Hi Scott,
You're right that this can be done easily enough. I don't know enough
about Grails to know if Bootstrap is run during a request or at
startup before requests come in. If it is the latter, the easiest
thing to do at the moment is to create a temporary SecurityManager
just for bootstrap needs - the WebSecurityManager requires the
presence of a Request/Response pair at the moment, but feel free to
open a Shiro jira issue if you think it should be an improvement to
work in either case.
For now, try to do this:
Realm localizedRealm = //acquire your realm
SecurityManager bootstrapSecurityManager = new
DefaultSecurityManager(localizedRealm);
PrincipalCollection principals = new
SimplePrincipalCollection(userIdentity, localizedRealm.getName());
Subject subject = new Subject.Builder().principals(principals).buildSubject();
subject.execute( new Runnable() {
public void run() {
doBootstrap();
}
}
private void doBootstrap() {
//do whatever logic you need to be done as the above Subject.
}
HTH,
Les
On Thu, Oct 29, 2009 at 10:57 AM, Scott Ryan <[email protected]> wrote:
> HI,
> Sorry it took me a while to get back to you but we had 4 feet of snow last
> night and I had to dig out lol.
>
> I think maybe I am going down the wrong path. I am using the Grails Shiro
> plugin which appears to implement a DefaultWebSecurityManager and that is
> the security manager I am picking up in the bootstrap execution within
> grails. Now I don't think the bootstrap runs within a request so I don't
> have request response available in the bootstrap class just the servlet
> context. So no matter which type of subject i create I get an error. In
> order to create a Websubject I need a request and response which I do not
> have.
>
> Object userIdentity = "admin";
> String realmName = "localizedRealm";
> PrincipalCollection principals = new
> SimplePrincipalCollection(userIdentity, realmName);
> Subject subject = new
> WebSubject.Builder(shiroSecurityManager,request,response).principals(principals).buildSubject();
> ThreadState threadState = new SubjectThreadState(subject);
> threadState.bind();
>
> If I try to create a normal subject I get complaints from the security
> manager that there is not request.
>
> Object userIdentity = "admin";
> String realmName = "localizedRealm";
> PrincipalCollection principals = new
> SimplePrincipalCollection(userIdentity, realmName);
> Subject subject = new
> Subject.Builder(shiroSecurityManager).principals(principals).buildSubject();
> ThreadState threadState = new SubjectThreadState(subject);
> threadState.bind();
>
> Is there a way to get a normal security manager from the shiro plugin or do
> i need to create my own security manager for this case or can i actually get
> a request and response from the bootstrap class in grails. I am a little
> over my head at the level of the frameworks i am at now.
>
> Any ideas on what to explore next? I think this can be done I am just
> missing one critical part.
>
>
> Scott Ryan
> President/CTO
> Soaring Eagle L.L.C.
> [email protected]
> (303) 263-3044
>
> On Oct 28, 2009, at 6:35 PM, Les Hazlewood wrote:
>
>> Hi Scott,
>>
>> Good catch on the build() mistake. I've updated the wiki. I also
>> made some changes to break out the Thread Association sections into 3
>> approaches (not 2). Please check it again (I _just_ finished these
>> changes like 2 minutes ago) and see if that helps.
>>
>> Also, you caught an interesting scenario and I updated the wiki to
>> note this scenario - you're absolutely right that the standard
>> Subject.Builder can't be used during a web request. Because the
>> Subject and Subject.Builder have no knowledge of web APIs to ensure a
>> clean separation of concerns, the WebSubject and WebSubject.Builder
>> exist for this reason.
>>
>> They are located in the org.apache.shiro.web.subject package and are
>> used in the exact same way:
>>
>> Subject subject = WebSubject.Builder(...). ... .buildSubject();
>>
>> Also, per the wiki documentation, just building the Subject instance
>> is not enough - it must be bound to the currently executing thread so
>> any SecurityUtils.getSubject() calls work properly. The wiki page I
>> wrote covers all 3 approaches to show you how to do this.
>>
>> I recommend that you use the "Automatic Association" approach - it is
>> the easiest to use.
>>
>> Let me know how that goes!
>>
>> Cheers,
>>
>> Les
>>
>> On Wed, Oct 28, 2009 at 7:54 PM, Scott Ryan <[email protected]> wrote:
>>>
>>> Thank you for the information. I am close but still scratching my head
>>> on
>>> what is wrong.
