com.manydesigns.portofino.shiro

Class SecurityGroovyRealm

java.lang.Object

com.manydesigns.portofino.shiro.SecurityGroovyRealm

All Implemented Interfaces:

PortofinoRealm, Authorizer, CacheManagerAware, Realm, Destroyable

public class SecurityGroovyRealm
extends Object
implements PortofinoRealm, Destroyable

Realm implementation that delegates to another class, written in Groovy and dynamically reloaded.

Author:

Paolo Predonzani - paolo.predonzani@manydesigns.com, Angelo Lupo - angelo.lupo@manydesigns.com, Giampiero Granatella - giampiero.granatella@manydesigns.com, Alessio Stalla - alessio.stalla@manydesigns.com

Field Summary

Fields

Modifier and Type	Field and Description
protected CacheManager	cacheManager
static String	copyright
protected boolean	destroyed
protected GroovyScriptEngine	groovyScriptEngine
static org.slf4j.Logger	logger
protected String	scriptUrl
protected PortofinoRealm	security
protected ServletContext	servletContext

Constructor Summary

Constructors

Constructor and Description
SecurityGroovyRealm(GroovyScriptEngine groovyScriptEngine, String scriptUrl, ServletContext servletContext)

Method Summary

Methods

Modifier and Type	Method and Description
void	changePassword(Serializable user, String oldPassword, String newPassword) Changes a user's password
void	checkPermission(PrincipalCollection subjectPrincipal, Permission permission)
void	checkPermission(PrincipalCollection subjectPrincipal, String permission)
void	checkPermissions(PrincipalCollection subjectPrincipal, Collection<Permission> permissions)
void	checkPermissions(PrincipalCollection subjectPrincipal, String... permissions)
void	checkRole(PrincipalCollection subjectPrincipal, String roleIdentifier)
void	checkRoles(PrincipalCollection subjectPrincipal, Collection<String> roleIdentifiers)
void	checkRoles(PrincipalCollection subjectPrincipal, String... roleIdentifiers)
protected void	configureDelegate(PortofinoRealm security)
void	destroy()
String	encryptPassword(String password) Returns an encrypted or hashed password.
String	generateOneTimeToken(Serializable user) Generates a one-time token, for use in email validation and password reset.
AuthenticationInfo	getAuthenticationInfo(AuthenticationToken token)
Set<String>	getGroups() Returns the list of groups known to the system.
String	getName()
ClassAccessor	getSelfRegisteredUserClassAccessor() Returns a ClassAccessor that describes the properties which a self-registered user must or can provide to initiate the sign up process.
Serializable	getUserByEmail(String email) Loads a user by email address.
Serializable	getUserById(String encodedUserId) Loads a user by id.
Serializable	getUserId(Serializable user) Extracts a value that uniquely identifies the user.
String	getUserPrettyName(Serializable user) Computes a string describing the user, meant to be shown on the UI.
Map<Serializable,String>	getUsers() Returns the list of users known to the system.
boolean	hasAllRoles(PrincipalCollection subjectPrincipal, Collection<String> roleIdentifiers)
boolean	hasRole(PrincipalCollection subjectPrincipal, String roleIdentifier)
boolean[]	hasRoles(PrincipalCollection subjectPrincipal, List<String> roleIdentifiers)
boolean[]	isPermitted(PrincipalCollection subjectPrincipal, List<Permission> permissions)
boolean	isPermitted(PrincipalCollection subjectPrincipal, Permission permission)
boolean[]	isPermitted(PrincipalCollection subjectPrincipal, String... permissions)
boolean	isPermitted(PrincipalCollection principals, String permission)
boolean	isPermittedAll(PrincipalCollection subjectPrincipal, Collection<Permission> permissions)
boolean	isPermittedAll(PrincipalCollection subjectPrincipal, String... permissions)
String	saveSelfRegisteredUser(Object user) Saves a self-registered user on the system.
void	setCacheManager(CacheManager cacheManager)
boolean	supports(AuthenticationToken token)
void	verifyUser(Serializable user) Marks the user as verified as a consequence of a user's action, e.g.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

copyright

public static final String copyright

See Also:

Constant Field Values

logger

public static final org.slf4j.Logger logger

groovyScriptEngine

protected final GroovyScriptEngine groovyScriptEngine

scriptUrl

protected final String scriptUrl

servletContext

protected final ServletContext servletContext

security

protected volatile PortofinoRealm security

destroyed

protected volatile boolean destroyed

cacheManager

protected CacheManager cacheManager

Constructor Detail

SecurityGroovyRealm

public SecurityGroovyRealm(GroovyScriptEngine groovyScriptEngine,
                   String scriptUrl,
                   ServletContext servletContext)
                    throws ScriptException,
                           ResourceException,
                           InstantiationException,
                           IllegalAccessException

Throws:

ScriptException

ResourceException

InstantiationException

IllegalAccessException

Method Detail

configureDelegate

protected void configureDelegate(PortofinoRealm security)

verifyUser

public void verifyUser(Serializable user)

Description copied from interface: PortofinoRealm

Marks the user as verified as a consequence of a user's action, e.g. clicking on a verification email or entering a verification code. This method is called in during the user's self-registration process.

Specified by:

verifyUser in interface PortofinoRealm

Parameters:

user - the user object.

changePassword

public void changePassword(Serializable user,
                  String oldPassword,
                  String newPassword)

Description copied from interface: PortofinoRealm

Changes a user's password

Specified by:

changePassword in interface PortofinoRealm

Parameters:

user - the user object.

oldPassword - the old password provided by the user. Must match with the stored one.

newPassword - the new password.

generateOneTimeToken

public String generateOneTimeToken(Serializable user)

Description copied from interface: PortofinoRealm

Generates a one-time token, for use in email validation and password reset. Unlike a password, which needs to be associated to a login to be a ShiroToken, a one-time token is valid ShiroToken.

Specified by:

generateOneTimeToken in interface PortofinoRealm

Parameters:

user - the user object.

Returns:

the one-time token

encryptPassword

public String encryptPassword(String password)

Description copied from interface: PortofinoRealm

Returns an encrypted or hashed password.

Specified by:

encryptPassword in interface PortofinoRealm

Parameters:

password - the plaintext password.

Returns:

the encrypted password.

getUsers

public Map<Serializable,String> getUsers()

Description copied from interface: PortofinoRealm

Returns the list of users known to the system. This is used by the framework when presenting a list of possible users, e.g. when configuring permissions for a page.

Specified by:

getUsers in interface PortofinoRealm

Returns:

a map of user id -> pretty name. The pretty name might be the username, email address, full name, etc.

getUserById

public Serializable getUserById(String encodedUserId)

Description copied from interface: PortofinoRealm

Loads a user by id. The id depends on the application's security implementation: it can be, for example, a primary key in a database table, or a path in a LDAP directory.

Specified by:

getUserById in interface PortofinoRealm

Parameters:

encodedUserId - the user id as a String. The security implementation is expected to convert the String to a value of the appropriate type.

Returns:

the user object.

getUserByEmail

public Serializable getUserByEmail(String email)

Description copied from interface: PortofinoRealm

Loads a user by email address. Used by the reset password implementation.

Specified by:

getUserByEmail in interface PortofinoRealm

Parameters:

email - the email address of the user.

Returns:

the user object.

getSelfRegisteredUserClassAccessor

public ClassAccessor getSelfRegisteredUserClassAccessor()

Description copied from interface: PortofinoRealm

Returns a ClassAccessor that describes the properties which a self-registered user must or can provide to initiate the sign up process.

Specified by:

getSelfRegisteredUserClassAccessor in interface PortofinoRealm

Returns:

the ClassAccessor.

saveSelfRegisteredUser

public String saveSelfRegisteredUser(Object user)

Description copied from interface: PortofinoRealm

Saves a self-registered user on the system. The user should be in a invalid state (cannot log in) until he or she confirms registration providing a token (typically by clicking a link in an email message).

Specified by:

saveSelfRegisteredUser in interface PortofinoRealm

Parameters:

user - the user object to save. It is the same kind of object known by getSelfRegisteredUserClassAccessor().

Returns:

the unique token necessary to confirm the registration.

getUserPrettyName

public String getUserPrettyName(Serializable user)

Description copied from interface: PortofinoRealm

Computes a string describing the user, meant to be shown on the UI. For example, a username, an email address, a name, etc.

Specified by:

getUserPrettyName in interface PortofinoRealm

Parameters:

user - the user's primary principal (as returned by loadAuthenticationInfo()).

