Examples of org.apache.shiro.mgt.DefaultSecurityManager

• org.apache.shiro.mgt.DefaultSecurityManager
  The Shiro framework's default concrete implementation of the {@link SecurityManager} interface,based around a collection of {@link org.apache.shiro.realm.Realm}s. This implementation delegates its authentication, authorization, and session operations to wrapped {@link Authenticator}, {@link Authorizer}, and {@link org.apache.shiro.session.mgt.SessionManager SessionManager} instances respectively via superclassimplementation.

  To greatly reduce and simplify configuration, this implementation (and its superclasses) will create suitable defaults for all of its required dependencies, except the required one or more {@link Realm Realm}s. Because {@code Realm} implementations usually interact with an application's data model,they are almost always application specific; you will want to specify at least one custom {@code Realm} implementation that 'knows' about your application's data/security model(via {@link #setRealm} or one of the overloaded constructors). All other attributes in this class hierarchywill have suitable defaults for most enterprise applications.

  RememberMe notice: This class supports the ability to configure a {@link #setRememberMeManager RememberMeManager}for {@code RememberMe} identity services for login/logout, BUT, a default instance will not be createdfor this attribute at startup.

  Because RememberMe services are inherently client tier-specific and therefore aplication-dependent, if you want {@code RememberMe} services enabled, you will have to specify aninstance yourself via the {@link #setRememberMeManager(RememberMeManager) setRememberMeManager}mutator. However if you're reading this JavaDoc with the expectation of operating in a Web environment, take a look at the {@code org.apache.shiro.web.DefaultWebSecurityManager} implementation, whichdoes support {@code RememberMe} services by default at startup. @since 0.2

  private static final long serialVersionUID = 8412747004504683148L;
  static final Logger logger = LoggerFactory.getLogger(SpringRemotingServer.class);

  public SecureLoginService(Realm realm) {
    super();
    SecurityUtils.setSecurityManager(new DefaultSecurityManager(realm));
  }

  @Before
  public void bindSubjectToThread() {
    // setup a simple realm for authc
    SimpleAccountRealm simpleAccountRealm = new SimpleAccountRealm();
    simpleAccountRealm.addAccount("anonymous", "anonymous");
    DefaultSecurityManager securityManager = new DefaultSecurityManager();
    securityManager.setRealm(simpleAccountRealm);

    SecurityUtils.setSecurityManager(securityManager);

    DefaultSessionManager sessionManager = (DefaultSessionManager) securityManager.getSessionManager();
    sessionDAO = new EnterpriseCacheSessionDAO();
    sessionManager.setSessionDAO(sessionDAO);

    simpleSession = new SimpleSession();
    sessionDAO.create(simpleSession);

    assertThat(securitySystem.getSecurityManager(), sameInstance(securityManager));
    assertThat(securitySystem.getSecurityManager(), sameInstance(realmSecurityManager));

    assertThat(securityManager, instanceOf(DefaultWebSecurityManager.class));
    DefaultSecurityManager defaultSecurityManager = (DefaultSecurityManager) securityManager;

    assertThat(defaultSecurityManager.getSessionManager(), instanceOf(DefaultWebSessionManager.class));
    DefaultSessionManager sessionManager = (DefaultSessionManager) defaultSecurityManager.getSessionManager();
    assertThat(sessionManager.getSessionDAO(), instanceOf(EnterpriseCacheSessionDAO.class));

    SecurityWebFilter shiroFilter = injector.getInstance(SecurityWebFilter.class);
    assertThat(shiroFilter.getFilterChainResolver(), instanceOf(PathMatchingFilterChainResolver.class));

    assertThat(securitySystem.getSecurityManager(), sameInstance(securityManager));
    assertThat(securitySystem.getSecurityManager(), sameInstance(realmSecurityManager));

    assertThat(securityManager, instanceOf(DefaultSecurityManager.class));
    DefaultSecurityManager defaultSecurityManager = (DefaultSecurityManager) securityManager;

    assertThat(defaultSecurityManager.getSessionManager(), instanceOf(NexusDefaultSessionManager.class));
    NexusDefaultSessionManager sessionManager =
        (NexusDefaultSessionManager) defaultSecurityManager.getSessionManager();
    assertThat(sessionManager.getSessionDAO(), instanceOf(EnterpriseCacheSessionDAO.class));
    assertThat(
        ((EhCacheManager) ((EnterpriseCacheSessionDAO) sessionManager.getSessionDAO()).getCacheManager())
            .getCacheManager(),
        sameInstance(injector.getInstance(CacheManagerComponent.class).getCacheManager()));

    @Test
    public void testSessionStopThenStart() {
        String key = "testKey";
        String value = "testValue";
        DefaultSecurityManager sm = new DefaultSecurityManager();

        DelegatingSubject subject = new DelegatingSubject(sm);

        Session session = subject.getSession();
        session.setAttribute(key, value);
        assertTrue(session.getAttribute(key).equals(value));
        Serializable firstSessionId = session.getId();
        assertNotNull(firstSessionId);

        session.stop();

        session = subject.getSession();
        assertNotNull(session);
        assertNull(session.getAttribute(key));
        Serializable secondSessionId = session.getId();
        assertNotNull(secondSessionId);
        assertFalse(firstSessionId.equals(secondSessionId));

        subject.logout();

        sm.destroy();
    }

            @Override
            protected void bindSessionManager(AnnotatedBindingBuilder<SessionManager> bind) {
                bind.to(MyDefaultSessionManager.class);
            }
        });
        DefaultSecurityManager securityManager = (DefaultSecurityManager) injector.getInstance(SecurityManager.class);
        assertNotNull(securityManager);
        assertNotNull(securityManager.getSessionManager());
        assertTrue(securityManager.getSessionManager() instanceof MyDefaultSessionManager);
    }

public class SecurityManagerTestSupport {

    protected static SecurityManager createTestSecurityManager() {
        Ini ini = new Ini();
        ini.setSectionProperty("users", "test", "test");
        return new DefaultSecurityManager(new IniRealm(ini));
    }

    private SecurityManager getSecurityManagerBean() {
        return builder.getBean(SECURITY_MANAGER_NAME, SecurityManager.class);
    }

    protected SecurityManager createDefaultInstance() {
        return new DefaultSecurityManager();
    }

    @Before
    public void setup() {
        ThreadContext.remove();
        realm = new TestActiveDirectoryRealm();
        securityManager = new DefaultSecurityManager(realm);
        SecurityUtils.setSecurityManager(securityManager);
    }

    @Test
    public void testSessionStopThenStart() {
        String key = "testKey";
        String value = "testValue";
        DefaultSecurityManager sm = new DefaultSecurityManager();

        DelegatingSubject subject = new DelegatingSubject(sm);

        Session session = subject.getSession();
        session.setAttribute(key, value);
        assertTrue(session.getAttribute(key).equals(value));
        Serializable firstSessionId = session.getId();
        assertNotNull(firstSessionId);

        session.stop();

        session = subject.getSession();
        assertNotNull(session);
        assertNull(session.getAttribute(key));
        Serializable secondSessionId = session.getId();
        assertNotNull(secondSessionId);
        assertFalse(firstSessionId.equals(secondSessionId));

        subject.logout();

        sm.destroy();
    }