├── .classpath
├── .project
├── pom.xml
├── src
    ├── main
    │   ├── java
    │   │   └── org
    │   │   │   └── meri
    │   │   │       └── simpleshirosecuredapplication
    │   │   │           ├── actions
    │   │   │               └── Actions.java
    │   │   │           ├── authc
    │   │   │               ├── PrimaryPrincipalSameAuthenticationStrategy.java
    │   │   │               ├── X509CertificateAuthenticationToken.java
    │   │   │               ├── X509CertificateOnlyAuthenticationToken.java
    │   │   │               └── X509CertificateUsernamePasswordToken.java
    │   │   │           ├── model
    │   │   │               ├── ModelProvider.java
    │   │   │               └── UserPersonalData.java
    │   │   │           ├── realm
    │   │   │               ├── JNDIAndSaltAwareJdbcRealm.java
    │   │   │               └── X509CertificateRealm.java
    │   │   │           ├── sanitizer
    │   │   │               └── Sanitizer.java
    │   │   │           └── servlet
    │   │   │               ├── AbstractFieldsHandlingServlet.java
    │   │   │               ├── AccountPageServlet.java
    │   │   │               ├── CertificateOrFormAuthenticationFilter.java
    │   │   │               ├── PerformFunctionAndGoBackServlet.java
    │   │   │               ├── ServletConstants.java
    │   │   │               └── VerboseFormAuthenticationFilter.java
    │   ├── resources
    │   │   ├── Shiro.ini
    │   │   ├── antisamy-tinymce-1.4.4.xml
    │   │   ├── db.changelog.xml
    │   │   ├── log4j.properties
    │   │   └── truststore
    │   └── webapp
    │   │   ├── WEB-INF
    │   │       ├── classes
    │   │       │   └── META-INF
    │   │       │   │   └── persistence.xml
    │   │       ├── jetty-web.xml
    │   │       └── web.xml
    │   │   ├── index.jsp
    │   │   └── simpleshirosecuredapplication
    │   │       ├── account
    │   │           ├── accessdenied.jsp
    │   │           ├── allapplicationfunctions.jsp
    │   │           ├── login.jsp
    │   │           ├── logout.jsp
    │   │           ├── personalaccountpage.jsp
    │   │           └── viewallaccounts.jsp
    │   │       ├── adminarea
    │   │           └── administratorspage.jsp
    │   │       ├── common
    │   │           └── commonformstuff.jsp
    │   │       ├── index.jsp
    │   │       ├── repairmen
    │   │           └── repairmen.jsp
    │   │       ├── sales
    │   │           └── sales.jsp
    │   │       └── scientists
    │   │           └── scientists.jsp
    └── test
    │   ├── java
    │       └── org
    │       │   └── meri
    │       │       └── simpleshirosecuredapplication
    │       │           ├── RunWaitTest.java
    │       │           ├── test
    │       │               └── AbstractContainerTest.java
    │       │           └── util
    │       │               ├── AnalyzeKeystore.java
    │       │               └── HashPassword.java
    │   └── resources
    │       ├── clients
    │           ├── administrator
    │           │   ├── administrator.cer
    │           │   ├── administrator.jks
    │           │   └── administrator.p12
    │           ├── friendlyrepaiman
    │           │   ├── friendlyrepairman.cer
    │           │   ├── friendlyrepairman.jks
    │           │   └── friendlyrepairman.p12
    │           ├── mathematician
    │           │   ├── mathematician.cer
    │           │   ├── mathematician.jks
    │           │   └── mathematician.p12
    │           ├── physicien
    │           │   ├── physicien.cer
    │           │   ├── physicien.jks
    │           │   └── physicien.p12
    │           ├── productsales
    │           │   ├── productsales.cer
    │           │   ├── productsales.jks
    │           │   └── productsales.p12
    │           ├── servicessales
    │           │   ├── servicessales.cer
    │           │   ├── servicessales.jks
    │           │   └── servicessales.p12
    │           └── unfriendlyrepaiman
    │           │   ├── unfriendlyrepairman.cer
    │           │   ├── unfriendlyrepairman.jks
    │           │   └── unfriendlyrepairman.p12
    │       └── keystore
└── target
    └── test-classes
        └── keystore


/.classpath:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <classpath>
 3 | 	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/>
 4 | 	<classpathentry kind="src" path="src/main/java"/>
 5 | 	<classpathentry kind="src" path="src/test/java"/>
 6 | 	<classpathentry kind="src" path="src/test/resources"/>
 7 | 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/>
 8 | 	<classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
 9 | 	<classpathentry kind="output" path="target/classes"/>
10 | </classpath>
11 | 


--------------------------------------------------------------------------------
/.project:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <projectDescription>
 3 | 	<name>SimpleShiroSecuredApplication</name>
 4 | 	<comment></comment>
 5 | 	<projects>
 6 | 	</projects>
 7 | 	<buildSpec>
 8 | 		<buildCommand>
 9 | 			<name>org.eclipse.jdt.core.javabuilder</name>
10 | 			<arguments>
11 | 			</arguments>
12 | 		</buildCommand>
13 | 		<buildCommand>
14 | 			<name>org.maven.ide.eclipse.maven2Builder</name>
15 | 			<arguments>
16 | 			</arguments>
17 | 		</buildCommand>
18 | 	</buildSpec>
19 | 	<natures>
20 | 		<nature>org.eclipse.jdt.core.javanature</nature>
21 | 		<nature>org.maven.ide.eclipse.maven2Nature</nature>
22 | 	</natures>
23 | </projectDescription>
24 | 


--------------------------------------------------------------------------------
/pom.xml:
--------------------------------------------------------------------------------
  1 | <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  2 | 	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
  3 | 	<modelVersion>4.0.0</modelVersion>
  4 | 	<groupId>SimpleSecuredApplication</groupId>
  5 | 	<artifactId>SimpleSecuredApplication</artifactId>
  6 | 	<packaging>war</packaging>
  7 | 	<version>0.0.1-SNAPSHOT</version>
  8 | 	<name>SimpleSecuredApplication Maven Webapp</name>
  9 | 	<url>http://maven.apache.org</url>
 10 | 
 11 | 	<properties>
 12 | 		<!-- Compile 3rd party dependencies: -->
 13 | 		<jdk.version>1.6</jdk.version>
 14 | 		<slf4j.version>1.6.1</slf4j.version>
 15 | 		<shiro.version>1.2.0-SNAPSHOT</shiro.version>
 16 | 
 17 | 		<!-- Test 3rd-party dependencies: -->
 18 | 		<junit.version>4.8.2</junit.version>
 19 | 		<jetty.version>6.1.26</jetty.version>
 20 | 	</properties>
 21 | 
 22 | 	<dependencies>
 23 | 		<dependency>
 24 | 		    <groupId>org.liquibase</groupId>
 25 | 		    <artifactId>liquibase-core</artifactId>
 26 | 		    <version>2.0.1</version>
 27 | 		</dependency>
 28 | 		<dependency>
 29 | 			<groupId>org.apache.derby</groupId>
 30 | 			<artifactId>derby</artifactId>
 31 | 			<version>10.7.1.1</version>
 32 | 		</dependency>
 33 | 		<dependency>
 34 | 			<groupId>org.apache.shiro</groupId>
 35 | 			<artifactId>shiro-core</artifactId>
 36 | 			<version>${shiro.version}</version>
 37 | 		</dependency>
 38 | 		<dependency>
 39 | 			<groupId>org.apache.shiro</groupId>
 40 | 			<artifactId>shiro-web</artifactId>
 41 | 			<version>${shiro.version}</version>
 42 | 		</dependency>
 43 | 		<dependency>
 44 | 			<groupId>junit</groupId>
 45 | 			<artifactId>junit</artifactId>
 46 | 			<version>${junit.version}</version>
 47 | 			<scope>test</scope>
 48 | 		</dependency>
 49 | 		<dependency>
 50 | 			<groupId>javax.servlet</groupId>
 51 | 			<artifactId>jstl</artifactId>
 52 | 			<version>1.1.2</version>
 53 | 		</dependency>
 54 | 		<dependency>
 55 | 			<groupId>javax.servlet</groupId>
 56 | 			<artifactId>servlet-api</artifactId>
 57 | 			<version>2.5</version>
 58 | 			<scope>provided</scope>
 59 | 		</dependency>
 60 | 		<dependency>
 61 | 			<groupId>org.slf4j</groupId>
 62 | 			<artifactId>slf4j-log4j12</artifactId>
 63 | 			<version>${slf4j.version}</version>
 64 | 			<scope>runtime</scope>
 65 | 		</dependency>
 66 | 		<dependency>
 67 | 			<groupId>log4j</groupId>
 68 | 			<artifactId>log4j</artifactId>
 69 | 			<version>1.2.16</version>
 70 | 			<scope>runtime</scope>
 71 | 		</dependency>
 72 | 		<dependency>
 73 | 			<groupId>net.sourceforge.htmlunit</groupId>
 74 | 			<artifactId>htmlunit</artifactId>
 75 | 			<version>2.6</version>
 76 | 			<scope>test</scope>
 77 | 		</dependency>
 78 | 		<dependency>
 79 | 			<groupId>org.mortbay.jetty</groupId>
 80 | 			<artifactId>jetty</artifactId>
 81 | 			<version>${jetty.version}</version>
 82 | 			<scope>test</scope>
 83 | 		</dependency>
 84 | 		<dependency>
 85 | 			<groupId>org.mortbay.jetty</groupId>
 86 | 			<artifactId>jsp-2.1-jetty</artifactId>
 87 | 			<version>${jetty.version}</version>
 88 | 			<scope>test</scope>
 89 | 		</dependency>
 90 | 		<dependency>
 91 | 			<groupId>org.mortbay.jetty</groupId>
 92 | 			<artifactId>jetty-naming</artifactId>
 93 | 			<version>${jetty.version}</version>
 94 | 			<scope>test</scope>
 95 | 		</dependency>		
 96 | 		<dependency>
 97 | 			<groupId>org.mortbay.jetty</groupId>
 98 | 			<artifactId>jetty-plus</artifactId>
 99 | 			<version>${jetty.version}</version>
100 | 			<scope>test</scope>
101 | 		</dependency>		
102 | 		<dependency>
103 | 			<groupId>taglibs</groupId>
104 | 			<artifactId>standard</artifactId>
105 | 			<version>1.1.2</version>
106 | 		</dependency>
107 | 		<dependency>
108 | 			<groupId>org.apache.openjpa</groupId>
109 | 			<artifactId>apache-openjpa</artifactId>
110 | 			<version>2.1.0</version>
111 | 			<type>pom</type>
112 | 			<scope>compile</scope>
113 | 		</dependency>
114 | 		<dependency>
115 | 			<groupId>org.owasp</groupId>
116 | 			<artifactId>antisamy</artifactId>
117 | 			<version>1.4</version>
118 | 			<type>jar</type>
119 | 			<scope>compile</scope>
120 | 		</dependency>
121 | 	</dependencies>
122 | 
123 | 	<build>
124 | 		<finalName>SimpleSecuredApplication</finalName>
125 | 
126 | 		<plugins>
127 | 			<plugin>
128 | 				<artifactId>maven-surefire-plugin</artifactId>
129 | 				<configuration>
130 | 					<forkMode>never</forkMode>
131 | 				</configuration>
132 | 			</plugin>
133 | 			<plugin>
134 | 				<groupId>org.mortbay.jetty</groupId>
135 | 				<artifactId>maven-jetty-plugin</artifactId>
136 | 				<version>${jetty.version}</version>
137 | 				<configuration>
138 | 					<contextPath>/</contextPath>
139 | 					<connectors>
140 | 						<connector implementation="org.mortbay.jetty.nio.SelectChannelConnector">
141 | 							<port>9080</port>
142 | 							<maxIdleTime>60000</maxIdleTime>
143 | 						</connector>
144 | 					</connectors>
145 | 					<requestLog implementation="org.mortbay.jetty.NCSARequestLog">
146 | 						<filename>./target/yyyy_mm_dd.request.log</filename>
147 | 						<retainDays>90</retainDays>
148 | 						<append>true</append>
149 | 						<extended>false</extended>
150 | 						<logTimeZone>GMT</logTimeZone>
151 | 					</requestLog>
152 | 				</configuration>
153 | 			</plugin>
154 | 		</plugins>
155 | 
156 | 	</build>
157 | 
158 | 	<repositories>
159 | 		<repository>
160 | 			<id>maven2-repository.dev.java.net</id>
161 | 			<name>Java.net Repository for Maven</name>
162 | 			<url>http://download.java.net/maven/2/</url>
163 | 			<layout>default</layout>
164 | 		</repository>
165 | 	</repositories>
166 | 
167 | </project>
168 | 


