use ehcache as shiro cachemanager

2025-11-17 18:51:10 +01:00 · 2013-01-06 21:59:49 +01:00
parent 656097aa5f
commit d56cb614ae
6 changed files with 126 additions and 3 deletions
--- a/scm-plugin-backend/pom.xml
+++ b/scm-plugin-backend/pom.xml
@@ -102,6 +102,12 @@
      <artifactId>shiro-guice</artifactId>
      <version>${shiro.version}</version>
    </dependency>
+    
+    <dependency>
+      <groupId>org.apache.shiro</groupId>
+      <artifactId>shiro-ehcache</artifactId>
+      <version>${shiro.version}</version>
+    </dependency>

  </dependencies>

--- a/scm-plugin-backend/src/main/java/sonia/scm/plugin/security/CacheManagerProvider.java
+++ b/scm-plugin-backend/src/main/java/sonia/scm/plugin/security/CacheManagerProvider.java
@@ -0,0 +1,85 @@
+/**
+ * Copyright (c) 2010, Sebastian Sdorra All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer. 2. Redistributions in
+ * binary form must reproduce the above copyright notice, this list of
+ * conditions and the following disclaimer in the documentation and/or other
+ * materials provided with the distribution. 3. Neither the name of SCM-Manager;
+ * nor the names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * http://bitbucket.org/sdorra/scm-manager
+ *
+ */
+
+
+
+package sonia.scm.plugin.security;
+
+//~--- non-JDK imports --------------------------------------------------------
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import com.google.inject.Singleton;
+
+import org.apache.shiro.cache.CacheManager;
+import org.apache.shiro.cache.ehcache.EhCacheManager;
+
+/**
+ *
+ * @author Sebastian Sdorra
+ */
+@Singleton
+public class CacheManagerProvider implements Provider<CacheManager>
+{
+
+  /**
+   * Constructs ...
+   *
+   *
+   * @param cacheManager
+   */
+  @Inject
+  public CacheManagerProvider(net.sf.ehcache.CacheManager cacheManager)
+  {
+    this.cacheManager = cacheManager;
+  }
+
+  //~--- get methods ----------------------------------------------------------
+
+  /**
+   * Method description
+   *
+   *
+   * @return
+   */
+  @Override
+  public CacheManager get()
+  {
+    EhCacheManager eh = new EhCacheManager();
+
+    eh.setCacheManager(cacheManager);
+
+    return eh;
+  }
+
+  //~--- fields ---------------------------------------------------------------
+
+  /** Field description */
+  private net.sf.ehcache.CacheManager cacheManager;
+}
--- a/scm-plugin-backend/src/main/java/sonia/scm/plugin/security/DefaultAdminRealm.java
+++ b/scm-plugin-backend/src/main/java/sonia/scm/plugin/security/DefaultAdminRealm.java
@@ -45,6 +45,7 @@ import org.apache.shiro.authc.UsernamePasswordToken;
 import org.apache.shiro.authc.credential.CredentialsMatcher;
 import org.apache.shiro.authz.AuthorizationInfo;
 import org.apache.shiro.authz.SimpleAuthorizationInfo;
+import org.apache.shiro.cache.CacheManager;
 import org.apache.shiro.realm.AuthorizingRealm;
 import org.apache.shiro.subject.PrincipalCollection;

@@ -79,12 +80,13 @@ public class DefaultAdminRealm extends AuthorizingRealm
   *
   * @param configuration
   * @param credentialsMatcher
+   * @param cacheManager
   */
  @Inject
  public DefaultAdminRealm(BackendConfiguration configuration,
-    CredentialsMatcher credentialsMatcher)
+    CredentialsMatcher credentialsMatcher, CacheManager cacheManager)
  {
-    super(credentialsMatcher);
+    super(cacheManager, credentialsMatcher);
    this.configuration = configuration;
    setAuthenticationTokenClass(UsernamePasswordToken.class);
  }
--- a/scm-plugin-backend/src/main/java/sonia/scm/plugin/security/SecurityModule.java
+++ b/scm-plugin-backend/src/main/java/sonia/scm/plugin/security/SecurityModule.java
@@ -38,6 +38,7 @@ import com.google.inject.name.Names;

 import org.apache.shiro.authc.credential.CredentialsMatcher;
 import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
+import org.apache.shiro.cache.CacheManager;
 import org.apache.shiro.crypto.RandomNumberGenerator;
 import org.apache.shiro.crypto.SecureRandomNumberGenerator;
 import org.apache.shiro.crypto.hash.SimpleHash;
@@ -158,6 +159,9 @@ public class SecurityModule extends ShiroWebModule
    bindConstants();
    bindCredentialsMatcher();

+    // bind cache manager
+    bind(CacheManager.class).toProvider(CacheManagerProvider.class);
+
    // bind realm
    bindRealm().to(DefaultAdminRealm.class);

--- a/scm-plugin-backend/src/main/resources/config/ehcache.xml
+++ b/scm-plugin-backend/src/main/resources/config/ehcache.xml
@@ -116,5 +116,31 @@
        timeToLiveSeconds="3600"
        diskPersistent="false"
  />
+  
+  <!-- shiro -->
+  
+  <!-- We want eternal="true" and no timeToIdle or timeToLive settings because Shiro manages session
+       expirations explicitly.  If we set it to false and then set corresponding timeToIdle and timeToLive properties,
+       ehcache would evict sessions without Shiro's knowledge, which would cause many problems
+      (e.g. "My Shiro session timeout is 30 minutes - why isn't a session available after 2 minutes?"
+             Answer - ehcache expired it due to the timeToIdle property set to 120 seconds.)
+
+      diskPersistent=true since we want an enterprise session management feature - ability to use sessions after
+      even after a JVM restart.  -->
+  <cache name="shiro-activeSessionCache"
+         maxElementsInMemory="10000"
+         overflowToDisk="true"
+         eternal="true"
+         timeToLiveSeconds="0"
+         timeToIdleSeconds="0"
+         diskPersistent="true"
+         diskExpiryThreadIntervalSeconds="600"
+  />
+
+  <cache name="org.apache.shiro.realm.text.PropertiesRealm-0-accounts"
+         maxElementsInMemory="1000"
+         eternal="true"
+         overflowToDisk="true"
+  />

 </ehcache>
--- a/scm-plugin-backend/src/main/webapp/WEB-INF/ftl/admin/index.html
+++ b/scm-plugin-backend/src/main/webapp/WEB-INF/ftl/admin/index.html
@@ -1,5 +1,5 @@
 <#include "../template/header.html">

-<h2>Admin</h2>
+<h2>Admin (${subject.name})</h2>

 <#include "../template/footer.html">