Coverage Report

Coverage Report - org.apache.shiro.SecurityUtils

Classes in this File

Line Coverage

Branch Coverage

Complexity

SecurityUtils

93%

14/15

100%

6/6

2.333

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.shiro;
 
 import org.apache.shiro.mgt.SecurityManager;
 import org.apache.shiro.subject.Subject;
 import org.apache.shiro.util.ThreadContext;
 
 
 /**
  * Accesses the currently accessible {@code Subject} for the calling code depending on runtime environment.
  *
  * @since 0.2
  */
 public abstract class SecurityUtils {
 
     /**
      * ONLY used as a 'backup' in VM Singleton environments (that is, standalone environments), since the
      * ThreadContext should always be the primary source for Subject instances when possible.
      */
     private static SecurityManager securityManager;
 
     /**
      * Returns the currently accessible {@code Subject} available to the calling code depending on
      * runtime environment.
      * <p/>
      * This method is provided as a way of obtaining a {@code Subject} without having to resort to
      * implementation-specific methods.  It also allows the Shiro team to change the underlying implementation of
      * this method in the future depending on requirements/updates without affecting your code that uses it.
      *
      * @return the currently accessible {@code Subject} accessible to the calling code.
      * @throws IllegalStateException if no {@link Subject Subject} instance or
      *                               {@link SecurityManager SecurityManager} instance is available with which to obtain
      *                               a {@code Subject}, which which is considered an invalid application configuration
      *                               - a Subject should <em>always</em> be available to the caller.
      */
     public static Subject getSubject() {
         Subject subject = ThreadContext.getSubject();
         if (subject == null) {
             subject = (new Subject.Builder()).buildSubject();
             ThreadContext.bind(subject);
         }
         return subject;
     }
 
     /**
      * Sets a VM (static) singleton SecurityManager, specifically for transparent use in the
      * {@link #getSubject() getSubject()} implementation.
      * <p/>
      * <b>This method call exists mainly for framework development support.  Application developers should rarely,
      * if ever, need to call this method.</b>
      * <p/>
      * The Shiro development team prefers that SecurityManager instances are non-static application singletons
      * and <em>not</em> VM static singletons.  Application singletons that do not use static memory require some sort
      * of application configuration framework to maintain the application-wide SecurityManager instance for you
      * (for example, Spring or EJB3 environments) such that the object reference does not need to be static.
      * <p/>
      * In these environments, Shiro acquires Subject data based on the currently executing Thread via its own
      * framework integration code, and this is the preferred way to use Shiro.
      * <p/>
      * However in some environments, such as a standalone desktop application or Applets that do not use Spring or
      * EJB or similar config frameworks, a VM-singleton might make more sense (although the former is still preferred).
      * In these environments, setting the SecurityManager via this method will automatically enable the
      * {@link #getSubject() getSubject()} call to function with little configuration.
      * <p/>
      * For example, in these environments, this will work:
      * <pre>
      * DefaultSecurityManager securityManager = new {@link org.apache.shiro.mgt.DefaultSecurityManager DefaultSecurityManager}();
      * securityManager.setRealms( ... ); //one or more Realms
      * <b>SecurityUtils.setSecurityManager( securityManager );</b></pre>
      * <p/>
      * And then anywhere in the application code, the following call will return the application's Subject:
      * <pre>
      * Subject currentUser = SecurityUtils.getSubject();</pre>
      *
      * @param securityManager the securityManager instance to set as a VM static singleton.
      */
     public static void setSecurityManager(SecurityManager securityManager) {
         SecurityUtils.securityManager = securityManager;
     }
 
     /**
      * Returns the SecurityManager accessible to the calling code.
      * <p/>
      * This implementation favors acquiring a thread-bound {@code SecurityManager} if it can find one.  If one is
      * not available to the executing thread, it will attempt to use the static singleton if available (see the
      * {@link #setSecurityManager setSecurityManager} method for more on the static singleton).
      * <p/>
      * If neither the thread-local or static singleton instances are available, this method throws an
      * {@code UnavailableSecurityManagerException} to indicate an error - a SecurityManager should always be accessible
      * to calling code in an application. If it is not, it is likely due to a Shiro configuration problem.
      *
      * @return the SecurityManager accessible to the calling code.
      * @throws UnavailableSecurityManagerException
      *          if there is no {@code SecurityManager} instance available to the
      *          calling code, which typically indicates an invalid application configuration.
      */
     public static SecurityManager getSecurityManager() throws UnavailableSecurityManagerException {
         SecurityManager securityManager = ThreadContext.getSecurityManager();
         if (securityManager == null) {
             securityManager = SecurityUtils.securityManager;
         }
         if (securityManager == null) {
             String msg = "No SecurityManager accessible to the calling code, either bound to the " +
                     ThreadContext.class.getName() + " or as a vm static singleton.  This is an invalid application " +
                     "configuration.";
             throw new UnavailableSecurityManagerException(msg);
         }
         return securityManager;
     }
 }

