This is an automated email from the ASF dual-hosted git repository. danhaywood pushed a commit to branch spring6 in repository https://gitbox.apache.org/repos/asf/causeway.git
commit 05cbefc1805644b954722ef02d26557b63ff2351 Author: danhaywood <[email protected]> AuthorDate: Thu Mar 21 17:35:36 2024 +0000 CAUSEWAY-3666: moves shiro to 'retired' --- core/pom.xml | 568 +++++++++++---------- extensions/security/secman/pom.xml | 1 - .../extensions}/secman/delegated-shiro/pom.xml | 0 .../CausewayModuleExtSecmanDelegatedShiro.java | 0 .../shiro/realm/AuthInfoForApplicationUser.java | 0 .../realm/AuthenticationStrategyForSecMan.java | 0 .../realm/CausewayModuleExtSecmanShiroRealm.java | 0 .../delegated/shiro/realm/PermissionForMember.java | 0 ...rmissionResolverForCausewayShiroAuthorizor.java | 0 ...lCollectionForApplicationUserOnSingleRealm.java | 0 ...inglePrincipalForApplicationUserInAnyRealm.java | 0 .../shiro/realm/PrincipalForApplicationUser.java | 0 .../secman/delegated/shiro/util/ShiroUtils.java | 0 {security => retired/shiro/security}/shiro/pom.xml | 0 .../shiro/security/shiro/src/main/adoc/antora.yml | 19 + .../ini/configure-shiro-to-use-ini-realm.png | Bin .../shiro/images/ini/shiro-ini-realm.drawio.svg | 0 .../modules/shiro/images/shiro-design.drawio.svg | 0 .../shiro/src/main/adoc/modules/shiro/nav.adoc | 4 + .../src/main/adoc/modules/shiro/pages/about.adoc | 0 .../adoc/modules/shiro/partials/module-nav.adoc | 4 + .../shiro/CausewayModuleSecurityShiro.java | 0 .../shiro/authentication/AuthenticatorShiro.java | 0 .../shiro/authorization/AuthorizorShiro.java | 0 .../shiro/authorization/CausewayPermission.java | 0 .../authorization/CausewayPermissionResolver.java | 0 .../shiro/context/ShiroSecurityContext.java | 0 .../permrolemapper/PermissionToRoleMapper.java | 0 .../PermissionToRoleMapperFromIni.java | 0 .../PermissionToRoleMapperFromString.java | 0 .../security/shiro/permrolemapper/Util.java | 0 .../security/shiro/webmodule/WebModuleShiro.java | 0 .../shiro/CausewayPermissionTest_setParts.java | 0 .../shiro/CausewayPermissionTest_typicalUsage.java | 0 ...AuthenticatorOrAuthorizorTest_authenticate.java | 0 ...ticatorOrAuthorizorTest_isVisibleInAnyRole.java | 0 .../security/shiro/TypeIdentifierTestFactory.java | 0 .../CausewayPermissionTest_equals.java | 0 .../PermissionToRoleMapperFromIniTest.java | 0 .../PermissionToRoleMapperFromStringTest.java | 0 .../shiro/permrolemapper/UtilTest_parse.java | 0 .../causeway/security/shiro/permrolemapper/my.ini | 0 .../security}/shiro/src/test/resources/shiro.ini | 0 security/shiro/NOTICE | 7 - .../src/main/adoc/modules/shiro/pages/about.adoc | 365 +------------ 45 files changed, 314 insertions(+), 654 deletions(-) diff --git a/core/pom.xml b/core/pom.xml index 53c3252bcc..6d6ea9572b 100644 --- a/core/pom.xml +++ b/core/pom.xml @@ -18,302 +18,304 @@ under the License. --> <project xmlns="http://maven.apache.org/POM/4.0.0"; - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; - xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";> - <modelVersion>4.0.0</modelVersion> + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";> + <modelVersion>4.0.0</modelVersion> - <parent> - <groupId>org.apache.causeway</groupId> - <artifactId>causeway-bom</artifactId> - <version>3.0.0-SNAPSHOT</version> - <relativePath>../bom/pom.xml</relativePath> - </parent> + <parent> + <groupId>org.apache.causeway</groupId> + <artifactId>causeway-bom</artifactId> + <version>3.0.0-SNAPSHOT</version> + <relativePath>../bom/pom.xml</relativePath> + </parent> - <groupId>org.apache.causeway.core</groupId> - <artifactId>causeway-core</artifactId> + <groupId>org.apache.causeway.core</groupId> + <artifactId>causeway-core</artifactId> - <packaging>pom</packaging> + <packaging>pom</packaging> - <name>Apache Causeway Core</name> + <name>Apache Causeway Core</name> - <url>https://causeway.apache.org</url> + <url>https://causeway.apache.org</url> - <description> + <description> Core framework, providing metamodel, runtime and core APIs. </description> - <properties> - - <coreBaseDir>${project.build.directory}/..</coreBaseDir> - - <git-plugin.propertiesDir>org/apache/causeway/core</git-plugin.propertiesDir> - <git-plugin.gitDir>${coreBaseDir}/../.git</git-plugin.gitDir> - - <dependency.locations.enabled>false</dependency.locations.enabled> - - <testsToExclude>**/*IntegrationTest.java</testsToExclude> - - <checkstyle.configLocation>${coreBaseDir}/codequality/checkstyle.xml</checkstyle.configLocation> - <pmd.ruleset>${coreBaseDir}/codequality/pmd.xml</pmd.ruleset> - - </properties> - - <pluginRepositories> - </pluginRepositories> - - <repositories> - </repositories> - - <build> - <outputDirectory>${project.build.directory}/classes</outputDirectory> - <testOutputDirectory>${project.build.directory}/test-classes</testOutputDirectory> - - <pluginManagement> - <plugins> - - <plugin> - <groupId>pl.project13.maven</groupId> - <artifactId>git-commit-id-plugin</artifactId> - <version>${git-commit-id-plugin.version}</version> - <executions> - <execution> - <id>get-the-git-infos</id> - <goals> - <goal>revision</goal> - </goals> - <phase>validate</phase> - </execution> - </executions> - <configuration> - <verbose>false</verbose> - <useNativeGit>true</useNativeGit> - <dotGitDirectory>${git-plugin.gitDir}</dotGitDirectory> - - <dateFormat>yyyy-MM-dd'T'HH:mm:ssZ</dateFormat> - <dateFormatTimeZone>${user.timezone}</dateFormatTimeZone> - - <failOnNoGitDirectory>true</failOnNoGitDirectory> - <injectAllReactorProjects>true</injectAllReactorProjects> - - <generateGitPropertiesFile>true</generateGitPropertiesFile> - <generateGitPropertiesFilename>${project.build.outputDirectory}/${git-plugin.propertiesDir}/git.properties</generateGitPropertiesFilename> - - <abbrevLength>7</abbrevLength> - </configuration> - - </plugin> - - </plugins> - </pluginManagement> - - <!-- build plugins; apply to all inheriting modules. Note that some plugins - also come from the "super-POM" for the default bindings. For example, in - the 'default' lifecycle, the resources, compiler, surefire, jar, install - and deploy plugins are automatically included because they provide the default - bindings. For the 'site' lifecycle, the site plugin is automatically included. --> - <plugins> - <!