Package waffle.shiro
Class GroupMappingWaffleRealm
java.lang.Object
org.apache.shiro.realm.CachingRealm
org.apache.shiro.realm.AuthenticatingRealm
org.apache.shiro.realm.AuthorizingRealm
waffle.shiro.AbstractWaffleRealm
waffle.shiro.GroupMappingWaffleRealm
- All Implemented Interfaces:
org.apache.shiro.authc.LogoutAware
,org.apache.shiro.authz.Authorizer
,org.apache.shiro.authz.permission.PermissionResolverAware
,org.apache.shiro.authz.permission.RolePermissionResolverAware
,org.apache.shiro.cache.CacheManagerAware
,org.apache.shiro.realm.Realm
,org.apache.shiro.util.Initializable
,org.apache.shiro.util.Nameable
A
Realm
that authenticates with Active Directory using WAFFLE and assigns roles to
users based on a mapping from their groups. To define permissions based on these roles, set a
RolePermissionResolver
.-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected org.apache.shiro.authz.AuthorizationInfo
buildAuthorizationInfo
(WaffleFqnPrincipal principal) Builds anAuthorizationInfo
object based on the user's groups.protected Collection
<String> getRoleNamesForGroups
(Collection<String> groupNames) This method is called by to translate group names to role names.void
setGroupRolesMap
(Map<String, String> value) Sets the translation from group names to role names.Methods inherited from class waffle.shiro.AbstractWaffleRealm
doGetAuthenticationInfo, doGetAuthorizationInfo
Methods inherited from class org.apache.shiro.realm.AuthorizingRealm
afterCacheManagerSet, checkPermission, checkPermission, checkPermission, checkPermissions, checkPermissions, checkPermissions, checkRole, checkRole, checkRoles, checkRoles, checkRoles, clearCachedAuthorizationInfo, doClearCache, getAuthorizationCache, getAuthorizationCacheKey, getAuthorizationCacheName, getAuthorizationInfo, getPermissionResolver, getPermissions, getRolePermissionResolver, hasAllRoles, hasRole, hasRole, hasRoles, hasRoles, isAuthorizationCachingEnabled, isPermitted, isPermitted, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, isPermittedAll, onInit, setAuthorizationCache, setAuthorizationCacheName, setAuthorizationCachingEnabled, setName, setPermissionResolver, setRolePermissionResolver
Methods inherited from class org.apache.shiro.realm.AuthenticatingRealm
assertCredentialsMatch, clearCachedAuthenticationInfo, getAuthenticationCache, getAuthenticationCacheKey, getAuthenticationCacheKey, getAuthenticationCacheName, getAuthenticationInfo, getAuthenticationTokenClass, getCredentialsMatcher, init, isAuthenticationCachingEnabled, isAuthenticationCachingEnabled, setAuthenticationCache, setAuthenticationCacheName, setAuthenticationCachingEnabled, setAuthenticationTokenClass, setCredentialsMatcher, supports
Methods inherited from class org.apache.shiro.realm.CachingRealm
clearCache, getAvailablePrincipal, getCacheManager, getName, isCachingEnabled, onLogout, setCacheManager, setCachingEnabled
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.apache.shiro.util.Initializable
init
-
Constructor Details
-
GroupMappingWaffleRealm
public GroupMappingWaffleRealm()
-
-
Method Details
-
setGroupRolesMap
Sets the translation from group names to role names. If not set, the map is empty, resulting in no users getting roles.- Parameters:
value
- the group roles map to set
-
getRoleNamesForGroups
This method is called by to translate group names to role names. This implementation uses the groupRolesMap to map group names to role names.- Parameters:
groupNames
- the group names that apply to the current user- Returns:
- a collection of roles that are implied by the given role names
- See Also:
-
buildAuthorizationInfo
protected org.apache.shiro.authz.AuthorizationInfo buildAuthorizationInfo(WaffleFqnPrincipal principal) Builds anAuthorizationInfo
object based on the user's groups. The groups are translated to roles names by using the configured groupRolesMap.- Specified by:
buildAuthorizationInfo
in classAbstractWaffleRealm
- Parameters:
principal
- the principal of Subject that is being authorized- Returns:
- the AuthorizationInfo for the given Subject principal
- See Also:
-