AllowAllRealm.java

package com.airbnb.shiro;

import com.google.common.base.Strings;
import com.google.common.collect.Sets;
import lombok.Setter;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Set;

public class AllowAllRealm
        extends AuthorizingRealm
{
    private static String REALM_NAME = AllowAllRealm.class.getSimpleName();

    @Setter
    private List<UserGroup> groups = Collections.emptyList();

    @Override
    public void setName(String name)
    {}

    @Override
    public String getName()
    {
        return REALM_NAME;
    }

    @Override
    public boolean supports(AuthenticationToken token)
    {
        return (token instanceof AllowAllToken);
    }

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals)
    {
        Set<String> roles = Sets.newHashSet("user");
        Set<Permission> permissions = Sets.newHashSet();
        Collection<AllowAllUser> principalsCollection = principals.byType(AllowAllUser.class);

        if (principalsCollection.isEmpty()) {
            throw new AuthorizationException("No principals!");
        }

        for (AllowAllUser user : principalsCollection) {
            for (UserGroup userGroup : groups) {
                if (userGroup.representedByGroupStrings(user.getGroups())) {
                    permissions.addAll(userGroup.getPermissions());
                    break;
                }
            }
        }

        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(roles);
        authorizationInfo.setObjectPermissions(permissions);

        return authorizationInfo;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException
    {
        if (!(token instanceof AllowAllToken)) {
            throw new AuthenticationException("Incorrect token provided");
        }

        AllowAllToken authToken = (AllowAllToken) token;

        if (Strings.isNullOrEmpty(authToken.getUserName())) {
            throw new AuthenticationException("No valid username");
        } else if ((authToken.getGroups() == null) || authToken.getGroups().isEmpty()) {
            throw new AuthenticationException("No valid groups");
        }

        return new SimpleAuthenticationInfo(authToken.getPrincipal(),
                                            authToken.getCredentials(),
                                            REALM_NAME);
    }
}