001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied.  See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 */
019package org.apache.shiro.samples;
020
021import org.apache.shiro.SecurityUtils;
022import org.apache.shiro.authc.UsernamePasswordToken;
023import org.apache.shiro.authz.AuthorizationException;
024import org.apache.shiro.mgt.SecurityManager;
025import org.apache.shiro.subject.Subject;
026import org.apache.shiro.util.Assert;
027import org.slf4j.Logger;
028import org.slf4j.LoggerFactory;
029import org.springframework.beans.factory.annotation.Autowired;
030import org.springframework.stereotype.Component;
031
032import javax.annotation.PostConstruct;
033
034/**
035 * Simple Bean used to demonstrate subject usage.
036 */
037@Component
038public class QuickStart {
039
040    private static Logger log = LoggerFactory.getLogger(QuickStart.class);
041
042    @Autowired
043    private SecurityManager securityManager;
044
045    @Autowired
046    private SimpleService simpleService;
047
048    public void run() {
049
050        // get the current subject
051        Subject subject = SecurityUtils.getSubject();
052
053        // Subject is not authenticated yet
054        Assert.isTrue(!subject.isAuthenticated());
055
056        // login the subject with a username / password
057        UsernamePasswordToken token = new UsernamePasswordToken("joe.coder", "password");
058        subject.login(token);
059
060        // joe.coder has the "user" role
061        subject.checkRole("user");
062
063        // joe.coder does NOT have the admin role
064        Assert.isTrue(!subject.hasRole("admin"));
065
066        // joe.coder has the "read" permission
067        subject.checkPermission("read");
068
069        // current user is allowed to execute this method.
070        simpleService.readRestrictedCall();
071
072        try {
073            // but not this one!
074            simpleService.writeRestrictedCall();
075        }
076        catch (AuthorizationException e) {
077            log.info("Subject was NOT allowed to execute method 'writeRestrictedCall'");
078        }
079
080        // logout
081        subject.logout();
082        Assert.isTrue(!subject.isAuthenticated());
083    }
084
085
086    /**
087     * Sets the static instance of SecurityManager. This is NOT needed for web applications.
088     */
089    @PostConstruct
090    private void initStaticSecurityManager() {
091        SecurityUtils.setSecurityManager(securityManager);
092    }
093}