| <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en"><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/><link rel="stylesheet" href="../jacoco-resources/report.css" type="text/css"/><link rel="shortcut icon" href="../jacoco-resources/report.gif" type="image/gif"/><title>SimpleAccountRealm.java</title><link rel="stylesheet" href="../jacoco-resources/prettify.css" type="text/css"/><script type="text/javascript" src="../jacoco-resources/prettify.js"></script></head><body onload="window['PR_TAB_WIDTH']=4;prettyPrint()"><div class="breadcrumb" id="breadcrumb"><span class="info"><a href="../jacoco-sessions.html" class="el_session">Sessions</a></span><a href="../index.html" class="el_report">Apache Shiro :: Core</a> > <a href="index.source.html" class="el_package">org.apache.shiro.realm</a> > <span class="el_source">SimpleAccountRealm.java</span></div><h1>SimpleAccountRealm.java</h1><pre class="source lang-java linenums">/* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| package org.apache.shiro.realm; |
| |
| import org.apache.shiro.authc.AuthenticationException; |
| import org.apache.shiro.authc.AuthenticationInfo; |
| import org.apache.shiro.authc.AuthenticationToken; |
| import org.apache.shiro.authc.ExpiredCredentialsException; |
| import org.apache.shiro.authc.LockedAccountException; |
| import org.apache.shiro.authc.SimpleAccount; |
| import org.apache.shiro.authc.UsernamePasswordToken; |
| import org.apache.shiro.authz.AuthorizationInfo; |
| import org.apache.shiro.authz.SimpleRole; |
| import org.apache.shiro.subject.PrincipalCollection; |
| import org.apache.shiro.util.CollectionUtils; |
| |
| import java.util.HashSet; |
| import java.util.LinkedHashMap; |
| import java.util.Map; |
| import java.util.Set; |
| import java.util.concurrent.locks.ReadWriteLock; |
| import java.util.concurrent.locks.ReentrantReadWriteLock; |
| |
| /** |
| * A simple implementation of the {@link Realm Realm} interface that |
| * uses a set of configured user accounts and roles to support authentication and authorization. Each account entry |
| * specifies the username, password, and roles for a user. Roles can also be mapped |
| * to permissions and associated with users. |
| * <p/> |
| * User accounts and roles are stored in two {@code Map}s in memory, so it is expected that the total number of either |
| * is not sufficiently large. |
| * |
| * @since 0.1 |
| */ |
| public class SimpleAccountRealm extends AuthorizingRealm { |
| |
| //TODO - complete JavaDoc |
| protected final Map<String, SimpleAccount> users; //username-to-SimpleAccount |
| protected final Map<String, SimpleRole> roles; //roleName-to-SimpleRole |
| protected final ReadWriteLock USERS_LOCK; |
| protected final ReadWriteLock ROLES_LOCK; |
| |
| <span class="fc" id="L59"> public SimpleAccountRealm() {</span> |
| <span class="fc" id="L60"> this.users = new LinkedHashMap<String, SimpleAccount>();</span> |
| <span class="fc" id="L61"> this.roles = new LinkedHashMap<String, SimpleRole>();</span> |
| <span class="fc" id="L62"> USERS_LOCK = new ReentrantReadWriteLock();</span> |
| <span class="fc" id="L63"> ROLES_LOCK = new ReentrantReadWriteLock();</span> |
| //SimpleAccountRealms are memory-only realms - no need for an additional cache mechanism since we're |
| //already as memory-efficient as we can be: |
| <span class="fc" id="L66"> setCachingEnabled(false);</span> |
| <span class="fc" id="L67"> }</span> |
| |
| public SimpleAccountRealm(String name) { |
| <span class="nc" id="L70"> this();</span> |
| <span class="nc" id="L71"> setName(name);</span> |
| <span class="nc" id="L72"> }</span> |
| |
| protected SimpleAccount getUser(String username) { |
| <span class="fc" id="L75"> USERS_LOCK.readLock().lock();</span> |
| try { |
| <span class="fc" id="L77"> return this.users.get(username);</span> |
| } finally { |
| <span class="fc" id="L79"> USERS_LOCK.readLock().unlock();</span> |
| } |
| } |
| |
| public boolean accountExists(String username) { |
| <span class="fc bfc" id="L84" title="All 2 branches covered."> return getUser(username) != null;</span> |
| } |
| |
| public void addAccount(String username, String password) { |
| <span class="nc" id="L88"> addAccount(username, password, (String[]) null);</span> |
| <span class="nc" id="L89"> }</span> |
| |
| public void addAccount(String username, String password, String... roles) { |
