/*
* Copyright (c) 2015. David Sowerby
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package uk.q3c.krail.core.shiro;
import com.google.inject.Inject;
import com.vaadin.server.VaadinSession;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
/**
* Created by David Sowerby on 10/06/15.
*/
public class DefaultSubjectProvider implements SubjectProvider {
/**
* The security manager for the application.
*/
private SecurityManager securityManager;
@Inject
protected DefaultSubjectProvider(SecurityManager securityManager) {
super();
this.securityManager = securityManager;
}
/**
* Sets the security manager for the application. To support push, normally a
* {@link DefaultSecurityManager} is used rather than a web specific one
* because the normal HTTP request/response cycle isn't used.
*
* @param securityManager
* the security manager to set
*/
public void setSecurityManager(SecurityManager securityManager) {
this.securityManager = securityManager;
}
/**
* {@inheritDoc}
*/
@Override
public Subject get() {
return getSubject();
}
/**
* Returns the subject for the application and thread which represents the
* current user. The subject is always available; however it may represent an
* anonymous user.
*
* @return the subject for the current application and thread
*
* @see SecurityUtils#getSubject()
*/
public Subject getSubject() {
VaadinSession session = VaadinSession.getCurrent();
// This should never happen, but just in case we'll check.
if (session == null) {
throw new IllegalStateException("Unable to locate VaadinSession " + "to store Shiro Subject.");
}
Subject subject = (Subject) session.getAttribute(SUBJECT_ATTRIBUTE);
if (subject == null) {
// Create a new subject using the configured security manager.
subject = (new Subject.Builder(securityManager)).buildSubject();
session.setAttribute(SUBJECT_ATTRIBUTE, subject);
}
return subject;
}
}