Package org.graylog2.bindings.providers

Source Code of org.graylog2.bindings.providers.DefaultSecurityManagerProvider

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
/**
* This file is part of Graylog2.
*
* Graylog2 is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Graylog2 is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Graylog2.  If not, see <http://www.gnu.org/licenses/>.
*/
package org.graylog2.bindings.providers;

import com.google.common.collect.Lists;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.Authenticator;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authc.pam.FirstSuccessfulStrategy;
import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
import org.apache.shiro.authz.ModularRealmAuthorizer;
import org.apache.shiro.cache.MemoryConstrainedCacheManager;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.mgt.DefaultSessionStorageEvaluator;
import org.apache.shiro.mgt.DefaultSubjectDAO;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.session.mgt.DefaultSessionManager;
import org.apache.shiro.subject.Subject;
import org.graylog2.Configuration;
import org.graylog2.security.MongoDbSessionDAO;
import org.graylog2.security.realm.*;

import javax.inject.Inject;
import javax.inject.Provider;

/**
* @author Dennis Oelkers <dennis@torch.sh>
*/
public class DefaultSecurityManagerProvider implements Provider<DefaultSecurityManager> {
    private static DefaultSecurityManager sm = null;

    @Inject
    public DefaultSecurityManagerProvider(MongoDbSessionDAO mongoDbSessionDAO,
                                          PasswordAuthenticator passwordAuthenticator,
                                          MongoDbAuthorizationRealm mongoDbAuthorizationRealm,
                                          LdapUserAuthenticator ldapUserAuthenticator,
                                          SessionAuthenticator sessionAuthenticator,
                                          AccessTokenAuthenticator accessTokenAuthenticator,
                                          Configuration configuration) {
        final GraylogSimpleAccountRealm inMemoryRealm = new GraylogSimpleAccountRealm();
        inMemoryRealm.setCachingEnabled(false);
        inMemoryRealm.addRootAccount(
                configuration.getRootUsername(),
                configuration.getRootPasswordSha2()
        );
        inMemoryRealm.setCredentialsMatcher(new HashedCredentialsMatcher("SHA-256"));

        passwordAuthenticator.setCachingEnabled(false);
        passwordAuthenticator.setCredentialsMatcher(new HashedCredentialsMatcher("SHA-1"));
        mongoDbAuthorizationRealm.setCachingEnabled(false);

        ldapUserAuthenticator.setCachingEnabled(false);

        sessionAuthenticator.setCachingEnabled(false);
        accessTokenAuthenticator.setCachingEnabled(false);


        sm = new DefaultSecurityManager(Lists.<Realm>newArrayList(
                sessionAuthenticator,
                accessTokenAuthenticator,
                ldapUserAuthenticator,
                passwordAuthenticator,
                inMemoryRealm));
        final Authenticator authenticator = sm.getAuthenticator();
        if (authenticator instanceof ModularRealmAuthenticator) {
            ((ModularRealmAuthenticator) authenticator).setAuthenticationStrategy(new FirstSuccessfulStrategy());
        }
        sm.setAuthorizer(new ModularRealmAuthorizer(Lists.<Realm>newArrayList(mongoDbAuthorizationRealm, inMemoryRealm)));

        final DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
        final DefaultSessionStorageEvaluator sessionStorageEvaluator = new DefaultSessionStorageEvaluator() {
            @Override
            public boolean isSessionStorageEnabled(Subject subject) {
                // save to session if we already have a session. do not create on just for saving the subject
                return (subject.getSession(false) != null);
            }
        };
        sessionStorageEvaluator.setSessionStorageEnabled(false);
        subjectDAO.setSessionStorageEvaluator(sessionStorageEvaluator);
        sm.setSubjectDAO(subjectDAO);

        final DefaultSessionManager defaultSessionManager = (DefaultSessionManager) sm.getSessionManager();
        defaultSessionManager.setSessionDAO(mongoDbSessionDAO);
        defaultSessionManager.setDeleteInvalidSessions(true);
        defaultSessionManager.setCacheManager(new MemoryConstrainedCacheManager());
        // DO NOT USE global session timeout!!! It's fucky.
        //defaultSessionManager.setGlobalSessionTimeout(TimeUnit.SECONDS.toMillis(5));

        SecurityUtils.setSecurityManager(sm);
    }

    @Override
    public DefaultSecurityManager get() {
        return sm;
    }
}
TOP

Related Classes of org.graylog2.bindings.providers.DefaultSecurityManagerProvider

  • com.codahale.metrics.MetricRegistry
  • com.fasterxml.jackson.databind.ObjectMapper
  • com.fasterxml.jackson.datatype.guava.GuavaModule
  • com.fasterxml.jackson.datatype.joda.JodaModule
  • com.github.joschi.jadconfig.JadConfig
  • com.github.joschi.jadconfig.repositories.InMemoryRepository
  • com.google.common.base.Stopwatch
  • com.google.common.util.concurrent.ThreadFactoryBuilder
  • com.mongodb.BasicDBObject
  • com.mongodb.DBObject
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.