| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| package org.apache.shiro.samples.spring.config; |
| |
| import org.apache.shiro.authc.credential.HashedCredentialsMatcher; |
| import org.apache.shiro.cache.CacheManager; |
| import org.apache.shiro.cache.ehcache.EhCacheManager; |
| import org.apache.shiro.mgt.SecurityManager; |
| import org.apache.shiro.samples.spring.BootstrapDataPopulator; |
| import org.apache.shiro.samples.spring.DefaultSampleManager; |
| import org.apache.shiro.samples.spring.realm.SaltAwareJdbcRealm; |
| import org.apache.shiro.spring.config.ShiroAnnotationProcessorConfiguration; |
| import org.apache.shiro.spring.config.ShiroBeanConfiguration; |
| import org.apache.shiro.spring.remoting.SecureRemoteInvocationExecutor; |
| import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition; |
| import org.apache.shiro.spring.web.config.ShiroFilterChainDefinition; |
| import org.apache.shiro.spring.web.config.ShiroWebConfiguration; |
| import org.apache.shiro.spring.web.config.ShiroWebFilterConfiguration; |
| import org.springframework.context.annotation.Bean; |
| import org.springframework.context.annotation.ComponentScan; |
| import org.springframework.context.annotation.Configuration; |
| import org.springframework.context.annotation.Import; |
| import org.springframework.context.annotation.PropertySource; |
| import org.springframework.jdbc.datasource.DriverManagerDataSource; |
| |
| import javax.sql.DataSource; |
| |
| import static org.apache.shiro.web.filter.mgt.DefaultFilter.anon; |
| |
| /** |
| * Application bean definitions. |
| */ |
| @Configuration |
| @PropertySource("classpath:application.properties") |
| @Import({ShiroBeanConfiguration.class, |
| ShiroAnnotationProcessorConfiguration.class, |
| ShiroWebConfiguration.class, |
| ShiroWebFilterConfiguration.class, |
| JspViewsConfig.class, |
| RemotingServletConfig.class}) |
| @ComponentScan("org.apache.shiro.samples.spring") |
| public class ApplicationConfig { |
| |
| |
| /** |
| *Populates the sample database with sample users and roles. |
| * @param dataSource |
| * @return |
| */ |
| @Bean |
| protected BootstrapDataPopulator bootstrapDataPopulator(DataSource dataSource) { |
| BootstrapDataPopulator populator =new BootstrapDataPopulator(); |
| populator.setDataSource(dataSource); |
| return populator; |
| } |
| |
| |
| /** |
| * Used by the SecurityManager to access security data (users, roles, etc). |
| * Many other realm implementations can be used too (PropertiesRealm, |
| * LdapRealm, etc. |
| * @param dataSource |
| * @return |
| */ |
| @Bean |
| protected SaltAwareJdbcRealm jdbcRealm(DataSource dataSource) { |
| |
| HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher(); |
| credentialsMatcher.setHashAlgorithmName("SHA-256"); |
| credentialsMatcher.setStoredCredentialsHexEncoded(false); |
| |
| SaltAwareJdbcRealm jdbcRealm = new SaltAwareJdbcRealm(); |
| jdbcRealm.setName("jdbcRealm"); |
| jdbcRealm.setCredentialsMatcher(credentialsMatcher); |
| jdbcRealm.setDataSource(dataSource); |
| |
| return jdbcRealm; |
| } |
| |
| |
| /** |
| * Let's use some enterprise caching support for better performance. You can replace this with any enterprise |
| * caching framework implementation that you like (Terracotta+Ehcache, Coherence, GigaSpaces, etc |
| * |
| * |
| * @return |
| */ |
| @Bean |
| protected EhCacheManager cacheManager() { |
| |
| EhCacheManager ehCacheManager = new EhCacheManager(); |
| |
| // Set a net.sf.ehcache.CacheManager instance here if you already have one. |
| // If not, a new one will be creaed with a default config: |
| // ehCacheManager.setCacheManager(...); |
| |
| // If you don't have a pre-built net.sf.ehcache.CacheManager instance to inject, but you want |
| // a specific Ehcache configuration to be used, specify that here. If you don't, a default |
| //will be used.: |
| // ehCacheManager.setCacheManagerConfigFile("classpath:some/path/to/ehcache.xml"); |
| |
| return ehCacheManager; |
| } |
| |
| /** |
| * Secure Spring remoting: Ensure any Spring Remoting method invocations can be associated |
| * with a Subject for security checks. |
| * @param securityManager |
| * @return |
| */ |
| @Bean |
| protected SecureRemoteInvocationExecutor secureRemoteInvocationExecutor(SecurityManager securityManager) { |
| |
| SecureRemoteInvocationExecutor executor = new SecureRemoteInvocationExecutor(); |
| executor.setSecurityManager(securityManager); |
| |
| return executor; |
| } |
| |
| |
| /** |
| * Simulated business-tier "Manager", not Shiro related, just an example |
| * @return |
| */ |
| @Bean |
| protected DefaultSampleManager sampleManager() { |
| return new DefaultSampleManager(); |
| } |
| |
| /** |
| * Sample RDBMS data source that would exist in any application - not Shiro related. |
| * @return |
| */ |
| @Bean |
| protected DriverManagerDataSource dataSource() { |
| |
| DriverManagerDataSource dataSource = new DriverManagerDataSource(); |
| dataSource.setDriverClassName("org.hsqldb.jdbcDriver"); |
| dataSource.setUrl("jdbc:hsqldb:mem:shiro-spring"); |
| dataSource.setUsername("sa"); |
| |
| return dataSource; |
| } |
| |
| @Bean |
| public ShiroFilterChainDefinition shiroFilterChainDefinition() { |
| DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition(); |
| // chainDefinition.addPathDefinition("/login.html", "authc"); // need to accept POSTs from the login form |
| // chainDefinition.addPathDefinition("/logout", "logout"); |
| |
| |
| chainDefinition.addPathDefinition("/favicon.ico", "anon"); |
| chainDefinition.addPathDefinition("/logo.png", "anon"); |
| chainDefinition.addPathDefinition("/shiro.css", "anon"); |
| chainDefinition.addPathDefinition("/s/login", "anon"); |
| chainDefinition.addPathDefinition("/*.jar", "anon"); //allow WebStart to pull the jars for the swing app |
| chainDefinition.addPathDefinition("/remoting/**", "anon"); // protected using SecureRemoteInvocationExecutor |
| chainDefinition.addPathDefinition("/**", "authc"); |
| |
| |
| return chainDefinition; |
| } |
| |
| |
| } |