001package org.tynamo.security.services; 002 003import org.apache.shiro.mgt.DefaultSubjectDAO; 004import org.apache.shiro.mgt.RememberMeManager; 005import org.apache.shiro.mgt.SubjectFactory; 006import org.apache.shiro.realm.Realm; 007import org.apache.shiro.web.mgt.DefaultWebSecurityManager; 008import org.apache.shiro.web.mgt.DefaultWebSessionStorageEvaluator; 009import org.apache.shiro.web.session.mgt.ServletContainerSessionManager; 010import org.apache.tapestry5.ioc.annotations.PostInjection; 011import org.apache.tapestry5.ioc.services.RegistryShutdownHub; 012import org.tynamo.security.Authenticator; 013 014import java.util.Collection; 015 016/** 017 * This class is needed to point out the right constructor to use (from the three available in 018 * DefaultWebSecurityManager) for tapestry-ioc and to allow injecting dependencies 019 */ 020public class TapestryRealmSecurityManager extends DefaultWebSecurityManager { 021 022 // Could easily make sessionStorageevaluator and sessionManager provided services as well, add as needed 023 public TapestryRealmSecurityManager(Authenticator authenticator, SubjectFactory subjectFactory, RememberMeManager rememberMeManager, final Collection<Realm> realms) { 024 super(); 025 authenticator.setRealms(realms); 026 setAuthenticator(authenticator); 027 ((DefaultSubjectDAO) this.subjectDAO).setSessionStorageEvaluator(new DefaultWebSessionStorageEvaluator()); 028 setSubjectFactory(subjectFactory); 029 setRememberMeManager(rememberMeManager); 030 setSessionManager(new ServletContainerSessionManager()); 031 setRealms(realms); 032 } 033 034 @PostInjection 035 public void listenForShutdown(RegistryShutdownHub hub) { 036 hub.addRegistryShutdownListener(new Runnable() { 037 public void run() { 038 destroy(); 039 } 040 }); 041 } 042 043}