Introducing shiro security framework

git-svn-id: https://brutex.net/svn/xservices/trunk@146 e7e49efb-446e-492e-b9ec-fcafc1997a86
2013-12-20 07:45:47 +00:00 · 2013-12-20 07:45:47 +00:00 · 5a445c63cf
parent 97520fae61
commit 5a445c63cf
11 changed files with 292 additions and 80 deletions
--- a/ivy.xml
+++ b/ivy.xml
@ -44,7 +44,10 @@
 		<dependency org="org.apache.ant" name="ant-commons-net" rev="1.8.4"/>
 		<!-- JCS does not define scopes in its pom.xml, thus map any configuration to default -->
-		<dependency org="jcs" name="jcs" rev="1.3" transitive="false" conf="*->default"/>
+		<dependency org="org.apache.jcs" name="jcs" rev="1.3"/>
 		<!--<dependency org="concurrent" name="concurrent" rev="1.3.4"/> --><!-- needed for JCS -->
        <dependency org="org.quartz-scheduler" name="quartz" rev="2.2.0"/>
@ -55,12 +58,17 @@
        <dependency org="jaxen" name="jaxen" rev="1.1.4"/>
        <dependency org="org.apache.shiro" name="shiro-core" rev="1.2.2"/>
        <dependency org="org.apache.shiro" name="shiro-web" rev="1.2.2"/>
        <dependency org="org.slf4j" name="slf4j-log4j12" rev="1.6.6"/> <!-- Binding to Log4J -->
        <dependency org="org.apache.cxf" name="cxf-rt-core" rev="2.7.0"/>
        <dependency org="org.apache.cxf" name="cxf-rt-transports-http" rev="2.7.0"/>
        <dependency org="org.apache.cxf" name="cxf-rt-databinding-aegis" rev="2.7.0"/>
        <dependency org="org.apache.cxf" name="cxf-rt-frontend-jaxrs" rev="2.7.0"/>
        <dependency org="org.apache.cxf" name="cxf-rt-frontend-jaxws" rev="2.7.0"/>
        <dependency org="org.apache.cxf" name="cxf-rt-rs-security-sso-saml" rev="2.7.0"/>
   		<dependency org="rhino" name="js" rev="1.7R2"/>
--- a/src/java/log4j.properties
+++ b/src/java/log4j.properties
@ -1,5 +1,5 @@
-log4j.rootLogger=DEBUG, A1
+log4j.rootLogger=INFO, A1
 log4j.appender.A1=org.apache.log4j.ConsoleAppender
 log4j.appender.A1.layout=org.apache.log4j.PatternLayout
@ -8,7 +8,7 @@ log4j.appender.A1.layout.ConversionPattern=%d [%t] %-5p %c{2} - %m%n
 # Print only messages of level WARN or above in the package com.foo.
 log4j.logger.net.brutex.xservices=INFO
-log4j.logger.net.brutex.xservices.ws.rs=INFO
+log4j.logger.net.brutex.xservices.ws.rs=DEBUG
 log4j.logger.org.springframework=INFO
@ -17,3 +17,6 @@ log4j.logger.org.apache.jcs=INFO
 log4j.logger.org.apache.commons=INFO
 log4j.logger.org.apache.axiom=INFO
 log4j.logger.org.apache.shiro=INFO
--- a/src/java/net/brutex/xservices/security/DirectoryPermission.java
+++ b/src/java/net/brutex/xservices/security/DirectoryPermission.java
@ -0,0 +1,65 @@
 /*
 *   Copyright 2013 Brian Rosenberger (Brutex Network)
 *
 *   Licensed under the Apache License, Version 2.0 (the "License");
 *   you may not use this file except in compliance with the License.
 *   You may obtain a copy of the License at
 *
 *       http://www.apache.org/licenses/LICENSE-2.0
 *
 *   Unless required by applicable law or agreed to in writing, software
 *   distributed under the License is distributed on an "AS IS" BASIS,
 *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *   See the License for the specific language governing permissions and
 *   limitations under the License.