--------------------------------------------------------------------------------
/src/main/java/org/meri/simpleshirosecuredapplication/actions/Actions.java:
--------------------------------------------------------------------------------
 1 | package org.meri.simpleshirosecuredapplication.actions;
 2 | 
 3 | import org.apache.shiro.SecurityUtils;
 4 | import org.apache.shiro.authz.UnauthorizedException;
 5 | 
 6 | public enum Actions {
 7 | 
 8 | 	MANAGE_REPAIRMEN("MANAGE_REPAIRMEN", "functions:manage:repairmen"), MANAGE_SALES("MANAGE_SALES", "functions:manage:sales"), MANAGE_SCIENTISTS("MANAGE_SCIENTISTS", "functions:manage:scientists"),
 9 | 	REPAIR_REFRIGERATOR("REPAIR_REFRIGERATOR", "functions:repair:refrigerator"), REPAIR_FRIDGE("REPAIR_FRIDGE", "functions:repair:bridge"), REPAIR_DOOR("REPAIR_DOOR", "functions:repair:door"),
10 | 	SALE_PRODUCT("SALE_PRODUCT", "functions:sale:product"), COLLECT_BONUS("COLLECT_BONUS", "functions:sale:collectbonus"), MEET_CUSTOMER("MEET_CUSTOMER", "functions:sale:meetcustomer"),
11 | 	RESEARCH_NEW_STUFF("RESEARCH_NEW_STUFF", "functions:science:research"), WRITE_ARTICLE("WRITE_ARTICLE", "functions:science:writearticle"), PREPARE_TALK("PREPARE_TALK", "functions:science:preparetalk");
12 | 
13 | 	public String doIt() {
14 | 		String neededPermission = getNeededPermission();
15 | 		if (SecurityUtils.getSubject().isPermitted(neededPermission))
16 | 			return "Function " + getName() + " run succesfully.";
17 | 		
18 | 		throw new UnauthorizedException("Logged user does not have " + neededPermission + " permission");
19 | 	}
20 | 
21 | 	private String getNeededPermission() {
22 | 	  return permission;
23 |   }
24 | 
25 | 	public String getName() {
26 | 		return name;
27 | 	}
28 | 
29 | 	private Actions(String name, String permission) {
30 | 		this.name = name;
31 | 		this.permission = permission;
32 | 	}
33 | 
34 | 	private final String name;
35 | 	private final String permission;
36 | 
37 | }
38 | 


--------------------------------------------------------------------------------
/src/main/java/org/meri/simpleshirosecuredapplication/authc/PrimaryPrincipalSameAuthenticationStrategy.java:
--------------------------------------------------------------------------------
 1 | package org.meri.simpleshirosecuredapplication.authc;
 2 | 
 3 | import org.apache.shiro.authc.AuthenticationException;
 4 | import org.apache.shiro.authc.AuthenticationInfo;
 5 | import org.apache.shiro.authc.AuthenticationToken;
 6 | import org.apache.shiro.authc.pam.AllSuccessfulStrategy;
 7 | import org.apache.shiro.realm.Realm;
 8 | import org.apache.shiro.subject.PrincipalCollection;
 9 | import org.slf4j.Logger;
10 | import org.slf4j.LoggerFactory;
11 | 
12 | public class PrimaryPrincipalSameAuthenticationStrategy extends AllSuccessfulStrategy {
13 | 	
14 |   private static final Logger log = LoggerFactory.getLogger(PrimaryPrincipalSameAuthenticationStrategy.class);
15 | 
16 |   @Override
17 |   public AuthenticationInfo afterAttempt(Realm realm, AuthenticationToken token, AuthenticationInfo info, AuthenticationInfo aggregate, Throwable t) {
18 |   	validatePrimaryPrincipals(info, aggregate, realm);
19 |   	return super.afterAttempt(realm, token, info, aggregate, t);
20 |   }
21 |   
22 | 
23 | 	private void validatePrimaryPrincipals(AuthenticationInfo info, AuthenticationInfo aggregate, Realm realm) {
24 | 		PrincipalCollection aggregPrincipals = aggregate.getPrincipals();
25 | 		if (aggregPrincipals==null || aggregPrincipals.isEmpty() || aggregPrincipals.getPrimaryPrincipal()==null)
26 | 			return ;
27 | 		
28 | 		if (info==null)
29 | 			return ;
30 | 		
31 | 		PrincipalCollection infoPrincipals = info.getPrincipals();
32 | 		if (infoPrincipals==null || infoPrincipals.isEmpty() || infoPrincipals.getPrimaryPrincipal()==null) {
33 | 			String message = "Primary principal is missing from " + realm.getName() + " result.";
34 | 			log.debug(message);
35 | 			throw new AuthenticationException(message);
36 | 		}
37 | 		
38 | 		Object aggregPrincipal = aggregPrincipals.getPrimaryPrincipal();
39 | 		Object infoPrincipal = infoPrincipals.getPrimaryPrincipal();
40 | 		if (!aggregPrincipal.equals(infoPrincipal)) {
41 | 			String message = "All realms are required to return the same primary principal. Offending realm: " + realm.getName();
42 | 			log.debug(message);
43 | 			throw new AuthenticationException(message);
44 | 		}
45 |   }
46 | 
47 | }
48 | 


--------------------------------------------------------------------------------
/src/main/java/org/meri/simpleshirosecuredapplication/authc/X509CertificateAuthenticationToken.java:
--------------------------------------------------------------------------------
 1 | package org.meri.simpleshirosecuredapplication.authc;
 2 | 
 3 | import java.security.cert.X509Certificate;
 4 | 
 5 | import org.apache.shiro.authc.AuthenticationToken;
 6 | 
 7 | public interface X509CertificateAuthenticationToken extends AuthenticationToken {
 8 | 
 9 | 	public abstract X509Certificate getCertificate();
10 | 
11 | }


--------------------------------------------------------------------------------
/src/main/java/org/meri/simpleshirosecuredapplication/authc/X509CertificateOnlyAuthenticationToken.java:
--------------------------------------------------------------------------------
 1 | package org.meri.simpleshirosecuredapplication.authc;
 2 | 
 3 | import java.security.cert.X509Certificate;
 4 | /**
 5 |  * Token for certificate based authentication. The certificate is used as both principal and credentials. 
 6 |  *
 7 |  */
 8 | @SuppressWarnings("serial")
 9 | public class X509CertificateOnlyAuthenticationToken implements X509CertificateAuthenticationToken {
10 | 
11 | 	//certificate is used as both credentials and principal
12 | 	private X509Certificate certificate;
13 | 	
14 | 	public X509CertificateOnlyAuthenticationToken() {
15 | 	  super();
16 | 	}
17 | 
18 | 	public X509CertificateOnlyAuthenticationToken(X509Certificate certificate) {
19 | 	  super();
20 | 	  this.certificate = certificate;
21 |   }
22 | 
23 | 	@Override
24 |   public Object getPrincipal() {
25 | 	  return getCertificate();
26 |   }
27 | 
28 | 	@Override
29 |   public Object getCredentials() {
30 | 	  return getCertificate();
31 |   }
32 | 
33 | 	/* (non-Javadoc)
34 |    * @see org.meri.simpleshirosecuredapplication.authc.X509CertificateAuthenticationToken#getCertificate()
35 |    */
36 | 	@Override
37 |   public X509Certificate getCertificate() {
38 |   	return certificate;
39 |   }
40 | 
41 | 	public void setCertificate(X509Certificate certificate) {
42 |   	this.certificate = certificate;
43 |   }
44 | 
45 | }
46 | 


--------------------------------------------------------------------------------
/src/main/java/org/meri/simpleshirosecuredapplication/authc/X509CertificateUsernamePasswordToken.java:
--------------------------------------------------------------------------------
 1 | package org.meri.simpleshirosecuredapplication.authc;
 2 | 
 3 | import java.security.cert.X509Certificate;
 4 | 
 5 | import org.apache.shiro.authc.UsernamePasswordToken;
 6 | 
 7 | @SuppressWarnings("serial")
 8 | public class X509CertificateUsernamePasswordToken extends UsernamePasswordToken implements X509CertificateAuthenticationToken {
 9 | 
10 | 	private X509Certificate certificate;
11 | 	
12 | 	public X509CertificateUsernamePasswordToken() {
13 | 	  super();
14 |   }
15 | 
16 | 	public X509CertificateUsernamePasswordToken(String username, String password) {
17 | 	  super(username, password);
18 |   }
19 | 	
20 | 	public X509CertificateUsernamePasswordToken(X509Certificate certificate) {
21 | 	  super();
22 | 	  this.certificate = certificate;
23 |   }
24 | 
25 | 	public X509CertificateUsernamePasswordToken(String username, String password, X509Certificate certificate) {
26 | 	  super(username, password);
27 | 	  this.certificate = certificate;
28 |   }
29 | 
30 | 	public X509CertificateUsernamePasswordToken(String username, String password, boolean rememberMe, String host, X509Certificate certificate) {
31 | 	  super(username, password, rememberMe, host);
32 | 	  this.certificate = certificate;
33 |   }
34 | 
35 | 	@Override
36 | 	public X509Certificate getCertificate() {
37 | 		return certificate;
38 | 	}
39 | 
40 | 	public void setCertificate(X509Certificate certificate) {
41 |   	this.certificate = certificate;
42 |   }
43 | 
44 | }
45 | 


