org.apache.shiro.realm.text
Class TextConfigurationRealm

java.lang.Object
  extended by org.apache.shiro.realm.CachingRealm
      extended by org.apache.shiro.realm.AuthenticatingRealm
          extended by org.apache.shiro.realm.AuthorizingRealm
              extended by org.apache.shiro.realm.SimpleAccountRealm
                  extended by org.apache.shiro.realm.text.TextConfigurationRealm
All Implemented Interfaces:
LogoutAware, Authorizer, PermissionResolverAware, RolePermissionResolverAware, CacheManagerAware, Realm, Initializable, Nameable
Direct Known Subclasses:
IniRealm, PropertiesRealm

public class TextConfigurationRealm
extends SimpleAccountRealm

A SimpleAccountRealm that enables text-based configuration of the initial User, Role, and Permission objects created at startup.

Each User account definition specifies the username, password, and roles for a user. Each Role definition specifies a name and an optional collection of assigned Permissions. Users can be assigned Roles, and Roles can be assigned Permissions. By transitive association, each User 'has' all of their Role's Permissions.

User and user-to-role definitions are specified via the setUserDefinitions(java.lang.String) method and Role-to-permission definitions are specified via the setRoleDefinitions(java.lang.String) method.

Since:
0.9

Field Summary
 
Fields inherited from class org.apache.shiro.realm.SimpleAccountRealm
roles, ROLES_LOCK, users, USERS_LOCK
 
Constructor Summary
TextConfigurationRealm()
           
 
Method Summary
 String getRoleDefinitions()
           
 String getUserDefinitions()
           
protected  void onInit()
          Will call 'processDefinitions' on startup.
protected  void processDefinitions()
           
protected  void processRoleDefinitions()
           
protected  void processRoleDefinitions(Map<String,String> roleDefs)
           
protected  void processUserDefinitions()
           
protected  void processUserDefinitions(Map<String,String> userDefs)
           
 void setRoleDefinitions(String roleDefinitions)
          Sets a newline (\n) delimited String that defines role-to-permission definitions.
 void setUserDefinitions(String userDefinitions)
          Sets a newline (\n) delimited String that defines user-to-password-and-role(s) key/value pairs according to the following format:

protected static Set<String> toLines(String s)
           
protected static Map<String,String> toMap(Collection<String> keyValuePairs)
           
 
Methods inherited from class org.apache.shiro.realm.SimpleAccountRealm
accountExists, add, add, addAccount, addAccount, addRole, doGetAuthenticationInfo, doGetAuthorizationInfo, getRole, getUser, getUsername, getUsername, roleExists, toSet
 
Methods inherited from class org.apache.shiro.realm.AuthorizingRealm
afterCacheManagerSet, checkPermission, checkPermission, checkPermission, checkPermissions, checkPermissions, checkPermissions, checkRole, checkRole, checkRoles, checkRoles, checkRoles, clearCachedAuthorizationInfo, doClearCache, getAuthorizationCache, getAuthorizationCacheKey, getAuthorizationCacheName, getAuthorizationInfo, getPermissionResolver, getRolePermissionResolver, hasAllRoles, hasRole, hasRole, hasRoles, hasRoles, isAuthorizationCachingEnabled, isPermitted, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, isPermittedAll, setAuthorizationCache, setAuthorizationCacheName, setAuthorizationCachingEnabled, setName, setPermissionResolver, setRolePermissionResolver
 
Methods inherited from class org.apache.shiro.realm.AuthenticatingRealm
assertCredentialsMatch, clearCachedAuthenticationInfo, getAuthenticationCache, getAuthenticationCacheKey, getAuthenticationCacheKey, getAuthenticationCacheName, getAuthenticationInfo, getAuthenticationTokenClass, getCredentialsMatcher, init, isAuthenticationCachingEnabled, isAuthenticationCachingEnabled, setAuthenticationCache, setAuthenticationCacheName, setAuthenticationCachingEnabled, setAuthenticationTokenClass, setCredentialsMatcher, supports
 
Methods inherited from class org.apache.shiro.realm.CachingRealm
clearCache, getAvailablePrincipal, getCacheManager, getName, isCachingEnabled, onLogout, setCacheManager, setCachingEnabled
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.apache.shiro.util.Initializable
init
 

Constructor Detail

TextConfigurationRealm

public TextConfigurationRealm()
Method Detail

onInit

protected void onInit()
Will call 'processDefinitions' on startup.

Overrides:
onInit in class AuthorizingRealm
Since:
1.2
See Also:
SHIRO-223

getUserDefinitions

public String getUserDefinitions()

setUserDefinitions

public void setUserDefinitions(String userDefinitions)

Sets a newline (\n) delimited String that defines user-to-password-and-role(s) key/value pairs according to the following format:

username = password, role1, role2,...

Here are some examples of what these lines might look like:

root = reallyHardToGuessPassword, administrator
jsmith = jsmithsPassword, manager, engineer, employee
abrown = abrownsPassword, qa, employee
djones = djonesPassword, qa, contractor
guest = guestPassword

Parameters:
userDefinitions - the user definitions to be parsed and converted to Map.Entry elements

getRoleDefinitions

public String getRoleDefinitions()

setRoleDefinitions

public void setRoleDefinitions(String roleDefinitions)
Sets a newline (\n) delimited String that defines role-to-permission definitions.

Each line within the string must define a role-to-permission(s) key/value mapping with the equals character signifies the key/value separation, like so:

rolename = permissionDefinition1, permissionDefinition2, ...

where permissionDefinition is an arbitrary String, but must people will want to use Strings that conform to the WildcardPermission format for ease of use and flexibility. Note that if an individual permissionDefnition needs to be internally comma-delimited (e.g. printer:5thFloor:print,info), you will need to surround that definition with double quotes (") to avoid parsing errors (e.g. "printer:5thFloor:print,info").

NOTE: if you have roles that don't require permission associations, don't include them in this definition - just defining the role name in the userDefinitions is enough to create the role if it does not yet exist. This property is really only for configuring realms that have one or more assigned Permission.

Parameters:
roleDefinitions - the role definitions to be parsed at initialization

processDefinitions

protected void processDefinitions()

processRoleDefinitions

protected void processRoleDefinitions()
                               throws ParseException
Throws:
ParseException

processRoleDefinitions

protected void processRoleDefinitions(Map<String,String> roleDefs)

processUserDefinitions

protected void processUserDefinitions()
                               throws ParseException
Throws:
ParseException

processUserDefinitions

protected void processUserDefinitions(Map<String,String> userDefs)

toLines

protected static Set<String> toLines(String s)

toMap

protected static Map<String,String> toMap(Collection<String> keyValuePairs)
                                   throws ParseException
Throws:
ParseException


Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.