• Home
• com.github.dblock.waffle
• waffle-shiro
• 1.6
• source code
• GroupMappingWaffleRealm.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

waffle.shiro.GroupMappingWaffleRealm Maven / Gradle / Ivy

/*******************************************************************************
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 * http://www.eclipse.org/legal/epl-v10.html
 *
 * Contributors:
 *     David M. Carr
 *******************************************************************************/

package waffle.shiro;

import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;

/**
 * A {@link org.apache.shiro.realm.Realm} that authenticates with Active
 * Directory using WAFFLE and assigns roles to users based on a mapping from
 * their groups.  To define permissions based on these roles, set a
 * {@link org.apache.shiro.authz.permission.RolePermissionResolver}.
 */
public class GroupMappingWaffleRealm extends AbstractWaffleRealm {
    private final Map groupRolesMap = new HashMap();

    /**
     * Sets the translation from group names to role names. If not set, the map
     * is empty, resulting in no users getting roles.
     */
    public void setGroupRolesMap(Map groupRolesMap) {
        this.groupRolesMap.clear();
        if (groupRolesMap != null) {
            this.groupRolesMap.putAll(groupRolesMap);
        }
    }

    /**
     * This method is called by to translate group names to role names. This
     * implementation uses the groupRolesMap to map group names to role names.
     *
     * @param groupNames the group names that apply to the current user
     * @return a collection of roles that are implied by the given role names
     * @see #setGroupRolesMap
     */
    protected Collection getRoleNamesForGroups(Collection groupNames) {
        Set roleNames = new HashSet();
        for (String groupName : groupNames) {
            String roleName = groupRolesMap.get(groupName);
            if (roleName != null) {
                roleNames.add(roleName);
            }
        }
        return roleNames;
    }

    /**
     * Builds an {@link AuthorizationInfo} object based on the user's groups.
     * The groups are translated to roles names by using the configured
     * groupRolesMap.
     *
     * @param principal the principal of Subject that is being authorized
     * @return the AuthorizationInfo for the given Subject principal
     *
     * @see #setGroupRolesMap
     * @see #getRoleNamesForGroups
     */
    protected AuthorizationInfo buildAuthorizationInfo(WaffleFqnPrincipal principal) {
        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
        authorizationInfo.addRoles(getRoleNamesForGroups(principal.getGroupFqns()));
        return authorizationInfo;
    }
}