>>>
>>> Note there is a line in the wiki help that reads
>>>
>>> Subject subject = new Subject.Builder().principals(principals).build();
>>>
>>> but should it not read
>>>
>>> Subject subject = new
>>> Subject.Builder().principals(principals).buildSubject();
>>>
>>>
>>> So here is what I have so far in my bootstrap.groovy
>>>
>>> class BootStrap
>>> {
>>> def shiroSecurityManager
>>> def init =
>>> {servletContext ->
>>> void buildSubject()
>>> {
>>> Object userIdentity = "admin";
>>> String realmName = "localizedRealm";
>>> PrincipalCollection principals = new
>>> SimplePrincipalCollection(userIdentity, realmName);
>>> Subject subject = new
>>>
>>> Subject.Builder(shiroSecurityManager).principals(principals).buildSubject();
>>> // This is line 164
>>> }
>>> }
>>> }
>>>
>>> I assume since I am in a servletContext it is a web request and therefore
>>> I
>>> don't have to bind the subject to the Thread?
>>>
>>> I am getting the following errors:
>>>
>>> Caused by: java.lang.IllegalStateException: ServletRequest is not
>>> available!
>>> A ServletRequest must be present in either the Subject context map, on
>>> an
>>> existing WebSubject or via the thread context. This exception is
>>> probably
>>> indicative of an erroneous application configuration.
>>> at
>>>
>>> org.apache.shiro.web.mgt.DefaultWebSubjectFactory.getServletRequest(DefaultWebSubjectFactory.java:72)
>>> at
>>>
>>> org.apache.shiro.web.mgt.DefaultWebSubjectFactory.getInetAddress(DefaultWebSubjectFactory.java:108)
>>> at
>>>
>>> org.apache.shiro.web.mgt.DefaultWebSubjectFactory.createSubject(DefaultWebSubjectFactory.java:118)
>>> at
>>>
>>> org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:347)
>>> at
>>> org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:684)
>>> at BootStrap.buildSubject(BootStrap.groovy:164)
>>> at BootStrap$_closure1.doCall(BootStrap.groovy:108)
>>>
>>>
>>> Is there something I am missing in the setup?
>>>
>>> It looks like the following thread discusses this but it is unclear on
>>> the
>>> solution
>>>
>>> http://www.mail-archive.com/[email protected]/msg00172.html
>>>
>>> It is to hard to locate any of the referenced classes as they seem to
>>> keep
>>> moving packages and there is no javadoc to help me find them. i can't
>>> even
>>> find the SVN repo to look there. I assume I am supposed to use
>>> WebSubjectBuilder instead of the above but not sure how. What package is
>>> WebSubjectBuilder in currently?
>>>
>>> The next step is to insert data in to the database using the subject that
>>> was created.
>>>
>>>
>>>
>>> Scott Ryan
>>> President/CTO
>>> Soaring Eagle L.L.C.
>>> [email protected]
>>> (303) 263-3044
>>>
>>> On Oct 28, 2009, at 4:04 PM, Les Hazlewood wrote:
>>>
>>>> Hi Scott,
>>>>
>>>> Yep, this is a new feature available in Shiro 1.0. In an effort to
>>>> create good documentation (and so I don't get lazy and rely on
>>>> archived mailing lists as documentation - yuck!), I've documented this
>>>> extensively here:
>>>>
>>>> http://cwiki.apache.org/confluence/display/SHIRO/Subject
>>>>
>>>> Please feel free to offer suggestions or ask questions.
>>>>
>>>> Cheers,
>>>>
>>>> Les
>>>>
>>>> On Wed, Oct 28, 2009 at 2:48 PM, Peter Ledbrook <[email protected]>
>>>> wrote:
>>>>>>
>>>>>> Here is the thread I am referring to
>>>>>>
>>>>>>
>>>>>>
>>>>>> http://www.nabble.com/BootStrapping-a-class-that-requires-a-Session-for-beforeInsert-to-work-td25788207.html
>>>>>
>>>>> It's javadoced well, but the docs aren't online yet as far as I can
>>>>> tell. If you can read native javadoc format:
>>>>>
>>>>>
>>>>>
>>>>> http://svn.apache.org/repos/asf/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/subject/Subject.java
>>>>>
>>>>> Otherwise, I'll leave it to Les to answer this one (I've never used
>>>>> Subject.Builder).
>>>>>
>>>>> Cheers,
>>>>>
>>>>> Peter
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe from this list, please visit:
>>>>
>>>> http://xircles.codehaus.org/manage_email
>>>>
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe from this list, please visit:
>>>
>>> http://xircles.codehaus.org/manage_email
>>>
>>>
>>>
>
>
