Examples of org.apache.shiro.mgt.DefaultSecurityManager

• org.apache.shiro.mgt.DefaultSecurityManager
  The Shiro framework's default concrete implementation of the {@link SecurityManager} interface,based around a collection of {@link org.apache.shiro.realm.Realm}s. This implementation delegates its authentication, authorization, and session operations to wrapped {@link Authenticator}, {@link Authorizer}, and {@link org.apache.shiro.session.mgt.SessionManager SessionManager} instances respectively via superclassimplementation.

  To greatly reduce and simplify configuration, this implementation (and its superclasses) will create suitable defaults for all of its required dependencies, except the required one or more {@link Realm Realm}s. Because {@code Realm} implementations usually interact with an application's data model,they are almost always application specific; you will want to specify at least one custom {@code Realm} implementation that 'knows' about your application's data/security model(via {@link #setRealm} or one of the overloaded constructors). All other attributes in this class hierarchywill have suitable defaults for most enterprise applications.

  RememberMe notice: This class supports the ability to configure a {@link #setRememberMeManager RememberMeManager}for {@code RememberMe} identity services for login/logout, BUT, a default instance will not be createdfor this attribute at startup.

  Because RememberMe services are inherently client tier-specific and therefore aplication-dependent, if you want {@code RememberMe} services enabled, you will have to specify aninstance yourself via the {@link #setRememberMeManager(RememberMeManager) setRememberMeManager}mutator. However if you're reading this JavaDoc with the expectation of operating in a Web environment, take a look at the {@code org.apache.shiro.web.DefaultWebSecurityManager} implementation, whichdoes support {@code RememberMe} services by default at startup. @since 0.2

//        LocalAdminUserRealm localAdminRealm = new LocalAdminUserRealm("local-accounts");
//        localAdminRealm.setCredentialsMatcher(new HashedCredentialsMatcher("SHA2"));
//        setupLocalUser(api, localAdminRealm, app);

        Realm serverRestInterfaceRealm = injector.getInstance(ServerRestInterfaceRealm.class);
        final DefaultSecurityManager securityManager =
                new DefaultSecurityManager(
                        Lists.newArrayList(serverRestInterfaceRealm)
                );
        // disable storing sessions (TODO we might want to write a session store bridge to play's session cookie)
        final DefaultSessionStorageEvaluator sessionStorageEvaluator = new DefaultSessionStorageEvaluator();
        sessionStorageEvaluator.setSessionStorageEnabled(false);
        final DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
        subjectDAO.setSessionStorageEvaluator(sessionStorageEvaluator);
        securityManager.setSubjectDAO(subjectDAO);

        final Authenticator authenticator = securityManager.getAuthenticator();
        if (authenticator instanceof ModularRealmAuthenticator) {
            ModularRealmAuthenticator a = (ModularRealmAuthenticator) authenticator;
            a.setAuthenticationStrategy(new RethrowingFirstSuccessfulStrategy());
            a.setAuthenticationListeners(
                    Lists.<AuthenticationListener>newArrayList(new PlayAuthenticationListener())

        sessionAuthenticator.setCachingEnabled(false);
        accessTokenAuthenticator.setCachingEnabled(false);


        sm = new DefaultSecurityManager(Lists.<Realm>newArrayList(
                sessionAuthenticator,
                accessTokenAuthenticator,
                ldapUserAuthenticator,
                passwordAuthenticator,
                inMemoryRealm));

public class NonConfigurationCreateTest {

    @Test
    public void test() {

        DefaultSecurityManager securityManager = new DefaultSecurityManager();

        //设置authenticator
        ModularRealmAuthenticator authenticator = new ModularRealmAuthenticator();
        authenticator.setAuthenticationStrategy(new AtLeastOneSuccessfulStrategy());
        securityManager.setAuthenticator(authenticator);

        //设置authorizer
        ModularRealmAuthorizer authorizer = new ModularRealmAuthorizer();
        authorizer.setPermissionResolver(new WildcardPermissionResolver());
        securityManager.setAuthorizer(authorizer);