Returns:

the pretty name.

getUserId

public Serializable getUserId(Serializable user)

Description copied from interface: PortofinoRealm

Extracts a value that uniquely identifies the user. For example, a database ID.

Specified by:

getUserId in interface PortofinoRealm

Parameters:

user - the user's primary principal (as returned by loadAuthenticationInfo()).

Returns:

the user id.

getGroups

public Set<String> getGroups()

Description copied from interface: PortofinoRealm

Returns the list of groups known to the system. This is used by the framework when presenting a list of possible groups, e.g. when configuring permissions for a page.

Specified by:

getGroups in interface PortofinoRealm

Returns:

a set of groups.

getName

public String getName()

Specified by:

getName in interface Realm

supports

public boolean supports(AuthenticationToken token)

Specified by:

supports in interface Realm

getAuthenticationInfo

public AuthenticationInfo getAuthenticationInfo(AuthenticationToken token)
                                         throws AuthenticationException

Specified by:

getAuthenticationInfo in interface Realm

Throws:

AuthenticationException

isPermitted

public boolean isPermitted(PrincipalCollection principals,
                  String permission)

Specified by:

isPermitted in interface Authorizer

isPermitted

public boolean isPermitted(PrincipalCollection subjectPrincipal,
                  Permission permission)

Specified by:

isPermitted in interface Authorizer

isPermitted

public boolean[] isPermitted(PrincipalCollection subjectPrincipal,
                    String... permissions)

Specified by:

isPermitted in interface Authorizer

isPermitted

public boolean[] isPermitted(PrincipalCollection subjectPrincipal,
                    List<Permission> permissions)

Specified by:

isPermitted in interface Authorizer

isPermittedAll

public boolean isPermittedAll(PrincipalCollection subjectPrincipal,
                     String... permissions)

Specified by:

isPermittedAll in interface Authorizer

isPermittedAll

public boolean isPermittedAll(PrincipalCollection subjectPrincipal,
                     Collection<Permission> permissions)

Specified by:

isPermittedAll in interface Authorizer

checkPermission

public void checkPermission(PrincipalCollection subjectPrincipal,
                   String permission)
                     throws AuthorizationException

Specified by:

checkPermission in interface Authorizer

Throws:

AuthorizationException

checkPermission

public void checkPermission(PrincipalCollection subjectPrincipal,
                   Permission permission)
                     throws AuthorizationException

Specified by:

checkPermission in interface Authorizer

Throws:

AuthorizationException

checkPermissions

public void checkPermissions(PrincipalCollection subjectPrincipal,
                    String... permissions)
                      throws AuthorizationException

Specified by:

checkPermissions in interface Authorizer

Throws:

AuthorizationException

checkPermissions

public void checkPermissions(PrincipalCollection subjectPrincipal,
                    Collection<Permission> permissions)
                      throws AuthorizationException

Specified by:

checkPermissions in interface Authorizer

Throws:

AuthorizationException

hasRole

public boolean hasRole(PrincipalCollection subjectPrincipal,
              String roleIdentifier)

Specified by:

hasRole in interface Authorizer

hasRoles

public boolean[] hasRoles(PrincipalCollection subjectPrincipal,
                 List<String> roleIdentifiers)

Specified by:

hasRoles in interface Authorizer

hasAllRoles

public boolean hasAllRoles(PrincipalCollection subjectPrincipal,
                  Collection<String> roleIdentifiers)

Specified by:

hasAllRoles in interface Authorizer

checkRole

public void checkRole(PrincipalCollection subjectPrincipal,
             String roleIdentifier)
               throws AuthorizationException

Specified by:

checkRole in interface Authorizer

Throws:

AuthorizationException

checkRoles

public void checkRoles(PrincipalCollection subjectPrincipal,
              Collection<String> roleIdentifiers)
                throws AuthorizationException

Specified by:

checkRoles in interface Authorizer

Throws:

AuthorizationException

checkRoles

public void checkRoles(PrincipalCollection subjectPrincipal,
              String... roleIdentifiers)
                throws AuthorizationException

Specified by:

checkRoles in interface Authorizer

Throws:

AuthorizationException

setCacheManager

public void setCacheManager(CacheManager cacheManager)

Specified by:

setCacheManager in interface CacheManagerAware

destroy

public void destroy()

Specified by:

destroy in interface Destroyable