001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied.  See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 */
019package org.apache.shiro.mgt;
020
021import org.apache.shiro.authc.AuthenticationException;
022import org.apache.shiro.authc.AuthenticationInfo;
023import org.apache.shiro.authc.AuthenticationToken;
024import org.apache.shiro.authc.Authenticator;
025import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
026import org.apache.shiro.util.LifecycleUtils;
027
028
029/**
030 * Shiro support of a {@link SecurityManager} class hierarchy that delegates all
031 * authentication operations to a wrapped {@link Authenticator Authenticator} instance.  That is, this class
032 * implements all the <tt>Authenticator</tt> methods in the {@link SecurityManager SecurityManager}
033 * interface, but in reality, those methods are merely passthrough calls to the underlying 'real'
034 * <tt>Authenticator</tt> instance.
035 *
036 * <p>All other <tt>SecurityManager</tt> (authorization, session, etc) methods are left to be implemented by subclasses.
037 *
038 * <p>In keeping with the other classes in this hierarchy and Shiro's desire to minimize configuration whenever
039 * possible, suitable default instances for all dependencies are created upon instantiation.
040 *
041 * @since 0.9
042 */
043public abstract class AuthenticatingSecurityManager extends RealmSecurityManager {
044
045    /**
046     * The internal <code>Authenticator</code> delegate instance that this SecurityManager instance will use
047     * to perform all authentication operations.
048     */
049    private Authenticator authenticator;
050
051    /**
052     * Default no-arg constructor that initializes its internal
053     * <code>authenticator</code> instance to a
054     * {@link org.apache.shiro.authc.pam.ModularRealmAuthenticator ModularRealmAuthenticator}.
055     */
056    public AuthenticatingSecurityManager() {
057        super();
058        this.authenticator = new ModularRealmAuthenticator();
059    }
060
061    /**
062     * Returns the delegate <code>Authenticator</code> instance that this SecurityManager uses to perform all
063     * authentication operations.  Unless overridden by the
064     * {@link #setAuthenticator(org.apache.shiro.authc.Authenticator) setAuthenticator}, the default instance is a
065     * {@link org.apache.shiro.authc.pam.ModularRealmAuthenticator ModularRealmAuthenticator}.
066     *
067     * @return the delegate <code>Authenticator</code> instance that this SecurityManager uses to perform all
068     *         authentication operations.
069     */
070    public Authenticator getAuthenticator() {
071        return authenticator;
072    }
073
074    /**
075     * Sets the delegate <code>Authenticator</code> instance that this SecurityManager uses to perform all
076     * authentication operations.  Unless overridden by this method, the default instance is a
077     * {@link org.apache.shiro.authc.pam.ModularRealmAuthenticator ModularRealmAuthenticator}.
078     *
079     * @param authenticator the delegate <code>Authenticator</code> instance that this SecurityManager will use to
080     *                      perform all authentication operations.
081     * @throws IllegalArgumentException if the argument is <code>null</code>.
082     */
083    public void setAuthenticator(Authenticator authenticator) throws IllegalArgumentException {
084        if (authenticator == null) {
085            String msg = "Authenticator argument cannot be null.";
086            throw new IllegalArgumentException(msg);
087        }
088        this.authenticator = authenticator;
089    }
090
091    /**
092     * Passes on the {@link #getRealms() realms} to the internal delegate <code>Authenticator</code> instance so
093     * that it may use them during authentication attempts.
094     */
095    protected void afterRealmsSet() {
096        super.afterRealmsSet();
097        if (this.authenticator instanceof ModularRealmAuthenticator) {
098            ((ModularRealmAuthenticator) this.authenticator).setRealms(getRealms());
099        }
100    }
101
102    /**
103     * Delegates to the wrapped {@link org.apache.shiro.authc.Authenticator Authenticator} for authentication.
104     */
105    public AuthenticationInfo authenticate(AuthenticationToken token) throws AuthenticationException {
106        return this.authenticator.authenticate(token);
107    }
108
109    public void destroy() {
110        LifecycleUtils.destroy(getAuthenticator());
111        this.authenticator = null;
112        super.destroy();
113    }
114}