001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 */ 019 020import org.apache.shiro.SecurityUtils; 021import org.apache.shiro.authc.*; 022import org.apache.shiro.config.IniSecurityManagerFactory; 023import org.apache.shiro.mgt.SecurityManager; 024import org.apache.shiro.session.Session; 025import org.apache.shiro.subject.Subject; 026import org.apache.shiro.util.Factory; 027import org.slf4j.Logger; 028import org.slf4j.LoggerFactory; 029 030 031/** 032 * Simple Quickstart application showing how to use Shiro's API. 033 * 034 * @since 0.9 RC2 035 */ 036public class Quickstart { 037 038 private static final transient Logger log = LoggerFactory.getLogger(Quickstart.class); 039 040 041 public static void main(String[] args) { 042 043 // The easiest way to create a Shiro SecurityManager with configured 044 // realms, users, roles and permissions is to use the simple INI config. 045 // We'll do that by using a factory that can ingest a .ini file and 046 // return a SecurityManager instance: 047 048 // Use the shiro.ini file at the root of the classpath 049 // (file: and url: prefixes load from files and urls respectively): 050 Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini"); 051 SecurityManager securityManager = factory.getInstance(); 052 053 // for this simple example quickstart, make the SecurityManager 054 // accessible as a JVM singleton. Most applications wouldn't do this 055 // and instead rely on their container configuration or web.xml for 056 // webapps. That is outside the scope of this simple quickstart, so 057 // we'll just do the bare minimum so you can continue to get a feel 058 // for things. 059 SecurityUtils.setSecurityManager(securityManager); 060 061 // Now that a simple Shiro environment is set up, let's see what you can do: 062 063 // get the currently executing user: 064 Subject currentUser = SecurityUtils.getSubject(); 065 066 // Do some stuff with a Session (no need for a web or EJB container!!!) 067 Session session = currentUser.getSession(); 068 session.setAttribute("someKey", "aValue"); 069 String value = (String) session.getAttribute("someKey"); 070 if (value.equals("aValue")) { 071 log.info("Retrieved the correct value! [" + value + "]"); 072 } 073 074 // let's login the current user so we can check against roles and permissions: 075 if (!currentUser.isAuthenticated()) { 076 UsernamePasswordToken token = new UsernamePasswordToken("lonestarr", "vespa"); 077 token.setRememberMe(true); 078 try { 079 currentUser.login(token); 080 } catch (UnknownAccountException uae) { 081 log.info("There is no user with username of " + token.getPrincipal()); 082 } catch (IncorrectCredentialsException ice) { 083 log.info("Password for account " + token.getPrincipal() + " was incorrect!"); 084 } catch (LockedAccountException lae) { 085 log.info("The account for username " + token.getPrincipal() + " is locked. " + 086 "Please contact your administrator to unlock it."); 087 } 088 // ... catch more exceptions here (maybe custom ones specific to your application? 089 catch (AuthenticationException ae) { 090 //unexpected condition? error? 091 } 092 } 093 094 //say who they are: 095 //print their identifying principal (in this case, a username): 096 log.info("User [" + currentUser.getPrincipal() + "] logged in successfully."); 097 098 //test a role: 099 if (currentUser.hasRole("schwartz")) { 100 log.info("May the Schwartz be with you!"); 101 } else { 102 log.info("Hello, mere mortal."); 103 } 104 105 //test a typed permission (not instance-level) 106 if (currentUser.isPermitted("lightsaber:wield")) { 107 log.info("You may use a lightsaber ring. Use it wisely."); 108 } else { 109 log.info("Sorry, lightsaber rings are for schwartz masters only."); 110 } 111 112 //a (very powerful) Instance Level permission: 113 if (currentUser.isPermitted("winnebago:drive:eagle5")) { 114 log.info("You are permitted to 'drive' the winnebago with license plate (id) 'eagle5'. " + 115 "Here are the keys - have fun!"); 116 } else { 117 log.info("Sorry, you aren't allowed to drive the 'eagle5' winnebago!"); 118 } 119 120 //all done - log out! 121 currentUser.logout(); 122 123 System.exit(0); 124 } 125}