-- run using: mvn org.apache.rat:apache-rat-plugin:check --> - <plugin> - <groupId>org.apache.rat</groupId> - <artifactId>apache-rat-plugin</artifactId> - <inherited>true</inherited> - </plugin> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-release-plugin</artifactId> - <inherited>true</inherited> - </plugin> - </plugins> - </build> - - - <dependencies> - <dependency> - <groupId>org.projectlombok</groupId> - <artifactId>lombok</artifactId> - <scope>provided</scope> - </dependency> - </dependencies> - - <profiles> - <profile> - <id>apache-release</id> - <build> - <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-toolchains-plugin</artifactId> - <version>3.1.0</version> - <executions> - <execution> - <goals> - <goal>toolchain</goal> - </goals> - </execution> - </executions> - <configuration> - <toolchains> - <jdk> - <version>21</version> - <vendor>openjdk</vendor> - </jdk> - </toolchains> - </configuration> - </plugin> - </plugins> - </build> - </profile> - - <profile> - <id>owasp</id> - <activation> - <property> - <name>owasp</name> - </property> - </activation> - <build> - <plugins> - <plugin> - <groupId>org.owasp</groupId> - <artifactId>dependency-check-maven</artifactId> - <version>9.0.10</version> - <executions> - <execution> - <id>owasp-aggregate</id> - <goals> - <goal>aggregate</goal> - </goals> - <configuration> - <skipProvidedScope>true</skipProvidedScope> - <skipRuntimeScope>true</skipRuntimeScope> - </configuration> - </execution> - </executions> - </plugin> - </plugins> - </build> - </profile> - - <profile> - <id>jdeps</id> - <activation> - <property> - <name>jdeps</name> - </property> - </activation> - <build> - <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-jdeps-plugin</artifactId> - <version>3.1.2</version> - <executions> - <execution> - <id>jdeps-jdkinternals</id> - <goals> - <goal>jdkinternals</goal> - <goal>test-jdkinternals</goal> - </goals> - </execution> - </executions> - </plugin> - </plugins> - </build> - </profile> - - <profile> - <id>src</id> - <activation> - <property> - <name>!skip.src</name> - </property> - </activation> - <build> - <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-source-plugin</artifactId> - </plugin> - </plugins> - </build> - </profile> - - <profile> - <id>git</id> - <activation> - <property> - <name>git</name> - </property> - </activation> - <build> - <plugins> - <plugin> - <groupId>pl.project13.maven</groupId> - <artifactId>git-commit-id-plugin</artifactId> - </plugin> - </plugins> - </build> - </profile> - - <profile> - <id>datanucleusenhance</id> - <activation> - <property> - <name>causeway-app-starter-datanucleusenhance</name> - <value>true</value> - </property> - <!-- <file> <exists>${basedir}/logging-dn-enhance.properties</exists> - </file> --> - </activation> - <build> - <plugins> - <plugin> - <groupId>org.datanucleus</groupId> - <artifactId>datanucleus-maven-plugin</artifactId> - <inherited>true</inherited> - </plugin> - </plugins> - </build> - </profile> - - </profiles> - - <modules> - - <module>../supplemental-model</module> - - <module>../commons</module> - - <module>../api/schema</module> - <module>../api/applib</module> - - <module>codegen-bytebuddy</module> - <module>config</module> - <module>interaction</module> - <module>internaltestsupport</module> - <module>metamodel</module> - <module>runtime</module> - <module>runtimeservices</module> - <module>transaction</module> - <module>webapp</module> - - <module>security</module> - <module>../security/bypass</module> - <module>../security/keycloak</module> -<!-- <module>../security/shiro</module> Shiro 2.0.0 has no jakarta namespaces, exclude from build --> + <properties> + + <coreBaseDir>${project.build.directory}/..</coreBaseDir> + + <git-plugin.propertiesDir>org/apache/causeway/core</git-plugin.propertiesDir> + <git-plugin.gitDir>${coreBaseDir}/../.git</git-plugin.gitDir> + + <dependency.locations.enabled>false</dependency.locations.enabled> + + <testsToExclude>**/*IntegrationTest.java</testsToExclude> + + <checkstyle.configLocation>${coreBaseDir}/codequality/checkstyle.xml</checkstyle.configLocation> + <pmd.ruleset>${coreBaseDir}/codequality/pmd.xml</pmd.ruleset> + + </properties> + + <pluginRepositories> + </pluginRepositories> + + <repositories> + </repositories> + + <build> + <outputDirectory>${project.build.directory}/classes</outputDirectory> + <testOutputDirectory>${project.build.directory}/test-classes</testOutputDirectory> + + <pluginManagement> + <plugins> + + <plugin> + <groupId>pl.project13.maven</groupId> + <artifactId>git-commit-id-plugin</artifactId> + <version>${git-commit-id-plugin.version}</version> + <executions> + <execution> + <id>get-the-git-infos</id> + <goals> + <goal>revision</goal> + </goals> + <phase>validate</phase> + </execution> + </executions> + <configuration> + <verbose>false</verbose> + <useNativeGit>true</useNativeGit> + <dotGitDirectory>${git-plugin.gitDir}</dotGitDirectory> + + <dateFormat>yyyy-MM-dd'T'HH:mm:ssZ</dateFormat> + <dateFormatTimeZone>${user.timezone}</dateFormatTimeZone> + + <failOnNoGitDirectory>true</failOnNoGitDirectory> + <injectAllReactorProjects>true</injectAllReactorProjects> + + <generateGitPropertiesFile>true</generateGitPropertiesFile> + <generateGitPropertiesFilename>${project.build.outputDirectory}/${git-plugin.propertiesDir}/git.properties</generateGitPropertiesFilename> + + <abbrevLength>7</abbrevLength> + </configuration> + + </plugin> + + </plugins> + </pluginManagement> + + <!-- build plugins; apply to all inheriting modules. Note that some plugins + also come from the "super-POM" for the default bindings. For example, in + the 'default' lifecycle, the resources, compiler, surefire, jar, install + and deploy plugins are automatically included because they provide the default + bindings. For the 'site' lifecycle, the site plugin is automatically included. --> + <plugins> + <!