--------------------------------------------------------------------------------
/src/main/java/org/meri/simpleshirosecuredapplication/model/ModelProvider.java:
--------------------------------------------------------------------------------
 1 | package org.meri.simpleshirosecuredapplication.model;
 2 | 
 3 | import java.util.List;
 4 | 
 5 | import javax.persistence.EntityManager;
 6 | import javax.persistence.EntityManagerFactory;
 7 | import javax.persistence.Persistence;
 8 | import javax.persistence.TypedQuery;
 9 | 
10 | import org.apache.shiro.SecurityUtils;
11 | 
12 | public class ModelProvider {
13 | 	
14 | 	private EntityManager em;
15 | 	
16 | 	/**
17 | 	 * Find data about logged user.
18 | 	 * 
19 | 	 * @return current user data from database. If there is no such line, return null.
20 | 	 */
21 | 	public UserPersonalData getCurrentUserData() {
22 | 		EntityManager em = getEntityManager();
23 | 		String loggedUser = (String)SecurityUtils.getSubject().getPrincipal();
24 | 		UserPersonalData loggedUserData = em.find(UserPersonalData.class, loggedUser);
25 | 		return loggedUserData;
26 | 	}
27 | 	
28 | 	/**
29 | 	 * Find data about all users.
30 | 	 * 
31 | 	 * @return users data from database. 
32 | 	 */	public List<UserPersonalData> getAllUsersData() {
33 | 		EntityManager em = getEntityManager();
34 | 		TypedQuery<UserPersonalData> query = em.createQuery("SELECT x FROM UserPersonalData x",UserPersonalData.class);
35 | 		List<UserPersonalData> result = query.getResultList();
36 | 		return result;
37 | 	}
38 | 
39 | 	private EntityManager getEntityManager() {
40 | 		if (!hasActiveEntityManager()) {
41 | 			EntityManagerFactory emf = Persistence.createEntityManagerFactory("SimpleShiroSecuredApplicationPU");
42 | 			em = emf.createEntityManager();
43 | 		}
44 | 	  return em;
45 |   }
46 | 	
47 | 	public void close() {
48 | 		if (hasActiveEntityManager()) {
49 | 			em.close();
50 | 		}
51 | 	}
52 | 
53 | 	private boolean hasActiveEntityManager() {
54 | 	  return em!=null && em.isOpen();
55 |   }
56 | 
57 | 	public void beginTransaction() {
58 | 		getEntityManager().getTransaction().begin();
59 |   }
60 | 
61 | 	public void persist(Object entity) {
62 | 	  getEntityManager().persist(entity);
63 |   }
64 | 
65 | 	public void commit() {
66 | 		getEntityManager().getTransaction().commit();
67 |   }
68 | }
69 | 


--------------------------------------------------------------------------------
/src/main/java/org/meri/simpleshirosecuredapplication/model/UserPersonalData.java:
--------------------------------------------------------------------------------
 1 | package org.meri.simpleshirosecuredapplication.model;
 2 | 
 3 | import javax.persistence.Column;
 4 | import javax.persistence.Entity;
 5 | import javax.persistence.Id;
 6 | import javax.persistence.Table;
 7 | 
 8 | @Entity
 9 | @Table(name="user_personal_data")
10 | public class UserPersonalData {
11 | 	
12 | 	private String userName;
13 | 	private String firstname;
14 | 	private String lastname;
15 | 	private String about;
16 | 	
17 | 	
18 | 	@Column(name = "user_name")
19 | 	@Id
20 | 	public String getUserName() {
21 |   	return userName;
22 |   }
23 | 
24 | 	public void setUserName(String userName) {
25 |   	this.userName = userName;
26 |   }
27 | 
28 | 	@Column
29 | 	public String getFirstname() {
30 |   	return firstname;
31 |   }
32 | 	
33 | 	public void setFirstname(String firstname) {
34 |   	this.firstname = firstname;
35 |   }
36 | 	
37 | 	@Column
38 | 	public String getLastname() {
39 |   	return lastname;
40 |   }
41 | 	
42 | 	public void setLastname(String lastname) {
43 |   	this.lastname = lastname;
44 |   }
45 | 	
46 | 	@Column
47 | 	public String getAbout() {
48 |   	return about;
49 |   }
50 | 
51 | 	public void setAbout(String about) {
52 |   	this.about = about;
53 |   }
54 | 	
55 | 	
56 | }
57 | 


--------------------------------------------------------------------------------
/src/main/java/org/meri/simpleshirosecuredapplication/realm/JNDIAndSaltAwareJdbcRealm.java:
--------------------------------------------------------------------------------
  1 | package org.meri.simpleshirosecuredapplication.realm;
  2 | 
  3 | import java.sql.Connection;
  4 | import java.sql.PreparedStatement;
  5 | import java.sql.ResultSet;
  6 | import java.sql.SQLException;
  7 | 
  8 | import javax.naming.InitialContext;
  9 | import javax.naming.NamingException;
 10 | import javax.sql.DataSource;
 11 | 
 12 | import org.apache.shiro.authc.AuthenticationException;
 13 | import org.apache.shiro.authc.AuthenticationInfo;
 14 | import org.apache.shiro.authc.AuthenticationToken;
 15 | import org.apache.shiro.authc.SimpleAuthenticationInfo;
 16 | import org.apache.shiro.authc.UsernamePasswordToken;
 17 | import org.apache.shiro.authz.AuthorizationException;
 18 | import org.apache.shiro.realm.jdbc.JdbcRealm;
 19 | import org.apache.shiro.util.JdbcUtils;
 20 | import org.apache.shiro.util.SimpleByteSource;
 21 | import org.slf4j.Logger;
 22 | import org.slf4j.LoggerFactory;
 23 | 
 24 | /**
 25 |  * This realm has all {@link JdbcRealm} capabilities. It also supports JNDI as datasource source and 
 26 |  * can add salt to passwords.
 27 |  */
 28 | public class JNDIAndSaltAwareJdbcRealm extends JdbcRealm {
 29 | 
 30 | 	private static final Logger log = LoggerFactory.getLogger(JNDIAndSaltAwareJdbcRealm.class);
 31 | 
 32 | 	protected String jndiDataSourceName;
 33 | 
 34 | 	public JNDIAndSaltAwareJdbcRealm() {
 35 | 	}
 36 | 
 37 | 	public String getJndiDataSourceName() {
 38 | 		return jndiDataSourceName;
 39 | 	}
 40 | 
 41 | 	public void setJndiDataSourceName(String jndiDataSourceName) {
 42 | 		this.jndiDataSourceName = jndiDataSourceName;
 43 | 		this.dataSource = getDataSourceFromJNDI(jndiDataSourceName);
 44 | 	}
 45 | 
 46 | 	private DataSource getDataSourceFromJNDI(String jndiDataSourceName) {
 47 | 		try {
 48 | 			InitialContext ic = new InitialContext();
 49 | 			return (DataSource) ic.lookup(jndiDataSourceName);
 50 | 		} catch (NamingException e) {
 51 | 			log.error("JNDI error while retrieving " + jndiDataSourceName, e);
 52 | 			throw new AuthorizationException(e);
 53 | 		}
 54 | 	}
 55 | 
 56 | 	@Override
 57 | 	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
 58 | 		//identify account to log to
 59 | 		UsernamePasswordToken userPassToken = (UsernamePasswordToken) token;
 60 | 		String username = userPassToken.getUsername();
 61 | 
 62 | 		if (username == null) {
 63 | 			log.debug("Username is null.");
 64 | 			return null;
 65 | 		}
 66 | 
 67 | 		// read password hash and salt from db 
 68 | 		PasswdSalt passwdSalt = getPasswordForUser(username);
 69 | 
 70 | 		if (passwdSalt == null) {
 71 | 			log.debug("No account found for user [" + username + "]");
 72 | 			return null;
 73 | 		}
 74 | 
 75 | 		// return salted credentials
 76 | 		SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username, passwdSalt.password, getName());
 77 | 		info.setCredentialsSalt(new SimpleByteSource(passwdSalt.salt));
 78 | 
 79 | 		return info;
 80 | 	}
 81 | 
 82 | 	private PasswdSalt getPasswordForUser(String username) {
 83 | 		PreparedStatement statement = null;
 84 | 		ResultSet resultSet = null;
 85 | 		Connection conn = null;
 86 | 		try {
 87 | 			conn = dataSource.getConnection();
 88 | 			statement = conn.prepareStatement(authenticationQuery);
 89 | 			statement.setString(1, username);
 90 | 
 91 | 			resultSet = statement.executeQuery();
 92 | 
 93 | 			boolean hasAccount = resultSet.next();
 94 | 			if (!hasAccount)
 95 | 				return null;
 96 | 
 97 | 			String salt = null;
 98 | 			String password = resultSet.getString(1);
 99 | 			if (resultSet.getMetaData().getColumnCount() > 1)
100 | 				salt = resultSet.getString(2);
101 | 
102 | 			if (resultSet.next()) {
103 | 				throw new AuthenticationException("More than one user row found for user [" + username + "]. Usernames must be unique.");
104 | 			}
105 | 
106 | 			return new PasswdSalt(password, salt);
107 | 		} catch (SQLException e) {
108 | 			final String message = "There was a SQL error while authenticating user [" + username + "]";
109 | 			if (log.isErrorEnabled()) {
110 | 				log.error(message, e);
111 | 			}
112 | 			throw new AuthenticationException(message, e);
113 | 			
114 | 		} finally {
115 | 			JdbcUtils.closeResultSet(resultSet);
116 | 			JdbcUtils.closeStatement(statement);
117 | 			JdbcUtils.closeConnection(conn);
118 | 		}
119 | 	}
120 | 
121 | }
122 | 
123 | class PasswdSalt {
124 | 
125 | 	public String password;
126 | 	public String salt;
127 | 
128 | 	public PasswdSalt(String password, String salt) {
129 | 		super();
130 | 		this.password = password;
131 | 		this.salt = salt;
132 | 	}
133 | 
134 | }


