1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.shiro.web.jaxrs;
20
21 import org.apache.shiro.SecurityUtils;
22 import org.apache.shiro.subject.PrincipalCollection;
23 import org.apache.shiro.subject.Subject;
24
25 import javax.ws.rs.container.ContainerRequestContext;
26 import javax.ws.rs.core.SecurityContext;
27 import java.security.Principal;
28
29
30
31
32
33
34
35 public class ShiroSecurityContext implements SecurityContext {
36
37 final private ContainerRequestContext containerRequestContext;
38 final private SecurityContext originalSecurityContext;
39
40 public ShiroSecurityContext(ContainerRequestContext containerRequestContext) {
41 this.containerRequestContext = containerRequestContext;
42 this.originalSecurityContext = containerRequestContext.getSecurityContext();
43 }
44
45 @Override
46 public Principal getUserPrincipal() {
47
48 Principal result;
49
50 Subject subject = getSubject();
51 PrincipalCollection shiroPrincipals = subject.getPrincipals();
52 if (shiroPrincipals != null) {
53 result = shiroPrincipals.oneByType(Principal.class);
54
55 if (result == null) {
56 result = new ObjectPrincipal(shiroPrincipals.getPrimaryPrincipal());
57 }
58 }
59 else {
60 result = originalSecurityContext.getUserPrincipal();
61 }
62
63 return result;
64 }
65
66 @Override
67 public boolean isUserInRole(String role) {
68 return getSubject().hasRole(role);
69 }
70
71 @Override
72 public boolean isSecure() {
73 return containerRequestContext.getSecurityContext().isSecure();
74 }
75
76 @Override
77 public String getAuthenticationScheme() {
78 return containerRequestContext.getSecurityContext().getAuthenticationScheme();
79 }
80
81 private Subject getSubject() {
82 return SecurityUtils.getSubject();
83 }
84
85
86
87
88
89 private class ObjectPrincipal implements Principal {
90 private Object object = null;
91
92 public ObjectPrincipal(Object object) {
93 this.object = object;
94 }
95
96 public Object getObject() {
97 return object;
98 }
99
100 public String getName() {
101 return getObject().toString();
102 }
103
104 @Override
105 public boolean equals(Object o) {
106 if (this == o) return true;
107 if (o == null || getClass() != o.getClass()) return false;
108
109 ObjectPrincipal that = (ObjectPrincipal) o;
110
111 return object.equals(that.object);
112
113 }
114
115 public int hashCode() {
116 return object.hashCode();
117 }
118
119 public String toString() {
120 return object.toString();
121 }
122 }
123 }