-- run using: mvn org.apache.rat:apache-rat-plugin:check --> + <plugin> + <groupId>org.apache.rat</groupId> + <artifactId>apache-rat-plugin</artifactId> + <inherited>true</inherited> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-release-plugin</artifactId> + <inherited>true</inherited> + </plugin> + </plugins> + </build> + + + <dependencies> + <dependency> + <groupId>org.projectlombok</groupId> + <artifactId>lombok</artifactId> + <scope>provided</scope> + </dependency> + </dependencies> + + <profiles> + <profile> + <id>apache-release</id> + <build> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-toolchains-plugin</artifactId> + <version>3.1.0</version> + <executions> + <execution> + <goals> + <goal>toolchain</goal> + </goals> + </execution> + </executions> + <configuration> + <toolchains> + <jdk> + <version>21</version> + <vendor>openjdk</vendor> + </jdk> + </toolchains> + </configuration> + </plugin> + </plugins> + </build> + </profile> + + <profile> + <id>owasp</id> + <activation> + <property> + <name>owasp</name> + </property> + </activation> + <build> + <plugins> + <plugin> + <groupId>org.owasp</groupId> + <artifactId>dependency-check-maven</artifactId> + <version>9.0.10</version> + <executions> + <execution> + <id>owasp-aggregate</id> + <goals> + <goal>aggregate</goal> + </goals> + <configuration> + <skipProvidedScope>true</skipProvidedScope> + <skipRuntimeScope>true</skipRuntimeScope> + </configuration> + </execution> + </executions> + </plugin> + </plugins> + </build> + </profile> + + <profile> + <id>jdeps</id> + <activation> + <property> + <name>jdeps</name> + </property> + </activation> + <build> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-jdeps-plugin</artifactId> + <version>3.1.2</version> + <executions> + <execution> + <id>jdeps-jdkinternals</id> + <goals> + <goal>jdkinternals</goal> + <goal>test-jdkinternals</goal> + </goals> + </execution> + </executions> + </plugin> + </plugins> + </build> + </profile> + + <profile> + <id>src</id> + <activation> + <property> + <name>!skip.src</name> + </property> + </activation> + <build> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-source-plugin</artifactId> + </plugin> + </plugins> + </build> + </profile> + + <profile> + <id>git</id> + <activation> + <property> + <name>git</name> + </property> + </activation> + <build> + <plugins> + <plugin> + <groupId>pl.project13.maven</groupId> + <artifactId>git-commit-id-plugin</artifactId> + </plugin> + </plugins> + </build> + </profile> + + <profile> + <id>datanucleusenhance</id> + <activation> + <property> + <name>causeway-app-starter-datanucleusenhance</name> + <value>true</value> + </property> + <!-- <file> <exists>${basedir}/logging-dn-enhance.properties</exists> + </file> --> + </activation> + <build> + <plugins> + <plugin> + <groupId>org.datanucleus</groupId> + <artifactId>datanucleus-maven-plugin</artifactId> + <inherited>true</inherited> + </plugin> + </plugins> + </build> + </profile> + + </profiles> + + <modules> + + <module>../supplemental-model</module> + + <module>../commons</module> + + <module>../api/schema</module> + <module>../api/applib</module> + + <module>codegen-bytebuddy</module> + <module>config</module> + <module>interaction</module> + <module>internaltestsupport</module> + <module>metamodel</module> + <module>runtime</module> + <module>runtimeservices</module> + <module>transaction</module> + <module>webapp</module> + + <module>security</module> + <module>../security/bypass</module> + <module>../security/keycloak</module> <module>../security/simple</module> - <module>../security/spring</module> + <module>../security/spring</module> - <module>../viewers/commons</module> - <module>../viewers/restfulobjects</module> - <module>../viewers/wicket</module> - <module>../viewers/graphql</module> + <module>../viewers/commons</module> + <module>../viewers/restfulobjects</module> + <module>../viewers/wicket</module> + <module>../viewers/graphql</module> - <module>../persistence/commons</module> - <module>../persistence/jdo</module> - <module>../persistence/jpa</module> + <module>../persistence/commons</module> + <module>../persistence/jdo</module> + <module>../persistence/jpa</module> - </modules> + <module>../retired/shiro/security/shiro</module> + <module>../retired/shiro/extensions/secman/delegated-shiro</module> + + </modules> </project> diff --git a/extensions/security/secman/pom.xml b/extensions/security/secman/pom.xml index 74ef741735..84153afa8e 100644 --- a/extensions/security/secman/pom.xml +++ b/extensions/security/secman/pom.xml @@ -120,7 +120,6 @@ <module>encryption-spring</module> <module>persistence-jdo</module> <module>persistence-jpa</module> -<!-- <module>delegated-shiro</module> Shiro 2.0.0 has no jakarta namespaces, exclude from build --> <module>delegated-springoauth2</module> </modules> </project> diff --git a/extensions/security/secman/delegated-shiro/pom.xml b/retired/shiro/extensions/secman/delegated-shiro/pom.xml similarity index 100% rename from extensions/security/secman/delegated-shiro/pom.xml rename to retired/shiro/extensions/secman/delegated-shiro/pom.xml diff --git a/extensions/security/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/CausewayModuleExtSecmanDelegatedShiro.java b/retired/shiro/extensions/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/CausewayModuleExtSecmanDelegatedShiro.java similarity index 100% rename from extensions/security/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/CausewayModuleExtSecmanDelegatedShiro.java rename to retired/shiro/extensions/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/CausewayModuleExtSecmanDelegatedShiro.java diff --git a/extensions/security/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/AuthInfoForApplicationUser.java b/retired/shiro/extensions/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/AuthInfoForApplicationUser.java similarity index 100% rename from extensions/security/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/AuthInfoForApplicationUser.java rename to retired/shiro/extensions/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/AuthInfoForApplicationUser.java diff --git a/extensions/security/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/AuthenticationStrategyForSecMan.java b/retired/shiro/extensions/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/AuthenticationStrategyForSecMan.java similarity index 100% rename from extensions/security/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/AuthenticationStrategyForSecMan.java rename to retired/shiro/extensions/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/AuthenticationStrategyForSecMan.java diff --git a/extensions/security/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/CausewayModuleExtSecmanShiroRealm.java b/retired/shiro/extensions/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/CausewayModuleExtSecmanShiroRealm.java similarity index 100% rename from extensions/security/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/CausewayModuleExtSecmanShiroRealm.java rename to retired/shiro/extensions/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/CausewayModuleExtSecmanShiroRealm.java diff --git