Merge pull request eugenp#62 from eugenp/master

update

Author: Maiklins

apache-shiro/pom.xml

@@ -39,10 +39,19 @@
             <artifactId>jcl-over-slf4j</artifactId>
             <scope>runtime</scope>
         </dependency>
+        <!-- spring-sec -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
     </dependencies>
 
     <properties>
-        <apache-shiro-core-version>1.4.0</apache-shiro-core-version>
+        <apache-shiro-core-version>1.5.3</apache-shiro-core-version>
         <log4j-version>1.2.17</log4j-version>
     </properties>
 

apache-shiro/src/main/java/com/baeldung/comparison/shiro/CustomRealm.java

@@ -0,0 +1,96 @@
+package com.baeldung.comparison.shiro;
+
+import java.sql.Connection;
+import java.sql.SQLException;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.authc.AuthenticationInfo;
+import org.apache.shiro.authc.AuthenticationToken;
+import org.apache.shiro.authc.SimpleAuthenticationInfo;
+import org.apache.shiro.authc.UnknownAccountException;
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.authz.AuthorizationInfo;
+import org.apache.shiro.authz.SimpleAuthorizationInfo;
+import org.apache.shiro.realm.jdbc.JdbcRealm;
+import org.apache.shiro.subject.PrincipalCollection;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class CustomRealm extends JdbcRealm {
+    
+    private Logger logger = LoggerFactory.getLogger(CustomRealm.class);
+
+    private Map<String, String> credentials = new HashMap<>();
+    private Map<String, Set<String>> roles = new HashMap<>();
+    private Map<String, Set<String>> permissions = new HashMap<>();
+
+    {
+        credentials.put("Tom", "password");
+        credentials.put("Jerry", "password");
+
+        roles.put("Jerry", new HashSet<>(Arrays.asList("ADMIN")));
+        roles.put("Tom", new HashSet<>(Arrays.asList("USER")));
+
+        permissions.put("ADMIN", new HashSet<>(Arrays.asList("READ", "WRITE")));
+        permissions.put("USER", new HashSet<>(Arrays.asList("READ")));
+    }
+
+    @Override
+    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
+
+        UsernamePasswordToken userToken = (UsernamePasswordToken) token;
+
+        if (userToken.getUsername() == null || userToken.getUsername()
+            .isEmpty() || !credentials.containsKey(userToken.getUsername())) {
+            throw new UnknownAccountException("User doesn't exist");
+        }
+
+        return new SimpleAuthenticationInfo(userToken.getUsername(), credentials.get(userToken.getUsername()), getName());
+    }
+
+    @Override
+    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
+        Set<String> roles = new HashSet<>();
+        Set<String> permissions = new HashSet<>();
+
+        for (Object user : principals) {
+            try {
+                roles.addAll(getRoleNamesForUser(null, (String) user));
+                permissions.addAll(getPermissions(null, null, roles));
+            } catch (SQLException e) {
+                logger.error(e.getMessage());
+            }
+        }
+        SimpleAuthorizationInfo authInfo = new SimpleAuthorizationInfo(roles);
+        authInfo.setStringPermissions(permissions);
+        return authInfo;
+    }
+
+    @Override
+    protected Set<String> getRoleNamesForUser(Connection conn, String username) throws SQLException {
+        if (!roles.containsKey(username)) {
+            throw new SQLException("User doesn't exist");
+        }
+        return roles.get(username);
+    }
+
+    @Override
+    protected Set<String> getPermissions(Connection conn, String username, Collection<String> roles) throws SQLException {
+        Set<String> userPermissions = new HashSet<>();
+
+        for (String role : roles) {
+            if (!permissions.containsKey(role)) {
+                throw new SQLException("Role doesn't exist");
+            }
+            userPermissions.addAll(permissions.get(role));
+        }
+        return userPermissions;
+    }
+
+}

apache-shiro/src/main/java/com/baeldung/comparison/shiro/ShiroApplication.java

@@ -0,0 +1,33 @@
+package com.baeldung.comparison.shiro;
+
+import org.apache.shiro.realm.Realm;
+import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;
+import org.apache.shiro.spring.web.config.ShiroFilterChainDefinition;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
+import org.springframework.context.annotation.Bean;
+
+@SpringBootApplication(exclude = SecurityAutoConfiguration.class)
+public class ShiroApplication {
+
+    public static void main(String... args) {
+        SpringApplication.run(ShiroApplication.class, args);
+    }
+
+    @Bean
+    public Realm customRealm() {
+        return new CustomRealm();
+    }
+
+    @Bean
+    public ShiroFilterChainDefinition shiroFilterChainDefinition() {
+        DefaultShiroFilterChainDefinition filter = new DefaultShiroFilterChainDefinition();
+
+        filter.addPathDefinition("/home", "authc");
+        filter.addPathDefinition("/**", "anon");
+
+        return filter;
+    }
+
+}

apache-shiro/src/main/java/com/baeldung/comparison/shiro/controllers/ShiroController.java

