Coverage Report - org.apache.shiro.authc.SimpleAccount
 
Classes in this File Line Coverage Branch Coverage Complexity
SimpleAccount
28%
25/87
9%
2/22
1.333
 
 1  
 /*
 2  
  * Licensed to the Apache Software Foundation (ASF) under one
 3  
  * or more contributor license agreements.  See the NOTICE file
 4  
  * distributed with this work for additional information
 5  
  * regarding copyright ownership.  The ASF licenses this file
 6  
  * to you under the Apache License, Version 2.0 (the
 7  
  * "License"); you may not use this file except in compliance
 8  
  * with the License.  You may obtain a copy of the License at
 9  
  *
 10  
  *     http://www.apache.org/licenses/LICENSE-2.0
 11  
  *
 12  
  * Unless required by applicable law or agreed to in writing,
 13  
  * software distributed under the License is distributed on an
 14  
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 15  
  * KIND, either express or implied.  See the License for the
 16  
  * specific language governing permissions and limitations
 17  
  * under the License.
 18  
  */
 19  
 package org.apache.shiro.authc;
 20  
 
 21  
 import org.apache.shiro.authz.Permission;
 22  
 import org.apache.shiro.authz.SimpleAuthorizationInfo;
 23  
 import org.apache.shiro.subject.PrincipalCollection;
 24  
 import org.apache.shiro.subject.SimplePrincipalCollection;
 25  
 import org.apache.shiro.util.ByteSource;
 26  
 
 27  
 import java.io.Serializable;
 28  
 import java.util.Collection;
 29  
 import java.util.Set;
 30  
 
 31  
 
 32  
 /**
 33  
  * Simple implementation of the {@link org.apache.shiro.authc.Account} interface that
 34  
  * contains principal and credential and authorization information (roles and permissions) as instance variables and
 35  
  * exposes them via getters and setters using standard JavaBean notation.
 36  
  *
 37  
  * @since 0.1
 38  
  */
 39  
 public class SimpleAccount implements Account, MergableAuthenticationInfo, SaltedAuthenticationInfo, Serializable {
 40  
 
 41  
     /*--------------------------------------------
 42  
     |    I N S T A N C E   V A R I A B L E S    |
 43  
     ============================================*/
 44  
     /**
 45  
      * The authentication information (principals and credentials) for this account.
 46  
      */
 47  
     private SimpleAuthenticationInfo authcInfo;
 48  
 
 49  
     /**
 50  
      * The authorization information for this account.
 51  
      */
 52  
     private SimpleAuthorizationInfo authzInfo;
 53  
 
 54  
     /**
 55  
      * Indicates this account is locked.  This isn't honored by all <tt>Realms</tt> but is honored by
 56  
      * {@link org.apache.shiro.realm.SimpleAccountRealm}.
 57  
      */
 58  
     private boolean locked;
 59  
 
 60  
     /**
 61  
      * Indicates credentials on this account are expired.  This isn't honored by all <tt>Realms</tt> but is honored by
 62  
      * {@link org.apache.shiro.realm.SimpleAccountRealm}.
 63  
      */
 64  
     private boolean credentialsExpired;
 65  
 
 66  
     /*--------------------------------------------
 67  
     |         C O N S T R U C T O R S           |
 68  
     ============================================*/
 69  
 
 70  
     /**
 71  
      * Default no-argument constructor.
 72  
      */
 73  0
     public SimpleAccount() {
 74  0
     }
 75  
 
 76  
     /**
 77  
      * Constructs a SimpleAccount instance for the specified realm with the given principals and credentials.
 78  
      *
 79  
      * @param principal   the 'primary' identifying attribute of the account, for example, a user id or username.
 80  
      * @param credentials the credentials that verify identity for the account
 81  
      * @param realmName   the name of the realm that accesses this account data
 82  
      */
 83  
     public SimpleAccount(Object principal, Object credentials, String realmName) {
 84  40
         this(principal instanceof PrincipalCollection ? (PrincipalCollection) principal : new SimplePrincipalCollection(principal, realmName), credentials);
 85  40
     }
 86  
 
