Shiro + Guice

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Shiro + Guice

jasmine
Hi! I got shiro + guice (+vaadin) working togheter ... so now I'm able to get annotations in my vaadin view.
Before guice, I was simply using shiro for auth via ldap, configuring my shiro.ini.
Now I'm not able to use shiro.ini to get my shiro configs... the authentication process looks for users in ini file, where I want it get ldap configuration from file, retrieving info from LDAP and the retrieving roles by ldap user group (in my ini file).
So this is my ini:

[main]
contextFactory = org.apache.shiro.realm.ldap.JndiLdapContextFactory
contextFactory.url = ldap://ldap.forumsys.com:389

activeDirectoryRealm =mmm.aa.com.LdapAuth
activeDirectoryRealm.ldapContextFactory = $contextFactory
activeDirectoryRealm.searchBase = "dc=example,dc=com"
activeDirectoryRealm.groupRolesMap = "ou=scientists,dc=example,dc=com":"Editor"
#rolePermissionResolver = shiro.IniRealmRolePermissionResolver
rolePermissionResolver = =mmm.aa.com.IniRealmRolePermissionResolver
rolePermissionResolver.ini = $iniRealm
activeDirectoryRealm.rolePermissionResolver = $rolePermissionResolver

[roles]
# 'admin' role has all permissions, indicated by the wildcard '*'
Admin = *
Editor = *


Now with guice  in my ShiroModule how can I configure realm? Where am I wrong?

Here the code

public class MyShiroModule extends ShiroWebModule {

    private static Logger log = LoggerFactory.getLogger(MyShiroModule.class);

    @Inject
    public MyShiroModule(ServletContext servletContext) {
        super(servletContext);

    }


    /*  public MyShiroModule(ServletContext servletContext) {
     super(servletContext);
     }
     */

    /* @Override
     protected void configureShiro() {
     try {
     bindRealm().toConstructor(IniRealm.class.getConstructor(Ini.class));
     } catch (NoSuchMethodException e) {
     log.error("ERRORRRE");
     }
     }
     */
    @Provides
    @Singleton
    Ini loadShiroIni() {
        return Ini.fromResourcePath("classpath:shiro.ini");
    }

    @Override
    protected void configureShiroWeb() {
        try {  
   
            bindRealm().toConstructor(IniRealm.class.getConstructor(Ini.class));
        //    bind(AssegnazionePODMassivoView.class);
        } catch (NoSuchMethodException e) {
            log.error("ERRORRRE");
        }
 
             Factory<org.apache.shiro.mgt.SecurityManager> factory = new   IniSecurityManagerFactory("classpath:shiro.ini");
       final org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance();
     
        SecurityUtils.setSecurityManager(securityManager);
    }

}


Thanks a lot!

Reply | Threaded
Open this post in threaded view
|

Re: Shiro + Guice

jasmine
Update:

I just thought I can define a second REALM

 protected void configureShiroWeb() {
        try {  
   
            bindRealm().toConstructor(IniRealm.class.getConstructor(Ini.class));
             bindRealm().toConstructor(MyADRealm.class.getConstructor());
        }

but at the starting of my webapp I get
...realm.ldap.AbstractLdapRealm - No LdapContextFactory specified - creating a default instance

so where shiro try to authenticate against MyADRealm I get:

java.lang.IllegalStateException: An LDAP URL must be specified of the form ldap://<hostname>:<port>

How can I initialize a LdapContextFactory? It's ignoring the one in my ini file...

Some idea?
Reply | Threaded
Open this post in threaded view
|

Re: Shiro + Guice

lprimak
If looks like your .ini file isn’t being read.
I suggest going into your code that tells Shiro to use your .ini file and see if it’s really being executed.

> On Feb 28, 2016, at 4:02 PM, jasmine <[hidden email]> wrote:
>
> Update:
>
> I just thought I can define a second REALM
>
> protected void configureShiroWeb() {
>        try {  
>
>
> bindRealm().toConstructor(IniRealm.class.getConstructor(Ini.class));
>             bindRealm().toConstructor(MyADRealm.class.getConstructor());
>        }
>
> but at the starting of my webapp I get
> ...realm.ldap.AbstractLdapRealm - No LdapContextFactory specified - creating
> a default instance
>
> so where shiro try to authenticate against MyADRealm I get:
>
> java.lang.IllegalStateException: An LDAP URL must be specified of the form
> ldap://<hostname>:<port>
>
> How can I initialize a LdapContextFactory? It's ignoring the one in my ini
> file...
>
> Some idea?
>
>
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-Guice-tp7580965p7580966.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>

Reply | Threaded
Open this post in threaded view
|

Re: Shiro + Guice

jasmine
Thanks @lprimak for your reply.
My ini file is read (I can see  log in startup) and it's used as first realm... but I have no users defined in it, so shiro tries with second realm (MyADRealm) and can't get ldap configuration.