 */
 package net.brutex.xservices.security;
 import org.apache.log4j.Logger;
 import org.apache.shiro.authz.Permission;
 import org.apache.shiro.util.AntPathMatcher;
 /**
 * @author Brian Rosenberger, bru(at)brutex.de
 *
 */
 public class DirectoryPermission implements Permission {
 	private final Logger logger = Logger.getLogger(DirectoryPermission.class);
 	private final String path;
 	public DirectoryPermission(String antlikepath) {
 		path = antlikepath;
 	}
 	@Override
 	public boolean implies(Permission p) {
 		boolean result = false;
 		/* is of same type */
 		if(! (p instanceof DirectoryPermission)) {			
 			logger.debug(String.format("Testing if permission of type '%s' implies permission of type '%s'. Result was '%s'"  , this.getClass(), p.getClass(), result));
 			return result;
 		}
 		/* comparing to non null directory */
 		if( ((DirectoryPermission)p).getPath() == null) {
 			logger.debug(String.format("Testing if DirectoryPermission '%s' implies permission to 'null'. Result was '%s'"  , this.getPath(), result));
 			return result;
 		}
 		/* directory pattern implies other */
 		if( (new AntPathMatcher()).matches(path, ((DirectoryPermission)p).getPath()) ) {
 			result = true;
 		}
 		logger.debug(String.format("Testing if DirectoryPermission '%s' implies permission to '%s'. Result was '%s'"  , this.getPath(), ((DirectoryPermission) p).getPath(), result));
 		return result;
 	}
 	public String getPath() {
 		return path;
 	}
 }
--- a/src/java/net/brutex/xservices/security/PermissionResolver.java
+++ b/src/java/net/brutex/xservices/security/PermissionResolver.java
@ -1,5 +1,5 @@
 /*
- *   Copyright 2012 Brian Rosenberger (Brutex Network)
+ *   Copyright 2013 Brian Rosenberger (Brutex Network)
 *
 *   Licensed under the Apache License, Version 2.0 (the "License");
 *   you may not use this file except in compliance with the License.
@ -16,8 +16,20 @@
 package net.brutex.xservices.security;
-import java.util.UUID;
+import org.apache.log4j.Logger;
 import org.apache.shiro.authz.Permission;
-public abstract interface Identity {
+/**
-		public abstract UUID getUUID();
+ * @author Brian Rosenberger, bru(at)brutex.de
 *
 */
 public class PermissionResolver implements org.apache.shiro.authz.permission.PermissionResolver {
 	final Logger logger = Logger.getLogger(PermissionResolver.class);
 	@Override
 	public Permission resolvePermission(String permissionString) {
 		logger.debug(String.format("Creating new Permission '%s'", permissionString));
 		return new DirectoryPermission(permissionString);
 	}
 }
--- a/src/java/net/brutex/xservices/security/SecurityManager.java
+++ b/src/java/net/brutex/xservices/security/SecurityManager.java
@ -1,11 +0,0 @@
 package net.brutex.xservices.security;
 public abstract interface SecurityManager
 {
  public abstract boolean canExecute(String paramString, Identity paramIdentity);
 }
 /* Location:           C:\Users\brosenberger\Documents\My Box Files\XBridgeNG-download\XServices-20130131 - Kopie\WEB-INF\classes\net.zip
 * Qualified Name:     net.brutex.xservices.security.SecurityManager
 * JD-Core Version:    0.6.2
 */
--- a/src/java/net/brutex/xservices/security/StandardSecurityManager.java
+++ b/src/java/net/brutex/xservices/security/StandardSecurityManager.java
@ -1,18 +0,0 @@
 /*    */ package net.brutex.xservices.security;
 /*    */ 
 /*    */ import java.io.PrintStream;
 /*    */ 
 /*    */ public class StandardSecurityManager
 /*    */   implements SecurityManager
 /*    */ {
 /*    */   public boolean canExecute(String method, Identity identity)
 /*    */   {
 /*  9 */     System.out.println("User '" + identity.getUUID() + "' accesses '" + method + "'");
 /* 10 */     return true;
 /*    */   }
 /*    */ }
 /* Location:           C:\Users\brosenberger\Documents\My Box Files\XBridgeNG-download\XServices-20130131 - Kopie\WEB-INF\classes\net.zip
 * Qualified Name:     net.brutex.xservices.security.StandardSecurityManager
 * JD-Core Version:    0.6.2
 */
--- a/src/java/net/brutex/xservices/security/UserIdentity.java
+++ b/src/java/net/brutex/xservices/security/UserIdentity.java
@ -1,17 +0,0 @@
 /*   */ package net.brutex.xservices.security;
 /*   */ 
 /*   */ import java.util.UUID;
 /*   */ 
 /*   */ public class UserIdentity
 /*   */   implements Identity
 /*   */ {
 /*   */   public UUID getUUID()
 /*   */   {
 /* 9 */     return UUID.randomUUID();
 /*   */   }
 /*   */ }
 /* Location:           C:\Users\brosenberger\Documents\My Box Files\XBridgeNG-download\XServices-20130131 - Kopie\WEB-INF\classes\net.zip
 * Qualified Name:     net.brutex.xservices.security.UserIdentity
 * JD-Core Version:    0.6.2
 */
--- a/src/java/net/brutex/xservices/security/XServicesRealm.java
+++ b/src/java/net/brutex/xservices/security/XServicesRealm.java
@ -0,0 +1,80 @@
 /*
 *   Copyright 2013 Brian Rosenberger (Brutex Network)
 *
 *   Licensed under the Apache License, Version 2.0 (the "License");
 *   you may not use this file except in compliance with the License.
