/*

  * Licensed to the Apache Software Foundation (ASF) under one

  * or more contributor license agreements.  See the NOTICE file

  * distributed with this work for additional information

  * regarding copyright ownership.  The ASF licenses this file

  * to you under the Apache License, Version 2.0 (the

  * "License"); you may not use this file except in compliance

  * with the License.  You may obtain a copy of the License at

  *

  *     http://www.apache.org/licenses/LICENSE-2.0

  *

  * Unless required by applicable law or agreed to in writing,

  * software distributed under the License is distributed on an

  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

  * KIND, either express or implied.  See the License for the

  * specific language governing permissions and limitations

  * under the License.

  */

 package org.apache.shiro.web.servlet;

 import org.apache.shiro.config.ConfigurationException;

 import org.apache.shiro.config.Ini;

 import org.apache.shiro.config.IniFactorySupport;

 import org.apache.shiro.io.ResourceUtils;

 import org.apache.shiro.mgt.SecurityManager;

 import org.apache.shiro.util.CollectionUtils;

 import org.apache.shiro.util.StringUtils;

 import org.apache.shiro.web.config.IniFilterChainResolverFactory;

 import org.apache.shiro.web.config.WebIniSecurityManagerFactory;

 import org.apache.shiro.web.filter.mgt.FilterChainResolver;

 import org.apache.shiro.web.mgt.WebSecurityManager;

 import org.apache.shiro.web.util.WebUtils;

 import org.slf4j.Logger;

 import org.slf4j.LoggerFactory;

 import java.io.InputStream;

 import java.util.Map;

 /**

  * <h1>Deprecated</h1>

  * This filter has been deprecated as of Shiro 1.2 in favor of using the {@link ShiroFilter} in {@code web.xml} instead.

  * See the {@link ShiroFilter} JavaDoc for usage.

  * <p/>

  * ======================

  * <p/>

  * Servlet Filter that configures and enables all Shiro functions within a web application by using the

  * <a href="http://en.wikipedia.org/wiki/INI_file">INI</a> configuration format.

  * <p/>

  * The actual INI configuration contents are not covered here, but instead in Shiro's

  * <a href="http://shiro.apache.org/configuration.html">Configuration Documentation</a> and additional web-specific

  * <a href="http://shiro.apache.org/web.html">Web Documentation</a>.

  * <h2>Usage</h2>

  * <h3>Default</h3>

  * By default, the simplest filter declaration expects a {@code shiro.ini} resource to be located at

  * {@code /WEB-INF/shiro.ini}, or, if not there, falls back to checking the root of the classpath

  * (i.e. {@code classpath:shiro.ini}):

  * <pre>

  * <filter>

  *     <filter-name>ShiroFilter</filter-name>

  *     <filter-class>org.apache.shiro.web.servlet.IniShiroFilter</filter-class>

  * </filter>

  * </pre>

  * <h3>Custom Path</h3>

  * If you want the INI configuration to be somewhere other than {@code /WEB-INF/shiro.ini} or

  * {@code classpath:shiro.ini}, you may specify an alternate location via the {@code configPath init-param}:

  * <pre>

  * <filter>

  *     <filter-name>ShiroFilter</filter-name>

  *     <filter-class>org.apache.shiro.web.servlet.IniShiroFilter</filter-class>

  *     <init-param>

  *         <param-name>configPath</param-name>

  *         <param-value>/WEB-INF/someFile.ini</param-value>

  *     </init-param>

  * </filter>

  * </pre>

  * Unqualified (schemeless or 'non-prefixed') paths are assumed to be {@code ServletContext} resource paths, resolvable

  * via {@link javax.servlet.ServletContext#getResourceAsStream(String) ServletContext#getResourceAsStream}.

  * <p/>

  * Non-ServletContext resources may be loaded from qualified locations by specifying prefixes indicating the source,

  * e.g. {@code file:}, {@code url:}, and {@code classpath:}.  See the

  * {@link ResourceUtils#getInputStreamForPath(String)} JavaDoc for more.

  * <h3>Inline</h3>

  * For relatively simple environments, you can embed the INI config directly inside the filter declaration with

  * the {@code config init-param}:

  * <pre>

  * <filter>

  *     <filter-name>ShiroFilter</filter-name>

  *     <filter-class>org.apache.shiro.web.servlet.IniShiroFilter</filter-class>

  *     <init-param>

  *         <param-name>config</param-name>

  *         <param-value>

  *             #INI config goes here...

  *      </param-value>

  *     </init-param>

  * </filter>

  * </pre>

  * Although this is typically not recommended because any Shiro configuration changes would contribute to version control

  * 'noise' in the web.xml file.

  * <p/>

  * When creating the shiro.ini configuration itself, please see Shiro's

  * <a href="http://shiro.apache.org/configuration.html">Configuration Documentation</a> and

  * <a href="http://shiro.apache.org/web.html">Web Documentation</a>.

