ShiroSecurityContext.java
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.shiro.web.jaxrs;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.SecurityContext;
import java.security.Principal;
/**
* A Shiro based {@link SecurityContext} that exposes the current Shiro {@link Subject} as a {@link Principal}.
* The {@link #isUserInRole(String)} method returns the result of {@link Subject#hasRole(String)}.
*
* @since 1.4
*/
public class ShiroSecurityContext implements SecurityContext {
final private ContainerRequestContext containerRequestContext;
final private SecurityContext originalSecurityContext;
public ShiroSecurityContext(ContainerRequestContext containerRequestContext) {
this.containerRequestContext = containerRequestContext;
this.originalSecurityContext = containerRequestContext.getSecurityContext();
}
@Override
public Principal getUserPrincipal() {
Principal result;
Subject subject = getSubject();
PrincipalCollection shiroPrincipals = subject.getPrincipals();
if (shiroPrincipals != null) {
result = shiroPrincipals.oneByType(Principal.class);
if (result == null) {
result = new ObjectPrincipal(shiroPrincipals.getPrimaryPrincipal());
}
}
else {
result = originalSecurityContext.getUserPrincipal();
}
return result;
}
@Override
public boolean isUserInRole(String role) {
return getSubject().hasRole(role);
}
@Override
public boolean isSecure() {
return containerRequestContext.getSecurityContext().isSecure();
}
@Override
public String getAuthenticationScheme() {
return containerRequestContext.getSecurityContext().getAuthenticationScheme();
}
private Subject getSubject() {
return SecurityUtils.getSubject();
}
/**
* Java Principal wrapper around any Shiro Principal object.s
*/
private class ObjectPrincipal implements Principal {
private Object object = null;
public ObjectPrincipal(Object object) {
this.object = object;
}
public Object getObject() {
return object;
}
public String getName() {
return getObject().toString();
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
ObjectPrincipal that = (ObjectPrincipal) o;
return object.equals(that.object);
}
public int hashCode() {
return object.hashCode();
}
public String toString() {
return object.toString();
}
}
}