com.manydesigns.portofino.shiro

Class AbstractPortofinoRealm

java.lang.Object

org.apache.shiro.realm.CachingRealm

org.apache.shiro.realm.AuthenticatingRealm

org.apache.shiro.realm.AuthorizingRealm

com.manydesigns.portofino.shiro.AbstractPortofinoRealm

All Implemented Interfaces:

PortofinoRealm, LogoutAware, Authorizer, PermissionResolverAware, RolePermissionResolverAware, CacheManagerAware, Realm, Initializable, Nameable

public abstract class AbstractPortofinoRealm
extends AuthorizingRealm
implements PortofinoRealm

Default implementation of PortofinoRealm. Provides convenient implementations of the interface methods.

Author:

Paolo Predonzani - paolo.predonzani@manydesigns.com, Angelo Lupo - angelo.lupo@manydesigns.com, Giampiero Granatella - giampiero.granatella@manydesigns.com, Alessio Stalla - alessio.stalla@manydesigns.com

Field Summary

Fields

Modifier and Type	Field and Description
static String	copyright
protected PasswordService	passwordService
protected Configuration	portofinoConfiguration

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	AbstractPortofinoRealm()

Method Summary

Methods

Modifier and Type	Method and Description
void	changePassword(Serializable user, String oldPassword, String newPassword) Changes a user's password
AuthorizationInfo	doGetAuthorizationInfo(PrincipalCollection principals) This default implementation handles built-in groups (all, anonymous, registered, etc.), delegating to loadAuthorizationInfo method the actual loading of application-specific groups.
String	generateOneTimeToken(Serializable user) Generates a one-time token, for use in email validation and password reset.
Set<String>	getGroups() Returns the list of groups known to the system.
ClassAccessor	getSelfRegisteredUserClassAccessor() Returns a ClassAccessor that describes the properties which a self-registered user must or can provide to initiate the sign up process.
Serializable	getUserByEmail(String email) Loads a user by email address.
Serializable	getUserById(String encodedUserId) Loads a user by id.
String	getUserPrettyName(Serializable user) Computes a string describing the user, meant to be shown on the UI.
protected Collection<String>	loadAuthorizationInfo(Serializable principal) Loads the groups associated to a given user.
String	saveSelfRegisteredUser(Object user) Saves a self-registered user on the system.
protected void	setup(HashService hashService, HashFormat hashFormat)
void	verifyUser(Serializable user) Marks the user as verified as a consequence of a user's action, e.g.

Methods inherited from class org.apache.shiro.realm.AuthorizingRealm

afterCacheManagerSet, checkPermission, checkPermission, checkPermission, checkPermissions, checkPermissions, checkPermissions, checkRole, checkRole, checkRoles, checkRoles, checkRoles, clearCachedAuthorizationInfo, doClearCache, getAuthorizationCache, getAuthorizationCacheKey, getAuthorizationCacheName, getAuthorizationInfo, getPermissionResolver, getPermissions, getRolePermissionResolver, hasAllRoles, hasRole, hasRole, hasRoles, hasRoles, isAuthorizationCachingEnabled, isPermitted, isPermitted, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, isPermittedAll, onInit, setAuthorizationCache, setAuthorizationCacheName, setAuthorizationCachingEnabled, setName, setPermissionResolver, setRolePermissionResolver

Methods inherited from class org.apache.shiro.realm.AuthenticatingRealm

assertCredentialsMatch, clearCachedAuthenticationInfo, doGetAuthenticationInfo, getAuthenticationCache, getAuthenticationCacheKey, getAuthenticationCacheKey, getAuthenticationCacheName, getAuthenticationInfo, getAuthenticationTokenClass, getCredentialsMatcher, init, isAuthenticationCachingEnabled, isAuthenticationCachingEnabled, setAuthenticationCache, setAuthenticationCacheName, setAuthenticationCachingEnabled, setAuthenticationTokenClass, setCredentialsMatcher, supports

Methods inherited from class org.apache.shiro.realm.CachingRealm

clearCache, getAvailablePrincipal, getCacheManager, getName, isCachingEnabled, onLogout, setCacheManager, setCachingEnabled

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.manydesigns.portofino.shiro.PortofinoRealm

encryptPassword, getUserId, getUsers

Methods inherited from interface org.apache.shiro.realm.Realm

getAuthenticationInfo, getName, supports

Methods inherited from interface org.apache.shiro.authz.Authorizer

checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll

Methods inherited from interface org.apache.shiro.cache.CacheManagerAware

setCacheManager

Methods inherited from interface org.apache.shiro.util.Initializable

init

Field Detail

copyright

public static final String copyright

See Also:

Constant Field Values

portofinoConfiguration

protected Configuration portofinoConfiguration

passwordService

protected PasswordService passwordService

Constructor Detail

AbstractPortofinoRealm

protected AbstractPortofinoRealm()

Method Detail

doGetAuthorizationInfo

public AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals)

This default implementation handles built-in groups (all, anonymous, registered, etc.), delegating to loadAuthorizationInfo method the actual loading of application-specific groups.