| <span class="nc" id="L92"> Set<String> roleNames = CollectionUtils.asSet(roles);</span> |
| <span class="nc" id="L93"> SimpleAccount account = new SimpleAccount(username, password, getName(), roleNames, null);</span> |
| <span class="nc" id="L94"> add(account);</span> |
| <span class="nc" id="L95"> }</span> |
| |
| protected String getUsername(SimpleAccount account) { |
| <span class="fc" id="L98"> return getUsername(account.getPrincipals());</span> |
| } |
| |
| protected String getUsername(PrincipalCollection principals) { |
| <span class="fc" id="L102"> return getAvailablePrincipal(principals).toString();</span> |
| } |
| |
| protected void add(SimpleAccount account) { |
| <span class="fc" id="L106"> String username = getUsername(account);</span> |
| <span class="fc" id="L107"> USERS_LOCK.writeLock().lock();</span> |
| try { |
| <span class="fc" id="L109"> this.users.put(username, account);</span> |
| } finally { |
| <span class="fc" id="L111"> USERS_LOCK.writeLock().unlock();</span> |
| } |
| <span class="fc" id="L113"> }</span> |
| |
| protected SimpleRole getRole(String rolename) { |
| <span class="fc" id="L116"> ROLES_LOCK.readLock().lock();</span> |
| try { |
| <span class="fc" id="L118"> return roles.get(rolename);</span> |
| } finally { |
| <span class="fc" id="L120"> ROLES_LOCK.readLock().unlock();</span> |
| } |
| } |
| |
| public boolean roleExists(String name) { |
| <span class="fc bfc" id="L125" title="All 2 branches covered."> return getRole(name) != null;</span> |
| } |
| |
| public void addRole(String name) { |
| <span class="nc" id="L129"> add(new SimpleRole(name));</span> |
| <span class="nc" id="L130"> }</span> |
| |
| protected void add(SimpleRole role) { |
| <span class="fc" id="L133"> ROLES_LOCK.writeLock().lock();</span> |
| try { |
| <span class="fc" id="L135"> roles.put(role.getName(), role);</span> |
| } finally { |
| <span class="fc" id="L137"> ROLES_LOCK.writeLock().unlock();</span> |
| } |
| <span class="fc" id="L139"> }</span> |
| |
| protected static Set<String> toSet(String delimited, String delimiter) { |
| <span class="nc bnc" id="L142" title="All 4 branches missed."> if (delimited == null || delimited.trim().equals("")) {</span> |
| <span class="nc" id="L143"> return null;</span> |
| } |
| |
| <span class="nc" id="L146"> Set<String> values = new HashSet<String>();</span> |
| <span class="nc" id="L147"> String[] rolenamesArray = delimited.split(delimiter);</span> |
| <span class="nc bnc" id="L148" title="All 2 branches missed."> for (String s : rolenamesArray) {</span> |
| <span class="nc" id="L149"> String trimmed = s.trim();</span> |
| <span class="nc bnc" id="L150" title="All 2 branches missed."> if (trimmed.length() > 0) {</span> |
| <span class="nc" id="L151"> values.add(trimmed);</span> |
| } |
| } |
| |
| <span class="nc" id="L155"> return values;</span> |
| } |
| |
| protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { |
| <span class="fc" id="L159"> UsernamePasswordToken upToken = (UsernamePasswordToken) token;</span> |
| <span class="fc" id="L160"> SimpleAccount account = getUser(upToken.getUsername());</span> |
| |
| <span class="pc bpc" id="L162" title="1 of 2 branches missed."> if (account != null) {</span> |
| |
| <span class="pc bpc" id="L164" title="1 of 2 branches missed."> if (account.isLocked()) {</span> |
| <span class="nc" id="L165"> throw new LockedAccountException("Account [" + account + "] is locked.");</span> |
| } |
| <span class="pc bpc" id="L167" title="1 of 2 branches missed."> if (account.isCredentialsExpired()) {</span> |
| <span class="nc" id="L168"> String msg = "The credentials for account [" + account + "] are expired";</span> |
| <span class="nc" id="L169"> throw new ExpiredCredentialsException(msg);</span> |
| } |
| |
| } |
| |
| <span class="fc" id="L174"> return account;</span> |
| } |
| |
| protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { |
| <span class="fc" id="L178"> String username = getUsername(principals);</span> |
| <span class="fc" id="L179"> USERS_LOCK.readLock().lock();</span> |
| try { |
| <span class="fc" id="L181"> return this.users.get(username);</span> |
| } finally { |
| <span class="fc" id="L183"> USERS_LOCK.readLock().unlock();</span> |
| } |
| } |
| } |
| </pre><div class="footer"><span class="right">Created with <a href="http://www.jacoco.org/jacoco">JaCoCo</a> 0.8.3.201901230119</span></div></body></html> |