a/extensions/security/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/PermissionForMember.java b/retired/shiro/extensions/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/PermissionForMember.java similarity index 100% rename from extensions/security/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/PermissionForMember.java rename to retired/shiro/extensions/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/PermissionForMember.java diff --git a/extensions/security/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/PermissionResolverForCausewayShiroAuthorizor.java b/retired/shiro/extensions/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/PermissionResolverForCausewayShiroAuthorizor.java similarity index 100% rename from extensions/security/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/PermissionResolverForCausewayShiroAuthorizor.java rename to retired/shiro/extensions/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/PermissionResolverForCausewayShiroAuthorizor.java diff --git a/extensions/security/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/PrincipalCollectionForApplicationUserOnSingleRealm.java b/retired/shiro/extensions/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/PrincipalCollectionForApplicationUserOnSingleRealm.java similarity index 100% rename from extensions/security/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/PrincipalCollectionForApplicationUserOnSingleRealm.java rename to retired/shiro/extensions/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/PrincipalCollectionForApplicationUserOnSingleRealm.java diff --git a/extensions/security/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/PrincipalCollectionWithSinglePrincipalForApplicationUserInAnyRealm.java b/retired/shiro/extensions/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/PrincipalCollectionWithSinglePrincipalForApplicationUserInAnyRealm.java similarity index 100% rename from extensions/security/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/PrincipalCollectionWithSinglePrincipalForApplicationUserInAnyRealm.java rename to retired/shiro/extensions/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/PrincipalCollectionWithSinglePrincipalForApplicationUserInAnyRealm.java diff --git a/extensions/security/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/PrincipalForApplicationUser.java b/retired/shiro/extensions/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/PrincipalForApplicationUser.java similarity index 100% rename from extensions/security/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/PrincipalForApplicationUser.java rename to retired/shiro/extensions/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/PrincipalForApplicationUser.java diff --git a/extensions/security/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/util/ShiroUtils.java b/retired/shiro/extensions/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/util/ShiroUtils.java similarity index 100% rename from extensions/security/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/util/ShiroUtils.java rename to retired/shiro/extensions/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/util/ShiroUtils.java diff --git a/security/shiro/pom.xml b/retired/shiro/security/shiro/pom.xml similarity index 100% rename from security/shiro/pom.xml rename to retired/shiro/security/shiro/pom.xml diff --git a/retired/shiro/security/shiro/src/main/adoc/antora.yml b/retired/shiro/security/shiro/src/main/adoc/antora.yml new file mode 100644 index 0000000000..2be11515fd --- /dev/null +++ b/retired/shiro/security/shiro/src/main/adoc/antora.yml @@ -0,0 +1,19 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +name: security +version: latest diff --git a/security/shiro/src/main/adoc/modules/shiro/images/ini/configure-shiro-to-use-ini-realm.png b/retired/shiro/security/shiro/src/main/adoc/modules/shiro/images/ini/configure-shiro-to-use-ini-realm.png similarity index 100% rename from security/shiro/src/main/adoc/modules/shiro/images/ini/configure-shiro-to-use-ini-realm.png rename to retired/shiro/security/shiro/src/main/adoc/modules/shiro/images/ini/configure-shiro-to-use-ini-realm.png diff --git a/security/shiro/src/main/adoc/modules/shiro/images/ini/shiro-ini-realm.drawio.svg b/retired/shiro/security/shiro/src/main/adoc/modules/shiro/images/ini/shiro-ini-realm.drawio.svg similarity index 100% rename from security/shiro/src/main/adoc/modules/shiro/images/ini/shiro-ini-realm.drawio.svg rename to retired/shiro/security/shiro/src/main/adoc/modules/shiro/images/ini/shiro-ini-realm.drawio.svg diff --git a/security/shiro/src/main/adoc/modules/shiro/images/shiro-design.drawio.svg b/retired/shiro/security/shiro/src/main/adoc/modules/shiro/images/shiro-design.drawio.svg similarity index 100% rename from security/shiro/src/main/adoc/modules/shiro/images/shiro-design.drawio.svg rename to retired/shiro/security/shiro/src/main/adoc/modules/shiro/images/shiro-design.drawio.svg diff --git a/retired/shiro/security/shiro/src/main/adoc/modules/shiro/nav.adoc b/retired/shiro/security/shiro/src/main/adoc/modules/shiro/nav.adoc new file mode 100644 index 0000000000..ae4837e12f --- /dev/null +++ b/retired/shiro/security/shiro/src/main/adoc/modules/shiro/nav.adoc @@ -0,0 +1,4 @@ + +:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...] + +include::security:ROOT:partial$component-nav.adoc[] diff --git a/security/shiro/src/main/adoc/modules/shiro/pages/about.adoc b/retired/shiro/security/shiro/src/main/adoc/modules/shiro/pages/about.adoc similarity index 100% copy from security/shiro/src/main/adoc/modules/shiro/pages/about.adoc copy to retired/shiro/security/shiro/src/main/adoc/modules/shiro/pages/about.adoc diff --git a/retired/shiro/security/shiro/src/main/adoc/modules/shiro/partials/module-nav.adoc b/retired/shiro/security/shiro/src/main/adoc/modules/shiro/partials/module-nav.adoc new file mode 100644 index 0000000000..0450eefb9a --- /dev/null +++ b/retired/shiro/security/shiro/src/main/adoc/modules/shiro/partials/module-nav.adoc @@ -0,0 +1,4 @@ + + +* xref:security:shiro:about.adoc[Shiro (Authenticator & Authorizor)] + diff --git a/security/shiro/src/main/java/org/apache/causeway/security/shiro/CausewayModuleSecurityShiro.java b/retired/shiro/security/shiro/src/main/java/org/apache/causeway/security/shiro/CausewayModuleSecurityShiro.java similarity index 100% rename from security/shiro/src/main/java/org/apache/causeway/security/shiro/CausewayModuleSecurityShiro.java