--------------------------------------------------------------------------------
/src/main/java/org/meri/simpleshirosecuredapplication/realm/X509CertificateRealm.java:
--------------------------------------------------------------------------------
  1 | package org.meri.simpleshirosecuredapplication.realm;
  2 | 
  3 | import java.io.FileInputStream;
  4 | import java.io.IOException;
  5 | import java.math.BigInteger;
  6 | import java.security.KeyStore;
  7 | import java.security.cert.CertPathBuilder;
  8 | import java.security.cert.CertPathBuilderResult;
  9 | import java.security.cert.CertStore;
 10 | import java.security.cert.CertStoreParameters;
 11 | import java.security.cert.CollectionCertStoreParameters;
 12 | import java.security.cert.PKIXBuilderParameters;
 13 | import java.security.cert.X509CRL;
 14 | import java.security.cert.X509CertSelector;
 15 | import java.security.cert.X509Certificate;
 16 | import java.sql.Connection;
 17 | import java.sql.PreparedStatement;
 18 | import java.sql.ResultSet;
 19 | import java.sql.SQLException;
 20 | import java.util.Arrays;
 21 | import java.util.Collection;
 22 | import java.util.Collections;
 23 | import java.util.List;
 24 | 
 25 | import javax.naming.InitialContext;
 26 | import javax.naming.NamingException;
 27 | import javax.sql.DataSource;
 28 | 
 29 | import org.apache.shiro.authc.AuthenticationException;
 30 | import org.apache.shiro.authc.AuthenticationInfo;
 31 | import org.apache.shiro.authc.AuthenticationToken;
 32 | import org.apache.shiro.authc.SimpleAuthenticationInfo;
 33 | import org.apache.shiro.authz.AuthorizationException;
 34 | import org.apache.shiro.realm.Realm;
 35 | import org.apache.shiro.util.JdbcUtils;
 36 | import org.apache.shiro.util.Nameable;
 37 | import org.apache.xerces.impl.dv.util.Base64;
 38 | import org.meri.simpleshirosecuredapplication.authc.X509CertificateAuthenticationToken;
 39 | import org.slf4j.Logger;
 40 | import org.slf4j.LoggerFactory;
 41 | 
 42 | public class X509CertificateRealm implements Realm, Nameable {
 43 | 
 44 |   protected static final String DEFAULT_ACCOUNT_TO_CERTIFICATE_QUERY = "select name from sec_users where serialnumber = ? and issuername = ?";
 45 | 
 46 |   private String name;
 47 | 	private String trustStorePassword;
 48 | 	private String trustStore;
 49 | 
 50 | 	protected String jndiDataSourceName;
 51 |   protected String accountToCertificateQuery = DEFAULT_ACCOUNT_TO_CERTIFICATE_QUERY;
 52 |   protected DataSource dataSource;
 53 | 
 54 | 	private static final Logger log = LoggerFactory.getLogger(X509CertificateRealm.class);
 55 | 
 56 | 	@Override
 57 | 	public boolean supports(AuthenticationToken token) {
 58 | 		if (token!=null)
 59 | 			return  token instanceof X509CertificateAuthenticationToken;
 60 | 		
 61 | 		return false;
 62 | 	}
 63 | 
 64 | 	@Override
 65 | 	public AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
 66 | 		// the cast is legal, since Shiro will let in only X509CertificateAuthenticationToken tokens
 67 | 		X509CertificateAuthenticationToken certificateToken = (X509CertificateAuthenticationToken) token;
 68 | 		X509Certificate certificate = certificateToken.getCertificate();
 69 | 		
 70 | 		// verify certificate
 71 | 		if (!certificateOK(certificate)) {
 72 | 			return null;
 73 | 		}
 74 | 
 75 | 		// the issuer name and serial number uniquely identifies certificate
 76 | 		BigInteger serialNumber = certificate.getSerialNumber();
 77 | 		String issuerName = certificate.getIssuerDN().getName();
 78 | 
 79 | 		// find account associated with certificate
 80 | 		String username = findUsernameToCertificate(issuerName, serialNumber);
 81 | 		if (username == null) {
 82 | 			// return null as no account was found
 83 | 			return null;
 84 | 		}
 85 | 
 86 | 		// sucesfull verification, return authentication info
 87 | 		return new SimpleAuthenticationInfo(username, certificate, getName());
 88 | 	}
 89 | 
 90 | 	/**
 91 | 	 * The most simple certificate validation. If we are in web application context, the certificate is already checked 
 92 | 	 * by web server and valid, so this method is useless there. 
 93 | 	 *  
 94 | 	 * @param certificate to be validated
 95 | 	 * 
 96 | 	 * @return <code>true</code> if the certificate is valid. <code>false</code> otherwise.
 97 | 	 */
 98 | 	private boolean certificateOK(X509Certificate certificate) {
 99 | 		if (certificate == null)
100 | 			return false;
101 | 
102 | 		List<X509Certificate> chain = Arrays.asList(certificate);
103 | 		FileInputStream stream = null;
104 | 
105 | 		/* Construct a valid path. */
106 | 		try {
107 | 			stream = new FileInputStream(getTrustStore());
108 | 			KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
109 | 			keyStore.load(stream, getTrustStorePassword().toCharArray());
110 | 			
111 | 			X509CertSelector target = new X509CertSelector();
112 | 			target.setCertificate(certificate);
113 | 			PKIXBuilderParameters params = new PKIXBuilderParameters(keyStore, target);
114 | 			CertStoreParameters intermediates = new CollectionCertStoreParameters(chain);
115 | 			params.addCertStore(CertStore.getInstance("Collection", intermediates));
116 | 
117 | 			// Lets ignore certificate revocation list for example purposes
118 | 			Collection<X509CRL> crls = Collections.emptyList();
119 | 			CertStoreParameters revoked = new CollectionCertStoreParameters(crls);
120 | 			params.addCertStore(CertStore.getInstance("Collection", revoked));
121 | 
122 | 			// If build() returns successfully, the certificate is valid.
123 | 			@SuppressWarnings("unused")
124 | 			CertPathBuilderResult r = CertPathBuilder.getInstance("PKIX").build(params);
125 | 		} catch (Exception ex) {
126 | 			log.debug("Certificate validation failed. ", ex);
127 | 			return false;
128 | 		} finally {
129 | 			try {
130 | 				stream.close();
131 | 			} catch (IOException e) {
132 | 				log.error("Could not close truststore stream.", e);
133 | 			}
134 | 		}
135 | 
136 | 		return true;
137 | 	}
138 | 
139 | 	public String getTrustStorePassword() {
140 | 		return trustStorePassword;
141 | 	}
142 | 
143 | 	public void setTrustStorePassword(String trustStorePassword) {
144 | 		this.trustStorePassword = trustStorePassword;
145 | 	}
146 | 
147 | 	public String getTrustStore() {
148 | 		return trustStore;
149 | 	}
150 | 
151 | 	public void setTrustStore(String trustStore) {
152 | 		this.trustStore = trustStore;
153 | 	}
154 | 
155 | 	public String getAccountToCertificateQuery() {
156 |   	return accountToCertificateQuery;
157 |   }
158 | 
159 | 	public void setAccountToCertificateQuery(String accountToCertificateQuery) {
160 |   	this.accountToCertificateQuery = accountToCertificateQuery;
161 |   }
162 | 
163 | 	public String getJndiDataSourceName() {
164 | 		return jndiDataSourceName;
165 | 	}
166 | 
167 | 	public void setJndiDataSourceName(String jndiDataSourceName) {
168 | 		this.jndiDataSourceName = jndiDataSourceName;
169 | 		this.dataSource = getDataSourceFromJNDI(jndiDataSourceName);
170 | 	}
171 | 
172 | 	private DataSource getDataSourceFromJNDI(String jndiDataSourceName) {
173 | 		try {
174 | 			InitialContext ic = new InitialContext();
175 | 			return (DataSource) ic.lookup(jndiDataSourceName);
176 | 		} catch (NamingException e) {
177 | 			log.error("JNDI error while retrieving " + jndiDataSourceName, e);
178 | 			throw new AuthorizationException(e);
179 | 		}
180 | 	}
181 | 
182 | 	private String findUsernameToCertificate(String issuerName, BigInteger serialNumber) {
183 | 		String base64Serial = Base64.encode(serialNumber.toByteArray());
184 | 		return getAccountName(issuerName, base64Serial);
185 | 	}
186 | 
187 | 	private String getAccountName(String issuerName, String base64Serial) {
188 | 		PreparedStatement statement = null;
189 | 		ResultSet resultSet = null;
190 | 		Connection conn = null;
191 | 		try {
192 | 			conn = dataSource.getConnection();
193 | 			statement = conn.prepareStatement(accountToCertificateQuery);
194 | 			statement.setString(1, base64Serial);
195 | 			statement.setString(2, issuerName);
196 | 
197 | 			resultSet = statement.executeQuery();
198 | 
199 | 			boolean hasAccount = resultSet.next();
200 | 			if (!hasAccount)
201 | 				return null;
202 | 
203 | 			String username = resultSet.getString(1);
204 | 
205 | 			if (resultSet.next()) {
206 | 				throw new AuthenticationException("More than one account for thre certificate.");
207 | 			}
208 | 
209 | 			return username;
210 | 		} catch (SQLException e) {
211 | 			final String message = "There was a SQL error while authenticating user.";
212 | 			if (log.isErrorEnabled()) {
213 | 				log.error(message, e);
214 | 			}
215 | 			throw new AuthenticationException(message, e);
216 | 			
217 | 		} finally {
218 | 			JdbcUtils.closeResultSet(resultSet);
219 | 			JdbcUtils.closeStatement(statement);
220 | 			JdbcUtils.closeConnection(conn);
221 | 		}
222 | 	}
223 | 
224 | 	public String getName() {
225 | 		return name;
226 | 	}
227 | 
228 | 	public void setName(String name) {
229 | 		this.name = name;
230 | 	}
231 | 
232 | }
233 | 


--------------------------------------------------------------------------------
/src/main/java/org/meri/simpleshirosecuredapplication/sanitizer/Sanitizer.java:
--------------------------------------------------------------------------------
 1 | package org.meri.simpleshirosecuredapplication.sanitizer;
 2 | 
 3 | import java.io.InputStream;
 4 | 
 5 | import org.owasp.validator.html.AntiSamy;
 6 | import org.owasp.validator.html.CleanResults;
 7 | import org.owasp.validator.html.Policy;
 8 | import org.owasp.validator.html.PolicyException;
 9 | import org.owasp.validator.html.ScanException;
10 | /**
11 |  * Sanitize user input into XSS attack safe string. The class is thread safe. 
12 |  */
13 | public class Sanitizer {
14 | 
15 | 	private static final String POLICY_FILE_LOCATION = "/antisamy-tinymce-1.4.4.xml";
16 | 	private static Policy policy;
17 | 
18 | 	public Sanitizer() {
19 | 	}
20 | 	
21 | 	public String sanitize(String dirtyInput) {
22 | 		AntiSamy as = new AntiSamy();
23 | 		try {
24 | 	    CleanResults cr = as.scan(dirtyInput, getPolicy());
25 | 	    return cr.getCleanHTML();
26 |     } catch (ScanException e) {
27 |       throw new RuntimeException(e);
28 |     } catch (PolicyException e) {
29 |       throw new RuntimeException(e);
30 |     }
31 | 	}
32 | 
33 | 	private Policy getPolicy() {
34 | 		if (policy==null) {
35 | 			try {
36 | 				InputStream resourceAsStream = getClass().getResourceAsStream(POLICY_FILE_LOCATION);
37 | 	      policy = Policy.getInstance(resourceAsStream);
38 |       } catch (PolicyException e) {
39 | 	      throw new RuntimeException(e);
40 |       }
41 | 		}
42 |   	return policy;
43 |   }
44 | 	
45 | 	
46 | }
47 | 


