search

incodehq / incode-platform

Combines incode.org modules and isisaddons.org into a single set of modules.
http://platform.incode.org
Apache License 2.0
8 stars 9 forks source link

spi-security: Support multiple realms #38

Open danhaywood opened 6 years ago

danhaywood commented 6 years ago

from https://github.com/isisaddons-legacy/isis-module-security/issues/29


I would like to use a shiro possibility to have multiple realms:

1.) to have in INI realm administrator uses
2.) thru this addon create additional users and authenticate them with their passwords

I've tried to adapt the AuthenticationStrategyForIsisModuleSecurityRealm, but it fails when tries to authentificate the user from addon, but failed. 

Here the adapted Strategy, I've varied the subclassing of strategies, actually I would need "AtLeastOneSuccessfulStrategy" but failed

<pre>
package security;

import java.util.Collection;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.pam.AllSuccessfulStrategy;
import org.apache.shiro.realm.Realm;

/**
 * Created by niv on 12.04.2016.
 */
public class AuthenticationStrategyForIsisModuleSecurityRealm2 extends AllSuccessfulStrategy {
    public AuthenticationStrategyForIsisModuleSecurityRealm2() {
    }

    @Override
    public AuthenticationInfo beforeAllAttempts(Collection<? extends Realm> realms, AuthenticationToken token) throws AuthenticationException {
        AuthenticationInfo auth = null;
        for (Realm realm : realms) {
            try {
                auth = realm.getAuthenticationInfo(token);
                if (auth != null)
                    return auth;

            } catch (IncorrectCredentialsException e) {
                System.out.println(e.getMessage());
                // catching when single realm throws authentification exception
            }
        }
        throw new AuthenticationException("no provided realms could't authenticate user, realm count:" + realms.size());
    }
}
</pre>

Here my shiro.ini:

<pre>
_[main]
isisModuleSecurityRealm=org.isisaddons.module.security.shiro.IsisModuleSecurityRealm
authenticationStrategy=security.AuthenticationStrategyForIsisModuleSecurityRealm2
securityManager.authenticator.authenticationStrategy =$authenticationStrategy
securityManager.realms =  $iniRealm,$isisModuleSecurityRealm

[users]
# user = password, role1, role2, role3, ...
sven = pass, admin_role, isis-module-security-admin
dick = pass, user_role, self-install_role
bob  = pass, user_role, self-install_role
joe  = pass, user_role, self-install_role
guest = guest, user_role

[roles]
user_role =   *:SimpleObjects:*:*,\
              *:SimpleObject:*:*
self-install_role = *:DomainAppFixtureService:*:*
admin_role = *
_
</pre>