  *

  * @see <a href="http://shiro.apache.org/configuration.html">Apache Shiro INI Configuration</a>

  * @see <a href="http://shiro.apache.org/web.html">Apache Shiro Web Documentation</a>

  * @since 1.0

  * @deprecated in 1.2 in favor of using the {@link ShiroFilter}

  */

 @Deprecated

 public class IniShiroFilter extends AbstractShiroFilter {

     public static final String CONFIG_INIT_PARAM_NAME = "config";

     public static final String CONFIG_PATH_INIT_PARAM_NAME = "configPath";

     public static final String DEFAULT_WEB_INI_RESOURCE_PATH = "/WEB-INF/shiro.ini";

     private static final Logger log = LoggerFactory.getLogger(IniShiroFilter.class);

     private String config;

     private String configPath;

     public IniShiroFilter() {

     }

     /**

      * Returns the actual INI configuration text to use to build the {@link SecurityManager} and

      * {@link FilterChainResolver} used by the web application or {@code null} if the

      * {@link #getConfigPath() configPath} should be used to load a fallback INI source.

      * <p/>

      * This value is {@code null} by default, but it will be automatically set to the value of the

      * '{@code config}' {@code init-param} if it exists in the {@code FilterConfig} provided by the servlet

      * container at startup.

      *

      * @return the actual INI configuration text to use to build the {@link SecurityManager} and

      *         {@link FilterChainResolver} used by the web application or {@code null} if the

      *         {@link #getConfigPath() configPath} should be used to load a fallback INI source.

      */

     public String getConfig() {

         return this.config;

     }

     /**

      * Sets the actual INI configuration text to use to build the {@link SecurityManager} and

      * {@link FilterChainResolver} used by the web application.  If this value is {@code null}, the

      * {@link #getConfigPath() configPath} will be checked to see if a .ini file should be loaded instead.

      * <p/>

      * This value is {@code null} by default, but it will be automatically set to the value of the

      * '{@code config}' {@code init-param} if it exists in the {@code FilterConfig} provided by the servlet

      * container at startup.

      *

      * @param config the actual INI configuration text to use to build the {@link SecurityManager} and

      *               {@link FilterChainResolver} used by the web application.

      */

     public void setConfig(String config) {

         this.config = config;

     }

     /**

      * Returns the config path to be used to load a .ini file for configuration if a configuration is

      * not specified via the {@link #getConfig() config} attribute.

      * <p/>

      * This value is {@code null} by default, but it will be automatically set to the value of the

      * '{@code configPath}' {@code init-param} if it exists in the {@code FilterConfig} provided by the servlet

      * container at startup.

      *

      * @return the config path to be used to load a .ini file for configuration if a configuration is

      *         not specified via the {@link #getConfig() config} attribute.

      */

     public String getConfigPath() {

         return configPath;

     }

     /**

      * Sets the config path to be used to load a .ini file for configuration if a configuration is

      * not specified via the {@link #getConfig() config} attribute.

      * <p/>

      * This value is {@code null} by default, but it will be automatically set to the value of the

      * '{@code configPath}' {@code init-param} if it exists in the {@code FilterConfig} provided by the servlet

      * container at startup.

      *

      * @param configPath the config path to be used to load a .ini file for configuration if a configuration is

      *                   not specified via the {@link #getConfig() config} attribute.

      */

     public void setConfigPath(String configPath) {

         this.configPath = StringUtils.clean(configPath);

     }

     public void init() throws Exception {

         applyInitParams();

         configure();

     }

     protected void applyInitParams() throws Exception {

         String config = getInitParam(CONFIG_INIT_PARAM_NAME);

         if (config != null) {

             setConfig(config);

         }

         String configPath = getInitParam(CONFIG_PATH_INIT_PARAM_NAME);

         if (configPath != null) {

             setConfigPath(configPath);

         }

     }

     protected void configure() throws Exception {

         Ini ini = loadIniFromConfig();

         if (CollectionUtils.isEmpty(ini)) {

             log.info("Null or empty configuration specified via 'config' init-param.  " +

                     "Checking path-based configuration.");

             ini = loadIniFromPath();

         }

         //added for SHIRO-178:

         if (CollectionUtils.isEmpty(ini)) {

             log.info("Null or empty configuration specified via '" + CONFIG_INIT_PARAM_NAME + "' or '" +

                     CONFIG_PATH_INIT_PARAM_NAME + "' filter parameters.  Trying the default " +

                     DEFAULT_WEB_INI_RESOURCE_PATH + " file.");

             ini = getServletContextIniResource(DEFAULT_WEB_INI_RESOURCE_PATH);

         }

         //although the preferred default is /WEB-INF/shiro.ini per SHIRO-178, keep this

         //for backwards compatibility:

         if (CollectionUtils.isEmpty(ini)) {

             log.info("Null or empty configuration specified via '" + CONFIG_INIT_PARAM_NAME + "' or '" +

