001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied.  See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 */
019package org.apache.shiro.spring.web.config;
020
021import org.apache.shiro.mgt.RememberMeManager;
022import org.apache.shiro.mgt.SessionStorageEvaluator;
023import org.apache.shiro.mgt.SessionsSecurityManager;
024import org.apache.shiro.mgt.SubjectFactory;
025import org.apache.shiro.session.mgt.SessionManager;
026import org.apache.shiro.spring.config.AbstractShiroConfiguration;
027import org.apache.shiro.spring.web.ShiroUrlPathHelper;
028import org.apache.shiro.web.mgt.CookieRememberMeManager;
029import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
030import org.apache.shiro.web.mgt.DefaultWebSessionStorageEvaluator;
031import org.apache.shiro.web.mgt.DefaultWebSubjectFactory;
032import org.apache.shiro.web.servlet.Cookie;
033import org.apache.shiro.web.servlet.SimpleCookie;
034import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
035import org.apache.shiro.web.session.mgt.ServletContainerSessionManager;
036import org.springframework.beans.factory.annotation.Value;
037
038/**
039 * @since 1.4.0
040 */
041public class AbstractShiroWebConfiguration extends AbstractShiroConfiguration {
042
043    @Value("#{ @environment['shiro.sessionManager.sessionIdCookieEnabled'] ?: true }")
044    protected boolean sessionIdCookieEnabled;
045
046    @Value("#{ @environment['shiro.sessionManager.sessionIdUrlRewritingEnabled'] ?: false }")
047    protected boolean sessionIdUrlRewritingEnabled;
048
049    @Value("#{ @environment['shiro.userNativeSessionManager'] ?: false }")
050    protected boolean useNativeSessionManager;
051
052
053    // Session Cookie info
054
055    @Value("#{ @environment['shiro.sessionManager.cookie.name'] ?: T(org.apache.shiro.web.servlet.ShiroHttpSession).DEFAULT_SESSION_ID_NAME }")
056    protected String sessionIdCookieName;
057
058    @Value("#{ @environment['shiro.sessionManager.cookie.maxAge'] ?: T(org.apache.shiro.web.servlet.SimpleCookie).DEFAULT_MAX_AGE }")
059    protected int sessionIdCookieMaxAge;
060
061    @Value("#{ @environment['shiro.sessionManager.cookie.domain'] ?: null }")
062    protected String sessionIdCookieDomain;
063
064    @Value("#{ @environment['shiro.sessionManager.cookie.path'] ?: null }")
065    protected String sessionIdCookiePath;
066
067    @Value("#{ @environment['shiro.sessionManager.cookie.secure'] ?: false }")
068    protected boolean sessionIdCookieSecure;
069
070    @Value("#{ @environment['shiro.sessionManager.cookie.sameSite'] ?: T(org.apache.shiro.web.servlet.Cookie.SameSiteOptions).LAX  }")
071    protected Cookie.SameSiteOptions sessionIdCookieSameSite;
072
073
074    // RememberMe Cookie info
075
076    @Value("#{ @environment['shiro.rememberMeManager.cookie.name'] ?: T(org.apache.shiro.web.mgt.CookieRememberMeManager).DEFAULT_REMEMBER_ME_COOKIE_NAME }")
077    protected String rememberMeCookieName;
078
079    @Value("#{ @environment['shiro.rememberMeManager.cookie.maxAge'] ?: T(org.apache.shiro.web.servlet.Cookie).ONE_YEAR }")
080    protected int rememberMeCookieMaxAge;
081
082    @Value("#{ @environment['shiro.rememberMeManager.cookie.domain'] ?: null }")
083    protected String rememberMeCookieDomain;
084
085    @Value("#{ @environment['shiro.rememberMeManager.cookie.path'] ?: null }")
086    protected String rememberMeCookiePath;
087
088    @Value("#{ @environment['shiro.rememberMeManager.cookie.secure'] ?: false }")
089    protected boolean rememberMeCookieSecure;
090
091    @Value("#{ @environment['shiro.rememberMeManager.cookie.sameSite'] ?: T(org.apache.shiro.web.servlet.Cookie.SameSiteOptions).LAX }")
092    protected Cookie.SameSiteOptions rememberMeSameSite;
093
094
095    protected SessionManager nativeSessionManager() {
096        DefaultWebSessionManager webSessionManager = new DefaultWebSessionManager();
097        webSessionManager.setSessionIdCookieEnabled(sessionIdCookieEnabled);
098        webSessionManager.setSessionIdUrlRewritingEnabled(sessionIdUrlRewritingEnabled);
099        webSessionManager.setSessionIdCookie(sessionCookieTemplate());
100
101        webSessionManager.setSessionFactory(sessionFactory());
102        webSessionManager.setSessionDAO(sessionDAO());
103        webSessionManager.setDeleteInvalidSessions(sessionManagerDeleteInvalidSessions);
104
105        return webSessionManager;
106    }
107
108    protected Cookie sessionCookieTemplate() {
109        return buildCookie(
110                sessionIdCookieName,
111                sessionIdCookieMaxAge,
112                sessionIdCookiePath,
113                sessionIdCookieDomain,
114                sessionIdCookieSecure,
115                sessionIdCookieSameSite);
116    }
117
118    protected Cookie rememberMeCookieTemplate() {
119        return buildCookie(
120                rememberMeCookieName,
121                rememberMeCookieMaxAge,
122                rememberMeCookiePath,
123                rememberMeCookieDomain,
124                rememberMeCookieSecure,
125                rememberMeSameSite);
126    }
127
128    protected Cookie buildCookie(String name, int maxAge, String path, String domain, boolean secure) {
129        return buildCookie(name, maxAge, path, domain, secure, Cookie.SameSiteOptions.LAX);
130    }
131
132    protected Cookie buildCookie(String name, int maxAge, String path, String domain, boolean secure, Cookie.SameSiteOptions sameSiteOption) {
133        Cookie cookie = new SimpleCookie(name);
134        cookie.setHttpOnly(true);
135        cookie.setMaxAge(maxAge);
136        cookie.setPath(path);
137        cookie.setDomain(domain);
138        cookie.setSecure(secure);
139        cookie.setSameSite(sameSiteOption);
140
141        return cookie;
142    }
143
144    @Override
145    protected SessionManager sessionManager() {
146        if (useNativeSessionManager) {
147            return nativeSessionManager();
148        }
149        return new ServletContainerSessionManager();
150    }
151
152    @Override
153    protected RememberMeManager rememberMeManager() {
154        CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
155        cookieRememberMeManager.setCookie(rememberMeCookieTemplate());
156        return cookieRememberMeManager;
157    }
158
159    @Override
160    protected SubjectFactory subjectFactory() {
161        return new DefaultWebSubjectFactory();
162    }
163
164    @Override
165    protected SessionStorageEvaluator sessionStorageEvaluator() {
166        return new DefaultWebSessionStorageEvaluator();
167    }
168
169    @Override
170    protected SessionsSecurityManager createSecurityManager() {
171
172        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
173        securityManager.setSubjectDAO(subjectDAO());
174        securityManager.setSubjectFactory(subjectFactory());
175        securityManager.setRememberMeManager(rememberMeManager());
176
177        return securityManager;
178    }
179
180    protected ShiroFilterChainDefinition shiroFilterChainDefinition() {
181        DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition();
182        chainDefinition.addPathDefinition("/**", "authc");
183        return chainDefinition;
184    }
185
186    protected ShiroUrlPathHelper shiroUrlPathHelper() {
187        return new ShiroUrlPathHelper();
188    }
189}