protected void configureShiro() { final Ini config = new Ini(); config.addSection("users"); config.getSection("users").put("EntitlementUser", "password, entitlement"); config.addSection("roles"); config .getSection("roles") .put( "entitlement", Permission.ACCOUNT_CAN_CREATE.toString() + "," + Permission.ENTITLEMENT_CAN_CREATE.toString() + "," + Permission.ENTITLEMENT_CAN_CHANGE_PLAN.toString() + "," + Permission.ENTITLEMENT_CAN_PAUSE_RESUME.toString() + "," + Permission.ENTITLEMENT_CAN_TRANSFER.toString() + "," + Permission.ENTITLEMENT_CAN_CANCEL.toString()); // Reset the security manager ThreadContext.unbindSecurityManager(); final Factory<SecurityManager> factory = new IniSecurityManagerFactory(config); final SecurityManager securityManager = factory.getInstance(); SecurityUtils.setSecurityManager(securityManager); }
@Override public List<UserRecord> findUsers(List<String> users) { List<UserRecord> userRecords = new ArrayList<>(); Set<String> userSet = new HashSet<>(users); // load config Ini ini = new Ini(); try (InputStream in = new FileInputStream(FileSystemManager.getConfig("shiro.ini"))) { ini.load(in); Section section = ini.getSection("users"); for (String user : section.keySet()) { if (userSet.contains(user)) { UserRecord userRecord = new UserRecord(); userRecord.setUsername(user); userRecords.add(userRecord); } } } catch (IOException ex) { throw new OpenStorefrontRuntimeException( "Unable to read shiro.ini file.", "Check config path and permissions", ex); } return userRecords; }
private ImmutableSetMultimap<String, String> parseIni(String database, Ini ini) { Ini.Section privilegesSection = ini.getSection(ROLES); boolean invalidConfiguration = false; if (privilegesSection == null) { LOGGER.warn("Section {} empty for {}", ROLES, resourcePath); invalidConfiguration = true; } Ini.Section groupsSection = ini.getSection(GROUPS); if (groupsSection == null) { LOGGER.warn("Section {} empty for {}", GROUPS, resourcePath); invalidConfiguration = true; } if (!invalidConfiguration) { return parsePermissions(database, privilegesSection, groupsSection); } return ImmutableSetMultimap.of(); }
/** Parse the resource. Should not be used in the normal course */ protected void parse() { LOGGER.info("Parsing " + resourcePath); Roles roles = new Roles(); try { perDbResources.clear(); Ini ini = PolicyFiles.loadFromPath(fileSystem, resourcePath); if (LOGGER.isDebugEnabled()) { for (String sectionName : ini.getSectionNames()) { LOGGER.debug("Section: " + sectionName); Ini.Section section = ini.get(sectionName); for (String key : section.keySet()) { String value = section.get(key); LOGGER.debug(key + " = " + value); } } } ImmutableSetMultimap<String, String> globalRoles; Map<String, ImmutableSetMultimap<String, String>> perDatabaseRoles = Maps.newHashMap(); globalRoles = parseIni(null, ini); Ini.Section filesSection = ini.getSection(DATABASES); if (filesSection == null) { LOGGER.info("Section " + DATABASES + " needs no further processing"); } else { for (Map.Entry<String, String> entry : filesSection.entrySet()) { String database = Strings.nullToEmpty(entry.getKey()).trim().toLowerCase(); Path perDbPolicy = new Path(Strings.nullToEmpty(entry.getValue()).trim()); if (isRelative(perDbPolicy)) { perDbPolicy = new Path(resourcePath.getParent(), perDbPolicy); } try { LOGGER.info("Parsing " + perDbPolicy); Ini perDbIni = PolicyFiles.loadFromPath(fileSystem, perDbPolicy); if (perDbIni.containsKey(USERS)) { throw new ConfigurationException( "Per-db policy files cannot contain " + USERS + " section"); } if (perDbIni.containsKey(DATABASES)) { throw new ConfigurationException( "Per-db policy files cannot contain " + DATABASES + " section"); } ImmutableSetMultimap<String, String> currentDbRoles = parseIni(database, perDbIni); perDatabaseRoles.put(database, currentDbRoles); perDbResources.add(perDbPolicy); } catch (Exception e) { LOGGER.error( "Error processing key " + entry.getKey() + ", skipping " + entry.getValue(), e); } } } roles = new Roles(globalRoles, ImmutableMap.copyOf(perDatabaseRoles)); } catch (Exception e) { LOGGER.error("Error processing file, ignoring " + resourcePath, e); } rolesReference.set(roles); }