org.apache.shiro.realm

Class SimpleAccountRealm

java.lang.Object

org.apache.shiro.realm.CachingRealm

org.apache.shiro.realm.AuthenticatingRealm

org.apache.shiro.realm.AuthorizingRealm

org.apache.shiro.realm.SimpleAccountRealm

All Implemented Interfaces:

LogoutAware, Authorizer, PermissionResolverAware, RolePermissionResolverAware, CacheManagerAware, Realm, Initializable, Nameable

Direct Known Subclasses:

TextConfigurationRealm

public class SimpleAccountRealm
extends AuthorizingRealm

A simple implementation of the Realm interface that uses a set of configured user accounts and roles to support authentication and authorization. Each account entry specifies the username, password, and roles for a user. Roles can also be mapped to permissions and associated with users.

User accounts and roles are stored in two Maps in memory, so it is expected that the total number of either is not sufficiently large.

Since:

0.1

Field Summary

Fields

Modifier and Type	Field and Description
protected Map<String,SimpleRole>	roles
protected ReadWriteLock	ROLES_LOCK
protected Map<String,SimpleAccount>	users
protected ReadWriteLock	USERS_LOCK

Constructor Summary

Constructors

Constructor and Description
SimpleAccountRealm()
SimpleAccountRealm(String name)

Method Summary

Modifier and Type	Method and Description
boolean	accountExists(String username)
protected void	add(SimpleAccount account)
protected void	add(SimpleRole role)
void	addAccount(String username, String password)
void	addAccount(String username, String password, String... roles)
void	addRole(String name)
protected AuthenticationInfo	doGetAuthenticationInfo(AuthenticationToken token) Retrieves authentication data from an implementation-specific datasource (RDBMS, LDAP, etc) for the given authentication token.
protected AuthorizationInfo	doGetAuthorizationInfo(PrincipalCollection principals) Retrieves the AuthorizationInfo for the given principals from the underlying data store.
protected SimpleRole	getRole(String rolename)
protected SimpleAccount	getUser(String username)
protected String	getUsername(PrincipalCollection principals)
protected String	getUsername(SimpleAccount account)
boolean	roleExists(String name)
protected static Set<String>	toSet(String delimited, String delimiter)

Methods inherited from class org.apache.shiro.realm.AuthorizingRealm

afterCacheManagerSet, checkPermission, checkPermission, checkPermission, checkPermissions, checkPermissions, checkPermissions, checkRole, checkRole, checkRoles, checkRoles, checkRoles, clearCachedAuthorizationInfo, doClearCache, getAuthorizationCache, getAuthorizationCacheKey, getAuthorizationCacheName, getAuthorizationInfo, getPermissionResolver, getPermissions, getRolePermissionResolver, hasAllRoles, hasRole, hasRole, hasRoles, hasRoles, isAuthorizationCachingEnabled, isPermitted, isPermitted, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, isPermittedAll, onInit, setAuthorizationCache, setAuthorizationCacheName, setAuthorizationCachingEnabled, setName, setPermissionResolver, setRolePermissionResolver

Methods inherited from class org.apache.shiro.realm.AuthenticatingRealm

assertCredentialsMatch, clearCachedAuthenticationInfo, getAuthenticationCache, getAuthenticationCacheKey, getAuthenticationCacheKey, getAuthenticationCacheName, getAuthenticationInfo, getAuthenticationTokenClass, getCredentialsMatcher, init, isAuthenticationCachingEnabled, isAuthenticationCachingEnabled, setAuthenticationCache, setAuthenticationCacheName, setAuthenticationCachingEnabled, setAuthenticationTokenClass, setCredentialsMatcher, supports

Methods inherited from class org.apache.shiro.realm.CachingRealm

clearCache, getAvailablePrincipal, getCacheManager, getName, isCachingEnabled, onLogout, setCacheManager, setCachingEnabled

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.shiro.util.Initializable

init

Field Detail

users

protected final Map<String,SimpleAccount> users

roles

protected final Map<String,SimpleRole> roles

USERS_LOCK

protected final ReadWriteLock USERS_LOCK

ROLES_LOCK

protected final ReadWriteLock ROLES_LOCK

Constructor Detail

SimpleAccountRealm

public SimpleAccountRealm()

SimpleAccountRealm

public SimpleAccountRealm(String name)

Method Detail

getUser

protected SimpleAccount getUser(String username)

accountExists

public boolean accountExists(String username)

addAccount

public void addAccount(String username,
                       String password)

addAccount

public void addAccount(String username,
                       String password,
                       String... roles)

getUsername

protected String getUsername(SimpleAccount account)

getUsername

protected String getUsername(PrincipalCollection principals)

add

protected void add(SimpleAccount account)

getRole

protected SimpleRole getRole(String rolename)

roleExists

public boolean roleExists(String name)

addRole

public void addRole(String name)

add

protected void add(SimpleRole role)

toSet

protected static Set<String> toSet(String delimited,
                                   String delimiter)

doGetAuthenticationInfo

protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
                                              throws AuthenticationException

Description copied from class: AuthenticatingRealm

Retrieves authentication data from an implementation-specific datasource (RDBMS, LDAP, etc) for the given authentication token.

For most datasources, this means just 'pulling' authentication data for an associated subject/user and nothing more and letting Shiro do the rest. But in some systems, this method could actually perform EIS specific log-in logic in addition to just retrieving data - it is up to the Realm implementation.

A null return value means that no account could be associated with the specified token.

Specified by:

doGetAuthenticationInfo in class AuthenticatingRealm

Parameters:

token - the authentication token containing the user's principal and credentials.

Returns:

an AuthenticationInfo object containing account data resulting from the authentication ONLY if the lookup is successful (i.e. account exists and is valid, etc.)

Throws:

AuthenticationException - if there is an error acquiring data or performing realm-specific authentication logic for the specified token

doGetAuthorizationInfo

protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals)

Description copied from class: AuthorizingRealm

Retrieves the AuthorizationInfo for the given principals from the underlying data store. When returning an instance from this method, you might want to consider using an instance of SimpleAuthorizationInfo, as it is suitable in most cases.

Specified by:

doGetAuthorizationInfo in class AuthorizingRealm

Parameters:

principals - the primary identifying principals of the AuthorizationInfo that should be retrieved.

Returns:

the AuthorizationInfo associated with this principals.

See Also:

SimpleAuthorizationInfo