shiro-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lhazlew...@apache.org
Subject svn commit: r808950 - in /incubator/shiro/trunk: core/src/main/java/org/apache/shiro/subject/ core/src/test/java/org/apache/shiro/mgt/ web/src/main/java/org/apache/shiro/web/servlet/ web/src/main/java/org/apache/shiro/web/subject/ web/src/test/java/org...
Date Fri, 28 Aug 2009 16:46:36 GMT
Author: lhazlewood
Date: Fri Aug 28 16:46:35 2009
New Revision: 808950

URL: http://svn.apache.org/viewvc?rev=808950&view=rev
Log:
SHIRO-91: supplemental fix (ShiroFilter - thread binding for WebRememberMeManager). 
SHIRO-86: refactored SubjectBuilder and WebSubjectBuilder to Subject.Builder and WebSubject.Builder
per mailing list discussion.

Removed:
    incubator/shiro/trunk/core/src/main/java/org/apache/shiro/subject/SubjectBuilder.java
    incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/subject/WebSubjectBuilder.java
Modified:
    incubator/shiro/trunk/core/src/main/java/org/apache/shiro/subject/Subject.java
    incubator/shiro/trunk/core/src/test/java/org/apache/shiro/mgt/AbstractSecurityManagerTest.java
    incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/servlet/ShiroFilter.java
    incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/subject/WebSubject.java
    incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/AbstractWebSecurityManagerTest.java

Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/subject/Subject.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/subject/Subject.java?rev=808950&r1=808949&r2=808950&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/subject/Subject.java (original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/subject/Subject.java Fri Aug
28 16:46:35 2009
@@ -18,21 +18,34 @@
  */
 package org.apache.shiro.subject;
 
+import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.AuthenticationToken;
 import org.apache.shiro.authz.AuthorizationException;
 import org.apache.shiro.authz.Permission;
+import org.apache.shiro.mgt.SecurityManager;
+import org.apache.shiro.mgt.SubjectFactory;
 import org.apache.shiro.session.Session;
 
+import java.io.Serializable;
+import java.net.InetAddress;
 import java.util.Collection;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 import java.util.concurrent.Callable;
 
 /**
  * A {@code Subject} represents state and security operations for a <em>single</em>
application user.
  * These operations include authentication (login/logout), authorization (access control),
and
  * session access. It is Shiro's primary mechanism for single-user security functionality.
- * <p/>
+ * <h4>Acquiring a Subject</h4>
+ * To acquire the currently-executing {@code Subject}, application developers will almost
always use
+ * {@code SecurityUtils}:
+ * <pre>
+ * {@link SecurityUtils SecurityUtils}.{@link org.apache.shiro.SecurityUtils#getSubject()
getSubject()}</pre>
+ * Almost all security operations should be performed with the {@code Subject} returned from
this method.
+ * <h4>Permission methods</h4>
  * Note that there are many *Permission methods in this interface overloaded to accept String
arguments instead of
  * {@link Permission Permission} instances. They are a convenience allowing the caller to
use a String representation of
  * a {@link Permission Permission} if desired.  The underlying Authorization subsystem implementations
will usually
@@ -40,7 +53,7 @@
  * type-safe method.  (Shiro's default implementations do String-to-Permission conversion
for these methods using
  * {@link org.apache.shiro.authz.permission.PermissionResolver PermissionResolver}s.)
  * <p/>
- * These overloaded *Permission methods <em>do</em> forgo type-saftey for the
benefit of convenience and simplicity,
+ * These overloaded *Permission methods forgo type-saftey for the benefit of convenience
and simplicity,
  * so you should choose which ones to use based on your preferences and needs.
  *
  * @author Les Hazlewood
@@ -395,4 +408,101 @@
 
