Repository: aurora Updated Branches: refs/heads/master 8f4b351ff -> aae39a81e
Support specifying a custom ShiroCredentialsMatcher Includes: - Adding eclipse generated files to .gitignore - Support specifying a custom ShiroCredentialsMatcher Reviewed at https://reviews.apache.org/r/59883/ Project: http://git-wip-us.apache.org/repos/asf/aurora/repo Commit: http://git-wip-us.apache.org/repos/asf/aurora/commit/aae39a81 Tree: http://git-wip-us.apache.org/repos/asf/aurora/tree/aae39a81 Diff: http://git-wip-us.apache.org/repos/asf/aurora/diff/aae39a81 Branch: refs/heads/master Commit: aae39a81eb2f00bace64eab1b02584b84f8727b9 Parents: 8f4b351 Author: Ruben D. Porras <[email protected]> Authored: Tue Jun 20 22:48:16 2017 +0200 Committer: Stephan Erb <[email protected]> Committed: Wed Jun 21 23:26:47 2017 +0200 ---------------------------------------------------------------------- .gitignore | 3 ++ .../http/api/security/IniShiroRealmModule.java | 42 +++++++++++++++----- .../http/api/security/HttpSecurityIT.java | 6 ++- 3 files changed, 41 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/aurora/blob/aae39a81/.gitignore ---------------------------------------------------------------------- diff --git a/.gitignore b/.gitignore index d2d189d..b4e2bcb 100644 --- a/.gitignore +++ b/.gitignore @@ -8,6 +8,9 @@ /.cache/ /.coverage /.idea/ +/.settings/ +/.classpath/ +/.project/ /.pants.* /.pids/ /.vagrant/ http://git-wip-us.apache.org/repos/asf/aurora/blob/aae39a81/src/main/java/org/apache/aurora/scheduler/http/api/security/IniShiroRealmModule.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/aurora/scheduler/http/api/security/IniShiroRealmModule.java b/src/main/java/org/apache/aurora/scheduler/http/api/security/IniShiroRealmModule.java index 43c38dc..9458468 100644 --- a/src/main/java/org/apache/aurora/scheduler/http/api/security/IniShiroRealmModule.java +++ b/src/main/java/org/apache/aurora/scheduler/http/api/security/IniShiroRealmModule.java @@ -18,9 +18,12 @@ import javax.inject.Singleton; import com.google.common.annotations.VisibleForTesting; import com.google.common.base.Optional; import com.google.inject.AbstractModule; +import com.google.inject.Provides; import org.apache.aurora.common.args.Arg; import org.apache.aurora.common.args.CmdLine; +import org.apache.shiro.authc.credential.CredentialsMatcher; +import org.apache.shiro.authc.credential.SimpleCredentialsMatcher; import org.apache.shiro.config.Ini; import org.apache.shiro.realm.text.IniRealm; @@ -39,19 +42,28 @@ public class IniShiroRealmModule extends AbstractModule { help = "Path to shiro.ini for authentication and authorization configuration.") private static final Arg<Ini> SHIRO_INI_PATH = Arg.create(null); + @CmdLine(name = "shiro_credentials_matcher", + help = "The shiro credentials matcher to use (will be constructed by Guice).") + private static final Arg<Class<? extends CredentialsMatcher>> SHIRO_CREDENTIALS_MATCHER = + Arg.