        //设置Realm
        DruidDataSource ds = new DruidDataSource();
        ds.setDriverClassName("com.mysql.jdbc.Driver");
        ds.setUrl("jdbc:mysql://localhost:3306/shiro");
        ds.setUsername("root");
        ds.setPassword("");

        JdbcRealm jdbcRealm = new JdbcRealm();
        jdbcRealm.setDataSource(ds);
        jdbcRealm.setPermissionsLookupEnabled(true);
        securityManager.setRealms(Arrays.asList((Realm) jdbcRealm));

        //将SecurityManager设置到SecurityUtils 方便全局使用
        SecurityUtils.setSecurityManager(securityManager);

        Subject subject = SecurityUtils.getSubject();

    @Test
    public void testSessionStopThenStart() {
        String key = "testKey";
        String value = "testValue";
        DefaultSecurityManager sm = new DefaultSecurityManager();

        DelegatingSubject subject = new DelegatingSubject(sm);

        Session session = subject.getSession();
        session.setAttribute(key, value);
        assertTrue(session.getAttribute(key).equals(value));
        Serializable firstSessionId = session.getId();
        assertNotNull(firstSessionId);

        session.stop();

        session = subject.getSession();
        assertNotNull(session);
        assertNull(session.getAttribute(key));
        Serializable secondSessionId = session.getId();
        assertNotNull(secondSessionId);
        assertFalse(firstSessionId.equals(secondSessionId));

        subject.logout();

        sm.destroy();
    }

    private SecurityManager getSecurityManagerBean() {
        return builder.getBean(SECURITY_MANAGER_NAME, SecurityManager.class);
    }

    protected SecurityManager createDefaultInstance() {
        return new DefaultSecurityManager();
    }

        return realmInited;
    }

    @Override
    public void initBaseRealm() {
        DefaultSecurityManager securityManager = null;
        if (!realmInited && config.getBooleanProperty("KEY_SECURITY_ENABLE", true)) {
            baseRealm.setName(BASE_REALM_NAME);
            baseRealm.setResourcePath(new File(Info.PATH_WORKDIR + "/config/security.properties").getAbsolutePath());
            baseRealm.init();

            pluginRealm.init();

             securityManager = new DefaultSecurityManager();
            //securityManager = injector.getInstance(DefaultSecurityManager.class);

            realmCollection.add(baseRealm);
            realmCollection.add(pluginRealm);
            securityManager.setRealms(realmCollection);

            realmInited = true;
        }
        SecurityUtils.setSecurityManager(securityManager);
    }

    @Test
    public void testSessionStopThenStart() {
        String key = "testKey";
        String value = "testValue";
        DefaultSecurityManager sm = new DefaultSecurityManager();

        DelegatingSubject subject = new DelegatingSubject(sm);

        Session session = subject.getSession();
        session.setAttribute(key, value);
        assertTrue(session.getAttribute(key).equals(value));
        Serializable firstSessionId = session.getId();
        assertNotNull(firstSessionId);

        session.stop();

        session = subject.getSession();
        assertNotNull(session);
        assertNull(session.getAttribute(key));
        Serializable secondSessionId = session.getId();
        assertNotNull(secondSessionId);
        assertFalse(firstSessionId.equals(secondSessionId));

        subject.logout();

        sm.destroy();
    }

    @Before
    public void setup() {
        ThreadContext.remove();
        realm = new TestActiveDirectoryRealm();
        securityManager = new DefaultSecurityManager(realm);
        SecurityUtils.setSecurityManager(securityManager);
    }

    private SecurityManager getSecurityManagerBean() {
        return builder.getBean(SECURITY_MANAGER_NAME, SecurityManager.class);
    }

    protected SecurityManager createDefaultInstance() {
        return new DefaultSecurityManager();
    }

    private SecurityManager getSecurityManagerBean() {
        return builder.getBean(SECURITY_MANAGER_NAME, SecurityManager.class);
    }

    protected SecurityManager createDefaultInstance() {
        return new DefaultSecurityManager();
    }