     PrincipalCollection getRunAsIdentity();*/
 
+    /**
+     * Builder design pattern implementation for creating {@link Subject} instances in a
simplified way without
+     * requiring knowledge of Shiro's construction techniques.
+     * <p/>
+     * <b>NOTE</b>: This is provided for framework development support only and
should typically never be used by
+     * application developers.  {@code Subject} instances should generally be acquired by
using
+     * <code>SecurityUtils.{@link SecurityUtils#getSubject() getSubject()}</code>
+     * <h4>Usage</h4>
+     * The simplest usage of this builder is to construct an anonymous, session-less {@code
Subject} instance:
+     * <pre>
+     * Subject subject = new Subject.{@link #Builder() Builder}().{@link #buildSubject()
build()};</pre>
+     * The default, no-arg {@code Subject.Builder()} constructor shown above will use the
application's
+     * currently accessible {@code SecurityManager} via
+     * <code>SecurityUtils.{@link SecurityUtils#getSecurityManager() getSecurityManager()}</code>.
 You may also
+     * specify the exact {@code SecurityManager} instance to be used by the additional
+     * <code>Subject.{@link #Builder(org.apache.shiro.mgt.SecurityManager) Builder(securityManager)}</code>
+     * constructor if desired.
+     * <p/>
+     * All other methods may be called before {@link #buildSubject() buildSubject()} call
to
+     * provide context on how to construct the {@code Subject} instance.  For example, if
you have a session id and
+     * want to acquire the {@code Subject} that 'owns' that session (assuming the session
exists and is not expired):
+     * <pre>
+     * Subject subject = new Subject.Builder().sessionId(sessionId).buildSubject();</pre>
+     * <p/>
+     * Similarly, if you want a {@code Subject} instance reflecting a certain identity:
+     * <pre>
+     * PrincipalCollection principals = new SimplePrincipalCollection("username", <em>yourRealmName</em>);
+     * Subject subject = new Subject.Builder().principals(principals).build();</pre>
+     * <p/>
+     * Note that the returned {@code Subject} instance is <b>not</b> automatically
bound to the application (thread)
+     * for further use.  That is,
+     * {@link org.apache.shiro.SecurityUtils SecurityUtils}.{@link org.apache.shiro.SecurityUtils#getSubject()
getSubject()}
+     * will not automatically return the same instance as what is returned by the builder.
 It is up to the framework
+     * developer to bind the built {@code Subject} for continued use if desired.
+     *
+     * @since 1.0
+     */
+    public static class Builder {
+
+        private final Map<String, Object> subjectContext;
+
+        private final org.apache.shiro.mgt.SecurityManager securityManager;
+
+        public Builder() {
+            this(SecurityUtils.getSecurityManager());
+        }
+
+        public Builder(SecurityManager securityManager) {
+            if (securityManager == null) {
+                throw new NullPointerException("SecurityManager method argument cannot be
null.");
+            }
+            this.securityManager = securityManager;
+            this.subjectContext = new HashMap<String, Object>();
+        }
+
+        protected Map<String, Object> getSubjectContext() {
+            return this.subjectContext;
+        }
+
+        public Builder sessionId(Serializable sessionId) {
+            if (sessionId != null) {
+                this.subjectContext.put(SubjectFactory.SESSION_ID, sessionId);
+            }
+            return this;
+        }
+
+        public Builder inetAddress(InetAddress originatingHost) {
+            if (originatingHost != null) {
+                this.subjectContext.put(SubjectFactory.INET_ADDRESS, originatingHost);
+            }
+            return this;
+        }
+
+        public Builder session(Session session) {
+            if (session != null) {
+                this.subjectContext.put(SubjectFactory.SESSION, session);
+            }
+            return this;
+        }
+
+        public Builder principals(PrincipalCollection principals) {
+            if (principals != null && !principals.isEmpty()) {
+                this.subjectContext.put(SubjectFactory.PRINCIPALS, principals);
+            }
+            return this;
+        }
+
+        public Builder authenticated(boolean authenticated) {
+            this.subjectContext.put(SubjectFactory.AUTHENTICATED, authenticated);
+            return this;
+        }
+
+        public Subject buildSubject() {
+            return this.securityManager.createSubject(this.subjectContext);
+        }
+    }
+
 }

Modified: incubator/shiro/trunk/core/src/test/java/org/apache/shiro/mgt/AbstractSecurityManagerTest.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/test/java/org/apache/shiro/mgt/AbstractSecurityManagerTest.java?rev=808950&r1=808949&r2=808950&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/test/java/org/apache/shiro/mgt/AbstractSecurityManagerTest.java
(original)
+++ incubator/shiro/trunk/core/src/test/java/org/apache/shiro/mgt/AbstractSecurityManagerTest.java
Fri Aug 28 16:46:35 2009
@@ -1,18 +1,31 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
 package org.apache.shiro.mgt;
 
 import org.apache.shiro.subject.Subject;
-import org.apache.shiro.subject.SubjectBuilder;
 import org.apache.shiro.subject.support.SubjectThreadState;
 import org.apache.shiro.util.ThreadContext;
 import org.apache.shiro.util.ThreadState;
 import org.junit.After;
 
 /**
- * Created by IntelliJ IDEA.
- * User: lhazlewood
- * Date: Aug 24, 2009
- * Time: 5:20:35 PM
- * To change this template use File | Settings | File Templates.
+ * @since 1.0
  */
 public abstract class AbstractSecurityManagerTest {
 
@@ -24,7 +37,7 @@
     }
 
     protected Subject newSubject(SecurityManager securityManager) {
-        Subject subject = new SubjectBuilder(securityManager).buildSubject();
+        Subject subject = new Subject.Builder(securityManager).buildSubject();
         threadState = new SubjectThreadState(subject);
         threadState.bind();
         return subject;