@@ -0,0 +1,99 @@
+package com.baeldung.comparison.shiro.controllers;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.subject.Subject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.servlet.mvc.support.RedirectAttributes;
+
+import com.baeldung.comparison.shiro.models.UserCredentials;
+
+@Controller
+public class ShiroController {
+    
+    private Logger logger = LoggerFactory.getLogger(ShiroController.class);
+
+    @GetMapping("/")
+    public String getIndex() {
+        return "comparison/index";
+    }
+
+    @GetMapping("/login")
+    public String showLoginPage() {
+        return "comparison/login";
+    }
+
+    @PostMapping("/login")
+    public String doLogin(HttpServletRequest req, UserCredentials credentials, RedirectAttributes attr) {
+
+        Subject subject = SecurityUtils.getSubject();
+
+        if (!subject.isAuthenticated()) {
+            UsernamePasswordToken token = new UsernamePasswordToken(credentials.getUsername(), credentials.getPassword());
+            try {
+                subject.login(token);
+            } catch (AuthenticationException ae) {
+                logger.error(ae.getMessage());
+                attr.addFlashAttribute("error", "Invalid Credentials");
+                return "redirect:/login";
+            }
+        }
+        return "redirect:/home";
+    }
+
+    @GetMapping("/home")
+    public String getMeHome(Model model) {
+
+        addUserAttributes(model);
+
+        return "comparison/home";
+    }
+
+    @GetMapping("/admin")
+    public String adminOnly(Model model) {
+        addUserAttributes(model);
+
+        Subject currentUser = SecurityUtils.getSubject();
+        if (currentUser.hasRole("ADMIN")) {
+            model.addAttribute("adminContent", "only admin can view this");
+        }
+        return "comparison/home";
+    }
+
+    @PostMapping("/logout")
+    public String logout() {
+        Subject subject = SecurityUtils.getSubject();
+        subject.logout();
+        return "redirect:/";
+    }
+
+    private void addUserAttributes(Model model) {
+        Subject currentUser = SecurityUtils.getSubject();
+        String permission = "";
+
+        if (currentUser.hasRole("ADMIN")) {
+            model.addAttribute("role", "ADMIN");
+        } else if (currentUser.hasRole("USER")) {
+            model.addAttribute("role", "USER");
+        }
+
+        if (currentUser.isPermitted("READ")) {
+            permission = permission + " READ";
+        }
+
+        if (currentUser.isPermitted("WRITE")) {
+            permission = permission + " WRITE";
+        }
+        model.addAttribute("username", currentUser.getPrincipal());
+        model.addAttribute("permission", permission);
+    }
+
+}

apache-shiro/src/main/java/com/baeldung/comparison/shiro/models/UserCredentials.java

@@ -0,0 +1,28 @@
+package com.baeldung.comparison.shiro.models;
+
+public class UserCredentials {
+
+    private String username;
+    private String password;
+
+    public String getUsername() {
+        return username;
+    }
+
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
+    @Override
+    public String toString() {
+        return "username = " + getUsername();
+    }
+}

apache-shiro/src/main/java/com/baeldung/comparison/springsecurity/Application.java

@@ -0,0 +1,19 @@
+package com.baeldung.comparison.springsecurity;
+
+import org.apache.shiro.spring.boot.autoconfigure.ShiroAnnotationProcessorAutoConfiguration;
+import org.apache.shiro.spring.boot.autoconfigure.ShiroAutoConfiguration;
+import org.apache.shiro.spring.config.web.autoconfigure.ShiroWebAutoConfiguration;
+import org.apache.shiro.spring.config.web.autoconfigure.ShiroWebFilterConfiguration;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication(exclude = {ShiroAutoConfiguration.class,
+        ShiroAnnotationProcessorAutoConfiguration.class,
+        ShiroWebAutoConfiguration.class,
+        ShiroWebFilterConfiguration.class})
+public class Application {
+
+    public static void main(String[] args) {
+        SpringApplication.run(Application.class, args);
+    }
+}

apache-shiro/src/main/java/com/baeldung/comparison/springsecurity/config/SecurityConfig.java

@@ -0,0 +1,45 @@
+package com.baeldung.comparison.springsecurity.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@EnableWebSecurity
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.csrf().disable().authorizeRequests(authorize -> authorize.antMatchers("/index", "/login")
+            .permitAll()
+            .antMatchers("/home", "/logout")
+            .authenticated()
+            .antMatchers("/admin/**")
+            .hasRole("ADMIN"))
+            .formLogin(formLogin -> formLogin.loginPage("/login")
+                .failureUrl("/login-error"));
+    }
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.inMemoryAuthentication()
+            .withUser("Jerry")
+            .password(passwordEncoder().encode("password"))
+            .authorities("READ", "WRITE")
+            .roles("ADMIN")
+            .and()
+            .withUser("Tom")
+            .password(passwordEncoder().encode("password"))
+            .authorities("READ")
+            .roles("USER");
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+}