View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.shiro.samples.guice;
20  
21  import com.google.inject.Provides;
22  import com.google.inject.binder.AnnotatedBindingBuilder;
23  import com.google.inject.name.Names;
24  import org.apache.shiro.config.ConfigurationException;
25  import org.apache.shiro.config.Ini;
26  import org.apache.shiro.guice.web.ShiroWebModule;
27  import org.apache.shiro.lang.codec.Base64;
28  import org.apache.shiro.realm.text.IniRealm;
29  import org.apache.shiro.session.mgt.SessionManager;
30  import org.apache.shiro.web.mgt.CookieRememberMeManager;
31  import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
32  import org.apache.shiro.web.mgt.WebSecurityManager;
33  import org.apache.shiro.web.servlet.Cookie;
34  import org.apache.shiro.web.servlet.SimpleCookie;
35  import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
36  
37  import javax.inject.Singleton;
38  import javax.servlet.ServletContext;
39  import java.net.MalformedURLException;
40  import java.net.URL;
41  
42  public class SampleShiroNativeSessionsServletModule extends ShiroWebModule {
43      private final ServletContext servletContext;
44  
45      public SampleShiroNativeSessionsServletModule(ServletContext servletContext) {
46          super(servletContext);
47  
48          this.servletContext = servletContext;
49      }
50  
51      @Override
52      protected void configureShiroWeb() {
53          bindConstant().annotatedWith(Names.named("shiro.loginUrl")).to("/login.jsp");
54          try {
55              this.bindRealm().toConstructor(IniRealm.class.getConstructor(Ini.class));
56          } catch (NoSuchMethodException e) {
57              addError("Could not locate proper constructor for IniRealm.", e);
58          }
59  
60          this.addFilterChain("/login.jsp", AUTHC);
61          this.addFilterChain("/logout", LOGOUT);
62          this.addFilterChain("/account/**", AUTHC);
63          this.addFilterChain("/remoting/**",
64                  filterConfig(AUTHC),
65                  filterConfig(ROLES, "b2bClient"),
66                  filterConfig(PERMS, "remote:invoke:lan,wan"));
67      }
68  
69      @Provides
70      @Singleton
71      Ini loadShiroIni() throws MalformedURLException {
72          URL iniUrl = servletContext.getResource("/WEB-INF/shiro.ini");
73          return Ini.fromResourcePath("url:" + iniUrl.toExternalForm());
74      }
75  
76      @SuppressWarnings("checkstyle:MagicNumber")
77      @Override
78      protected void bindSessionManager(AnnotatedBindingBuilder<SessionManager> bind) {
79          bind.to(DefaultWebSessionManager.class);
80          bindConstant().annotatedWith(Names.named("shiro.globalSessionTimeout")).to(5000L);
81          bindConstant().annotatedWith(Names.named("shiro.sessionIdUrlRewritingEnabled")).to(false);
82          bind(DefaultWebSessionManager.class);
83          bind(Cookie.class).toInstance(new SimpleCookie("myCookie"));
84      }
85  
86      @Override
87      protected void bindWebSecurityManager(AnnotatedBindingBuilder<? super WebSecurityManager> bind) {
88          try {
89              String cipherKey = loadShiroIni().getSectionProperty("main", "securityManager.rememberMeManager.cipherKey");
90  
91              DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
92              CookieRememberMeManager rememberMeManager = new CookieRememberMeManager();
93              rememberMeManager.setCipherKey(Base64.decode(cipherKey));
94              securityManager.setRememberMeManager(rememberMeManager);
95              bind.toInstance(securityManager);
96          } catch (MalformedURLException e) {
97              // for now just throw, you could just call
98              // super.bindWebSecurityManager(bind) if you do not need rememberMe functionality
99              throw new ConfigurationException("securityManager.rememberMeManager.cipherKey must be set in shiro.ini.");
100         }
101     }
102 }