PermissiveSecurityManager.java example

Explorer
OG-Platform-master
- projects
- sesame
/**
 * Copyright (C) 2013 - present by OpenGamma Inc. and the OpenGamma group of companies
 *
 * Please see distribution for license.
 */
package com.opengamma.util.auth;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.authz.permission.AllPermission;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SubjectContext;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;

/**
 * An Apache Shiro {@code SecurityManager} that permits everything.
 */
public final class PermissiveSecurityManager extends DefaultWebSecurityManager {

  /**
   * The default security manager
   */
  static final PermissiveSecurityManager DEFAULT = new PermissiveSecurityManager();

  /**
   * Creates an instance.
   */
  public PermissiveSecurityManager() {
    setRealm(new PermissiveRealm());
  }

  //-------------------------------------------------------------------------
  @Override
  protected SubjectContext copy(SubjectContext subjectContext) {
    // this is the only way to trick the superclass into believing subject is always authenticated
    UsernamePasswordToken token = new UsernamePasswordToken("permissive", "nopassword");
    SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(token.getPrincipal(), token.getCredentials(), "Permissive");
    subjectContext.setAuthenticated(true);
    subjectContext.setAuthenticationToken(token);
    subjectContext.setAuthenticationInfo(info);
    return subjectContext;
  }

  //-------------------------------------------------------------------------
  /**
   * An Apache Shiro {@code Realm} that permits everything.
   */
  class PermissiveRealm extends AuthorizingRealm {

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
      return new SimpleAuthenticationInfo(token.getPrincipal(), token.getCredentials(), getName());
    }

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
      SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
      info.addObjectPermission(new AllPermission());
      return info;
    }

  }

}