Re: [grails-user] Shiro Subject Builder use in grails bootstrap

[Scott Ryan]

Yes I think it is not running in a request/response mode.  Just a dumb  
question as i implement your solution.  I tried this earlier but since  
Runnable is an interface it does not let me create one so I must be  
missing a parenthesis or something?

I will try out your suggestions and offer feedback.  I think it would  
be nice to have access to both security managers from the plugin so  
you could use the same code during both processes.

Scott Ryan
President/CTO
Soaring Eagle L.L.C.
sc...@theryansplace.com
(303) 263-3044

On Oct 29, 2009, at 9:17 AM, Les Hazlewood wrote:

Hi Scott,

You're right that this can be done easily enough.  I don't know enough
about Grails to know if Bootstrap is run during a request or at
startup before requests come in.  If it is the latter, the easiest
thing to do at the moment is to create a temporary SecurityManager
just for bootstrap needs - the WebSecurityManager requires the
presence of a Request/Response pair at the moment, but feel free to
open a Shiro jira issue if you think it should be an improvement to
work in either case.

For now, try to do this:

Realm localizedRealm = //acquire your realm
SecurityManager bootstrapSecurityManager = new
DefaultSecurityManager(localizedRealm);
PrincipalCollection principals = new
SimplePrincipalCollection(userIdentity, localizedRealm.getName());
Subject subject = new  
Subject.Builder().principals(principals).buildSubject();
subject.execute( new Runnable() {
   public void run() {
       doBootstrap();
   }
}
private void doBootstrap() {
   //do whatever logic you need to be done as the above Subject.
}

HTH,

Les

On Thu, Oct 29, 2009 at 10:57 AM, Scott Ryan <sryan...@gmail.com>  
wrote:
HI,
Sorry it took me a while to get back to you but we had 4 feet of  
snow last
night and I had to dig out lol.

I think maybe I am going down the wrong path.   I am using the  
Grails Shiro
plugin which appears to implement a DefaultWebSecurityManager and  
that is
the security manager I am picking up in the bootstrap execution  
within
grails.  Now I don't think the bootstrap runs within a request so I  
don't
have request response available in the bootstrap class just the  
servlet
context.  So no matter which type of subject i create I get an  
error.  In
order to create a Websubject I need a request and response which I  
do not
have.

       Object userIdentity = "admin";
       String realmName = "localizedRealm";
       PrincipalCollection principals = new
SimplePrincipalCollection(userIdentity, realmName);
      Subject subject = new
WebSubject 
.Builder 
(shiroSecurityManager 
,request,response).principals(principals).buildSubject();
       ThreadState threadState = new SubjectThreadState(subject);
       threadState.bind();

If I try to create a normal subject I get complaints from the  
security
manager that there is not request.

       Object userIdentity = "admin";
       String realmName = "localizedRealm";
       PrincipalCollection principals = new
SimplePrincipalCollection(userIdentity, realmName);
       Subject subject = new
Subject 
.Builder(shiroSecurityManager).principals(principals).buildSubject();
       ThreadState threadState = new SubjectThreadState(subject);
       threadState.bind();

Is there a way to get a normal security manager from the shiro  
plugin or do
i need to create my own security manager for this case or can i  
actually get
a request and response from the bootstrap class in grails.  I am a  
little
over my head at the level of the frameworks i am at now.

Any ideas on what to explore next?  I think this can be done I am  
just
missing one critical part.


Scott Ryan
President/CTO
Soaring Eagle L.L.C.
sc...@theryansplace.com
(303) 263-3044

On Oct 28, 2009, at 6:35 PM, Les Hazlewood wrote:

Hi Scott,

Good catch on the build() mistake.  I've updated the wiki.  I also
made some changes to break out the Thread Association sections  
into 3
approaches (not 2).  Please check it again (I _just_ finished these
changes like 2 minutes ago) and see if that helps.

Also, you caught an interesting scenario and I updated the wiki to
note this scenario - you're absolutely right that the standard
Subject.Builder can't be used during a web request.  Because the
Subject and Subject.Builder have no knowledge of web APIs to  
ensure a
clean separation of concerns, the WebSubject and WebSubject.Builder
exist for this reason.

They are located in the org.apache.shiro.web.subject package and are
used in the exact same way:

Subject subject = WebSubject.Builder(...). ... .buildSubject();

Also, per the wiki documentation, just building the Subject instance
is not enough - it must be bound to the currently executing thread  
so
any SecurityUtils.getSubject() calls work properly.  The wiki page I
wrote covers all 3 approaches to show you how to do this.