                     CONFIG_PATH_INIT_PARAM_NAME + "' filter parameters.  Trying the default " +

                     IniFactorySupport.DEFAULT_INI_RESOURCE_PATH + " file.");

             ini = IniFactorySupport.loadDefaultClassPathIni();

         }

         Map<String, ?> objects = applySecurityManager(ini);

         applyFilterChainResolver(ini, objects);

     }

     protected Ini loadIniFromConfig() {

         Ini ini = null;

         String config = getConfig();

         if (config != null) {

             ini = convertConfigToIni(config);

         }

         return ini;

     }

     protected Ini loadIniFromPath() {

         Ini ini = null;

         String path = getConfigPath();

         if (path != null) {

             ini = convertPathToIni(path);

         }

         return ini;

     }

     protected Map<String, ?> applySecurityManager(Ini ini) {

         WebIniSecurityManagerFactory factory;

         if (CollectionUtils.isEmpty(ini)) {

             factory = new WebIniSecurityManagerFactory();

         } else {

             factory = new WebIniSecurityManagerFactory(ini);

         }

         // Create the security manager and check that it implements WebSecurityManager.

         // Otherwise, it can't be used with the filter.

         SecurityManager securityManager = factory.getInstance();

         if (!(securityManager instanceof WebSecurityManager)) {

             String msg = "The configured security manager is not an instance of WebSecurityManager, so " +

                     "it can not be used with the Shiro servlet filter.";

             throw new ConfigurationException(msg);

         }

         setSecurityManager((WebSecurityManager) securityManager);

         return factory.getBeans();

     }

     protected void applyFilterChainResolver(Ini ini, Map<String, ?> defaults) {

         if (ini == null || ini.isEmpty()) {

             //nothing to use to create the resolver, just return

             //(the AbstractShiroFilter allows a null resolver, in which case the original FilterChain is

             // always used).

             return;

         }

         //only create a resolver if the 'filters' or 'urls' sections are defined:

         Ini.Section urls = ini.getSection(IniFilterChainResolverFactory.URLS);

         Ini.Section filters = ini.getSection(IniFilterChainResolverFactory.FILTERS);

         if ((urls != null && !urls.isEmpty()) || (filters != null && !filters.isEmpty())) {

             //either the urls section or the filters section was defined.  Go ahead and create the resolver

             //and set it:

             IniFilterChainResolverFactory filterChainResolverFactory = new IniFilterChainResolverFactory(ini, defaults);

             filterChainResolverFactory.setFilterConfig(getFilterConfig());

             FilterChainResolver resolver = filterChainResolverFactory.getInstance();

             setFilterChainResolver(resolver);

         }

     }

     protected Ini convertConfigToIni(String config) {

         Ini ini = new Ini();

         ini.load(config);

         return ini;

     }

     /**

      * Returns the INI instance reflecting the specified servlet context resource path or {@code null} if no

      * resource was found.

      *

      * @param servletContextPath the servlet context resource path of the INI file to load

      * @return the INI instance reflecting the specified servlet context resource path or {@code null} if no

      *         resource was found.

      * @since 1.2

      */

     protected Ini getServletContextIniResource(String servletContextPath) {

         String path = WebUtils.normalize(servletContextPath);

         if (getServletContext() != null) {

             InputStream is = getServletContext().getResourceAsStream(path);

             if (is != null) {

                 Ini ini = new Ini();

                 ini.load(is);

                 if (CollectionUtils.isEmpty(ini)) {

                     log.warn("ServletContext INI resource '" + servletContextPath + "' exists, but it did not contain " +

                             "any data.");

                 }

                 return ini;

             }

         }

         return null;

     }

     /**

      * Converts the specified file path to an {@link Ini} instance.

      * <p/>

      * If the path does not have a resource prefix as defined by {@link ResourceUtils#hasResourcePrefix(String)}, the

      * path is expected to be resolvable by the {@code ServletContext} via

      * {@link javax.servlet.ServletContext#getResourceAsStream(String)}.

      *

      * @param path the path of the INI resource to load into an INI instance.

      * @return an INI instance populated based on the given INI resource path.

      */

     protected Ini convertPathToIni(String path) {

         Ini ini = new Ini();

         //SHIRO-178: Check for servlet context resource and not

         //only resource paths:

         if (!ResourceUtils.hasResourcePrefix(path)) {

             ini = getServletContextIniResource(path);

             if (ini == null) {

                 String msg = "There is no servlet context resource corresponding to configPath '" + path + "'  If " +

                         "the resource is located elsewhere (not immediately resolveable in the servlet context), " +

                         "specify an appropriate classpath:, url:, or file: resource prefix accordingly.";

                 throw new ConfigurationException(msg);

             }

         } else {

             //normal resource path - load as usual:

             ini.loadFromPath(path);

         }

         return ini;

     }

 }