1		/*
2		* Licensed to the Apache Software Foundation (ASF) under one
3		* or more contributor license agreements. See the NOTICE file
4		* distributed with this work for additional information
5		* regarding copyright ownership. The ASF licenses this file
6		* to you under the Apache License, Version 2.0 (the
7		* "License"); you may not use this file except in compliance
8		* with the License. You may obtain a copy of the License at
9		*
10		* http://www.apache.org/licenses/LICENSE-2.0
11		*
12		* Unless required by applicable law or agreed to in writing,
13		* software distributed under the License is distributed on an
14		* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15		* KIND, either express or implied. See the License for the
16		* specific language governing permissions and limitations
17		* under the License.
18		*/
19		package org.apache.shiro;
20
21		import org.apache.shiro.mgt.SecurityManager;
22		import org.apache.shiro.subject.Subject;
23		import org.apache.shiro.util.ThreadContext;
24
25
26		/**
27		* Accesses the currently accessible {@code Subject} for the calling code depending on runtime environment.
28		*
29		* @since 0.2
30		*/
31	0	public abstract class SecurityUtils {
32
33		/**
34		* ONLY used as a 'backup' in VM Singleton environments (that is, standalone environments), since the
35		* ThreadContext should always be the primary source for Subject instances when possible.
36		*/
37		private static SecurityManager securityManager;
38
39		/**
40		* Returns the currently accessible {@code Subject} available to the calling code depending on
41		* runtime environment.
42		* <p/>
43		* This method is provided as a way of obtaining a {@code Subject} without having to resort to
44		* implementation-specific methods. It also allows the Shiro team to change the underlying implementation of
45		* this method in the future depending on requirements/updates without affecting your code that uses it.
46		*
47		* @return the currently accessible {@code Subject} accessible to the calling code.
48		* @throws IllegalStateException if no {@link Subject Subject} instance or
49		* {@link SecurityManager SecurityManager} instance is available with which to obtain
50		* a {@code Subject}, which which is considered an invalid application configuration
51		* - a Subject should <em>always</em> be available to the caller.
52		*/
53		public static Subject getSubject() {
54	23	Subject subject = ThreadContext.getSubject();
55	23	if (subject == null) {
56	12	subject = (new Subject.Builder()).buildSubject();
57	12	ThreadContext.bind(subject);
58		}
59	23	return subject;
60		}
61
62		/**
63		* Sets a VM (static) singleton SecurityManager, specifically for transparent use in the
64		* {@link #getSubject() getSubject()} implementation.
65		* <p/>
66		* <b>This method call exists mainly for framework development support. Application developers should rarely,
67		* if ever, need to call this method.</b>
68		* <p/>
69		* The Shiro development team prefers that SecurityManager instances are non-static application singletons
70		* and <em>not</em> VM static singletons. Application singletons that do not use static memory require some sort
71		* of application configuration framework to maintain the application-wide SecurityManager instance for you
72		* (for example, Spring or EJB3 environments) such that the object reference does not need to be static.
73		* <p/>
74		* In these environments, Shiro acquires Subject data based on the currently executing Thread via its own
75		* framework integration code, and this is the preferred way to use Shiro.
76		* <p/>
77		* However in some environments, such as a standalone desktop application or Applets that do not use Spring or
78		* EJB or similar config frameworks, a VM-singleton might make more sense (although the former is still preferred).
79		* In these environments, setting the SecurityManager via this method will automatically enable the
80		* {@link #getSubject() getSubject()} call to function with little configuration.
81		* <p/>
82		* For example, in these environments, this will work:
83		* <pre>
84		* DefaultSecurityManager securityManager = new {@link org.apache.shiro.mgt.DefaultSecurityManager DefaultSecurityManager}();
85		* securityManager.setRealms( ... ); //one or more Realms
86		* <b>SecurityUtils.setSecurityManager( securityManager );</b></pre>
87		* <p/>
88		* And then anywhere in the application code, the following call will return the application's Subject:
89		* <pre>
90		* Subject currentUser = SecurityUtils.getSubject();</pre>
91		*
92		* @param securityManager the securityManager instance to set as a VM static singleton.
93		*/
94		public static void setSecurityManager(SecurityManager securityManager) {
95	35	SecurityUtils.securityManager = securityManager;
96	35	}
97
98		/**
99		* Returns the SecurityManager accessible to the calling code.
100		* <p/>
101		* This implementation favors acquiring a thread-bound {@code SecurityManager} if it can find one. If one is
102		* not available to the executing thread, it will attempt to use the static singleton if available (see the
103		* {@link #setSecurityManager setSecurityManager} method for more on the static singleton).
104		* <p/>
105		* If neither the thread-local or static singleton instances are available, this method throws an
106		* {@code UnavailableSecurityManagerException} to indicate an error - a SecurityManager should always be accessible
107		* to calling code in an application. If it is not, it is likely due to a Shiro configuration problem.
108		*
109		* @return the SecurityManager accessible to the calling code.
110		* @throws UnavailableSecurityManagerException
111		* if there is no {@code SecurityManager} instance available to the
112		* calling code, which typically indicates an invalid application configuration.
113		*/
114		public static SecurityManager getSecurityManager() throws UnavailableSecurityManagerException {
115	47	SecurityManager securityManager = ThreadContext.getSecurityManager();
116	47	if (securityManager == null) {
117	36	securityManager = SecurityUtils.securityManager;
118		}
119	47	if (securityManager == null) {
120	5	String msg = "No SecurityManager accessible to the calling code, either bound to the " +
121		ThreadContext.class.getName() + " or as a vm static singleton. This is an invalid application " +
122		"configuration.";
123	5	throw new UnavailableSecurityManagerException(msg);
124		}
125	42	return securityManager;
126		}
127		}