 *   You may obtain a copy of the License at
 *
 *       http://www.apache.org/licenses/LICENSE-2.0
 *
 *   Unless required by applicable law or agreed to in writing, software
 *   distributed under the License is distributed on an "AS IS" BASIS,
 *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *   See the License for the specific language governing permissions and
 *   limitations under the License.
 */
 package net.brutex.xservices.security;
 import java.text.ParseException;
 import java.util.Collection;
 import java.util.Map;
 import org.apache.log4j.Logger;
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.AuthenticationInfo;
 import org.apache.shiro.authc.AuthenticationToken;
 import org.apache.shiro.authz.AuthorizationInfo;
 import org.apache.shiro.authz.Permission;
 import org.apache.shiro.authz.permission.PermissionResolver;
 import org.apache.shiro.config.Ini;
 import org.apache.shiro.io.ResourceUtils;
 import org.apache.shiro.realm.AuthorizingRealm;
 import org.apache.shiro.realm.text.IniRealm;
 import org.apache.shiro.subject.PrincipalCollection;
 import org.apache.shiro.util.Nameable;
 import org.apache.shiro.util.PermissionUtils;
 // TODO: Auto-generated Javadoc
 /* 
 * For later use. A Realm connects to a DS where Users/ Passes are defined
 * and allows Shiro to transparently work against different user/pass stores
 * (i.e. LDAP, Custom, etc.)
 *
 * @author Brian Rosenberger, bru(at)brutex.de
 *
 */
 /**
 * The Class XServicesRealm.
 */
 public class XServicesRealm extends IniRealm implements Nameable  {
 	/** The logger. */
 	private static Logger logger = Logger.getLogger(XServicesRealm.class);
 	/** The name. */
 	private String name;
 	/* (non-Javadoc)
 	 * @see org.apache.shiro.realm.AuthorizingRealm#setName(java.lang.String)
 	 */
 	@Override
 	public void setName(String name) {
 		this.name = name;
 	}
 	/**
 	 * Instantiates a new x services realm with default
 	 * 'shiro.ini' in classpath and {@link net.brutex.xservices.security.PermissionResolver PermissionResolver}.
 	 * 
 	 */
 	public XServicesRealm() {
 		super();
 		this.setIni(Ini.fromResourcePath(ResourceUtils.CLASSPATH_PREFIX+"shiro.ini"));
 		this.setPermissionResolver(new net.brutex.xservices.security.PermissionResolver());
 		//this.setRolePermissionResolver(new RolePermissionResolver());
 		init();
 	}	
 }
--- a/src/java/shiro.ini
+++ b/src/java/shiro.ini
@ -0,0 +1,52 @@
 # =======================
 # Shiro INI configuration
 # =======================
 [main]
 # Objects and their properties are defined here, 
 # Such as the securityManager, Realms and anything
 # else needed to build the SecurityManager
 realm = net.brutex.xservices.security.XServicesRealm
 securityManager.realms = $realm
 #authc = org.apache.shiro.web.filter.authc.FormAuthenticationFilter
 [users]
 # The 'users' section is for simple deployments
 # when you only need a small number of statically-defined 
 # set of User accounts.
 # Format: user = password, role1, role2, ...
 admin = password
 brian = password, Administrator
 [roles]
