View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.shiro.mgt;
20  
21  import org.apache.shiro.authc.AuthenticationException;
22  import org.apache.shiro.authc.AuthenticationInfo;
23  import org.apache.shiro.authc.AuthenticationToken;
24  import org.apache.shiro.authc.Authenticator;
25  import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
26  import org.apache.shiro.util.LifecycleUtils;
27  
28  
29  /**
30   * Shiro support of a {@link SecurityManager} class hierarchy that delegates all
31   * authentication operations to a wrapped {@link Authenticator Authenticator} instance.  That is, this class
32   * implements all the <tt>Authenticator</tt> methods in the {@link SecurityManager SecurityManager}
33   * interface, but in reality, those methods are merely passthrough calls to the underlying 'real'
34   * <tt>Authenticator</tt> instance.
35   *
36   * <p>All other <tt>SecurityManager</tt> (authorization, session, etc) methods are left to be implemented by subclasses.
37   *
38   * <p>In keeping with the other classes in this hierarchy and Shiro's desire to minimize configuration whenever
39   * possible, suitable default instances for all dependencies are created upon instantiation.
40   *
41   * @since 0.9
42   */
43  public abstract class AuthenticatingSecurityManager extends RealmSecurityManager {
44  
45      /**
46       * The internal <code>Authenticator</code> delegate instance that this SecurityManager instance will use
47       * to perform all authentication operations.
48       */
49      private Authenticator authenticator;
50  
51      /**
52       * Default no-arg constructor that initializes its internal
53       * <code>authenticator</code> instance to a
54       * {@link org.apache.shiro.authc.pam.ModularRealmAuthenticator ModularRealmAuthenticator}.
55       */
56      public AuthenticatingSecurityManager() {
57          super();
58          this.authenticator = new ModularRealmAuthenticator();
59      }
60  
61      /**
62       * Returns the delegate <code>Authenticator</code> instance that this SecurityManager uses to perform all
63       * authentication operations.  Unless overridden by the
64       * {@link #setAuthenticator(org.apache.shiro.authc.Authenticator) setAuthenticator}, the default instance is a
65       * {@link org.apache.shiro.authc.pam.ModularRealmAuthenticator ModularRealmAuthenticator}.
66       *
67       * @return the delegate <code>Authenticator</code> instance that this SecurityManager uses to perform all
68       *         authentication operations.
69       */
70      public Authenticator getAuthenticator() {
71          return authenticator;
72      }
73  
74      /**
75       * Sets the delegate <code>Authenticator</code> instance that this SecurityManager uses to perform all
76       * authentication operations.  Unless overridden by this method, the default instance is a
77       * {@link org.apache.shiro.authc.pam.ModularRealmAuthenticator ModularRealmAuthenticator}.
78       *
79       * @param authenticator the delegate <code>Authenticator</code> instance that this SecurityManager will use to
80       *                      perform all authentication operations.
81       * @throws IllegalArgumentException if the argument is <code>null</code>.
82       */
83      public void setAuthenticator(Authenticator authenticator) throws IllegalArgumentException {
84          if (authenticator == null) {
85              String msg = "Authenticator argument cannot be null.";
86              throw new IllegalArgumentException(msg);
87          }
88          this.authenticator = authenticator;
89      }
90  
91      /**
92       * Passes on the {@link #getRealms() realms} to the internal delegate <code>Authenticator</code> instance so
93       * that it may use them during authentication attempts.
94       */
95      protected void afterRealmsSet() {
96          super.afterRealmsSet();
97          if (this.authenticator instanceof ModularRealmAuthenticator) {
98              ((ModularRealmAuthenticator) this.authenticator).setRealms(getRealms());
99          }
100     }
101 
102     /**
103      * Delegates to the wrapped {@link org.apache.shiro.authc.Authenticator Authenticator} for authentication.
104      */
105     public AuthenticationInfo authenticate(AuthenticationToken token) throws AuthenticationException {
106         return this.authenticator.authenticate(token);
107     }
108 
109     public void destroy() {
110         LifecycleUtils.destroy(getAuthenticator());
111         this.authenticator = null;
112         super.destroy();
113     }
114 }