View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.shiro.samples.spring.config;
20  
21  import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
22  import org.apache.shiro.cache.CacheManager;
23  import org.apache.shiro.cache.ehcache.EhCacheManager;
24  import org.apache.shiro.mgt.SecurityManager;
25  import org.apache.shiro.samples.spring.BootstrapDataPopulator;
26  import org.apache.shiro.samples.spring.DefaultSampleManager;
27  import org.apache.shiro.samples.spring.realm.SaltAwareJdbcRealm;
28  import org.apache.shiro.spring.config.ShiroAnnotationProcessorConfiguration;
29  import org.apache.shiro.spring.config.ShiroBeanConfiguration;
30  import org.apache.shiro.spring.remoting.SecureRemoteInvocationExecutor;
31  import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;
32  import org.apache.shiro.spring.web.config.ShiroFilterChainDefinition;
33  import org.apache.shiro.spring.web.config.ShiroWebConfiguration;
34  import org.apache.shiro.spring.web.config.ShiroWebFilterConfiguration;
35  import org.springframework.context.annotation.Bean;
36  import org.springframework.context.annotation.ComponentScan;
37  import org.springframework.context.annotation.Configuration;
38  import org.springframework.context.annotation.Import;
39  import org.springframework.context.annotation.PropertySource;
40  import org.springframework.jdbc.datasource.DriverManagerDataSource;
41  
42  import javax.sql.DataSource;
43  
44  import static org.apache.shiro.web.filter.mgt.DefaultFilter.anon;
45  
46  /**
47   * Application bean definitions.
48   */
49  @Configuration
50  @PropertySource("classpath:application.properties")
51  @Import({ShiroBeanConfiguration.class,
52          ShiroAnnotationProcessorConfiguration.class,
53          ShiroWebConfiguration.class,
54          ShiroWebFilterConfiguration.class,
55          JspViewsConfig.class,
56          RemotingServletConfig.class})
57  @ComponentScan("org.apache.shiro.samples.spring")
58  public class ApplicationConfig {
59  
60  
61      /**
62       *Populates the sample database with sample users and roles.
63       * @param dataSource
64       * @return
65       */
66      @Bean
67      protected BootstrapDataPopulator bootstrapDataPopulator(DataSource dataSource) {
68          BootstrapDataPopulator populator =new BootstrapDataPopulator();
69          populator.setDataSource(dataSource);
70          return populator;
71      }
72  
73  
74      /**
75       * Used by the SecurityManager to access security data (users, roles, etc).
76       * Many other realm implementations can be used too (PropertiesRealm,
77       * LdapRealm, etc.
78       * @param dataSource
79       * @return
80       */
81      @Bean
82      protected SaltAwareJdbcRealm jdbcRealm(DataSource dataSource) {
83  
84          HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
85          credentialsMatcher.setHashAlgorithmName("SHA-256");
86          credentialsMatcher.setStoredCredentialsHexEncoded(false);
87  
88          SaltAwareJdbcRealm jdbcRealm = new SaltAwareJdbcRealm();
89          jdbcRealm.setName("jdbcRealm");
90          jdbcRealm.setCredentialsMatcher(credentialsMatcher);
91          jdbcRealm.setDataSource(dataSource);
92  
93          return jdbcRealm;
94      }
95  
96  
97      /**
98       * Let's use some enterprise caching support for better performance.  You can replace this with any enterprise
99       * caching framework implementation that you like (Terracotta+Ehcache, Coherence, GigaSpaces, etc
100      *
101      *
102      * @return
103      */
104     @Bean
105     protected EhCacheManager cacheManager() {
106 
107         EhCacheManager ehCacheManager = new EhCacheManager();
108 
109         // Set a net.sf.ehcache.CacheManager instance here if you already have one.
110         // If not, a new one will be creaed with a default config:
111         // ehCacheManager.setCacheManager(...);
112 
113         // If you don't have a pre-built net.sf.ehcache.CacheManager instance to inject, but you want
114         // a specific Ehcache configuration to be used, specify that here.  If you don't, a default
115         //will be used.:
116         // ehCacheManager.setCacheManagerConfigFile("classpath:some/path/to/ehcache.xml");
117 
118         return ehCacheManager;
119     }
120 
121     /**
122      * Secure Spring remoting:  Ensure any Spring Remoting method invocations can be associated
123      * with a Subject for security checks.
124      * @param securityManager
125      * @return
126      */
127     @Bean
128     protected SecureRemoteInvocationExecutor secureRemoteInvocationExecutor(SecurityManager securityManager) {
129 
130         SecureRemoteInvocationExecutor executor = new SecureRemoteInvocationExecutor();
131         executor.setSecurityManager(securityManager);
132 
133         return executor;
134     }
135 
136 
137     /**
138      * Simulated business-tier "Manager", not Shiro related, just an example
139      * @return
140      */
141     @Bean
142     protected DefaultSampleManager sampleManager() {
143         return new DefaultSampleManager();
144     }
145 
146     /**
147      * Sample RDBMS data source that would exist in any application - not Shiro related.
148      * @return
149      */
150     @Bean
151     protected DriverManagerDataSource dataSource() {
152 
153         DriverManagerDataSource dataSource = new DriverManagerDataSource();
154         dataSource.setDriverClassName("org.hsqldb.jdbcDriver");
155         dataSource.setUrl("jdbc:hsqldb:mem:shiro-spring");
156         dataSource.setUsername("sa");
157 
158         return dataSource;
159     }
160 
161     @Bean
162     public ShiroFilterChainDefinition shiroFilterChainDefinition() {
163         DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition();
164 //        chainDefinition.addPathDefinition("/login.html", "authc"); // need to accept POSTs from the login form
165 //        chainDefinition.addPathDefinition("/logout", "logout");
166 
167 
168         chainDefinition.addPathDefinition("/favicon.ico", "anon");
169         chainDefinition.addPathDefinition("/logo.png", "anon");
170         chainDefinition.addPathDefinition("/shiro.css", "anon");
171         chainDefinition.addPathDefinition("/s/login", "anon");
172         chainDefinition.addPathDefinition("/*.jar", "anon"); //allow WebStart to pull the jars for the swing app
173         chainDefinition.addPathDefinition("/remoting/**", "anon"); // protected using SecureRemoteInvocationExecutor
174         chainDefinition.addPathDefinition("/**", "authc");
175 
176 
177         return chainDefinition;
178     }
179 
180 
181 }