2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
19 package org.onap.aaf.cadi.shiro.test;
21 import org.apache.shiro.SecurityUtils;
22 import org.apache.shiro.authc.AuthenticationException;
23 import org.apache.shiro.authc.IncorrectCredentialsException;
24 import org.apache.shiro.authc.LockedAccountException;
25 import org.apache.shiro.authc.UnknownAccountException;
26 import org.apache.shiro.authc.UsernamePasswordToken;
27 import org.apache.shiro.config.Ini;
28 import org.apache.shiro.config.Ini.Section;
29 import org.apache.shiro.config.IniSecurityManagerFactory;
30 import org.apache.shiro.mgt.SecurityManager;
31 import org.apache.shiro.session.Session;
32 import org.apache.shiro.subject.Subject;
33 import org.apache.shiro.util.Factory;
34 import org.onap.aaf.cadi.shiro.AAFRealm;
35 import org.slf4j.Logger;
36 import org.slf4j.LoggerFactory;
38 public class StandAloneTest {
41 * Simple Quickstart application, from Shiro, showing how to use Shiro's API.
45 private static final transient Logger log = LoggerFactory.getLogger(StandAloneTest.class);
47 public static void main(String[] args) {
49 System.out.println("Usage: java StandAloneTest fqi ns passwd");
52 String user = args[0];
54 String pass = args[2];
56 // The easiest way to create a Shiro SecurityManager with configured
57 // realms, users, roles and permissions is to use the simple INI config.
58 // We'll do that by using a factory that can ingest a .ini file and
59 // return a SecurityManager instance:
62 Section section = ini.addSection("main");
63 section.put("aafRealm", "org.onap.aaf.cadi.shiro.AAFRealm");
64 section.put("securityManager.realms","$aafRealm");
66 * Equivalent to shiro.ini
69 * aafRealm=org.onap.aaf.cadi.shiro.AAFRealm
70 * securityManager.realms=$aafRealm
72 Factory<SecurityManager> factory = new IniSecurityManagerFactory(ini);
74 // Alternative: Use the shiro.ini file at the root of the classpath
75 // (file: and url: prefixes load from files and urls respectively):
76 // Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
77 SecurityManager securityManager = factory.getInstance();
79 // for this simple example quickstart, make the SecurityManager
80 // accessible as a JVM singleton. Most applications wouldn't do this
81 // and instead rely on their container configuration or web.xml for
82 // webapps. That is outside the scope of this simple quickstart, so
83 // we'll just do the bare minimum so you can continue to get a feel
85 SecurityUtils.setSecurityManager(securityManager);
87 // Now that a simple Shiro environment is set up, let's see what you can do:
89 // get the currently executing user:
90 Subject currentUser = SecurityUtils.getSubject();
92 // Do some stuff with a Session (no need for a web or EJB container!!!)
93 Session session = currentUser.getSession();
94 session.setAttribute("someKey", "aValue");
95 String value = (String) session.getAttribute("someKey");
96 if (value.equals("aValue")) {
97 log.info("Retrieved the correct value! [" + value + "]");
100 for(int i=0;i<3;++i) {
101 // let's login the current user so we can check against roles and permissions:
102 if (!currentUser.isAuthenticated()) {
103 UsernamePasswordToken token = new UsernamePasswordToken(user,pass);
104 // UsernamePasswordToken token = new UsernamePasswordToken("lonestarr", "vespa");
105 token.setRememberMe(true);
107 currentUser.login(token);
108 } catch (UnknownAccountException uae) {
109 log.info("There is no user with username of " + token.getPrincipal());
110 } catch (IncorrectCredentialsException ice) {
111 log.info("Password for account " + token.getPrincipal() + " was incorrect!");
112 } catch (LockedAccountException lae) {
113 log.info("The account for username " + token.getPrincipal() + " is locked. " +
114 "Please contact your administrator to unlock it.");
116 // ... catch more exceptions here (maybe custom ones specific to your application?
117 catch (AuthenticationException ae) {
118 //unexpected condition? error?
119 // AT&T doesn't allow specifics
120 log.info(ae.getMessage());
124 // Uncomment following to test calls after Cache is Cleared
125 // AAFRealm.Singleton.singleton().authz.clearAll();
128 //print their identifying principal (in this case, a username):
129 log.info("User [" + currentUser.getPrincipal() + "] logged in successfully.");
131 //test NS Write Access
132 String msg = String.format("You are %s in role %s.admin",
133 currentUser.hasRole(ns+".admin")?"":"not",
137 //test a typed permission (not instance-level)
138 msg = String.format("You %s have write access into NS %s",
139 currentUser.isPermitted(ns+".access|*|*")?"":"do not",
143 //all done - log out!
144 currentUser.logout();