 87  
     /**
 88  
      * Constructs a SimpleAccount instance for the specified realm with the given principals, hashedCredentials and
 89  
      * credentials salt used when hashing the credentials.
 90  
      *
 91  
      * @param principal         the 'primary' identifying attribute of the account, for example, a user id or username.
 92  
      * @param hashedCredentials the credentials that verify identity for the account
 93  
      * @param credentialsSalt   the salt used when hashing the credentials
 94  
      * @param realmName         the name of the realm that accesses this account data
 95  
      * @see org.apache.shiro.authc.credential.HashedCredentialsMatcher HashedCredentialsMatcher
 96  
      * @since 1.1
 97  
      */
 98  
     public SimpleAccount(Object principal, Object hashedCredentials, ByteSource credentialsSalt, String realmName) {
 99  0
         this(principal instanceof PrincipalCollection ? (PrincipalCollection) principal : new SimplePrincipalCollection(principal, realmName),
 100  
                 hashedCredentials, credentialsSalt);
 101  0
     }
 102  
 
 103  
     /**
 104  
      * Constructs a SimpleAccount instance for the specified realm with the given principals and credentials.
 105  
      *
 106  
      * @param principals  the identifying attributes of the account, at least one of which should be considered the
 107  
      *                    account's 'primary' identifying attribute, for example, a user id or username.
 108  
      * @param credentials the credentials that verify identity for the account
 109  
      * @param realmName   the name of the realm that accesses this account data
 110  
      */
 111  
     public SimpleAccount(Collection principals, Object credentials, String realmName) {
 112  0
         this(new SimplePrincipalCollection(principals, realmName), credentials);
 113  0
     }
 114  
 
 115  
     /**
 116  
      * Constructs a SimpleAccount instance for the specified principals and credentials.
 117  
      *
 118  
      * @param principals  the identifying attributes of the account, at least one of which should be considered the
 119  
      *                    account's 'primary' identifying attribute, for example, a user id or username.
 120  
      * @param credentials the credentials that verify identity for the account
 121  
      */
 122  40
     public SimpleAccount(PrincipalCollection principals, Object credentials) {
 123  40
         this.authcInfo = new SimpleAuthenticationInfo(principals, credentials);
 124  40
         this.authzInfo = new SimpleAuthorizationInfo();
 125  40
     }
 126  
 
 127  
     /**
 128  
      * Constructs a SimpleAccount instance for the specified principals and credentials.
 129  
      *
 130  
      * @param principals        the identifying attributes of the account, at least one of which should be considered the
 131  
      *                          account's 'primary' identifying attribute, for example, a user id or username.
 132  
      * @param hashedCredentials the hashed credentials that verify identity for the account
 133  
      * @param credentialsSalt   the salt used when hashing the credentials
 134  
      * @see org.apache.shiro.authc.credential.HashedCredentialsMatcher HashedCredentialsMatcher
 135  
      * @since 1.1
 136  
      */
 137  0
     public SimpleAccount(PrincipalCollection principals, Object hashedCredentials, ByteSource credentialsSalt) {
 138  0
         this.authcInfo = new SimpleAuthenticationInfo(principals, hashedCredentials, credentialsSalt);
 139  0
         this.authzInfo = new SimpleAuthorizationInfo();
 140  0
     }
 141  
 
 142  
     /**
 143  
      * Constructs a SimpleAccount instance for the specified principals and credentials, with the assigned roles.
 144  
      *
 145  
      * @param principals  the identifying attributes of the account, at least one of which should be considered the
 146  
      *                    account's 'primary' identifying attribute, for example, a user id or username.
 147  
      * @param credentials the credentials that verify identity for the account
 148  
      * @param roles       the names of the roles assigned to this account.
 149  
      */
 150  0
     public SimpleAccount(PrincipalCollection principals, Object credentials, Set<String> roles) {
 151  0
         this.authcInfo = new SimpleAuthenticationInfo(principals, credentials);
 152  0
         this.authzInfo = new SimpleAuthorizationInfo(roles);
 153  0
     }
 154  
 