--------------------------------------------------------------------------------
/src/main/java/org/meri/simpleshirosecuredapplication/servlet/AbstractFieldsHandlingServlet.java:
--------------------------------------------------------------------------------
 1 | package org.meri.simpleshirosecuredapplication.servlet;
 2 | 
 3 | import javax.servlet.http.HttpServlet;
 4 | import javax.servlet.http.HttpServletRequest;
 5 | 
 6 | import org.meri.simpleshirosecuredapplication.sanitizer.Sanitizer;
 7 | 
 8 | /**
 9 |  * Parent of all servlets reading user supplied data. Use {@link #getField(HttpServletRequest, String)}
10 |  * to get fields values.  
11 |  * 
12 |  */
13 | @SuppressWarnings("serial")
14 | public abstract class AbstractFieldsHandlingServlet extends HttpServlet {
15 | 
16 | 	private Sanitizer sanitizer = new Sanitizer();
17 | 	
18 | 	public AbstractFieldsHandlingServlet() {
19 | 		super();
20 | 	}
21 | 
22 | 	/**
23 | 	 * Reads sanitized request parameter value from request field.
24 | 	 * 
25 | 	 * @param request http request
26 | 	 * @param parameter name of request parameter 
27 | 	 * 
28 | 	 * @return request parameter value
29 | 	 */
30 | 	protected String getField(HttpServletRequest request, String parameter) {
31 |     String dirtyValue = request.getParameter(parameter);
32 | 		return sanitizer.sanitize(dirtyValue);
33 |   }
34 | 
35 | }


--------------------------------------------------------------------------------
/src/main/java/org/meri/simpleshirosecuredapplication/servlet/AccountPageServlet.java:
--------------------------------------------------------------------------------
 1 | package org.meri.simpleshirosecuredapplication.servlet;
 2 | 
 3 | import java.io.IOException;
 4 | 
 5 | import javax.servlet.RequestDispatcher;
 6 | import javax.servlet.ServletException;
 7 | import javax.servlet.http.HttpServletRequest;
 8 | import javax.servlet.http.HttpServletResponse;
 9 | 
10 | import org.apache.shiro.SecurityUtils;
11 | import org.meri.simpleshirosecuredapplication.model.ModelProvider;
12 | import org.meri.simpleshirosecuredapplication.model.UserPersonalData;
13 | import org.slf4j.Logger;
14 | import org.slf4j.LoggerFactory;
15 | 
16 | @SuppressWarnings("serial")
17 | public class AccountPageServlet extends AbstractFieldsHandlingServlet {
18 | 	
19 | 	private static final Logger log = LoggerFactory.getLogger(AccountPageServlet.class);
20 | 	
21 | 	@Override
22 | 	protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
23 | 		doPost(req, resp);
24 | 	}
25 | 
26 | 	@Override
27 | 	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
28 | 		String loggedPrincipal = (String) SecurityUtils.getSubject().getPrincipal();
29 | 		String firstname = getField(request, "firstname");
30 | 		String lastname = getField(request, "lastname");
31 | 		String about = getField(request, "about");
32 | 
33 | 		try {
34 | 			saveData(loggedPrincipal, firstname, lastname, about);
35 | 			request.setAttribute(ServletConstants.actionResultMessage, "Saved was successful.");
36 | 		} catch (Exception ex) {
37 | 			log.error("Could not save data.", ex);
38 | 			request.setAttribute(ServletConstants.actionResultMessage, "Saved unsuccessful :(.");
39 | 		}
40 | 
41 | 		// forward the request and response back to original page
42 | 		String originalPage = request.getParameter(ServletConstants.originalPage);
43 | 		RequestDispatcher dispatcher = getServletContext().getRequestDispatcher(originalPage);
44 | 		dispatcher.forward(request, response);
45 | 	}
46 | 
47 | 	private void saveData(String loggedPrincipal, String firstname, String lastname, String about) {
48 | 		ModelProvider mp = new ModelProvider();
49 | 		try {
50 | 			UserPersonalData data = mp.getCurrentUserData();
51 | 			mp.beginTransaction();
52 | 			if (data == null) {
53 | 				data = new UserPersonalData();
54 | 				updateUser(data, loggedPrincipal, firstname, lastname, about);
55 | 				mp.persist(data);
56 | 			} else {
57 | 				updateUser(data, loggedPrincipal, firstname, lastname, about);
58 | 			}
59 | 			mp.commit();
60 | 		} finally {
61 | 			mp.close();
62 | 		}
63 | 	}
64 | 
65 | 	private void updateUser(UserPersonalData data, String loggedPrincipal, String firstname, String lastname, String about) {
66 | 		data.setUserName(loggedPrincipal);
67 | 		data.setFirstname(firstname);
68 | 		data.setLastname(lastname);
69 | 		data.setAbout(about);
70 | 	}
71 | 
72 | }
73 | 


--------------------------------------------------------------------------------
/src/main/java/org/meri/simpleshirosecuredapplication/servlet/CertificateOrFormAuthenticationFilter.java:
--------------------------------------------------------------------------------
 1 | package org.meri.simpleshirosecuredapplication.servlet;
 2 | 
 3 | import java.security.cert.X509Certificate;
 4 | 
 5 | import javax.servlet.ServletRequest;
 6 | import javax.servlet.ServletResponse;
 7 | 
 8 | import org.apache.shiro.authc.AuthenticationException;
 9 | import org.apache.shiro.authc.AuthenticationToken;
10 | import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
11 | import org.meri.simpleshirosecuredapplication.authc.X509CertificateUsernamePasswordToken;
12 | 
13 | public class CertificateOrFormAuthenticationFilter extends FormAuthenticationFilter {
14 | 
15 | 	@Override
16 | 	protected boolean isLoginSubmission(ServletRequest request, ServletResponse response) {
17 | 		return super.isLoginSubmission(request, response) || isCertificateLogInAttempt(request, response);
18 | 	}
19 | 
20 | 	private boolean isCertificateLogInAttempt(ServletRequest request, ServletResponse response) {
21 | 		return hasCertificate(request) && !getSubject(request, response).isAuthenticated();
22 | 	}
23 | 
24 | 	private boolean hasCertificate(ServletRequest request) {
25 | 		return null != getCertificate(request);
26 | 	}
27 | 
28 | 	private X509Certificate getCertificate(ServletRequest request) {
29 | 		X509Certificate[] attribute = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
30 | 		return attribute == null ? null : attribute[0];
31 | 	}
32 | 
33 | 	@Override
34 | 	protected AuthenticationToken createToken(String username, String password, ServletRequest request, ServletResponse response) {
35 | 		boolean rememberMe = isRememberMe(request);
36 | 		String host = getHost(request);
37 | 		X509Certificate certificate = getCertificate(request);
38 | 		return createToken(username, password, rememberMe, host, certificate);
39 | 	}
40 | 
41 | 	protected AuthenticationToken createToken(String username, String password, boolean rememberMe, String host, X509Certificate certificate) {
42 | 		return new X509CertificateUsernamePasswordToken(username, password, rememberMe, host, certificate);
43 | 	}
44 | 
45 | 	@Override
46 | 	protected void setFailureAttribute(ServletRequest request, AuthenticationException ae) {
47 | 		String message = ae.getMessage();
48 | 		request.setAttribute(getFailureKeyAttribute(), message);
49 | 	}
50 | 
51 | }
52 | 


--------------------------------------------------------------------------------
/src/main/java/org/meri/simpleshirosecuredapplication/servlet/PerformFunctionAndGoBackServlet.java:
--------------------------------------------------------------------------------
 1 | package org.meri.simpleshirosecuredapplication.servlet;
 2 | 
 3 | import java.io.IOException;
 4 | 
 5 | import javax.servlet.RequestDispatcher;
 6 | import javax.servlet.Servlet;
 7 | import javax.servlet.ServletException;
 8 | import javax.servlet.http.HttpServlet;
 9 | import javax.servlet.http.HttpServletRequest;
10 | import javax.servlet.http.HttpServletResponse;
11 | 
12 | import org.apache.log4j.Logger;
13 | import org.apache.shiro.ShiroException;
14 | import org.meri.simpleshirosecuredapplication.actions.Actions;
15 | 
16 | public class PerformFunctionAndGoBackServlet extends HttpServlet implements Servlet {
17 | 	
18 |   private static transient final Logger log = Logger.getLogger(PerformFunctionAndGoBackServlet.class);
19 | 
20 | 	private static final long serialVersionUID = -7896114563632467947L;
21 | 
22 | 	@Override
23 | 	protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
24 | 		doPost(req, resp);
25 | 	}
26 | 
27 | 	@Override
28 | 	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
29 | 		String action = request.getParameter("action");
30 | 		String actionResult = performAction(action);
31 | 		request.setAttribute(ServletConstants.actionResultMessage, actionResult);
32 | 
33 | 		// forward the request and response back to original page
34 | 		String originalPage = request.getParameter(ServletConstants.originalPage);
35 | 		RequestDispatcher dispatcher = getServletContext().getRequestDispatcher(originalPage);
36 | 		dispatcher.forward(request, response);
37 | 	}
38 | 
39 | 	private String performAction(String actionName) {
40 | 		try {
41 | 			Actions action = findAction(actionName);
42 | 			String result = action == null ? null : action.doIt();
43 | 			log.debug("Performed function with result: " + result);
44 | 			return result;
45 | 		} catch (ShiroException ex) {
46 | 			log.debug("Function failed with " + ex.getMessage() + " message.");
47 | 			return "Error: " + ex.getMessage();
48 | 		}
49 | 	}
50 | 
51 | 	private Actions findAction(String actionName) {
52 | 		if (actionName == null)
53 | 			return null;
54 | 
55 | 		Actions[] values = Actions.values();
56 | 
57 | 		for (Actions action : values) {
58 | 			if (actionName.equals(action.getName()))
59 | 				return action;
60 | 		}
61 | 		return null;
62 | 	}
63 | 
64 | 	public String getUrl(HttpServletRequest request) {
65 | 		String reqUrl = request.getRequestURL().toString();
66 | 		String queryString = request.getQueryString(); // d=789
67 | 		if (queryString != null) {
68 | 			reqUrl += "?" + queryString;
69 | 		}
70 | 		return reqUrl;
71 | 	}
72 | 
73 | }
74 | 


--------------------------------------------------------------------------------
/src/main/java/org/meri/simpleshirosecuredapplication/servlet/ServletConstants.java:
--------------------------------------------------------------------------------
1 | package org.meri.simpleshirosecuredapplication.servlet;
2 | 
3 | public class ServletConstants {
4 | 
5 | 	public static final String originalPage = "originalPage";
6 | 	public static final String actionResultMessage = "actionResultMessage";
7 | 
8 | }
9 | 


--------------------------------------------------------------------------------
/src/main/java/org/meri/simpleshirosecuredapplication/servlet/VerboseFormAuthenticationFilter.java:
--------------------------------------------------------------------------------
 1 | package org.meri.simpleshirosecuredapplication.servlet;
 2 | 
 3 | import javax.servlet.ServletRequest;
 4 | 
 5 | import org.apache.shiro.authc.AuthenticationException;
 6 | import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
 7 | 
 8 | public class VerboseFormAuthenticationFilter extends FormAuthenticationFilter {
 9 | 	
10 | 	@Override
11 | 	protected void setFailureAttribute(ServletRequest request, AuthenticationException ae) {
12 | 		String message = ae.getMessage();
13 | 		request.setAttribute(getFailureKeyAttribute(), message);
14 | 	}
15 | 	
16 | }
17 | 