rename to retired/shiro/security/shiro/src/main/java/org/apache/causeway/security/shiro/CausewayModuleSecurityShiro.java diff --git a/security/shiro/src/main/java/org/apache/causeway/security/shiro/authentication/AuthenticatorShiro.java b/retired/shiro/security/shiro/src/main/java/org/apache/causeway/security/shiro/authentication/AuthenticatorShiro.java similarity index 100% rename from security/shiro/src/main/java/org/apache/causeway/security/shiro/authentication/AuthenticatorShiro.java rename to retired/shiro/security/shiro/src/main/java/org/apache/causeway/security/shiro/authentication/AuthenticatorShiro.java diff --git a/security/shiro/src/main/java/org/apache/causeway/security/shiro/authorization/AuthorizorShiro.java b/retired/shiro/security/shiro/src/main/java/org/apache/causeway/security/shiro/authorization/AuthorizorShiro.java similarity index 100% rename from security/shiro/src/main/java/org/apache/causeway/security/shiro/authorization/AuthorizorShiro.java rename to retired/shiro/security/shiro/src/main/java/org/apache/causeway/security/shiro/authorization/AuthorizorShiro.java diff --git a/security/shiro/src/main/java/org/apache/causeway/security/shiro/authorization/CausewayPermission.java b/retired/shiro/security/shiro/src/main/java/org/apache/causeway/security/shiro/authorization/CausewayPermission.java similarity index 100% rename from security/shiro/src/main/java/org/apache/causeway/security/shiro/authorization/CausewayPermission.java rename to retired/shiro/security/shiro/src/main/java/org/apache/causeway/security/shiro/authorization/CausewayPermission.java diff --git a/security/shiro/src/main/java/org/apache/causeway/security/shiro/authorization/CausewayPermissionResolver.java b/retired/shiro/security/shiro/src/main/java/org/apache/causeway/security/shiro/authorization/CausewayPermissionResolver.java similarity index 100% rename from security/shiro/src/main/java/org/apache/causeway/security/shiro/authorization/CausewayPermissionResolver.java rename to retired/shiro/security/shiro/src/main/java/org/apache/causeway/security/shiro/authorization/CausewayPermissionResolver.java diff --git a/security/shiro/src/main/java/org/apache/causeway/security/shiro/context/ShiroSecurityContext.java b/retired/shiro/security/shiro/src/main/java/org/apache/causeway/security/shiro/context/ShiroSecurityContext.java similarity index 100% rename from security/shiro/src/main/java/org/apache/causeway/security/shiro/context/ShiroSecurityContext.java rename to retired/shiro/security/shiro/src/main/java/org/apache/causeway/security/shiro/context/ShiroSecurityContext.java diff --git a/security/shiro/src/main/java/org/apache/causeway/security/shiro/permrolemapper/PermissionToRoleMapper.java b/retired/shiro/security/shiro/src/main/java/org/apache/causeway/security/shiro/permrolemapper/PermissionToRoleMapper.java similarity index 100% rename from security/shiro/src/main/java/org/apache/causeway/security/shiro/permrolemapper/PermissionToRoleMapper.java rename to retired/shiro/security/shiro/src/main/java/org/apache/causeway/security/shiro/permrolemapper/PermissionToRoleMapper.java diff --git a/security/shiro/src/main/java/org/apache/causeway/security/shiro/permrolemapper/PermissionToRoleMapperFromIni.java b/retired/shiro/security/shiro/src/main/java/org/apache/causeway/security/shiro/permrolemapper/PermissionToRoleMapperFromIni.java similarity index 100% rename from security/shiro/src/main/java/org/apache/causeway/security/shiro/permrolemapper/PermissionToRoleMapperFromIni.java rename to retired/shiro/security/shiro/src/main/java/org/apache/causeway/security/shiro/permrolemapper/PermissionToRoleMapperFromIni.java diff --git a/security/shiro/src/main/java/org/apache/causeway/security/shiro/permrolemapper/PermissionToRoleMapperFromString.java b/retired/shiro/security/shiro/src/main/java/org/apache/causeway/security/shiro/permrolemapper/PermissionToRoleMapperFromString.java similarity index 100% rename from security/shiro/src/main/java/org/apache/causeway/security/shiro/permrolemapper/PermissionToRoleMapperFromString.java rename to retired/shiro/security/shiro/src/main/java/org/apache/causeway/security/shiro/permrolemapper/PermissionToRoleMapperFromString.java diff --git a/security/shiro/src/main/java/org/apache/causeway/security/shiro/permrolemapper/Util.java b/retired/shiro/security/shiro/src/main/java/org/apache/causeway/security/shiro/permrolemapper/Util.java similarity index 100% rename from security/shiro/src/main/java/org/apache/causeway/security/shiro/permrolemapper/Util.java rename to retired/shiro/security/shiro/src/main/java/org/apache/causeway/security/shiro/permrolemapper/Util.java diff --git a/security/shiro/src/main/java/org/apache/causeway/security/shiro/webmodule/WebModuleShiro.java b/retired/shiro/security/shiro/src/main/java/org/apache/causeway/security/shiro/webmodule/WebModuleShiro.java similarity index 100% rename from security/shiro/src/main/java/org/apache/causeway/security/shiro/webmodule/WebModuleShiro.java rename to retired/shiro/security/shiro/src/main/java/org/apache/causeway/security/shiro/webmodule/WebModuleShiro.java diff --git a/security/shiro/src/test/java/org/apache/causeway/security/shiro/CausewayPermissionTest_setParts.java b/retired/shiro/security/shiro/src/test/java/org/apache/causeway/security/shiro/CausewayPermissionTest_setParts.java similarity index 100% rename from security/shiro/src/test/java/org/apache/causeway/security/shiro/CausewayPermissionTest_setParts.java rename to retired/shiro/security/shiro/src/test/java/org/apache/causeway/security/shiro/CausewayPermissionTest_setParts.java diff --git a/security/shiro/src/test/java/org/apache/causeway/security/shiro/CausewayPermissionTest_typicalUsage.java b/retired/shiro/security/shiro/src/test/java/org/apache/causeway/security/shiro/CausewayPermissionTest_typicalUsage.java similarity index 100% rename from security/shiro/src/test/java/org/apache/causeway/security/shiro/CausewayPermissionTest_typicalUsage.java rename to retired/shiro/security/shiro/src/test/java/org/apache/causeway/security/shiro/CausewayPermissionTest_typicalUsage.java diff --git a/security/shiro/src/test/java/org/apache/causeway/security/shiro/ShiroAuthenticatorOrAuthorizorTest_authenticate.java b/retired/shiro/security/shiro/src/test/java/org/apache/causeway/security/shiro/ShiroAuthenticatorOrAuthorizorTest_authenticate.java similarity index 100% rename from