2014-12-14 12:26:03 +01:00
|
|
|
/**
|
|
|
|
|
* Copyright (c) 2014, Sebastian Sdorra All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions are met:
|
|
|
|
|
*
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright notice,
|
|
|
|
|
* this list of conditions and the following disclaimer. 2. Redistributions in
|
|
|
|
|
* binary form must reproduce the above copyright notice, this list of
|
|
|
|
|
* conditions and the following disclaimer in the documentation and/or other
|
|
|
|
|
* materials provided with the distribution. 3. Neither the name of SCM-Manager;
|
|
|
|
|
* nor the names of its contributors may be used to endorse or promote products
|
|
|
|
|
* derived from this software without specific prior written permission.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
|
|
|
|
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
|
|
|
|
|
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
|
|
|
|
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
|
|
|
|
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
|
|
|
|
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
|
|
|
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
*
|
|
|
|
|
* http://bitbucket.org/sdorra/scm-manager
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
package sonia.scm.security;
|
|
|
|
|
|
|
|
|
|
//~--- non-JDK imports --------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
import com.google.common.annotations.VisibleForTesting;
|
|
|
|
|
|
|
|
|
|
import org.apache.shiro.authc.AuthenticationException;
|
|
|
|
|
import org.apache.shiro.authc.AuthenticationInfo;
|
|
|
|
|
import org.apache.shiro.authc.AuthenticationToken;
|
|
|
|
|
import org.apache.shiro.authc.UsernamePasswordToken;
|
|
|
|
|
import org.apache.shiro.authc.credential.PasswordMatcher;
|
|
|
|
|
import org.apache.shiro.authc.credential.PasswordService;
|
|
|
|
|
import org.apache.shiro.authz.AuthorizationInfo;
|
|
|
|
|
import org.apache.shiro.realm.AuthorizingRealm;
|
|
|
|
|
import org.apache.shiro.subject.PrincipalCollection;
|
|
|
|
|
|
|
|
|
|
import sonia.scm.group.GroupDAO;
|
2014-12-19 17:52:44 +01:00
|
|
|
import sonia.scm.plugin.Extension;
|
2014-12-14 12:26:03 +01:00
|
|
|
import sonia.scm.user.UserDAO;
|
|
|
|
|
|
|
|
|
|
//~--- JDK imports ------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
import javax.inject.Inject;
|
|
|
|
|
import javax.inject.Singleton;
|
|
|
|
|
|
|
|
|
|
/**
|
2015-03-15 11:40:29 +01:00
|
|
|
* Default authorizing realm.
|
2014-12-14 12:26:03 +01:00
|
|
|
*
|
|
|
|
|
* @author Sebastian Sdorra
|
|
|
|
|
* @since 2.0.0
|
|
|
|
|
*/
|
2014-12-19 17:52:44 +01:00
|
|
|
@Extension
|
2014-12-14 12:26:03 +01:00
|
|
|
@Singleton
|
|
|
|
|
public class DefaultRealm extends AuthorizingRealm
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
/** Field description */
|
|
|
|
|
@VisibleForTesting
|
|
|
|
|
static final String REALM = "DefaultRealm";
|
|
|
|
|
|
|
|
|
|
//~--- constructors ---------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Constructs ...
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* @param service
|
|
|
|
|
* @param collector
|
2017-01-15 12:50:29 +01:00
|
|
|
* @param helperFactory
|
2014-12-14 12:26:03 +01:00
|
|
|
*/
|
|
|
|
|
@Inject
|
|
|
|
|
public DefaultRealm(PasswordService service,
|
2017-01-15 12:50:29 +01:00
|
|
|
DefaultAuthorizationCollector collector, DAORealmHelperFactory helperFactory)
|
2014-12-14 12:26:03 +01:00
|
|
|
{
|
|
|
|
|
this.collector = collector;
|
2017-01-15 12:50:29 +01:00
|
|
|
this.helper = helperFactory.create(REALM);
|
2014-12-14 12:26:03 +01:00
|
|
|
|
|
|
|
|
PasswordMatcher matcher = new PasswordMatcher();
|
|
|
|
|
|
|
|
|
|
matcher.setPasswordService(service);
|
2017-01-15 20:27:06 +01:00
|
|
|
setCredentialsMatcher(helper.wrapCredentialsMatcher(matcher));
|
2014-12-14 12:26:03 +01:00
|
|
|
setAuthenticationTokenClass(UsernamePasswordToken.class);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//~--- methods --------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* @param token
|
|
|
|
|
*
|
|
|
|
|
* @return
|
|
|
|
|
*
|
|
|
|
|
* @throws AuthenticationException
|
|
|
|
|
*/
|
|
|
|
|
@Override
|
|
|
|
|
protected AuthenticationInfo doGetAuthenticationInfo(
|
|
|
|
|
AuthenticationToken token)
|
|
|
|
|
throws AuthenticationException
|
|
|
|
|
{
|
2014-12-20 11:33:03 +01:00
|
|
|
return helper.getAuthenticationInfo(token);
|
2014-12-14 12:26:03 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* @param principals
|
|
|
|
|
*
|
|
|
|
|
* @return
|
|
|
|
|
*/
|
|
|
|
|
@Override
|
|
|
|
|
protected AuthorizationInfo doGetAuthorizationInfo(
|
|
|
|
|
PrincipalCollection principals)
|
|
|
|
|
{
|
|
|
|
|
return collector.collect(principals);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//~--- fields ---------------------------------------------------------------
|
|
|
|
|
|
2015-03-15 11:40:29 +01:00
|
|
|
/** default authorization collector */
|
|
|
|
|
private final DefaultAuthorizationCollector collector;
|
2014-12-14 12:26:03 +01:00
|
|
|
|
2015-03-15 11:40:29 +01:00
|
|
|
/** realm helper */
|
2014-12-20 11:33:03 +01:00
|
|
|
private final DAORealmHelper helper;
|
2014-12-14 12:26:03 +01:00
|
|
|
}
|