--------------------------------------------------------------------------------
/src/main/resources/Shiro.ini:
--------------------------------------------------------------------------------
 1 | [main] 
 2 | # realms to be used
 3 | certificateRealm=org.meri.simpleshirosecuredapplication.realm.X509CertificateRealm
 4 | certificateRealm.trustStore=src/main/resources/truststore
 5 | certificateRealm.trustStorePassword=secret
 6 | certificateRealm.jndiDataSourceName=jdbc/SimpleShiroSecuredApplicationDB
 7 | 
 8 | saltedJdbcRealm=org.meri.simpleshirosecuredapplication.realm.JNDIAndSaltAwareJdbcRealm
 9 | # any object property is automatically configurable in Shiro.ini file
10 | saltedJdbcRealm.jndiDataSourceName=jdbc/SimpleShiroSecuredApplicationDB 
11 | # the realm should handle also authorization
12 | saltedJdbcRealm.permissionsLookupEnabled=true
13 | # If not filled, subclasses of JdbcRealm assume "select password from users where username = ?"
14 | # first result column is password, second result column is salt 
15 | saltedJdbcRealm.authenticationQuery = select password, salt from sec_users where name = ?
16 | # If not filled, subclasses of JdbcRealm assume "select role_name from user_roles where username = ?"
17 | saltedJdbcRealm.userRolesQuery = select role_name from sec_users_roles where user_name = ?
18 | # If not filled, subclasses of JdbcRealm assume "select permission from roles_permissions where role_name = ?"
19 | saltedJdbcRealm.permissionsQuery = select permissions from sec_roles_permissions where role_name = ?
20 | 
21 | # password hashing specification, put something big for hasIterations
22 | sha256Matcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher
23 | sha256Matcher.hashAlgorithmName=SHA-256
24 | sha256Matcher.hashIterations=1
25 | saltedJdbcRealm.credentialsMatcher = $sha256Matcher
26 | 
27 | # filter configuration
28 | certificateFilter = org.meri.simpleshirosecuredapplication.servlet.CertificateOrFormAuthenticationFilter
29 | # request parameter with login error information; if not present filter assumes 'shiroLoginFailure'
30 | certificateFilter.failureKeyAttribute=simpleShiroApplicationLoginFailure
31 | # specify login page
32 | certificateFilter.loginUrl = /simpleshirosecuredapplication/account/login.jsp
33 | # name of request parameter with username; if not present filter assumes 'username'
34 | certificateFilter.usernameParam = user
35 | # name of request parameter with password; if not present filter assumes 'password'
36 | certificateFilter.passwordParam = pass
37 | # does the user wish to be remembered?; if not present filter assumes 'rememberMe'
38 | certificateFilter.rememberMeParam = remember
39 | # redirect after successful login
40 | certificateFilter.successUrl  = /simpleshirosecuredapplication/account/personalaccountpage.jsp
41 | 
42 | # roles filter: redirect to error page if user does not have access rights
43 | roles.unauthorizedUrl = /simpleshirosecuredapplication/account/accessdenied.jsp
44 | 
45 | # multi-realms strategy
46 | # authenticationStrategy=org.meri.simpleshirosecuredapplication.authc.PrimaryPrincipalSameAuthenticationStrategy
47 | # securityManager.authenticator.authenticationStrategy=$authenticationStrategy
48 | 
49 | [urls]
50 | # force ssl for login page 
51 | /simpleshirosecuredapplication/account/login.jsp=ssl[8443], certificateFilter
52 | 
53 | # only users with some roles are allowed to use role-specific pages 
54 | /simpleshirosecuredapplication/repairmen/**=certificateFilter, roles[repairman]
55 | /simpleshirosecuredapplication/sales/**=certificateFilter, roles[sales]
56 | /simpleshirosecuredapplication/scientists/**=certificateFilter, roles[scientist]
57 | /simpleshirosecuredapplication/adminarea/**=certificateFilter, roles[Administrator]
58 | 
59 | # enable certificateFilter filter for all application pages
60 | /simpleshirosecuredapplication/**=certificateFilter
61 | 


--------------------------------------------------------------------------------
/src/main/resources/antisamy-tinymce-1.4.4.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="UTF-8" ?>
  2 | 
  3 | <!--
  4 | 	TinyMCE
  5 | -->
  6 | 
  7 | <anti-samy-rules xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  8 | 	xsi:noNamespaceSchemaLocation="antisamy.xsd">
  9 | 
 10 | 	<directives>
 11 | 		<directive name="omitXmlDeclaration" value="true" />
 12 | 		<directive name="omitDoctypeDeclaration" value="false" />
 13 | 		<directive name="maxInputSize" value="100000" />
 14 | 		<directive name="embedStyleSheets" value="false" />
 15 | 		<directive name="useXHTML" value="true" />
 16 | 		<directive name="formatOutput" value="true" />
 17 | 	</directives>
 18 | 
 19 | 	<common-regexps>
 20 | 
 21 | 		<!--
 22 | 			From W3C:
 23 | 			This attribute assigns a class name or set of class names to an
 24 | 			element. Any number of elements may be assigned the same class
 25 | 			name or names. Multiple class names must be separated by white
 26 | 			space characters.
 27 | 		-->
 28 | 		<regexp name="htmlTitle" value="[a-zA-Z0-9\s\-_',:\[\]!\./\\\(\)&amp;]*" />
 29 | 
 30 | 		<!--  force non-empty with a '+' at the end instead of '*'
 31 | 		-->
 32 | 		<regexp name="onsiteURL" value="([\p{L}\p{N}\p{Zs}/\.\?=&amp;\-~])+" />
 33 | 
 34 | 		<!--  ([\w\\/\.\?=&amp;;\#-~]+|\#(\w)+)
 35 | 		-->
 36 | 
 37 | 		<!--  ([\p{L}/ 0-9&amp;\#-.?=])*
 38 | 		-->
 39 | 		<regexp name="offsiteURL" value="(\s)*((ht|f)tp(s?)://|mailto:)[A-Za-z0-9]+[~a-zA-Z0-9-_\.@\#\$%&amp;;:,\?=/\+!\(\)]*(\s)*" />
 40 | 	</common-regexps>
 41 | 
 42 | 	<!--
 43 | 		Tag.name = a, b, div, body, etc.
 44 | 		Tag.action = filter: remove tags, but keep content, validate: keep content as long as it passes rules, remove: remove tag and contents
 45 | 		Attribute.name = id, class, href, align, width, etc.
 46 | 		Attribute.onInvalid = what to do when the attribute is invalid, e.g., remove the tag (removeTag), remove the attribute (removeAttribute), filter the tag (filterTag)
 47 | 		Attribute.description = What rules in English you want to tell the users they can have for this attribute. Include helpful things so they'll be able to tune their HTML
 48 | 	-->
 49 | 
 50 | 	<!--
 51 | 		Some attributes are common to all (or most) HTML tags. There aren't many that qualify for this. You have to make sure there's no
 52 | 		collisions between any of these attribute names with attribute names of other tags that are for different purposes.
 53 | 	-->
 54 | 
 55 | 	<common-attributes>
 56 | 
 57 | 		<attribute name="lang"
 58 | 			description="The 'lang' attribute tells the browser what language the element's attribute values and content are written in">
 59 | 
 60 | 			<regexp-list>
 61 | 				<regexp value="[a-zA-Z]{2,20}" />
 62 | 			</regexp-list>
 63 | 		</attribute>
 64 | 
 65 | 		<attribute name="title"
 66 | 			description="The 'title' attribute provides text that shows up in a 'tooltip' when a user hovers their mouse over the element">
 67 | 
 68 | 			<regexp-list>
 69 | 				<regexp name="htmlTitle" />
 70 | 			</regexp-list>
 71 | 		</attribute>
 72 | 
 73 | 		<attribute name="href" onInvalid="filterTag">
 74 | 
 75 | 			<regexp-list>
 76 | 				<regexp name="onsiteURL" />
 77 | 				<regexp name="offsiteURL" />
 78 | 
 79 | 				<!--
 80 | 				-->
 81 | 			</regexp-list>
 82 | 		</attribute>
 83 | 
 84 | 		<attribute name="align"
 85 | 			description="The 'align' attribute of an HTML element is a direction word, like 'left', 'right' or 'center'">
 86 | 
 87 | 			<literal-list>
 88 | 				<literal value="center" />
 89 | 				<literal value="left" />
 90 | 				<literal value="right" />
 91 | 				<literal value="justify" />
 92 | 				<literal value="char" />
 93 | 			</literal-list>
 94 | 		</attribute>
 95 | 		<attribute name="style"
 96 | 			description="The 'style' attribute provides the ability for users to change many attributes of the tag's contents using a strict syntax" />
 97 | 	</common-attributes>
 98 | 
 99 | 	<!--
100 | 		This requires normal updates as browsers continue to diverge from the W3C and each other. As long as the browser wars continue
101 | 		this is going to continue. I'm not sure war is the right word for what's going on. Doesn't somebody have to win a war after
102 | 		a while?
103 | 
104 | 
105 | 	-->
106 | 
107 | 	<global-tag-attributes>
108 | 		<attribute name="title" />
109 | 		<attribute name="lang" />
110 | 		<attribute name="style" />
111 | 	</global-tag-attributes>
112 | 
113 | 	<tags-to-encode>
114 | 		<tag>g</tag>
115 | 		<tag>grin</tag>
116 | 	</tags-to-encode>
117 | 
118 | 	<tag-rules>
119 | 
120 | 		<!--  Remove  -->
121 | 
122 | 		<tag name="script" action="remove" />
123 | 		<tag name="noscript" action="remove" />
124 | 		<tag name="iframe" action="remove" />
125 | 		<tag name="frameset" action="remove" />
126 | 		<tag name="frame" action="remove" />
127 | 		<tag name="noframes" action="remove" />
128 | 		<tag name="head" action="remove" />
129 | 		<tag name="title" action="remove" />
130 | 		<tag name="base" action="remove" />
131 | 		<tag name="style" action="remove" />
132 | 		<tag name="link" action="remove" />
133 | 		<tag name="input" action="remove" />
134 | 		<tag name="textarea" action="remove" />
135 | 
136 | 		<!--  Truncate  -->
137 | 		<tag name="br" action="truncate" />
138 | 
139 | 		<!--  Validate -->
140 | 
141 | 		<tag name="p" action="validate">
142 | 			<attribute name="align" />
143 | 		</tag>
144 | 		<tag name="div" action="validate" />
145 | 		<tag name="span" action="validate" />
146 | 		<tag name="i" action="validate" />
147 | 		<tag name="b" action="validate" />
148 | 		<tag name="strong" action="validate" />
149 | 		<tag name="s" action="validate" />
150 | 		<tag name="strike" action="validate" />
151 | 		<tag name="u" action="validate" />
152 | 		<tag name="em" action="validate" />
153 | 		<tag name="blockquote" action="validate" />
154 | 		<tag name="tt" action="truncate" />
155 | 
156 | 		<tag name="a" action="validate">
157 | 			<attribute name="href" onInvalid="filterTag" />
158 | 
159 | 			<attribute name="nohref">
160 | 
161 | 				<literal-list>
162 | 					<literal value="nohref" />
163 | 					<literal value="" />
164 | 				</literal-list>
165 | 			</attribute>
166 | 
167 | 			<attribute name="rel">
168 | 
169 | 				<literal-list>
170 | 					<literal value="nofollow" />
171 | 				</literal-list>
172 | 			</attribute>
173 | 		</tag>
174 | 
175 | 		<!--  List tags
176 | 		-->
177 | 		<tag name="ul" action="validate" />
178 | 		<tag name="ol" action="validate" />
179 | 		<tag name="li" action="validate" />
180 | 		<tag name="dl" action="validate" />
181 | 		<tag name="dt" action="validate" />
182 | 		<tag name="dd" action="validate" />
183 | 	</tag-rules>
184 | 
185 | 	<css-rules>
186 | 
187 | 		<property name="text-decoration" default="none"
188 | 			description="">
189 | 
190 | 			<category-list>
191 | 				<category value="visual" />
192 | 			</category-list>
193 | 
194 | 			<literal-list>
195 | 				<literal value="underline" />
196 | 				<literal value="overline" />
197 | 				<literal value="line-through" />
198 | 			</literal-list>
199 | 		</property>
200 | 	</css-rules>
201 | </anti-samy-rules>