security/shiro/src/test/java/org/apache/causeway/security/shiro/ShiroAuthenticatorOrAuthorizorTest_authenticate.java rename to retired/shiro/security/shiro/src/test/java/org/apache/causeway/security/shiro/ShiroAuthenticatorOrAuthorizorTest_authenticate.java diff --git a/security/shiro/src/test/java/org/apache/causeway/security/shiro/ShiroAuthenticatorOrAuthorizorTest_isVisibleInAnyRole.java b/retired/shiro/security/shiro/src/test/java/org/apache/causeway/security/shiro/ShiroAuthenticatorOrAuthorizorTest_isVisibleInAnyRole.java similarity index 100% rename from security/shiro/src/test/java/org/apache/causeway/security/shiro/ShiroAuthenticatorOrAuthorizorTest_isVisibleInAnyRole.java rename to retired/shiro/security/shiro/src/test/java/org/apache/causeway/security/shiro/ShiroAuthenticatorOrAuthorizorTest_isVisibleInAnyRole.java diff --git a/security/shiro/src/test/java/org/apache/causeway/security/shiro/TypeIdentifierTestFactory.java b/retired/shiro/security/shiro/src/test/java/org/apache/causeway/security/shiro/TypeIdentifierTestFactory.java similarity index 100% rename from security/shiro/src/test/java/org/apache/causeway/security/shiro/TypeIdentifierTestFactory.java rename to retired/shiro/security/shiro/src/test/java/org/apache/causeway/security/shiro/TypeIdentifierTestFactory.java diff --git a/security/shiro/src/test/java/org/apache/causeway/security/shiro/authorization/CausewayPermissionTest_equals.java b/retired/shiro/security/shiro/src/test/java/org/apache/causeway/security/shiro/authorization/CausewayPermissionTest_equals.java similarity index 100% rename from security/shiro/src/test/java/org/apache/causeway/security/shiro/authorization/CausewayPermissionTest_equals.java rename to retired/shiro/security/shiro/src/test/java/org/apache/causeway/security/shiro/authorization/CausewayPermissionTest_equals.java diff --git a/security/shiro/src/test/java/org/apache/causeway/security/shiro/permrolemapper/PermissionToRoleMapperFromIniTest.java b/retired/shiro/security/shiro/src/test/java/org/apache/causeway/security/shiro/permrolemapper/PermissionToRoleMapperFromIniTest.java similarity index 100% rename from security/shiro/src/test/java/org/apache/causeway/security/shiro/permrolemapper/PermissionToRoleMapperFromIniTest.java rename to retired/shiro/security/shiro/src/test/java/org/apache/causeway/security/shiro/permrolemapper/PermissionToRoleMapperFromIniTest.java diff --git a/security/shiro/src/test/java/org/apache/causeway/security/shiro/permrolemapper/PermissionToRoleMapperFromStringTest.java b/retired/shiro/security/shiro/src/test/java/org/apache/causeway/security/shiro/permrolemapper/PermissionToRoleMapperFromStringTest.java similarity index 100% rename from security/shiro/src/test/java/org/apache/causeway/security/shiro/permrolemapper/PermissionToRoleMapperFromStringTest.java rename to retired/shiro/security/shiro/src/test/java/org/apache/causeway/security/shiro/permrolemapper/PermissionToRoleMapperFromStringTest.java diff --git a/security/shiro/src/test/java/org/apache/causeway/security/shiro/permrolemapper/UtilTest_parse.java b/retired/shiro/security/shiro/src/test/java/org/apache/causeway/security/shiro/permrolemapper/UtilTest_parse.java similarity index 100% rename from security/shiro/src/test/java/org/apache/causeway/security/shiro/permrolemapper/UtilTest_parse.java rename to retired/shiro/security/shiro/src/test/java/org/apache/causeway/security/shiro/permrolemapper/UtilTest_parse.java diff --git a/security/shiro/src/test/resources/org/apache/causeway/security/shiro/permrolemapper/my.ini b/retired/shiro/security/shiro/src/test/resources/org/apache/causeway/security/shiro/permrolemapper/my.ini similarity index 100% rename from security/shiro/src/test/resources/org/apache/causeway/security/shiro/permrolemapper/my.ini rename to retired/shiro/security/shiro/src/test/resources/org/apache/causeway/security/shiro/permrolemapper/my.ini diff --git a/security/shiro/src/test/resources/shiro.ini b/retired/shiro/security/shiro/src/test/resources/shiro.ini similarity index 100% rename from security/shiro/src/test/resources/shiro.ini rename to retired/shiro/security/shiro/src/test/resources/shiro.ini diff --git a/security/shiro/NOTICE b/security/shiro/NOTICE deleted file mode 100644 index a93e14575f..0000000000 --- a/security/shiro/NOTICE +++ /dev/null @@ -1,7 +0,0 @@ -Apache Isis -Copyright 2010-2014 The Apache Software Foundation - -This product includes software developed at -The Apache Software Foundation (http://www.apache.org/). - - diff --git a/security/shiro/src/main/adoc/modules/shiro/pages/about.adoc b/security/shiro/src/main/adoc/modules/shiro/pages/about.adoc index 96d1d4dc3b..2807c5db52 100644 --- a/security/shiro/src/main/adoc/modules/shiro/pages/about.adoc +++ b/security/shiro/src/main/adoc/modules/shiro/pages/about.adoc @@ -4,367 +4,6 @@ :page-partial: -This guide describes the design and configuration of the Apache Shiro integration with Apache Causeway. - - -== Design - -The Shiro integration provides an implementation for both the -xref:refguide:core:index/security/authentication/Authenticator.adoc[Authenticator] and xref:refguide:core:index/security/authorization/Authorizor.adoc[Authorizor] SPIs. -These both delegate to Shiro's `SubjectUtils` class that in turn delegates to the `SecurityManager`. -These are available as thread-locals (set up in a servlet filter): - -.High-level design of the Shiro integration -image::shiro-design.drawio.svg[] - -Shiro's link:http://shiro.apache.org/static/latest/apidocs/org/apache/shiro/subject/Subject.html[Subject] API defines the notion of a user, and uses the concept of a https://shiro.apache.org/static/1.7.1/apidocs/org/apache/shiro/realm/Realm.html[Realm] as the means to authenticate the ``Subject``s and optionally populate it with permissions. - -Shiro ships with a simple text-based realm -- the `IniRealm` -- which reads users (and password), user roles and role permissions from the `shiro.ini` file. -Configuring this realm is described <<shiro-ini-realm,below>> - -TIP: The xref:docs:starters:helloworld.adoc[HelloWorld] and xref:docs:starters:simpleapp.adoc[SimpleApp] starter apps are both configured to use this realm. - -For production use, a more sophisticated option is the LDAP realm. -Shiro has its own implementation which can be used for authentication. -We recommend that it is combined with xref:security:secman:about.adoc[] for authorization. -See xref:security:secman:setting-up-with-shiro.adoc[setting up