Specified by:

doGetAuthorizationInfo in class AuthorizingRealm

Returns:

loadAuthorizationInfo

protected Collection<String> loadAuthorizationInfo(Serializable principal)

Loads the groups associated to a given user.

Parameters:

principal - the user object.

Returns:

the groups as a collection of strings.

getGroups

public Set<String> getGroups()

Returns the list of groups known to the system. This is used by the framework when presenting a list of possible groups, e.g. when configuring permissions for a page.

This default implementation returns the built-in groups (all, anonymous, registered, administrators). You can override it to add custom groups for your application.

Specified by:

getGroups in interface PortofinoRealm

Returns:

getUserById

public Serializable getUserById(String encodedUserId)

Description copied from interface: PortofinoRealm

Loads a user by id. The id depends on the application's security implementation: it can be, for example, a primary key in a database table, or a path in a LDAP directory.

Specified by:

getUserById in interface PortofinoRealm

Parameters:

encodedUserId - the user id as a String. The security implementation is expected to convert the String to a value of the appropriate type.

Returns:

the user object.

getUserByEmail

public Serializable getUserByEmail(String email)

Description copied from interface: PortofinoRealm

Loads a user by email address. Used by the reset password implementation.

Specified by:

getUserByEmail in interface PortofinoRealm

Parameters:

email - the email address of the user.

Returns:

the user object.

getSelfRegisteredUserClassAccessor

public ClassAccessor getSelfRegisteredUserClassAccessor()

Description copied from interface: PortofinoRealm

Returns a ClassAccessor that describes the properties which a self-registered user must or can provide to initiate the sign up process.

Specified by:

getSelfRegisteredUserClassAccessor in interface PortofinoRealm

Returns:

the ClassAccessor.

getUserPrettyName

public String getUserPrettyName(Serializable user)

Description copied from interface: PortofinoRealm

Computes a string describing the user, meant to be shown on the UI. For example, a username, an email address, a name, etc.

Specified by:

getUserPrettyName in interface PortofinoRealm

Parameters:

user - the user's primary principal (as returned by loadAuthenticationInfo()).

Returns:

the pretty name.

verifyUser

public void verifyUser(Serializable user)

Description copied from interface: PortofinoRealm

Marks the user as verified as a consequence of a user's action, e.g. clicking on a verification email or entering a verification code. This method is called in during the user's self-registration process.

Specified by:

verifyUser in interface PortofinoRealm

Parameters:

user - the user object.

changePassword

public void changePassword(Serializable user,
                  String oldPassword,
                  String newPassword)

Description copied from interface: PortofinoRealm

Changes a user's password

Specified by:

changePassword in interface PortofinoRealm

Parameters:

user - the user object.

oldPassword - the old password provided by the user. Must match with the stored one.

newPassword - the new password.

generateOneTimeToken

public String generateOneTimeToken(Serializable user)

Description copied from interface: PortofinoRealm

Generates a one-time token, for use in email validation and password reset. Unlike a password, which needs to be associated to a login to be a ShiroToken, a one-time token is valid ShiroToken.

Specified by:

generateOneTimeToken in interface PortofinoRealm

Parameters:

user - the user object.

Returns:

the one-time token

saveSelfRegisteredUser

public String saveSelfRegisteredUser(Object user)

Description copied from interface: PortofinoRealm

Saves a self-registered user on the system. The user should be in a invalid state (cannot log in) until he or she confirms registration providing a token (typically by clicking a link in an email message).

Specified by:

saveSelfRegisteredUser in interface PortofinoRealm

Parameters:

user - the user object to save. It is the same kind of object known by getSelfRegisteredUserClassAccessor().

Returns:

the unique token necessary to confirm the registration.

setup

protected void setup(HashService hashService,
         HashFormat hashFormat)