 155  
     /**
 156  
      * Constructs a SimpleAccount instance for the specified realm with the given principal and credentials, with the
 157  
      * the assigned roles and permissions.
 158  
      *
 159  
      * @param principal   the 'primary' identifying attributes of the account, for example, a user id or username.
 160  
      * @param credentials the credentials that verify identity for the account
 161  
      * @param realmName   the name of the realm that accesses this account data
 162  
      * @param roleNames   the names of the roles assigned to this account.
 163  
      * @param permissions the permissions assigned to this account directly (not those assigned to any of the realms).
 164  
      */
 165  0
     public SimpleAccount(Object principal, Object credentials, String realmName, Set<String> roleNames, Set<Permission> permissions) {
 166  0
         this.authcInfo = new SimpleAuthenticationInfo(new SimplePrincipalCollection(principal, realmName), credentials);
 167  0
         this.authzInfo = new SimpleAuthorizationInfo(roleNames);
 168  0
         this.authzInfo.setObjectPermissions(permissions);
 169  0
     }
 170  
 
 171  
     /**
 172  
      * Constructs a SimpleAccount instance for the specified realm with the given principals and credentials, with the
 173  
      * the assigned roles and permissions.
 174  
      *
 175  
      * @param principals  the identifying attributes of the account, at least one of which should be considered the
 176  
      *                    account's 'primary' identifying attribute, for example, a user id or username.
 177  
      * @param credentials the credentials that verify identity for the account
 178  
      * @param realmName   the name of the realm that accesses this account data
 179  
      * @param roleNames   the names of the roles assigned to this account.
 180  
      * @param permissions the permissions assigned to this account directly (not those assigned to any of the realms).
 181  
      */
 182  0
     public SimpleAccount(Collection principals, Object credentials, String realmName, Set<String> roleNames, Set<Permission> permissions) {
 183  0
         this.authcInfo = new SimpleAuthenticationInfo(new SimplePrincipalCollection(principals, realmName), credentials);
 184  0
         this.authzInfo = new SimpleAuthorizationInfo(roleNames);
 185  0
         this.authzInfo.setObjectPermissions(permissions);
 186  0
     }
 187  
 
 188  
     /**
 189  
      * Constructs a SimpleAccount instance from the given principals and credentials, with the
 190  
      * the assigned roles and permissions.
 191  
      *
 192  
      * @param principals  the identifying attributes of the account, at least one of which should be considered the
 193  
      *                    account's 'primary' identifying attribute, for example, a user id or username.
 194  
      * @param credentials the credentials that verify identity for the account
 195  
      * @param roleNames   the names of the roles assigned to this account.
 196  
      * @param permissions the permissions assigned to this account directly (not those assigned to any of the realms).
 197  
      */
 198  0
     public SimpleAccount(PrincipalCollection principals, Object credentials, Set<String> roleNames, Set<Permission> permissions) {
 199  0
         this.authcInfo = new SimpleAuthenticationInfo(principals, credentials);
 200  0
         this.authzInfo = new SimpleAuthorizationInfo(roleNames);
 201  0
         this.authzInfo.setObjectPermissions(permissions);
 202  0
     }
 203  
 
 204  
     /*--------------------------------------------
 205  
     |  A C C E S S O R S / M O D I F I E R S    |
 206  
     ============================================*/
 207  
 
 208  
     /**
 209  
      * Returns the principals, aka the identifying attributes (username, user id, first name, last name, etc) of this
 210  
      * Account.
 211  
      *
 212  
      * @return all the principals, aka the identifying attributes, of this Account.
 213  
      */
 214  
     public PrincipalCollection getPrincipals() {
 215  146
         return authcInfo.getPrincipals();
 216  
     }
 217  
 
