View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.shiro.samples;
20  
21  import org.apache.shiro.SecurityUtils;
22  import org.apache.shiro.authc.UsernamePasswordToken;
23  import org.apache.shiro.authz.AuthorizationException;
24  import org.apache.shiro.mgt.SecurityManager;
25  import org.apache.shiro.subject.Subject;
26  import org.apache.shiro.util.Assert;
27  import org.slf4j.Logger;
28  import org.slf4j.LoggerFactory;
29  import org.springframework.beans.factory.annotation.Autowired;
30  import org.springframework.stereotype.Component;
31  
32  import javax.annotation.PostConstruct;
33  
34  /**
35   * Simple Bean used to demonstrate subject usage.
36   */
37  @Component
38  public class QuickStart {
39  
40      private static Logger log = LoggerFactory.getLogger(QuickStart.class);
41  
42      @Autowired
43      private SecurityManager securityManager;
44  
45      @Autowired
46      private SimpleService simpleService;
47  
48      public void run() {
49  
50          // get the current subject
51          Subject subject = SecurityUtils.getSubject();
52  
53          // Subject is not authenticated yet
54          Assert.isTrue(!subject.isAuthenticated());
55  
56          // login the subject with a username / password
57          UsernamePasswordTokenen.html#UsernamePasswordToken">UsernamePasswordToken token = new UsernamePasswordToken("joe.coder", "password");
58          subject.login(token);
59  
60          // joe.coder has the "user" role
61          subject.checkRole("user");
62  
63          // joe.coder does NOT have the admin role
64          Assert.isTrue(!subject.hasRole("admin"));
65  
66          // joe.coder has the "read" permission
67          subject.checkPermission("read");
68  
69          // current user is allowed to execute this method.
70          simpleService.readRestrictedCall();
71  
72          try {
73              // but not this one!
74              simpleService.writeRestrictedCall();
75          }
76          catch (AuthorizationException e) {
77              log.info("Subject was NOT allowed to execute method 'writeRestrictedCall'");
78          }
79  
80          // logout
81          subject.logout();
82          Assert.isTrue(!subject.isAuthenticated());
83      }
84  
85  
86      /**
87       * Sets the static instance of SecurityManager. This is NOT needed for web applications.
88       */
89      @PostConstruct
90      private void initStaticSecurityManager() {
91          SecurityUtils.setSecurityManager(securityManager);
92      }
93  }