waffle.shiro

Class GroupMappingWaffleRealm

java.lang.Object

org.apache.shiro.realm.CachingRealm

org.apache.shiro.realm.AuthenticatingRealm

org.apache.shiro.realm.AuthorizingRealm

waffle.shiro.AbstractWaffleRealm

waffle.shiro.GroupMappingWaffleRealm

All Implemented Interfaces:

org.apache.shiro.authc.LogoutAware, org.apache.shiro.authz.Authorizer, org.apache.shiro.authz.permission.PermissionResolverAware, org.apache.shiro.authz.permission.RolePermissionResolverAware, org.apache.shiro.cache.CacheManagerAware, org.apache.shiro.realm.Realm, org.apache.shiro.util.Initializable, org.apache.shiro.util.Nameable

public class GroupMappingWaffleRealm
extends AbstractWaffleRealm

A Realm that authenticates with Active Directory using WAFFLE and assigns roles to users based on a mapping from their groups. To define permissions based on these roles, set a RolePermissionResolver.

Constructor Summary

Constructors

Constructor and Description
GroupMappingWaffleRealm()

Method Summary

Modifier and Type	Method and Description
protected org.apache.shiro.authz.AuthorizationInfo	buildAuthorizationInfo(WaffleFqnPrincipal principal) Builds an AuthorizationInfo object based on the user's groups.
protected Collection<String>	getRoleNamesForGroups(Collection<String> groupNames) This method is called by to translate group names to role names.
void	setGroupRolesMap(Map<String,String> value) Sets the translation from group names to role names.

Methods inherited from class waffle.shiro.AbstractWaffleRealm

doGetAuthenticationInfo, doGetAuthorizationInfo

Methods inherited from class org.apache.shiro.realm.AuthorizingRealm

afterCacheManagerSet, checkPermission, checkPermission, checkPermission, checkPermissions, checkPermissions, checkPermissions, checkRole, checkRole, checkRoles, checkRoles, checkRoles, clearCachedAuthorizationInfo, doClearCache, getAuthorizationCache, getAuthorizationCacheKey, getAuthorizationCacheName, getAuthorizationInfo, getPermissionResolver, getPermissions, getRolePermissionResolver, hasAllRoles, hasRole, hasRole, hasRoles, hasRoles, isAuthorizationCachingEnabled, isPermitted, isPermitted, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, isPermittedAll, onInit, setAuthorizationCache, setAuthorizationCacheName, setAuthorizationCachingEnabled, setName, setPermissionResolver, setRolePermissionResolver

Methods inherited from class org.apache.shiro.realm.AuthenticatingRealm

assertCredentialsMatch, clearCachedAuthenticationInfo, getAuthenticationCache, getAuthenticationCacheKey, getAuthenticationCacheKey, getAuthenticationCacheName, getAuthenticationInfo, getAuthenticationTokenClass, getCredentialsMatcher, init, isAuthenticationCachingEnabled, isAuthenticationCachingEnabled, setAuthenticationCache, setAuthenticationCacheName, setAuthenticationCachingEnabled, setAuthenticationTokenClass, setCredentialsMatcher, supports

Methods inherited from class org.apache.shiro.realm.CachingRealm

clearCache, getAvailablePrincipal, getCacheManager, getName, isCachingEnabled, onLogout, setCacheManager, setCachingEnabled

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.shiro.util.Initializable

init

Constructor Detail

GroupMappingWaffleRealm

public GroupMappingWaffleRealm()

Method Detail

setGroupRolesMap

public void setGroupRolesMap(Map<String,String> value)

Sets the translation from group names to role names. If not set, the map is empty, resulting in no users getting roles.

Parameters:

value - the group roles map to set

getRoleNamesForGroups

protected Collection<String> getRoleNamesForGroups(Collection<String> groupNames)

This method is called by to translate group names to role names. This implementation uses the groupRolesMap to map group names to role names.

Parameters:

groupNames - the group names that apply to the current user

Returns:

a collection of roles that are implied by the given role names

See Also:

setGroupRolesMap(java.util.Map<java.lang.String, java.lang.String>)

buildAuthorizationInfo

protected org.apache.shiro.authz.AuthorizationInfo buildAuthorizationInfo(WaffleFqnPrincipal principal)

Builds an AuthorizationInfo object based on the user's groups. The groups are translated to roles names by using the configured groupRolesMap.

Specified by:

buildAuthorizationInfo in class AbstractWaffleRealm

Parameters:

principal - the principal of Subject that is being authorized

Returns:

the AuthorizationInfo for the given Subject principal

See Also:

setGroupRolesMap(java.util.Map<java.lang.String, java.lang.String>), getRoleNamesForGroups(java.util.Collection<java.lang.String>)