 218  
     /**
 219  
      * Sets the principals, aka the identifying attributes (username, user id, first name, last name, etc) of this
 220  
      * Account.
 221  
      *
 222  
      * @param principals all the principals, aka the identifying attributes, of this Account.
 223  
      * @see Account#getPrincipals()
 224  
      */
 225  
     public void setPrincipals(PrincipalCollection principals) {
 226  1
         this.authcInfo.setPrincipals(principals);
 227  1
     }
 228  
 
 229  
 
 230  
     /**
 231  
      * Simply returns <code>this.authcInfo.getCredentials</code>.  The <code>authcInfo</code> attribute is constructed
 232  
      * via the constructors to wrap the input arguments.
 233  
      *
 234  
      * @return this Account's credentials.
 235  
      */
 236  
     public Object getCredentials() {
 237  10
         return authcInfo.getCredentials();
 238  
     }
 239  
 
 240  
     /**
 241  
      * Sets this Account's credentials that verify one or more of the Account's
 242  
      * {@link #getPrincipals() principals}, such as a password or private key.
 243  
      *
 244  
      * @param credentials the credentials associated with this Account that verify one or more of the Account principals.
 245  
      * @see org.apache.shiro.authc.Account#getCredentials()
 246  
      */
 247  
     public void setCredentials(Object credentials) {
 248  37
         this.authcInfo.setCredentials(credentials);
 249  37
     }
 250  
 
 251  
     /**
 252  
      * Returns the salt used to hash this Account's credentials (eg for password hashing), or {@code null} if no salt
 253  
      * was used or credentials were not hashed at all.
 254  
      *
 255  
      * @return the salt used to hash this Account's credentials (eg for password hashing), or {@code null} if no salt
 256  
      *         was used or credentials were not hashed at all.
 257  
      * @since 1.1
 258  
      */
 259  
     public ByteSource getCredentialsSalt() {
 260  1
         return this.authcInfo.getCredentialsSalt();
 261  
     }
 262  
 
 263  
     /**
 264  
      * Sets the salt to use to hash this Account's credentials (eg for password hashing), or {@code null} if no salt
 265  
      * is used or credentials are not hashed at all.
 266  
      *
 267  
      * @param salt the salt to use to hash this Account's credentials (eg for password hashing), or {@code null} if no
 268  
      *             salt is used or credentials are not hashed at all.
 269  
      * @since 1.1
 270  
      */
 271  
     public void setCredentialsSalt(ByteSource salt) {
 272  0
         this.authcInfo.setCredentialsSalt(salt);
 273  0
     }
 274  
 
 275  
     /**
 276  
      * Returns <code>this.authzInfo.getRoles();</code>
 277  
      *
 278  
      * @return the Account's assigned roles.
 279  
      */
 280  
     public Collection<String> getRoles() {
 281  54
         return authzInfo.getRoles();
 282  
     }
 283  
 
 284  
     /**
 285  
      * Sets the Account's assigned roles.  Simply calls <code>this.authzInfo.setRoles(roles)</code>.
 286  
      *
 287  
      * @param roles the Account's assigned roles.
 288  
      * @see Account#getRoles()
 289  
      */
 290  
     public void setRoles(Set<String> roles) {
 291  11
         this.authzInfo.setRoles(roles);
 292  11
     }
 293  
 
 294  
     /**
 295  
      * Adds a role to this Account's set of assigned roles.  Simply delegates to
 296  
      * <code>this.authzInfo.addRole(role)</code>.
 297  
      *
 298  
      * @param role a role to assign to this Account.
 299  
      */
 300  
     public void addRole(String role) {
 301  38
         this.authzInfo.addRole(role);
 302  38
     }
 303  
 
 304  
     /**
 305  
      * Adds one or more roles to this Account's set of assigned roles. Simply delegates to
 306  
      * <code>this.authzInfo.addRoles(roles)</code>.
 307  
      *
 308  
      * @param roles one or more roles to assign to this Account.
 309  
      */
 310  
     public void addRole(Collection<String> roles) {
 311  0
         this.authzInfo.addRoles(roles);
 312  0
     }
 313  
 