--------------------------------------------------------------------------------
/src/main/resources/db.changelog.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="UTF-8"?>
  2 | 
  3 | <databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog/1.9"
  4 | 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  5 | 	xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog/1.9
  6 |          http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-1.9.xsd">
  7 | 
  8 | 	<changeSet id="1" author="meri">
  9 | 		<comment>
 10 | 			Create table structure for users, passwords, roles and permissions.
 11 | 		</comment>
 12 | 		<createTable tableName="sec_users">
 13 | 			<column name="name" type="varchar(150)">
 14 | 				<constraints primaryKey="true" nullable="false" />
 15 | 			</column>
 16 | 			<column name="password" type="varchar(1500)">
 17 | 				<constraints nullable="false" />
 18 | 			</column>
 19 | 			<column name="salt" type="varchar(1500)">
 20 | 				<constraints nullable="false" />
 21 | 			</column>
 22 | 		</createTable>
 23 | 
 24 | 		<createTable tableName="sec_roles">
 25 | 			<column name="name" type="varchar(150)">
 26 | 				<constraints primaryKey="true" nullable="false" />
 27 | 			</column>
 28 | 			<column name="description" type="varchar(1500)">
 29 | 			</column>
 30 | 		</createTable>
 31 | 
 32 | 		<createTable tableName="sec_users_roles">
 33 | 			<column name="role_name" type="varchar(150)">
 34 | 				<constraints nullable="false" />
 35 | 			</column>
 36 | 			<column name="user_name" type="varchar(150)">
 37 | 				<constraints nullable="false" />
 38 | 			</column>
 39 | 		</createTable>
 40 | 
 41 | 		<addForeignKeyConstraint constraintName="fk_users_roles_roles"
 42 | 			baseTableName="sec_users_roles" baseColumnNames="role_name"
 43 | 			referencedTableName="sec_roles" referencedColumnNames="name" />
 44 | 
 45 | 		<addForeignKeyConstraint constraintName="fk_users_roles_users"
 46 | 			baseTableName="sec_users_roles" baseColumnNames="user_name"
 47 | 			referencedTableName="sec_users" referencedColumnNames="name" />
 48 | 
 49 | 		<createTable tableName="sec_roles_permissions">
 50 | 			<column name="role_name" type="varchar(150)">
 51 | 				<constraints nullable="false" />
 52 | 			</column>
 53 | 			<column name="permissions" type="varchar(1500)">
 54 | 				<constraints nullable="false" />
 55 | 			</column>
 56 | 		</createTable>
 57 | 
 58 | 		<addForeignKeyConstraint constraintName="fk_users_permissions_roles"
 59 | 			baseTableName="sec_roles_permissions" baseColumnNames="role_name"
 60 | 			referencedTableName="sec_roles" referencedColumnNames="name" />
 61 | 
 62 | 	</changeSet>
 63 | 
 64 | 	<changeSet id="2" author="meri" context="test">
 65 | 		<comment>
 66 | 			Create initial users, roles and permissions.
 67 | 		</comment>
 68 | 		<insert tableName="sec_users">
 69 | 			<column name="name" value="administrator" />
 70 | 			<column name="password"
 71 | 				value="0c630af79f3c3d0534f6fa5127682deecba489f57579ccc624f476d5dc7a479b" />
 72 | 			<column name="salt" value="random_salt_value_administrator" />
 73 | 		</insert>
 74 | 		<insert tableName="sec_users">
 75 | 			<column name="name" value="friendlyrepairman" />
 76 | 			<column name="password"
 77 | 				value="ab7cce1a3ea3b29ad6c0cf14ca30b62bcb758f1569270e9cfbc08c6233a782ad" />
 78 | 			<column name="salt" value="random_salt_value_friendlyrepairman" />
 79 | 		</insert>
 80 | 		<insert tableName="sec_users">
 81 | 			<column name="name" value="unfriendlyrepairman" />
 82 | 			<column name="password"
 83 | 				value="181adb37929544f5210c2f114f5304150077d4599de6f787bd5e2355b0fc0b16" />
 84 | 			<column name="salt" value="random_salt_value_unfriendlyrepairman" />
 85 | 		</insert>
 86 | 		<insert tableName="sec_users">
 87 | 			<column name="name" value="mathematician" />
 88 | 			<column name="password"
 89 | 				value="e468b296641a8c51265155c54d0ca873978e99b04f240c8e07a2f513b69c0e02" />
 90 | 			<column name="salt" value="random_salt_value_mathematician" />
 91 | 		</insert>
 92 | 		<insert tableName="sec_users">
 93 | 			<column name="name" value="physicien" />
 94 | 			<column name="password"
 95 | 				value="13c81aa93d59f79eaeadf432b59db6ea6b62879b4673e3b610d4b3cbf05587db" />
 96 | 			<column name="salt" value="random_salt_value_physicien" />
 97 | 		</insert>
 98 | 		<insert tableName="sec_users">
 99 | 			<column name="name" value="productsales" />
100 | 			<column name="password"
101 | 				value="893a5217ce89e843090723897fec02e4ba7fa62f808c85c10f7b3a23e8313e5c" />
102 | 			<column name="salt" value="random_salt_value_productsales" />
103 | 		</insert>
104 | 		<insert tableName="sec_users">
105 | 			<column name="name" value="servicessales" />
106 | 			<column name="password"
107 | 				value="faf8392c66ed7ec97401bb5eab09a60f687fedefd801f0caf07e3f261486a5e9" />
108 | 			<column name="salt" value="random_salt_value_servicessales" />
109 | 		</insert>
110 | 		<insert tableName="sec_roles">
111 | 			<column name="name" value="Administrator" />
112 | 			<column name="description" value="Used for company admins." />
113 | 		</insert>
114 | 		<insert tableName="sec_roles">
115 | 			<column name="name" value="repairman" />
116 | 			<column name="description" value="Can repaire stuff." />
117 | 		</insert>
118 | 		<insert tableName="sec_roles">
119 | 			<column name="name" value="scientist" />
120 | 			<column name="description" value="Anybody on reserche positions." />
121 | 		</insert>
122 | 		<insert tableName="sec_roles">
123 | 			<column name="name" value="sales" />
124 | 			<column name="description" value="Members are selling stuff." />
125 | 		</insert>
126 | 		<insert tableName="sec_users_roles">
127 | 			<column name="user_name" value="administrator" />
128 | 			<column name="role_name" value="Administrator" />
129 | 		</insert>
130 | 		<insert tableName="sec_users_roles">
131 | 			<column name="user_name" value="friendlyrepairman" />
132 | 			<column name="role_name" value="repairman" />
133 | 		</insert>
134 | 		<insert tableName="sec_users_roles">
135 | 			<column name="user_name" value="unfriendlyrepairman" />
136 | 			<column name="role_name" value="repairman" />
137 | 		</insert>
138 | 		<insert tableName="sec_users_roles">
139 | 			<column name="user_name" value="mathematician" />
140 | 			<column name="role_name" value="scientist" />
141 | 		</insert>
142 | 		<insert tableName="sec_users_roles">
143 | 			<column name="user_name" value="physicien" />
144 | 			<column name="role_name" value="scientist" />
145 | 		</insert>
146 | 		<insert tableName="sec_users_roles">
147 | 			<column name="user_name" value="productsales" />
148 | 			<column name="role_name" value="sales" />
149 | 		</insert>
150 | 		<insert tableName="sec_users_roles">
151 | 			<column name="user_name" value="servicessales" />
152 | 			<column name="role_name" value="sales" />
153 | 		</insert>
154 | 		<insert tableName="sec_roles_permissions">
155 | 			<column name="role_name" value="sales" />
156 | 			<column name="permissions" value="functions:sale:*" />
157 | 		</insert>
158 | 		<insert tableName="sec_roles_permissions">
159 | 			<column name="role_name" value="scientist" />
160 | 			<column name="permissions" value="functions:science:*" />
161 | 		</insert>
162 | 		<insert tableName="sec_roles_permissions">
163 | 			<column name="role_name" value="repairman" />
164 | 			<column name="permissions" value="functions:repair:*" />
165 | 		</insert>
166 | 		<insert tableName="sec_roles_permissions">
167 | 			<column name="role_name" value="Administrator" />
168 | 			<column name="permissions" value="functions:manage:*,functions:repair:*" />
169 | 		</insert>
170 | 	</changeSet>
171 | 
172 | 	<changeSet id="3" author="meri">
173 | 		<comment>
174 | 			Add certificate unique id to sec_users table.
175 | 		</comment>
176 | 		<addColumn tableName="sec_users">
177 | 			<column name="serialnumber" type="varchar(900)" />
178 | 			<column name="issuername" type="varchar(900)" />
179 | 		</addColumn>
180 | 	</changeSet>
181 | 
182 | 	<changeSet id="4" author="meri" context="test">
183 | 		<comment>
184 | 			Associate certificates with initial user accounts.
185 | 		</comment>
186 | 		<update tableName="sec_users">
187 | 			<column name="serialnumber" value="TZbvUg==" />
188 | 			<column name="issuername" value="CN=administrator, OU=Administrator, O=SimpleShiroSecuredApplication, L=SomeLand, ST=SomeState, C=qq" />
189 | 			<where>name='administrator'</where>
190 | 		</update>
191 | 		<update tableName="sec_users">
192 | 			<column name="serialnumber" value="TZbhIQ==" />
193 | 			<column name="issuername" value="CN=friendlyrepairman, OU=repairmen, O=SimpleShiroSecuredApplication, L=SomeLand, ST=SomeState, C=qq" />
194 | 			<where>name='friendlyrepairman'</where>
195 | 		</update>
196 | 		<update tableName="sec_users">
197 | 			<column name="serialnumber" value="TZbucA==" />
198 | 			<column name="issuername" value="CN=unfriendlyrepairman, OU=repairmen, O=SimpleShiroSecuredApplication, L=SomeLand, ST=SomeState, C=qq" />
199 | 			<where>name='unfriendlyrepairman'</where>
200 | 		</update>
201 | 		<update tableName="sec_users">
202 | 			<column name="serialnumber" value="TZbvsg==" />
203 | 			<column name="issuername" value="CN=mathematician, OU=scientists, O=SimpleShiroSecuredApplication, L=SomeLand, ST=SomeState, C=qq" />
204 | 			<where>name='mathematician'</where>
205 | 		</update>
206 | 		<update tableName="sec_users">
207 | 			<column name="serialnumber" value="TZbxpg==" />
208 | 			<column name="issuername" value="CN=servicessales, OU=sales, O=SimpleShiroSecuredApplication, L=SomeLand, ST=SomeState, C=qq" />
209 | 			<where>name='servicessales'</where>
210 | 		</update>
211 | 		<update tableName="sec_users">
212 | 			<column name="serialnumber" value="TZbwjw==" />
213 | 			<column name="issuername" value="CN=productsales, OU=sales, O=SimpleShiroSecuredApplication, L=SomeLand, ST=SomeState, C=qq" />
214 | 			<where>name='productsales'</where>
215 | 		</update>
216 | 		<update tableName="sec_users">
217 | 			<column name="serialnumber" value="TZbwJw==" />
218 | 			<column name="issuername" value="CN=physicien, OU=scientists, O=SimpleShiroSecuredApplication, L=SomeLand, ST=SomeState, C=qq" />
219 | 			<where>name='physicien'</where>
220 | 		</update>
221 | 	</changeSet>
222 | 
223 | 	<changeSet id="5" author="meri">
224 | 		<comment>
225 | 			Add user personal data such as first name, last name, hobby etc to the application.
226 | 		</comment>
227 | 		<createTable tableName="user_personal_data">
228 | 			<column name="user_name" type="varchar(150)">
229 | 				<constraints primaryKey="true" nullable="false" />
230 | 			</column>
231 | 			<column name="firstname" type="varchar(1500)">
232 | 				<constraints nullable="true" />
233 | 			</column>
234 | 			<column name="lastname" type="varchar(1500)">
235 | 				<constraints nullable="true" />
236 | 			</column>
237 | 			<column name="about" type="varchar(5000)">
238 | 				<constraints nullable="true" />
239 | 			</column>
240 | 		</createTable>
241 | 		
242 | 		<addForeignKeyConstraint constraintName="fk_user_data_users"
243 | 			baseTableName="user_personal_data" baseColumnNames="user_name"
244 | 			referencedTableName="sec_users" referencedColumnNames="name" />
245 | 		
246 | 	</changeSet>
247 | </databaseChangeLog>


