Merge pull request #7740 from alessiostalla/BAEL-3189

Code for BAEL-3189 (custom Apache Shiro permission implementation)

apache-shiro/pom.xml

@@ -38,17 +38,6 @@
             <artifactId>jcl-over-slf4j</artifactId>
             <scope>runtime</scope>
         </dependency>
-        <dependency>
-            <groupId>org.slf4j</groupId>
-            <artifactId>slf4j-log4j12</artifactId>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>log4j</groupId>
-            <artifactId>log4j</artifactId>
-            <version>${log4j-version}</version>
-            <scope>runtime</scope>
-        </dependency>
     </dependencies>
 
     <properties>
@@ -56,4 +45,4 @@
         <log4j-version>1.2.17</log4j-version>
     </properties>
 
-</project>
+</project>

apache-shiro/src/main/java/com/baeldung/controllers/ShiroSpringController.java

@@ -18,22 +18,17 @@ import javax.servlet.http.HttpServletRequest;
 @Controller
 public class ShiroSpringController {
 
-
-
     @GetMapping("/")
     public String index() {
        return "index";
     }
 
-
     @RequestMapping( value = "/login", method = {RequestMethod.GET, RequestMethod.POST})
     public String login(HttpServletRequest req, UserCredentials cred, RedirectAttributes attr) {
 
       if(req.getMethod().equals(RequestMethod.GET.toString())) {
         return "login";
-      }
-      else {
-
+      } else {
         Subject subject = SecurityUtils.getSubject();
 
         if(!subject.isAuthenticated()) {

apache-shiro/src/main/java/com/baeldung/shiro/permissions/custom/Main.java

@@ -0,0 +1,68 @@
+package com.baeldung.shiro.permissions.custom;
+
+import com.baeldung.MyCustomRealm;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authc.*;
+import org.apache.shiro.config.Ini;
+import org.apache.shiro.mgt.DefaultSecurityManager;
+import org.apache.shiro.mgt.SecurityManager;
+import org.apache.shiro.realm.Realm;
+import org.apache.shiro.realm.text.IniRealm;
+import org.apache.shiro.session.Session;
+import org.apache.shiro.subject.Subject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class Main {
+
+    private static final transient Logger log = LoggerFactory.getLogger(Main.class);
+
+    public static void main(String[] args) {
+
+        IniRealm realm = new IniRealm();
+        Ini ini = Ini.fromResourcePath(Main.class.getResource("/com/baeldung/shiro/permissions/custom/shiro.ini").getPath());
+        realm.setIni(ini);
+        realm.setPermissionResolver(new PathPermissionResolver());
+        realm.init();
+        SecurityManager securityManager = new DefaultSecurityManager(realm);
+
+        SecurityUtils.setSecurityManager(securityManager);
+        Subject currentUser = SecurityUtils.getSubject();
+
+        if (!currentUser.isAuthenticated()) {
+          UsernamePasswordToken token = new UsernamePasswordToken("paul.reader", "password4");
+          token.setRememberMe(true);
+          try {
+              currentUser.login(token);
+          } catch (UnknownAccountException uae) {
+              log.error("Username Not Found!", uae);
+          } catch (IncorrectCredentialsException ice) {
+              log.error("Invalid Credentials!", ice);
+          } catch (LockedAccountException lae) {
+              log.error("Your Account is Locked!", lae);
+          } catch (AuthenticationException ae) {
+              log.error("Unexpected Error!", ae);
+          }
+        }
+
+        log.info("User [" + currentUser.getPrincipal() + "] logged in successfully.");
+
+        if (currentUser.hasRole("admin")) {
+            log.info("Welcome Admin");
+        } else if(currentUser.hasRole("editor")) {
+            log.info("Welcome, Editor!");
+        } else if(currentUser.hasRole("author")) {
+            log.info("Welcome, Author");
+        } else {
+            log.info("Welcome, Guest");
+        }
+
+        if(currentUser.isPermitted("/articles/drafts/new-article")) {
+            log.info("You can access articles");
+        } else {
+            log.info("You cannot access articles!");
+        }
+        currentUser.logout();
+    }
+
+}

apache-shiro/src/main/java/com/baeldung/shiro/permissions/custom/PathPermission.java

@@ -0,0 +1,22 @@
+package com.baeldung.shiro.permissions.custom;
+
+import org.apache.shiro.authz.Permission;
+
+import java.nio.file.Path;
+
+public class PathPermission implements Permission {
+
+    private final Path path;
+
+    public PathPermission(Path path) {
+        this.path = path;
+    }
+
+    @Override
+    public boolean implies(Permission p) {
+        if(p instanceof PathPermission) {
+            return ((PathPermission) p).path.startsWith(path);
+        }
+        return false;
+    }
+}

apache-shiro/src/main/java/com/baeldung/shiro/permissions/custom/PathPermissionResolver.java

@@ -0,0 +1,13 @@
+package com.baeldung.shiro.permissions.custom;
+
+import org.apache.shiro.authz.Permission;
+import org.apache.shiro.authz.permission.PermissionResolver;
+
+import java.nio.file.Paths;
+
+public class PathPermissionResolver implements PermissionResolver {
+    @Override
+    public Permission resolvePermission(String permissionString) {
+        return new PathPermission(Paths.get(permissionString));
+    }
+}

apache-shiro/src/main/resources/com/baeldung/shiro/permissions/custom/shiro.ini

@@ -0,0 +1,10 @@
+[users]
+jane.admin = password, admin
+john.editor = password2, editor
+zoe.author = password3, author
+paul.reader = password4
+
+[roles]
+admin = /
+editor = /articles
+author = /articles/drafts