 314  
     /**
 315  
      * Returns all String-based permissions assigned to this Account.  Simply delegates to
 316  
      * <code>this.authzInfo.getStringPermissions()</code>.
 317  
      *
 318  
      * @return all String-based permissions assigned to this Account.
 319  
      */
 320  
     public Collection<String> getStringPermissions() {
 321  6
         return authzInfo.getStringPermissions();
 322  
     }
 323  
 
 324  
     /**
 325  
      * Sets the String-based permissions assigned to this Account.  Simply delegates to
 326  
      * <code>this.authzInfo.setStringPermissions(permissions)</code>.
 327  
      *
 328  
      * @param permissions all String-based permissions assigned to this Account.
 329  
      * @see org.apache.shiro.authc.Account#getStringPermissions()
 330  
      */
 331  
     public void setStringPermissions(Set<String> permissions) {
 332  0
         this.authzInfo.setStringPermissions(permissions);
 333  0
     }
 334  
 
 335  
     /**
 336  
      * Assigns a String-based permission directly to this Account (not to any of its realms).
 337  
      *
 338  
      * @param permission the String-based permission to assign.
 339  
      */
 340  
     public void addStringPermission(String permission) {
 341  0
         this.authzInfo.addStringPermission(permission);
 342  0
     }
 343  
 
 344  
     /**
 345  
      * Assigns one or more string-based permissions directly to this Account (not to any of its realms).
 346  
      *
 347  
      * @param permissions one or more String-based permissions to assign.
 348  
      */
 349  
     public void addStringPermissions(Collection<String> permissions) {
 350  0
         this.authzInfo.addStringPermissions(permissions);
 351  0
     }
 352  
 
 353  
     /**
 354  
      * Returns all object-based permissions assigned directly to this Account (not any of its realms).
 355  
      *
 356  
      * @return all object-based permissions assigned directly to this Account (not any of its realms).
 357  
      */
 358  
     public Collection<Permission> getObjectPermissions() {
 359  6
         return authzInfo.getObjectPermissions();
 360  
     }
 361  
 
 362  
     /**
 363  
      * Sets all object-based permissions assigned directly to this Account (not any of its realms).
 364  
      *
 365  
      * @param permissions the object-based permissions to assign directly to this Account.
 366  
      */
 367  
     public void setObjectPermissions(Set<Permission> permissions) {
 368  0
         this.authzInfo.setObjectPermissions(permissions);
 369  0
     }
 370  
 
 371  
     /**
 372  
      * Assigns an object-based permission directly to this Account (not any of its realms).
 373  
      *
 374  
      * @param permission the object-based permission to assign directly to this Account (not any of its realms).
 375  
      */
 376  
     public void addObjectPermission(Permission permission) {
 377  0
         this.authzInfo.addObjectPermission(permission);
 378  0
     }
 379  
 
 380  
     /**
 381  
      * Assigns one or more object-based permissions directly to this Account (not any of its realms).
 382  
      *
 383  
      * @param permissions one or more object-based permissions to assign directly to this Account (not any of its realms).
 384  
      */
 385  
     public void addObjectPermissions(Collection<Permission> permissions) {
 386  24
         this.authzInfo.addObjectPermissions(permissions);
 387  24
     }
 388  
 
 389  
     /**
 390  
      * Returns <code>true</code> if this Account is locked and thus cannot be used to login, <code>false</code> otherwise.
 391  
      *
 392  
      * @return <code>true</code> if this Account is locked and thus cannot be used to login, <code>false</code> otherwise.
 393  
      */
 394  
     public boolean isLocked() {
 395  8
         return locked;
 396  
     }
 397  
 
 398  
     /**
 399  
      * Sets whether or not the account is locked and can be used to login.
 400  
      *
 401  
      * @param locked <code>true</code> if this Account is locked and thus cannot be used to login, <code>false</code> otherwise.
 402  
      */
 403  
     public void setLocked(boolean locked) {
 404  0
         this.locked = locked;
 405  0
     }
 406  
 
