View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.shiro.spring.web.config;
20  
21  import org.apache.shiro.config.Ini;
22  import org.apache.shiro.mgt.RememberMeManager;
23  import org.apache.shiro.mgt.SessionStorageEvaluator;
24  import org.apache.shiro.mgt.SessionsSecurityManager;
25  import org.apache.shiro.mgt.SubjectFactory;
26  import org.apache.shiro.realm.Realm;
27  import org.apache.shiro.realm.text.IniRealm;
28  import org.apache.shiro.session.mgt.SessionManager;
29  import org.apache.shiro.spring.config.AbstractShiroConfiguration;
30  import org.apache.shiro.web.mgt.CookieRememberMeManager;
31  import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
32  import org.apache.shiro.web.mgt.DefaultWebSessionStorageEvaluator;
33  import org.apache.shiro.web.mgt.DefaultWebSubjectFactory;
34  import org.apache.shiro.web.servlet.Cookie;
35  import org.apache.shiro.web.servlet.SimpleCookie;
36  import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
37  import org.apache.shiro.web.session.mgt.ServletContainerSessionManager;
38  import org.springframework.beans.factory.annotation.Value;
39  
40  /**
41   * @since 1.4.0
42   */
43  public class AbstractShiroWebConfiguration extends AbstractShiroConfiguration {
44  
45      @Value("#{ @environment['shiro.sessionManager.sessionIdCookieEnabled'] ?: true }")
46      protected boolean sessionIdCookieEnabled;
47  
48      @Value("#{ @environment['shiro.sessionManager.sessionIdUrlRewritingEnabled'] ?: true }")
49      protected boolean sessionIdUrlRewritingEnabled;
50  
51      @Value("#{ @environment['shiro.userNativeSessionManager'] ?: false }")
52      protected boolean useNativeSessionManager;
53  
54  
55      // Session Cookie info
56  
57      @Value("#{ @environment['shiro.sessionManager.cookie.name'] ?: T(org.apache.shiro.web.servlet.ShiroHttpSession).DEFAULT_SESSION_ID_NAME }")
58      protected String sessionIdCookieName;
59  
60      @Value("#{ @environment['shiro.sessionManager.cookie.maxAge'] ?: T(org.apache.shiro.web.servlet.SimpleCookie).DEFAULT_MAX_AGE }")
61      protected int sessionIdCookieMaxAge;
62  
63      @Value("#{ @environment['shiro.sessionManager.cookie.domain'] ?: null }")
64      protected String sessionIdCookieDomain;
65  
66      @Value("#{ @environment['shiro.sessionManager.cookie.path'] ?: null }")
67      protected String sessionIdCookiePath;
68  
69      @Value("#{ @environment['shiro.sessionManager.cookie.secure'] ?: false }")
70      protected boolean sessionIdCookieSecure;
71  
72  
73      // RememberMe Cookie info
74  
75      @Value("#{ @environment['shiro.rememberMeManager.cookie.name'] ?: T(org.apache.shiro.web.mgt.CookieRememberMeManager).DEFAULT_REMEMBER_ME_COOKIE_NAME }")
76      protected String rememberMeCookieName;
77  
78      @Value("#{ @environment['shiro.rememberMeManager.cookie.maxAge'] ?: T(org.apache.shiro.web.servlet.Cookie).ONE_YEAR }")
79      protected int rememberMeCookieMaxAge;
80  
81      @Value("#{ @environment['shiro.rememberMeManager.cookie.domain'] ?: null }")
82      protected String rememberMeCookieDomain;
83  
84      @Value("#{ @environment['shiro.rememberMeManager.cookie.path'] ?: null }")
85      protected String rememberMeCookiePath;
86  
87      @Value("#{ @environment['shiro.rememberMeManager.cookie.secure'] ?: false }")
88      protected boolean rememberMeCookieSecure;
89  
90  
91      protected SessionManager nativeSessionManager() {
92          DefaultWebSessionManager webSessionManager = new DefaultWebSessionManager();
93          webSessionManager.setSessionIdCookieEnabled(sessionIdCookieEnabled);
94          webSessionManager.setSessionIdUrlRewritingEnabled(sessionIdUrlRewritingEnabled);
95          webSessionManager.setSessionIdCookie(sessionCookieTemplate());
96  
97          webSessionManager.setSessionFactory(sessionFactory());
98          webSessionManager.setSessionDAO(sessionDAO());
99          webSessionManager.setDeleteInvalidSessions(sessionManagerDeleteInvalidSessions);
100 
101         return webSessionManager;
102     }
103 
104     protected Cookie sessionCookieTemplate() {
105         return buildCookie(
106                 sessionIdCookieName,
107                 sessionIdCookieMaxAge,
108                 sessionIdCookiePath,
109                 sessionIdCookieDomain,
110                 sessionIdCookieSecure);
111     }
112 
113     protected Cookie rememberMeCookieTemplate() {
114         return buildCookie(
115                 rememberMeCookieName,
116                 rememberMeCookieMaxAge,
117                 rememberMeCookiePath,
118                 rememberMeCookieDomain,
119                 rememberMeCookieSecure);
120     }
121 
122     protected Cookie buildCookie(String name, int maxAge, String path, String domain, boolean secure) {
123         Cookie cookie = new SimpleCookie(name);
124         cookie.setHttpOnly(true);
125         cookie.setMaxAge(maxAge);
126         cookie.setPath(path);
127         cookie.setDomain(domain);
128         cookie.setSecure(secure);
129 
130         return cookie;
131     }
132 
133     @Override
134     protected SessionManager sessionManager() {
135         if (useNativeSessionManager) {
136             return nativeSessionManager();
137         }
138         return new ServletContainerSessionManager();
139     }
140 
141     protected RememberMeManager rememberMeManager() {
142         CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
143         cookieRememberMeManager.setCookie(rememberMeCookieTemplate());
144         return cookieRememberMeManager;
145     }
146 
147     @Override
148     protected SubjectFactory subjectFactory() {
149         return new DefaultWebSubjectFactory();
150     }
151 
152     @Override
153     protected SessionStorageEvaluator sessionStorageEvaluator() {
154         return new DefaultWebSessionStorageEvaluator();
155     }
156 
157     protected SessionsSecurityManager createSecurityManager() {
158 
159         DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
160         securityManager.setSubjectDAO(subjectDAO());
161         securityManager.setSubjectFactory(subjectFactory());
162         securityManager.setRememberMeManager(rememberMeManager());
163 
164         return securityManager;
165     }
166 
167     protected ShiroFilterChainDefinition shiroFilterChainDefinition() {
168         DefaultShiroFilterChainDefinitionDefinition.html#DefaultShiroFilterChainDefinition">DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition();
169         chainDefinition.addPathDefinition("/**", "authc");
170         return chainDefinition;
171     }
172 }