalFlatFileRealm internalFlatFileRealm = new InternalFlatFileRealm(new InMemoryUserRepository(), new InMemoryRoleRepository(), new BasicPasswordPolicy(), new RateLimitedAuthenticationStrategy(Clock.systemUTC(), 3), mock(JobScheduler.class), new InMemoryUserRepository(), new InMemoryUserRepository());
testRealm = new TestRealm(getLdapConfig(), securityLog, new SecureHasher());
List<Realm> realms = listOf(internalFlatFileRealm, testRealm);
fakeTicker = new FakeTicker();
authManager = new MultiRealmAuthManager(internalFlatFileRealm, realms, new ShiroCaffeineCache.Manager(fakeTicker::read, 100, 10), securityLog, false);
authManager.init();
authManager.start();
authManager.getUserManager().newUser("mike", "123", false);
authManager.getUserManager().newUser("mats", "456", false);
}
Aggregations