 407  
     /**
 408  
      * Returns whether or not the Account's credentials are expired.  This usually indicates that the Subject or an application
 409  
      * administrator would need to change the credentials before the account could be used.
 410  
      *
 411  
      * @return whether or not the Account's credentials are expired.
 412  
      */
 413  
     public boolean isCredentialsExpired() {
 414  8
         return credentialsExpired;
 415  
     }
 416  
 
 417  
     /**
 418  
      * Sets whether or not the Account's credentials are expired.  A <code>true</code> value indicates that the Subject
 419  
      * or application administrator would need to change their credentials before the account could be used.
 420  
      *
 421  
      * @param credentialsExpired <code>true</code> if this Account's credentials are expired and need to be changed,
 422  
      *                           <code>false</code> otherwise.
 423  
      */
 424  
     public void setCredentialsExpired(boolean credentialsExpired) {
 425  0
         this.credentialsExpired = credentialsExpired;
 426  0
     }
 427  
 
 428  
 
 429  
     /**
 430  
      * Merges the specified <code>AuthenticationInfo</code> into this <code>Account</code>.
 431  
      * <p/>
 432  
      * If the specified argument is also an instance of {@link SimpleAccount SimpleAccount}, the
 433  
      * {@link #isLocked()} and {@link #isCredentialsExpired()} attributes are merged (set on this instance) as well
 434  
      * (only if their values are <code>true</code>).
 435  
      *
 436  
      * @param info the <code>AuthenticationInfo</code> to merge into this account.
 437  
      */
 438  
     public void merge(AuthenticationInfo info) {
 439  0
         authcInfo.merge(info);
 440  
 
 441  
         // Merge SimpleAccount specific info
 442  0
         if (info instanceof SimpleAccount) {
 443  0
             SimpleAccount otherAccount = (SimpleAccount) info;
 444  0
             if (otherAccount.isLocked()) {
 445  0
                 setLocked(true);
 446  
             }
 447  
 
 448  0
             if (otherAccount.isCredentialsExpired()) {
 449  0
                 setCredentialsExpired(true);
 450  
             }
 451  
         }
 452  0
     }
 453  
 
 454  
     /**
 455  
      * If the {@link #getPrincipals() principals} are not null, returns <code>principals.hashCode()</code>, otherwise
 456  
      * returns 0 (zero).
 457  
      *
 458  
      * @return <code>principals.hashCode()</code> if they are not null, 0 (zero) otherwise.
 459  
      */
 460  
     public int hashCode() {
 461  0
         return (getPrincipals() != null ? getPrincipals().hashCode() : 0);
 462  
     }
 463  
 
 464  
     /**
 465  
      * Returns <code>true</code> if the specified object is also a {@link SimpleAccount SimpleAccount} and its
 466  
      * {@link #getPrincipals() principals} are equal to this object's <code>principals</code>, <code>false</code> otherwise.
 467  
      *
 468  
      * @param o the object to test for equality.
 469  
      * @return <code>true</code> if the specified object is also a {@link SimpleAccount SimpleAccount} and its
 470  
      *         {@link #getPrincipals() principals} are equal to this object's <code>principals</code>, <code>false</code> otherwise.
 471  
      */
 472  
     public boolean equals(Object o) {
 473  0
         if (o == this) {
 474  0
             return true;
 475  
         }
 476  0
         if (o instanceof SimpleAccount) {
 477  0
             SimpleAccount sa = (SimpleAccount) o;
 478  
             //principal should be unique across the application, so only check this for equality:
 479  0
             return (getPrincipals() != null ? getPrincipals().equals(sa.getPrincipals()) : sa.getPrincipals() == null);
 480  
         }
 481  0
         return false;
 482  
     }
 483  
 
 484  
     /**
 485  
      * Returns {@link #getPrincipals() principals}.toString() if they are not null, otherwise prints out the string
 486  
      * &quot;empty&quot;
 487  
      *
 488  
      * @return the String representation of this Account object.
 489  
      */
 490  
     public String toString() {
 491  43
         return getPrincipals() != null ? getPrincipals().toString() : "empty";
 492  
     }
 493  
 
 494  
 }