I recommend that you use the "Automatic Association" approach - it  
is
the easiest to use.

Let me know how that goes!

Cheers,

Les

On Wed, Oct 28, 2009 at 7:54 PM, Scott Ryan <sryan...@gmail.com>  
wrote:

Thank you for the information.  I am close but still scratching  
my head
on
what is wrong.

Note there is a line in the wiki help that reads

Subject subject = new  
Subject.Builder().principals(principals).build();

but should it not read

Subject subject = new
Subject.Builder().principals(principals).buildSubject();


So here is what I have so far in my bootstrap.groovy

class BootStrap
{
  def shiroSecurityManager
def init =
  {servletContext ->
      void buildSubject()
      {
          Object userIdentity = "admin";
          String realmName = "localizedRealm";
          PrincipalCollection principals = new
SimplePrincipalCollection(userIdentity, realmName);
          Subject subject = new

Subject 
.Builder 
(shiroSecurityManager).principals(principals).buildSubject();
 // This is line 164
      }
  }
}

I assume since I am in a servletContext it is a web request and  
therefore
I
don't have to bind the subject to the Thread?

I am getting the following errors:

Caused by: java.lang.IllegalStateException: ServletRequest is not
available!
 A ServletRequest must be present in either the Subject context  
map, on
an
existing WebSubject or via the thread context.  This exception is
probably
indicative of an erroneous application configuration.
      at

org 
.apache 
.shiro 
.web 
.mgt 
.DefaultWebSubjectFactory 
.getServletRequest(DefaultWebSubjectFactory.java:72)
      at

org 
.apache 
.shiro 
.web 
.mgt 
.DefaultWebSubjectFactory 
.getInetAddress(DefaultWebSubjectFactory.java:108)
      at

org 
.apache 
.shiro 
.web 
.mgt 
.DefaultWebSubjectFactory 
.createSubject(DefaultWebSubjectFactory.java:118)
      at

org 
.apache 
.shiro 
.mgt 
.DefaultSecurityManager.createSubject(DefaultSecurityManager.java: 
347)
      at
org.apache.shiro.subject.Subject 
$Builder.buildSubject(Subject.java:684)
      at BootStrap.buildSubject(BootStrap.groovy:164)
      at BootStrap$_closure1.doCall(BootStrap.groovy:108)


Is there something I am missing in the setup?

It looks like the following thread discusses this but it is  
unclear on
the
solution

http://www.mail-archive.com/shiro-...@incubator.apache.org/msg00172.html

It is to hard to locate any of the referenced classes as they  
seem to
keep
moving packages and there is no javadoc to help me find them.   i  
can't
even
find the SVN repo to look there.  I assume I am supposed to use
WebSubjectBuilder instead of the above but not sure how.  What  
package is
WebSubjectBuilder in currently?

The next step is to insert data in to the database using the  
subject that
was created.



Scott Ryan
President/CTO
Soaring Eagle L.L.C.
sc...@theryansplace.com
(303) 263-3044

On Oct 28, 2009, at 4:04 PM, Les Hazlewood wrote:

Hi Scott,

Yep, this is a new feature available in Shiro 1.0.  In an effort  
to
create good documentation (and so I don't get lazy and rely on
archived mailing lists as documentation - yuck!), I've  
documented this
extensively here:

http://cwiki.apache.org/confluence/display/SHIRO/Subject

Please feel free to offer suggestions or ask questions.

Cheers,

Les

On Wed, Oct 28, 2009 at 2:48 PM, Peter Ledbrook <pe...@cacoethes.co.uk 
>
wrote:

Here is the thread I am referring to



http://www.nabble.com/BootStrapping-a-class-that-requires-a-Session-for-beforeInsert-to-work-td25788207.html

It's javadoced well, but the docs aren't online yet as far as I  
can
tell. If you can read native javadoc format:



 
http://svn.apache.org/repos/asf/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/subject/Subject.java

Otherwise, I'll leave it to Les to answer this one (I've never  
used
Subject.Builder).

Cheers,

Peter

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

 http://xircles.codehaus.org/manage_email




---------------------------------------------------------------------
To unsubscribe from this list, please visit:

 http://xircles.codehaus.org/manage_email