Source code

001/*
002 * Licensed under the Apache License, Version 2.0 (the "License");
003 * you may not use this file except in compliance with the License.
004 * You may obtain a copy of the License at
005 *
006 *      http://www.apache.org/licenses/LICENSE-2.0
007 *
008 * Unless required by applicable law or agreed to in writing, software
009 * distributed under the License is distributed on an "AS IS" BASIS,
010 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
011 * See the License for the specific language governing permissions and
012 * limitations under the License.
013 */
014package org.apache.shiro.cdi;
015
016import java.io.Serializable;
017import java.lang.reflect.ParameterizedType;
018import java.util.Optional;
019import java.util.function.Supplier;
020import javax.enterprise.context.Dependent;
021import javax.enterprise.context.RequestScoped;
022import javax.enterprise.inject.Produces;
023import javax.enterprise.inject.spi.InjectionPoint;
024
025import lombok.extern.slf4j.Slf4j;
026import org.apache.shiro.SecurityUtils;
027import org.apache.shiro.cdi.annotations.NoSessionCreation;
028import org.apache.shiro.cdi.annotations.Principal;
029import org.apache.shiro.mgt.SecurityManager;
030import org.apache.shiro.session.InvalidSessionException;
031import org.apache.shiro.session.Session;
032import org.apache.shiro.subject.Subject;
033
034/**
035 * Exposes Shiro's SecurityManager, Session and Subject via CDI @Inject
036 */
037@SuppressWarnings("HideUtilityClassConstructor")
038@Dependent
039@Slf4j
040public class ShiroComponentProducer {
041    interface SerializableSupplier<T> extends Supplier<T>, Serializable {
042    }
043
044    @Produces
045    public static SecurityManager getSecurityManager() {
046        return SecurityUtils.getSecurityManager();
047    }
048
049    @Produces
050    @RequestScoped
051    public static Subject getSubject() {
052        return SecurityUtils.getSubject();
053    }
054
055    @Produces
056    @RequestScoped
057    public static Session getSession() {
058        return SecurityUtils.getSubject().getSession();
059    }
060
061    @Produces
062    @NoSessionCreation
063    @RequestScoped
064    public static Session getSessionNoCreation() {
065        return Optional.ofNullable(SecurityUtils.getSubject().getSession(false))
066                .orElseThrow(InvalidSessionException::new);
067    }
068
069    @Produces
070    @Principal
071    @SuppressWarnings("unchecked")
072    public static <T> Supplier<T> getPrincipal(InjectionPoint injectionPoint) {
073        var parameterizedType = (ParameterizedType) injectionPoint.getType();
074        var principalType = (Class<T>) parameterizedType.getActualTypeArguments()[0];
075        SerializableSupplier<T> supplier = () -> SecurityUtils.getSubject().getPrincipals().oneByType(principalType);
076        return supplier;
077    }
078}