org.apache.shiro.realm.text.TextConfigurationRealm Maven / Gradle / Ivy
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.shiro.realm.text;
import org.apache.shiro.authc.SimpleAccount;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.SimpleRole;
import org.apache.shiro.config.ConfigurationException;
import org.apache.shiro.realm.SimpleAccountRealm;
import org.apache.shiro.util.PermissionUtils;
import org.apache.shiro.util.StringUtils;
import java.text.ParseException;
import java.util.*;
/**
* A SimpleAccountRealm that enables text-based configuration of the initial User, Role, and Permission objects
* created at startup.
*
* Each User account definition specifies the username, password, and roles for a user. Each Role definition
* specifies a name and an optional collection of assigned Permissions. Users can be assigned Roles, and Roles can be
* assigned Permissions. By transitive association, each User 'has' all of their Role's Permissions.
*
* User and user-to-role definitions are specified via the {@link #setUserDefinitions} method and
* Role-to-permission definitions are specified via the {@link #setRoleDefinitions} method.
*
* @since 0.9
*/
public class TextConfigurationRealm extends SimpleAccountRealm {
//TODO - complete JavaDoc
private String userDefinitions;
private String roleDefinitions;
public TextConfigurationRealm() {
super();
}
/**
* Will call 'processDefinitions' on startup.
*
* @since 1.2
* @see SHIRO-223
*/
@Override
protected void onInit() {
super.onInit();
processDefinitions();
}
public String getUserDefinitions() {
return userDefinitions;
}
/**
* Sets a newline (\n) delimited String that defines user-to-password-and-role(s) key/value pairs according
* to the following format:
*
* username = password, role1, role2,...
*
* Here are some examples of what these lines might look like:
*
* root = reallyHardToGuessPassword, administrator
* jsmith = jsmithsPassword, manager, engineer, employee
* abrown = abrownsPassword, qa, employee
* djones = djonesPassword, qa, contractor
* guest = guestPassword
*
* @param userDefinitions the user definitions to be parsed and converted to Map.Entry elements
*/
public void setUserDefinitions(String userDefinitions) {
this.userDefinitions = userDefinitions;
}
public String getRoleDefinitions() {
return roleDefinitions;
}
/**
* Sets a newline (\n) delimited String that defines role-to-permission definitions.
*
* Each line within the string must define a role-to-permission(s) key/value mapping with the
* equals character signifies the key/value separation, like so:
*
* rolename = permissionDefinition1, permissionDefinition2, ...
*
* where permissionDefinition is an arbitrary String, but must people will want to use
* Strings that conform to the {@link org.apache.shiro.authz.permission.WildcardPermission WildcardPermission}
* format for ease of use and flexibility. Note that if an individual permissionDefnition needs to
* be internally comma-delimited (e.g. printer:5thFloor:print,info), you will need to surround that
* definition with double quotes (") to avoid parsing errors (e.g.
* "printer:5thFloor:print,info").
*
* NOTE: if you have roles that don't require permission associations, don't include them in this
* definition - just defining the role name in the {@link #setUserDefinitions(String) userDefinitions} is
* enough to create the role if it does not yet exist. This property is really only for configuring realms that
* have one or more assigned Permission.
*
* @param roleDefinitions the role definitions to be parsed at initialization
*/
public void setRoleDefinitions(String roleDefinitions) {
this.roleDefinitions = roleDefinitions;
}
protected void processDefinitions() {
try {
processRoleDefinitions();
processUserDefinitions();
} catch (ParseException e) {
String msg = "Unable to parse user and/or role definitions.";
throw new ConfigurationException(msg, e);
}
}
protected void processRoleDefinitions() throws ParseException {
String roleDefinitions = getRoleDefinitions();
if (roleDefinitions == null) {
return;
}
Map roleDefs = toMap(toLines(roleDefinitions));
processRoleDefinitions(roleDefs);
}
protected void processRoleDefinitions(Map roleDefs) {
if (roleDefs == null || roleDefs.isEmpty()) {
return;
}
for (String rolename : roleDefs.keySet()) {
String value = roleDefs.get(rolename);
SimpleRole role = getRole(rolename);
if (role == null) {
role = new SimpleRole(rolename);
add(role);
}
Set permissions = PermissionUtils.resolveDelimitedPermissions(value, getPermissionResolver());
role.setPermissions(permissions);
}
}
protected void processUserDefinitions() throws ParseException {
String userDefinitions = getUserDefinitions();
if (userDefinitions == null) {
return;
}
Map userDefs = toMap(toLines(userDefinitions));
processUserDefinitions(userDefs);
}
protected void processUserDefinitions(Map userDefs) {
if (userDefs == null || userDefs.isEmpty()) {
return;
}
for (String username : userDefs.keySet()) {
String value = userDefs.get(username);
String[] passwordAndRolesArray = StringUtils.split(value);
String password = passwordAndRolesArray[0];
SimpleAccount account = getUser(username);
if (account == null) {
account = new SimpleAccount(username, password, getName());
add(account);
}
account.setCredentials(password);
if (passwordAndRolesArray.length > 1) {
for (int i = 1; i < passwordAndRolesArray.length; i++) {
String rolename = passwordAndRolesArray[i];
account.addRole(rolename);
SimpleRole role = getRole(rolename);
if (role != null) {
account.addObjectPermissions(role.getPermissions());
}
}
} else {
account.setRoles(null);
}
}
}
protected static Set toLines(String s) {
LinkedHashSet set = new LinkedHashSet();
Scanner scanner = new Scanner(s);
while (scanner.hasNextLine()) {
set.add(scanner.nextLine());
}
return set;
}
protected static Map toMap(Collection keyValuePairs) throws ParseException {
if (keyValuePairs == null || keyValuePairs.isEmpty()) {
return null;
}
Map pairs = new HashMap();
for (String pairString : keyValuePairs) {
String[] pair = StringUtils.splitKeyValue(pairString);
if (pair != null) {
pairs.put(pair[0].trim(), pair[1].trim());
}
}
return pairs;
}
}