SecMan with Shiro] for more details. - - - -[[configuring-causeway-to-use-shiro]] -== Configuring to use Shiro - -Apache Causeway' security mechanism is configurable, specifying an `Authenticator` and an `Authorizor` (non-public) APIs. -The Shiro security mechanism is an integration with Apache Shiro that implements both interfaces. - -[TIP] -==== -Both the xref:docs:starters:helloworld.adoc[HelloWorld] and xref:docs:starters:simpleapp.adoc[SimpleApp] starter apps are pre-configured to use Apache Shiro, so much of what follows may well have been set up already. -==== - -include::docs:mavendeps:partial$setup-and-configure-mavendeps-webapp.adoc[leveloffset=+1] - - -=== Update AppManifest - -In your application's `AppManifest` (top-level Spring `@Configuration` used to bootstrap the app), import the - -[source,java] -.AppManifest.java ----- -@Configuration -@Import({ - ... - CausewayModuleSecurityShiro.class, - ... -}) -public class AppManifest { -} ----- - -Make sure that no other `CausewayModuleSecurityXxx` module is imported. - -=== Configuration Properties - -The Shiro integration supports the following config properties: - -* xref:refguide:config:sections/causeway.security.shiro.adoc#causeway.security.shiro.auto-logout-if-already-authenticated[causeway.security.shiro.auto-logout-if-already-authenticated] - -=== Shiro Realms and shiro.ini - -Shiro uses the `shiro.ini` file for configuration, which resides in the default package (in other words, in `src/main/resources` in the webapp module). - -Shiro uses the concept of realms to define its own set of authenticated users and their roles, and this is the most important configuration specified in the `shiro.ini` file. -Either one or many realms can be configured. - -For example: - -[source,ini] ----- -securityManager.realms = $realmName ----- - -where `$realmName` in the above example is a reference to a realm defined elsewhere in `shiro.ini`. -This is an example of Shiro's "poor-man's" dependency injection (link:https://shiro.apache.org/configuration.html[their words]). - -It's also possible to configure Shiro to support multiple realms. - -[source,ini] ----- -securityManager.realms = $realm1,$realm2 ----- - -How to configure the text-based ini realm is explained <<shiro-ini-realm,below>>. -Another option alternative is Shiro's own LDAP realm, which can be used for authentication and combined with SecMan for authorization. -See xref:security:secman:setting-up-with-shiro.adoc[setting up SecMan with Shiro] for more details. - - -As noted above, as well as realms many other aspects of configuration can be specified in this file: - -* enable caching for performance; discussed <<caching,below>> -* leverage Apache Causeway' <<enhanced-wildcard-permission,enhanced wildcard permissions>>, by specifying the Apache Causeway permission resolver; discussed <<permission-resolver-configuration,below>>. - - -[#shiro-ini-realm] -== Shiro Ini Realm - -The Shiro concept of a `Realm` allows different implementations of both the authentication and authorisation mechanism to be plugged in. - -The simplest realm to use is Shiro's built-in `IniRealm`, which reads from the (same) `shiro.ini` file. - -image::ini/shiro-ini-realm.drawio.svg[] - -This is suitable for prototyping, but isn't intended for production use, if only because user/password credentials are stored in plain text. -Nevertheless, it's a good starting point. -The app generated by both the xref:docs:starters:helloworld.adoc[HelloWorld] and xref:docs:starters:simpleapp.adoc[SimpleApp] starter apps are configured to use this realm. - - - -=== Shiro Configuration - -To use the built-in `IniRealm`, we add the following to `shiro.ini`: - -[source,ini] ----- -securityManager.realms = $iniRealm ----- - -(Unlike other realms) there is no need to "define" `$iniRealm`; it is automatically available to us. - -Specifying `$iniRealm` means that the usernames/passwords, roles and permissions are read from the `shiro.ini` file itself. -Specifically: - -* the users/passwords and their roles from the `[users]` sections; -* the roles are mapped to permissions in the `[roles]` section. - -The format of these is described below. - -==== `[users]` section - -This section lists users, passwords and their roles. - -For example: - -[source,ini] ----- -sven = pass, admin_role -dick = pass, user_role, analysis_role, self-install_role -bob = pass, user_role, self-install_role ----- - -The first value is the password (eg "pass", the remaining values are the role(s). - -==== `[roles]` section - -This section lists roles and their corresponding permissions. - -For example: - -[source,ini] ----- -user_role = myapp.*,\ - causeway.security:*,\ - causeway.applib:* -admin_role = * ----- - -The value is a comma-separated list of permissions for the role. -The format is: - -[source,ini] ----- -logicalTypeNamespace:logicalTypeSimpleName:memberName:r,w ----- - -where: - -* `logicalTypeNamespace` is the namespace portion of the domain object's logical type name ... - -* \... and `logicalTypeSimpleName` is the last portion of the domain object's logical type name. -+ -For example, if `@Named("myapp.customer.Customer")`, then the namespace is "myapp.customer" and the simple type name is "Customer". - -* `memberName` is the property, collection or action name. -* `r` indicates that the member is visible -* `w` indicates that the member is usable (editable or invokable) - -Note that: - -* each part of the permission string can be wildcarded using `*`. -* The namespace can also be wildcarded at any level (for example `myapp.