Modified: incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/servlet/ShiroFilter.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/servlet/ShiroFilter.java?rev=808950&r1=808949&r2=808950&view=diff
==============================================================================
--- incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/servlet/ShiroFilter.java
(original)
+++ incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/servlet/ShiroFilter.java
Fri Aug 28 16:46:35 2009
@@ -27,12 +27,13 @@
 import org.apache.shiro.util.ClassUtils;
 import org.apache.shiro.util.LifecycleUtils;
 import static org.apache.shiro.util.StringUtils.clean;
+import org.apache.shiro.util.ThreadContext;
 import org.apache.shiro.util.ThreadState;
 import org.apache.shiro.web.DefaultWebSecurityManager;
+import org.apache.shiro.web.WebUtils;
 import org.apache.shiro.web.config.IniWebConfiguration;
 import org.apache.shiro.web.config.WebConfiguration;
 import org.apache.shiro.web.subject.WebSubject;
-import org.apache.shiro.web.subject.WebSubjectBuilder;
 import org.apache.shiro.web.subject.support.WebSubjectThreadState;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -485,7 +486,12 @@
      * @since 1.0
      */
     protected ThreadState bind(ServletRequest request, ServletResponse response) {
-        WebSubject subject = new WebSubjectBuilder(getSecurityManager(), request, response).buildWebSubject();
+        ThreadContext.bind(getSecurityManager());
+        //currently the WebRememberMeManager needs the request/response bound in order to
create the subject instance:
+        WebUtils.bind(request);
+        WebUtils.bind(response);
+
+        WebSubject subject = new WebSubject.Builder().buildWebSubject();
         ThreadState threadState = new WebSubjectThreadState(subject);
         threadState.bind();
         return threadState;

Modified: incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/subject/WebSubject.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/subject/WebSubject.java?rev=808950&r1=808949&r2=808950&view=diff
==============================================================================
--- incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/subject/WebSubject.java (original)
+++ incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/subject/WebSubject.java Fri
Aug 28 16:46:35 2009
@@ -1,6 +1,10 @@
 package org.apache.shiro.web.subject;
 
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.mgt.SecurityManager;
+import org.apache.shiro.mgt.SubjectFactory;
 import org.apache.shiro.subject.Subject;
+import org.apache.shiro.web.WebUtils;
 
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
@@ -26,4 +30,52 @@
      */
     ServletResponse getServletResponse();
 
+    public static class Builder extends Subject.Builder {
+
+        public Builder() {
+            this(WebUtils.getRequiredServletRequest(), WebUtils.getRequiredServletResponse());
+        }
+
+        public Builder(ServletRequest request, ServletResponse response) {
+            this(SecurityUtils.getSecurityManager(), request, response);
+        }
+
+        public Builder(SecurityManager securityManager, ServletRequest request, ServletResponse
response) {
+            super(securityManager);
+            if (request == null) {
+                throw new IllegalArgumentException("ServletRequest argument cannot be null.");
+            }
+            if (response == null) {
+                throw new IllegalArgumentException("ServletResponse argument cannot be null.");
+            }
+            setRequest(request);
+            setResponse(response);
+        }
+
+        protected Builder setRequest(ServletRequest request) {
+            if (request != null) {
+                getSubjectContext().put(SubjectFactory.SERVLET_REQUEST, request);
+            }
+            return this;
+        }
+
+        protected Builder setResponse(ServletResponse response) {
+            if (response != null) {
+                getSubjectContext().put(SubjectFactory.SERVLET_RESPONSE, response);
+            }
+            return this;
+        }
+
+        public WebSubject buildWebSubject() {
+            Subject subject = super.buildSubject();
+            if (!(subject instanceof WebSubject)) {
+                String msg = "Subject implementation returned from the SecurityManager was
not a " +
+                        WebSubject.class.getName() + " implementation.  Please ensure a Web-enabled
SecurityManager " +
+                        "has been configured and made available to this builder.";
+                throw new IllegalStateException(msg);
+            }
+            return (WebSubject) subject;
+        }
+    }
+
 }

Modified: incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/AbstractWebSecurityManagerTest.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/AbstractWebSecurityManagerTest.java?rev=808950&r1=808949&r2=808950&view=diff
==============================================================================
--- incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/AbstractWebSecurityManagerTest.java
(original)
+++ incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/AbstractWebSecurityManagerTest.java
Fri Aug 28 16:46:35 2009
@@ -22,7 +22,6 @@
 import org.apache.shiro.subject.Subject;
 import org.apache.shiro.util.ThreadContext;
 import org.apache.shiro.web.subject.WebSubject;
-import org.apache.shiro.web.subject.WebSubjectBuilder;
 import org.apache.shiro.web.subject.support.WebSubjectThreadState;
 import org.junit.After;
 
@@ -40,7 +39,9 @@
     }
 
     protected Subject newSubject(SecurityManager sm, ServletRequest request, ServletResponse
response) {
-        WebSubject subject = new WebSubjectBuilder(sm, request, response).buildWebSubject();
+        WebUtils.bind(request);
+        WebUtils.bind(response);
+        WebSubject subject = new WebSubject.Builder(sm, request, response).buildWebSubject();
         WebSubjectThreadState threadState = new WebSubjectThreadState(subject);
         threadState.bind();
         return subject;



Mime
View raw message