<Class<? extends CredentialsMatcher>>create(SimpleCredentialsMatcher.class); + private final Optional<Ini> ini; + private final Optional<Class<? extends CredentialsMatcher>> shiroCredentialsMatcher; public IniShiroRealmModule() { - this(Optional.fromNullable(SHIRO_INI_PATH.get())); + this(Optional.fromNullable(SHIRO_INI_PATH.get()), + Optional.fromNullable(SHIRO_CREDENTIALS_MATCHER.get())); } @VisibleForTesting - IniShiroRealmModule(Ini ini) { - this(Optional.of(ini)); + IniShiroRealmModule(Ini ini, Class<? extends CredentialsMatcher> shiroCredentialsMatcher) { + this(Optional.of(ini), Optional.of(shiroCredentialsMatcher)); } - private IniShiroRealmModule(Optional<Ini> ini) { + private IniShiroRealmModule(Optional<Ini> ini, + Optional<Class<? extends CredentialsMatcher>> shiroCredentialsMatcher) { this.ini = ini; + this.shiroCredentialsMatcher = shiroCredentialsMatcher; } @Override @@ -62,11 +74,23 @@ public class IniShiroRealmModule extends AbstractModule { addError("shiro.ini is required."); } - try { - ShiroUtils.addRealmBinding(binder()).toConstructor(IniRealm.class.getConstructor(Ini.class)); - } catch (NoSuchMethodException e) { - addError(e); + if (shiroCredentialsMatcher.isPresent()) { + bind(CredentialsMatcher.class).to(shiroCredentialsMatcher.get()).in(Singleton.class); + } else { + addError("shiro_credentials_matcher is required."); } - bind(IniRealm.class).in(Singleton.class); + + ShiroUtils.addRealmBinding(binder()).to(IniRealm.class); + } + + @Singleton + @Provides + public IniRealm providesIniReal(Ini providedIni, + CredentialsMatcher providedShiroCredentialsMatcher) { + IniRealm result = new IniRealm(providedIni); + result.setCredentialsMatcher(providedShiroCredentialsMatcher); + result.init(); + + return result; } } http://git-wip-us.apache.org/repos/asf/aurora/blob/aae39a81/src/test/java/org/apache/aurora/scheduler/http/api/security/HttpSecurityIT.java ---------------------------------------------------------------------- diff --git a/src/test/java/org/apache/aurora/scheduler/http/api/security/HttpSecurityIT.java b/src/test/java/org/apache/aurora/scheduler/http/api/security/HttpSecurityIT.java index d05eceb..f3d5336 100644 --- a/src/test/java/org/apache/aurora/scheduler/http/api/security/HttpSecurityIT.java +++ b/src/test/java/org/apache/aurora/scheduler/http/api/security/HttpSecurityIT.java @@ -53,6 +53,8 @@ import org.apache.http.client.HttpClient; import org.apache.http.client.methods.HttpPost; import org.apache.http.impl.client.BasicCredentialsProvider; import org.apache.http.impl.client.DefaultHttpClient; +import org.apache.shiro.authc.credential.CredentialsMatcher; +import org.apache.shiro.authc.credential.SimpleCredentialsMatcher; import org.apache.shiro.config.Ini; import org.apache.shiro.realm.text.IniRealm; import org.apache.thrift.TException; @@ -112,12 +114,14 @@ public class HttpSecurityIT extends AbstractJettyTest { private static final Named SHIRO_AFTER_AUTH_FILTER_ANNOTATION = Names.named("shiro_post_filter"); private Ini ini; + private Class<? extends CredentialsMatcher> credentialsMatcher; private AnnotatedAuroraAdmin auroraAdmin; private Filter shiroAfterAuthFilter; @Before public void setUp() { ini = new Ini(); + credentialsMatcher = SimpleCredentialsMatcher.class; Ini.Section users = ini.addSection(IniRealm.USERS_SECTION_NAME); users.put(ROOT.getUserName(), COMMA_JOINER.join(ROOT.getPassword(), ADMIN_ROLE)); @@ -155,7 +159,7 @@ public class HttpSecurityIT extends AbstractJettyTest { new ApiModule(), new H2ConsoleModule(true), new HttpSecurityModule( - new IniShiroRealmModule(ini), + new IniShiroRealmModule(ini, credentialsMatcher), Key.get(Filter.class, SHIRO_AFTER_AUTH_FILTER_ANNOTATION)), new AbstractModule() { @Override