Can yuo give me some other hint?


Reply | Threaded
Open this post in threaded view
|

Re: Shiro + Guice

Jared Bunting-2
In reply to this post by lprimak

The guice integration is an alternative mechanism for instantiating and confusing Shiro from the ini. The two are mutually exclusive. If you wish to use the Shiro security manager in guice but instantiate and configure Shiro via the ini then I'd recommend duplicating the ini instantiation inside a guice provider.

On Feb 28, 2016 4:04 PM, "Lenny Primak" <[hidden email]> wrote:
If looks like your .ini file isn’t being read.
I suggest going into your code that tells Shiro to use your .ini file and see if it’s really being executed.

> On Feb 28, 2016, at 4:02 PM, jasmine <[hidden email]> wrote:
>
> Update:
>
> I just thought I can define a second REALM
>
> protected void configureShiroWeb() {
>        try {
>
>
> bindRealm().toConstructor(IniRealm.class.getConstructor(Ini.class));
>             bindRealm().toConstructor(MyADRealm.class.getConstructor());
>        }
>
> but at the starting of my webapp I get
> ...realm.ldap.AbstractLdapRealm - No LdapContextFactory specified - creating
> a default instance
>
> so where shiro try to authenticate against MyADRealm I get:
>
> java.lang.IllegalStateException: An LDAP URL must be specified of the form
> ldap://<hostname>:<port>
>
> How can I initialize a LdapContextFactory? It's ignoring the one in my ini
> file...
>
> Some idea?
>
>
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-Guice-tp7580965p7580966.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>

Reply | Threaded
Open this post in threaded view
|

Re: Shiro + Guice

jasmine
Thanks Jared Bunting-2 for your reply.

I can't understand well what you mean... can you give me a simple example?
Reply | Threaded
Open this post in threaded view
|

Re: Shiro + Guice

jasmine
In reply to this post by Jared Bunting-2
Or... how can I get it working without shiro.ini? I need it to resolve roles and permissions too...


realmName.groupRolesMap = "ou=scientists,dc=example,dc=com":"Editor"
rolePermissionResolver = my.cc.c.IniRealmRolePermissionResolver
rolePermissionResolver.ini = $iniRealm
realmName.rolePermissionResolver = $rolePermissionResolver

[roles]
# 'admin' role has all permissions, indicated by the wildcard '*'
Admin = *
Editor =*
Reply | Threaded
Open this post in threaded view
|

Re: Shiro + Guice

Jared Bunting-2

The setup that you have pulls only roles and users from the ini file. Everything else comes from guice. So you should create your ldap realm in guice, including its configuration. A @Provides method is a simple way to go here.

On Feb 28, 2016 4:16 PM, "jasmine" <[hidden email]> wrote:
Or... how can I get it working without shiro.ini? I need it to resolve roles
and permissions too...


realmName.groupRolesMap = "ou=scientists,dc=example,dc=com":"Editor"
rolePermissionResolver = my.cc.c.IniRealmRolePermissionResolver
rolePermissionResolver.ini = $iniRealm
realmName.rolePermissionResolver = $rolePermissionResolver

[roles]
# 'admin' role has all permissions, indicated by the wildcard '*'
Admin = *
Editor =*



--
View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-Guice-tp7580965p7580971.html
Sent from the Shiro User mailing list archive at Nabble.com.
Reply | Threaded
Open this post in threaded view
|

Re: Shiro + Guice

jasmine
Hi Jared, sorry for posting so late, I've been busy.
Thanks for your reply. I got it working, but I don't know if this is a good way to :) Can you have a look at my code to check if I'm wrong someway? Thanks a lot!!

web.xml:

    <filter>
        <filter-name>guiceFilter</filter-name>
        <filter-class>com.google.inject.servlet.GuiceFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>guiceFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <listener>
        <listener-class>mypackage.shiro.GuiceServletInjector</listener-class>
    </listener>

GuiceServletInjector.java

public class GuiceServletInjector extends GuiceServletContextListener {

    private ServletContext servletContext;

    @Override
    public void contextInitialized(ServletContextEvent servletContextEvent) {
        servletContext = servletContextEvent.getServletContext();
        super.contextInitialized(servletContextEvent);
    }

    @Override
    protected Injector getInjector() {
       
       

        Injector injector = Guice.createInjector(
               new MyShiroModule(servletContext),
                new ShiroAopModule(),
                new GuiceServletModule(),
                MyShiroModule.guiceFilterModule()
                );
       

       

        return injector;

    }

}


MyShiroModule.java
public class MyShiroModule extends ShiroWebModule {

    private static Logger log = LoggerFactory.getLogger(MyShiroModule.class);

    @Inject
    public MyShiroModule(ServletContext servletContext) {
        super(servletContext);

    }

    @Provides
    @Singleton
    Ini loadShiroIni() {
        return Ini.fromResourcePath("classpath:shiro.ini");
    }

    @Override
    protected void configureShiroWeb() {

        try {
            bindRealm().to(MYREALM.class);
        } catch (Exception e) {
            log.error("Errore configurazione MyShiroModule");
            throw e;
        }

    }

}


GuiceServletModule.java
public class GuiceServletModule extends ServletModule {

    @Override
    protected void configureServlets() {
        super.configureServlets();
        serve("/*").with(MyUi.MyUIServlet.class);
        bind(MyUi.MyUIServlet.class);
        bind(org.apache.shiro.realm.ldap.JndiLdapContextFactory.class).toProvider(JndiLdapContextGuiceProvider.class).in(Singleton.class);
        bind(MyReaknììlm.class).toProvider(MyRealmGuiceProvider.class).in(Singleton.class);

        Properties properties = new Properties();
        try {
            InputStream stream
                    = getClass().getClassLoader().getResourceAsStream("shiro.ini");
            properties.load(stream);
            Names.bindProperties(binder(), properties);
        } catch (IOException e) {
            //  log.error("File di propertier non trovato");
        }

    }

    @Provides
    private Class<? extends UI> provideUIClass() {
        return MyUI.class;
    }

}


PRGuiceProvider.java
public class PRGuiceProvider implements Provider<MyRealm> {

    @Inject
    private Provider<JndiLdapContextFactory> ldapContextFactoryProvider;
    @Inject
    private Provider<IniRealmRolePermissionResolver> iniRealmRolePermissionResolverProvider;

    @Inject
    @Named("searchBase")
    private String searchBase;

    @Inject
    @Named("groupRolesMap")
    private String groupRolesMapString;

    @Override

    public MyRealm get() {
        MyRealm realm = new MyRealm ();

        JndiLdapContextFactory factory = ldapContextFactoryProvider.get();

        realm.setLdapContextFactory(factory);
        realm.setSearchBase(searchBase);
        Map<String, String> groupRolesMap = new HashMap<String, String>();

        String[] maps = groupRolesMapString.split("\\|");

        for (String mappingString : maps) {
            String[] mapping = mappingString.split(":");
            groupRolesMap.put(mapping[0].replaceAll("\\\"", ""), mapping[1].replaceAll("\\\"", ""));
        }

        realm.setGroupRolesMap(groupRolesMap);
        IniRealmRolePermissionResolver permissionResolver = iniRealmRolePermissionResolverProvider.get();
        permissionResolver.setIni(new IniRealm("classpath:shiro.ini"));
        realm.setRolePermissionResolver(permissionResolver);
        return realm;
    }

}

JndiLdapContextGuiceProvider .class
public class JndiLdapContextGuiceProvider implements Provider<org.apache.shiro.realm.ldap.JndiLdapContextFactory> {
   
    @Inject @Named("realmUrl") String url;
    @Inject @Named("systemUserName") String username;
    @Inject @Named("systemPassword") String password;

    @Override
    public JndiLdapContextFactory get() {
        JndiLdapContextFactory factory = new JndiLdapContextFactory();
        factory.setUrl(url);
        factory.setSystemUsername(username);
        factory.setSystemPassword(password);
        return factory;
    }
}