*`). -* Missing levels assume wildcards. - -Thus: - -[source,ini] ----- -myapp.customer:Customer:firstName:r,w # view or edit customer's firstName -myapp.customer:Customer:lastName:r # view customer's lastName only -myapp.customer:Customer:placeOrder:* # view and invoke placeOrder action -myapp.customer:Customer:placeOrder # ditto -myapp.customer:Customer:*:r # view all customer class members -myapp.customer:*:*:r # view-only access for myapp.customer namespace -myapp.customer:*:*:* # view/edit for myapp.customer namespace -myapp:*:* # view/edit for myapp namespace -myapp:* # ditto -myapp # ditto -* # view/edit access to everything ----- - -[TIP] -==== -The format of the permissions string is configurable in Shiro, and Apache Causeway uses this to provide an extended wildcard format, described xref:security:shiro:about.adoc#enhanced-wildcard-permission[here]. -==== - - -== Providing permissions to Framework-provided Features - -Some features of the framework are exposed as actions that must be provided as permissions. -In particular, permission to the features in `causeway.security` must be granted in order that end-users can logout. - -The snippet below defines a role for each framework feature: - -[source,ini] -.shiro.ini ----- -[roles] -default_role = causeway.applib,\ - causeway.security -fixtures_role = causeway.testing.fixtures -features_role = causeway.feat -metamodel_role = causeway.metamodel -h2_role = causeway.ext.h2Console -jdo_role = causeway.persistence.jdo -swagger_role = causeway.viewer.restfulobjects -conf_role = causeway.conf -sudo_role = causeway.sudo ----- - -Notes: - -* all users should be granted the `default_role`. -* `conf_role` provides access to the configuration menu (in production mode), which is potentially sensitive -* `sudo_role` provides the ability to impersonate any user, so is _extremely_ sensitive; however it is prototype mode only - -Most of the features protected by these roles are only available in prototype mode. -The exceptions are those under `default_role` and `conf_role`. - - -=== Externalized IniRealm - -There's no requirement for all users/roles to be defined in the `shiro.ini` file. -Instead, a realm can be defined that loads its users/roles from some other resource. - -For example: - -[source,ini] ----- -$realm1=org.apache.shiro.realm.text.IniRealm # <1> -realm1.resourcePath=classpath:webapp/realm1.ini # <2> ----- -<1> happens to (coincidentally) be the link:http://shiro.apache.org/static/latest/apidocs/org/apache/shiro/realm/text/IniRealm.html[same implementation] as Shiro's built-in $iniRealm -<2> in this case load the users/roles from the `src/main/resources/webapp/realm1.ini` file. - -Note that a URL could be provided as the `resourcePath`, so a centralized config file could be used. -Even so, the - -[NOTE] -==== -If configured this way then the `[users]` and `[roles]` sections of `shiro.ini` become unused. -Instead, the corresponding sections from for `realm1.ini` are used instead. -==== - - - - -[#enhanced-wildcard-permission] -== Enhanced Wildcard Permission - -If using xref:security:shiro:about.adoc#shiro-ini-realm[IniRealm], the string permissions can represent either a grant _or_ a veto for a particular feature. - -This is useful in some situations where most users have access to most features, and only a small number of features are particularly sensitive. -The configuration can therefore be set up to grant fairly broad-brush permissions and then veto permission for the sensitive features for those users that do not have access. - -The string representation of a "causeway" permission (implemented, in fact, by the xref:refguide:security:index/shiro/authorization/CausewayPermission.adoc[] class) uses the following format: - -[source,ini] ----- -(?<vetoFlag>[!]?)(?:(?<permissionGroup>[^\/]+)[\/])?(?<permission>.+) ----- - -where: - -* the optional `!` prefix indicates this permission is a vetoing permission -* the mandatory `xxx/` prefix is a permission group that scopes any vetoing permissions -* the remainder of the string is the permission (possibly wild-carded, with :rw as optional suffix) - -TIP: Use an online regex tester, eg link:https://regex101.com/[] to get an idea of how this works. - -For example: - -[source,ini] ----- -user_role = !reg/myapp.api,\ - !reg/myapp.webapp.services.admin,\ - reg/* -api_role = myapp.api -admin_role = adm/* ----- - -sets up: - -* the `user_role` with access to all permissions except those with a logical type's namespace of `myapp.api` or `myapp.webapp.services.admin` -* the `api_role` with access to all permissions to logical types under the namespace `myapp.api` -* the `admin_role` with access to everything. - -The permission group concept is required to scope the applicability of any veto permission. -This is probably best explained by an example. -Suppose that a user has both `admin_role` and `user_role`; we would want the `admin_role` to trump the vetos of the `user_role`, in other words to give the user access to everything. - -:asterisk: * -Because of the permission groups, the two `!reg/...` vetos in `user_role` only veto out selected permissions granted by the ``reg/{asterisk}`` permissions, but they do not veto the permissions granted by a different scope, namely `adm/*`. -In this case the prefixes in ``reg/{asterisk}`` and ``adm/{asterisk}`` are required to make the patterns unique. - -The net effect is therefore what we would want: that a user with both `admin_role` and `user_role` would have access to everything, irrespective of those two veto permissions of the `user_role`. - - -[[permission-resolver-configuration]] -=== Configuration - -To configure Apache Causeway' extended permission support requires that a custom permission resolver is specified in `shiro.ini` file: - -[source,ini] ----- -permissionResolver = org.apache.causeway.security.shiro.authorization.CausewayPermissionResolver -myRealm.permissionResolver = $permissionResolver # <.> ----- -<.> `myRealm` is the handle to the configured realm, eg `$iniRealm`. - - - -[#caching] -== Caching - -To ensure that security operations does not impede performance, Shiro supports caching. -For example, this sets up a simple memory-based cache manager: - -[source,ini] ----- -memoryCacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager -securityManager.cacheManager = $memoryCacheManager ----- - -Other implementations can be plugged in; see the Shiro link:http://shiro.apache.org/caching.html[documentation] for further details. - - -== Further Reading - -Shiro provides many other features. -Check out: - -* Shiro's documentation page can be found link:http://shiro.apache.org/documentation.html[here]. - -* community-contributed articles can be found link:http://shiro.apache.org/articles.html[here]. + -+ -These include for instance link:http://meri-stuff.blogspot.co.uk/2011/04/apache-shiro-part-2-realms-database-and.html[this interesting article] describing how to perform certificate-based authentication (ie login using Google or Facebook credentials). +Support for Shiro has been retired in v3.x, primarily because at the time of release there was no support for `jakarta.*` namespace. +We may reinstate support in a future release when this becomes available (depending upon demand - it may be that Spring Security provides enough features as is).
