View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.shiro.spring.config;
20  
21  import org.apache.shiro.authc.Authenticator;
22  import org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy;
23  import org.apache.shiro.authc.pam.AuthenticationStrategy;
24  import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
25  import org.apache.shiro.authz.Authorizer;
26  import org.apache.shiro.authz.ModularRealmAuthorizer;
27  import org.apache.shiro.authz.permission.PermissionResolver;
28  import org.apache.shiro.authz.permission.RolePermissionResolver;
29  import org.apache.shiro.cache.CacheManager;
30  import org.apache.shiro.event.EventBus;
31  import org.apache.shiro.mgt.*;
32  import org.apache.shiro.realm.Realm;
33  import org.apache.shiro.session.mgt.DefaultSessionManager;
34  import org.apache.shiro.session.mgt.SessionFactory;
35  import org.apache.shiro.session.mgt.SessionManager;
36  import org.apache.shiro.session.mgt.SimpleSessionFactory;
37  import org.apache.shiro.session.mgt.eis.MemorySessionDAO;
38  import org.apache.shiro.session.mgt.eis.SessionDAO;
39  import org.springframework.beans.factory.annotation.Autowired;
40  import org.springframework.beans.factory.annotation.Value;
41  
42  import java.util.List;
43  
44  /**
45   * @since 1.4.0
46   */
47  public class AbstractShiroConfiguration {
48  
49      @Autowired(required = false)
50      protected CacheManager cacheManager;
51  
52      @Autowired(required = false)
53      protected RolePermissionResolver rolePermissionResolver;
54  
55      @Autowired(required = false)
56      protected PermissionResolver permissionResolver;
57  
58      @Autowired
59      protected EventBus eventBus;
60  
61      @Value("#{ @environment['shiro.sessionManager.deleteInvalidSessions'] ?: true }")
62      protected boolean sessionManagerDeleteInvalidSessions;
63  
64  
65      protected SessionsSecurityManager securityManager(List<Realm> realms) {
66          SessionsSecurityManager securityManager = createSecurityManager();
67          securityManager.setAuthenticator(authenticator());
68          securityManager.setAuthorizer(authorizer());
69          securityManager.setRealms(realms);
70          securityManager.setSessionManager(sessionManager());
71          securityManager.setEventBus(eventBus);
72  
73          if (cacheManager != null) {
74              securityManager.setCacheManager(cacheManager);
75          }
76  
77          return securityManager;
78      }
79  
80      protected SessionManager sessionManager() {
81          DefaultSessionManager sessionManager = new DefaultSessionManager();
82          sessionManager.setSessionDAO(sessionDAO());
83          sessionManager.setSessionFactory(sessionFactory());
84          sessionManager.setDeleteInvalidSessions(sessionManagerDeleteInvalidSessions);
85          return sessionManager;
86      }
87  
88  
89      protected SessionsSecurityManager createSecurityManager() {
90          DefaultSecurityManager securityManager = new DefaultSecurityManager();
91          securityManager.setSubjectDAO(subjectDAO());
92          securityManager.setSubjectFactory(subjectFactory());
93  
94          RememberMeManager rememberMeManager = rememberMeManager();
95          if (rememberMeManager != null) {
96              securityManager.setRememberMeManager(rememberMeManager);
97          }
98  
99          return securityManager;
100     }
101 
102     protected RememberMeManager rememberMeManager() {
103         return null;
104     }
105 
106     protected SubjectDAO subjectDAO() {
107         DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
108         subjectDAO.setSessionStorageEvaluator(sessionStorageEvaluator());
109         return subjectDAO;
110     }
111 
112     protected SessionStorageEvaluator sessionStorageEvaluator() {
113         return new DefaultSessionStorageEvaluator();
114     }
115 
116     protected SubjectFactory subjectFactory() {
117         return new DefaultSubjectFactory();
118     }
119 
120 
121     protected SessionFactory sessionFactory() {
122         return new SimpleSessionFactory();
123     }
124 
125     protected SessionDAO sessionDAO() {
126         return new MemorySessionDAO();
127     }
128 
129     protected Authorizer authorizer() {
130         ModularRealmAuthorizer authorizer = new ModularRealmAuthorizer();
131 
132         if (permissionResolver != null) {
133             authorizer.setPermissionResolver(permissionResolver);
134         }
135 
136         if (rolePermissionResolver != null) {
137             authorizer.setRolePermissionResolver(rolePermissionResolver);
138         }
139 
140         return authorizer;
141     }
142 
143     protected AuthenticationStrategy authenticationStrategy() {
144         return new AtLeastOneSuccessfulStrategy();
145     }
146 
147     protected Authenticator authenticator() {
148         ModularRealmAuthenticator authenticator = new ModularRealmAuthenticator();
149         authenticator.setAuthenticationStrategy(authenticationStrategy());
150         return authenticator;
151     }
152 }