View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.shiro.samples.guice;
20  
21  import com.google.inject.Provides;
22  import com.google.inject.binder.AnnotatedBindingBuilder;
23  import com.google.inject.name.Names;
24  import org.apache.shiro.codec.Base64;
25  import org.apache.shiro.config.ConfigurationException;
26  import org.apache.shiro.config.Ini;
27  import org.apache.shiro.guice.web.ShiroWebModule;
28  import org.apache.shiro.realm.text.IniRealm;
29  import org.apache.shiro.web.mgt.CookieRememberMeManager;
30  import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
31  import org.apache.shiro.web.mgt.WebSecurityManager;
32  
33  import javax.inject.Singleton;
34  import javax.servlet.ServletContext;
35  import java.net.MalformedURLException;
36  import java.net.URL;
37  
38  public class SampleShiroServletModule extends ShiroWebModule {
39      private final ServletContext servletContext;
40  
41      public SampleShiroServletModule(ServletContext servletContext) {
42          super(servletContext);
43  
44          this.servletContext = servletContext;
45      }
46  
47      @Override
48      protected void configureShiroWeb() {
49          bindConstant().annotatedWith(Names.named("shiro.loginUrl")).to("/login.jsp");
50          try {
51              this.bindRealm().toConstructor(IniRealm.class.getConstructor(Ini.class));
52          } catch (NoSuchMethodException e) {
53              addError("Could not locate proper constructor for IniRealm.", e);
54          }
55  
56          this.addFilterChain("/login.jsp", AUTHC);
57          this.addFilterChain("/logout", LOGOUT);
58          this.addFilterChain("/account/**", AUTHC);
59          this.addFilterChain("/remoting/**", AUTHC, config(ROLES, "b2bClient"), config(PERMS, "remote:invoke:lan,wan"));
60      }
61  
62      @Provides
63      @Singleton
64      Ini loadShiroIni() throws MalformedURLException {
65          URL iniUrl = servletContext.getResource("/WEB-INF/shiro.ini");
66          return Ini.fromResourcePath("url:" + iniUrl.toExternalForm());
67      }
68  
69      @Override
70      protected void bindWebSecurityManager(AnnotatedBindingBuilder<? super WebSecurityManager> bind)
71      {
72          try
73          {
74              String cipherKey = loadShiroIni().getSectionProperty( "main", "securityManager.rememberMeManager.cipherKey" );
75  
76              DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
77              CookieRememberMeManager rememberMeManager = new CookieRememberMeManager();
78              rememberMeManager.setCipherKey( Base64.decode( cipherKey ) );
79              securityManager.setRememberMeManager(rememberMeManager);
80              bind.toInstance(securityManager);
81          }
82          catch ( MalformedURLException e )
83          {
84              // for now just throw, you could just call
85              // super.bindWebSecurityManager(bind) if you do not need rememberMe functionality
86              throw new ConfigurationException( "securityManager.rememberMeManager.cipherKey must be set in shiro.ini." );
87          }
88  
89  
90      }
91  }