 # The 'roles' section is for simple deployments
 # when you only need a small number of statically-defined
 # roles.
 Administrator = c:/t*/*, c:/windows/*, d:/**/VIDEO, C:/Users/brosenberger/**, d:/data/**, c:/**
 [urls]
 # The 'urls' section is used for url-based security
 # in web applications.  We'll discuss this section in the
 # Web documentation
 /** = authcBasic
 #Default filters
 #Filter Name	 Class
 #anon		org.apache.shiro.web.filter.authc.AnonymousFilter
 #authc		org.apache.shiro.web.filter.authc.FormAuthenticationFilter
 #authcBasic	org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter
 #logout		org.apache.shiro.web.filter.authc.LogoutFilter
 #noSessionCreation	org.apache.shiro.web.filter.session.NoSessionCreationFilter
 #perms		org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter
 #port		org.apache.shiro.web.filter.authz.PortFilter
 #rest		org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
 #roles		org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
 #ssl		org.apache.shiro.web.filter.authz.SslFilter
 #user		org.apache.shiro.web.filter.authc.UserFilter
--- a/web/WEB-INF/cxf-beans.xml
+++ b/web/WEB-INF/cxf-beans.xml
@ -85,6 +85,31 @@
 	<bean id="FileInfoBean" class="net.brutex.xservices.ws.rs.FileInfoImpl" />
 <jaxrs:server address="/app1"> 
       <jaxrs:serviceBeans>
          <ref bean="FileInfoBean"/>
       </jaxrs:serviceBeans>
       <jaxrs:providers>
          <ref bean="redirectGetFilter"/>
       </jaxrs:providers>
 </jaxrs:server>
 <bean id="redirectGetFilter" class="org.apache.cxf.rs.security.saml.sso.SamlRedirectBindingFilter">
      <property name="idpServiceAddress" value="https://localhost:9443/idp"/>
      <!-- both relative and absolute URIs are supported -->
      <property name="assertionConsumerServiceAddress" value="/racs/sso"/>
      <property name="stateProvider" ref="stateManager"/>
 </bean>
 <bean id="stateManager" class="org.apache.cxf.rs.security.saml.sso.state.EHCacheSPStateManager">
    <constructor-arg ref="cxf"/>
 </bean>
 	<jaxrs:server id="CVSInfo" address="/cvsinfo">
 		<jaxrs:serviceBeans>
 			<ref bean="CVSInfoBean" />
--- a/web/WEB-INF/web.xml
+++ b/web/WEB-INF/web.xml
@ -28,22 +28,10 @@
 		<param-value>3</param-value>
 	</context-param>
-	<!--
+	<!-- <context-param> <param-name>cvs-config-02</param-name> <param-value>c:/temp/test2.txt</param-value> 
-	<context-param>
+		</context-param> <context-param> <param-name>cvs-config-01</param-name> <param-value>c:/temp/test.txt</param-value> 
-		<param-name>cvs-config-02</param-name>
+		</context-param> <context-param> <param-name>cvs-config-03</param-name> <param-value>c:/temp/test3.txt</param-value> 
-		<param-value>c:/temp/test2.txt</param-value>
+		</context-param> -->
 	</context-param>
 	<context-param>
 		<param-name>cvs-config-01</param-name>
 		<param-value>c:/temp/test.txt</param-value>
 	</context-param>
 	<context-param>
 		<param-name>cvs-config-03</param-name>
 		<param-value>c:/temp/test3.txt</param-value>
 	</context-param>
 	-->
 	<!-- Caching interval in minutes for CVS cache -->
 	<context-param>
@ -52,12 +40,8 @@
 	</context-param>
 	<!-- CVS content search cache -->
-	<!--  
+	<!-- <context-param> <param-name>cvs-findings-configuration</param-name> 
-	<context-param>
+		<param-value>c:/temp/cvs-findings.txt</param-value> </context-param> -->
 		<param-name>cvs-findings-configuration</param-name>
 		<param-value>c:/temp/cvs-findings.txt</param-value>
 	</context-param>
 	-->
 	<listener>
 		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
@ -105,4 +89,33 @@
 	<welcome-file-list>
 		<welcome-file>index.html</welcome-file>
 	</welcome-file-list>
 	<!-- Shiro -->
 	<listener>
 		<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
 	</listener>
 	<filter>
 		<filter-name>ShiroFilter</filter-name>
 		<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
 		<init-param>
 			<param-name>configPath</param-name>
 			<param-value>/WEB-INF/shiro.ini</param-value>
 		</init-param>
 	</filter>
 	<filter-mapping>
 		<filter-name>ShiroFilter</filter-name>
 		<url-pattern>/*</url-pattern>
 		<dispatcher>REQUEST</dispatcher>
 		<dispatcher>FORWARD</dispatcher>
 		<dispatcher>INCLUDE</dispatcher>
 		<dispatcher>ERROR</dispatcher>
 	</filter-mapping>
 	<!-- Shiro -->
 </web-app>