--------------------------------------------------------------------------------
/src/main/resources/log4j.properties:
--------------------------------------------------------------------------------
 1 | #
 2 | # Licensed to the Apache Software Foundation (ASF) under one
 3 | # or more contributor license agreements.  See the NOTICE file
 4 | # distributed with this work for additional information
 5 | # regarding copyright ownership.  The ASF licenses this file
 6 | # to you under the Apache License, Version 2.0 (the
 7 | # "License"); you may not use this file except in compliance
 8 | # with the License.  You may obtain a copy of the License at
 9 | #
10 | #     http://www.apache.org/licenses/LICENSE-2.0
11 | #
12 | # Unless required by applicable law or agreed to in writing,
13 | # software distributed under the License is distributed on an
14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | # KIND, either express or implied.  See the License for the
16 | # specific language governing permissions and limitations
17 | # under the License.
18 | #
19 | # This file is used to format all logging output
20 | log4j.rootLogger=TRACE, stdout
21 | 
22 | log4j.appender.stdout=org.apache.log4j.ConsoleAppender
23 | log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
24 | log4j.appender.stdout.layout.ConversionPattern=%d %-5p [%c]: %m%n
25 | 
26 | # =============================================================================
27 | # 3rd Party Libraries
28 | # OFF, FATAL, ERROR, WARN, INFO, DEBUG, ALL
29 | # =============================================================================
30 | # ehcache caching manager:
31 | log4j.logger.net.sf.ehcache=WARN
32 | 
33 | # Most all Apache libs:
34 | log4j.logger.org.apache=WARN
35 | 
36 | # Quartz Enterprise Scheular (java 'cron' utility)
37 | log4j.logger.org.quartz=WARN
38 | 
39 | # =============================================================================
40 | # Apache Shiro
41 | # =============================================================================
42 | # Shiro security framework
43 | log4j.logger.org.apache.shiro=TRACE
44 | #log4j.logger.org.apache.shiro.realm.text.PropertiesRealm=INFO
45 | #log4j.logger.org.apache.shiro.cache.ehcache.EhCache=INFO
46 | #log4j.logger.org.apache.shiro.io=INFO
47 | #log4j.logger.org.apache.shiro.web.servlet=INFO
48 | log4j.logger.org.apache.shiro.util.ThreadContext=INFO
49 | 


--------------------------------------------------------------------------------
/src/main/resources/truststore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SomMeri/SimpleShiroSecuredApplication/778f37b22fb023873a13976860e3692c55dce424/src/main/resources/truststore


--------------------------------------------------------------------------------
/src/main/webapp/WEB-INF/classes/META-INF/persistence.xml:
--------------------------------------------------------------------------------
 1 | <persistence xmlns="http://java.sun.com/xml/ns/persistence"
 2 | 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="1.0">
 3 | 	<persistence-unit name="SimpleShiroSecuredApplicationPU"
 4 | 		transaction-type="RESOURCE_LOCAL">
 5 | 		<provider>org.apache.openjpa.persistence.PersistenceProviderImpl
 6 | 		</provider>
 7 | 		<non-jta-data-source>jdbc/SimpleShiroSecuredApplicationDB
 8 | 		</non-jta-data-source>
 9 | 		<class>org.meri.simpleshirosecuredapplication.model.UserPersonalData
10 | 		</class>
11 | 		<properties>
12 | 			<property name="openjpa.RuntimeUnenhancedClasses" value="supported" />
13 | 		</properties>
14 | 	</persistence-unit>
15 | </persistence>


--------------------------------------------------------------------------------
/src/main/webapp/WEB-INF/jetty-web.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0"?>
 2 | <!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://jetty.mortbay.org/configure.dtd">
 3 | 
 4 | <Configure id="SimpleShiroSecuredApplication" class="org.mortbay.jetty.webapp.WebAppContext">
 5 | 	<New id="SimpleShiroSecuredApplication" class="org.mortbay.jetty.plus.naming.Resource">
 6 | 		<Arg>jdbc/SimpleShiroSecuredApplicationDB</Arg>
 7 | 		<Arg>
 8 | 			<New class="org.apache.derby.jdbc.EmbeddedDataSource">
 9 | 				<Set name="DatabaseName">../SimpleShiroSecuredApplicationDatabase</Set>
10 | 				<Set name="createDatabase">create</Set>
11 | 			</New>
12 | 		</Arg>
13 | 	</New>
14 | </Configure>
15 | 	
16 | 


--------------------------------------------------------------------------------
/src/main/webapp/WEB-INF/web.xml:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE web-app PUBLIC
 2 |  "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
 3 |  "http://java.sun.com/dtd/web-app_2_3.dtd" >
 4 | 
 5 | <web-app id="SimpleShiroSecuredApplication">
 6 | 	<display-name>Simple Secure Application</display-name>
 7 | 
 8 | 	<!-- ==== Servlets ================================================================== -->
 9 | 	<servlet>
10 | 		<servlet-name>PerformFunctionAndGoBackServlet</servlet-name>
11 | 		<servlet-class>org.meri.simpleshirosecuredapplication.servlet.PerformFunctionAndGoBackServlet</servlet-class>
12 | 		<load-on-startup>1</load-on-startup>
13 | 	</servlet>
14 | 
15 | 	<servlet>
16 | 		<servlet-name>AccountPageServlet</servlet-name>
17 | 		<servlet-class>org.meri.simpleshirosecuredapplication.servlet.AccountPageServlet</servlet-class>
18 | 		<load-on-startup>1</load-on-startup>
19 | 	</servlet>
20 | 	<!-- ==== Servlets Mapping ========================================================== -->
21 | 	<servlet-mapping>
22 | 		<servlet-name>PerformFunctionAndGoBackServlet</servlet-name>
23 | 		<url-pattern>/simpleshirosecuredapplication/masterservlet</url-pattern>
24 | 	</servlet-mapping>
25 | 
26 | 	<servlet-mapping>
27 | 		<servlet-name>AccountPageServlet</servlet-name>
28 | 		<url-pattern>/simpleshirosecuredapplication/accountpageservlet</url-pattern>
29 | 	</servlet-mapping>
30 | 
31 | 	<welcome-file-list>
32 | 		<welcome-file>index.jsp</welcome-file>
33 | 	</welcome-file-list>
34 | 
35 | 	<!-- ==== Security ================================================================== -->
36 | 
37 | 	<filter>
38 | 		<filter-name>ShiroFilter</filter-name>
39 | 		<filter-class>org.apache.shiro.web.servlet.IniShiroFilter</filter-class>
40 | 		<init-param>
41 | 			<param-name>configPath</param-name>
42 | 			<param-value>classpath:Shiro.ini</param-value>
43 | 		</init-param>
44 | 	</filter>
45 | 
46 | 	<filter-mapping>
47 | 		<filter-name>ShiroFilter</filter-name>
48 | 		<url-pattern>/*</url-pattern>
49 | 	</filter-mapping>
50 | 
51 | 		<!-- ==== Initialize Database on Startup ========================================================== -->
52 | 
53 | 		<!-- reference to data source -->
54 | 		<resource-ref>
55 | 			<description>Derby Connection</description>
56 | 			<res-ref-name>jdbc/SimpleShiroSecuredApplicationDB</res-ref-name>
57 | 			<res-type>javax.sql.DataSource</res-type>
58 | 			<res-auth>Container</res-auth>
59 | 		</resource-ref>
60 | 
61 | 		<!-- liquibase configuration -->
62 | 		<context-param>
63 | 			<param-name>liquibase.changelog</param-name>
64 | 			<param-value>src/main/resources/db.changelog.xml</param-value>
65 | 		</context-param>
66 | 
67 | 		<context-param>
68 | 			<param-name>liquibase.datasource</param-name>
69 | 			<param-value>jdbc/SimpleShiroSecuredApplicationDB</param-value>
70 | 		</context-param>
71 | 
72 | 		<!-- liquibase sevlet listener to check database on start up and apply 
73 | 			new changes if needed -->
74 | 		<listener>
75 | 			<listener-class>liquibase.integration.servlet.LiquibaseServletListener</listener-class>
76 | 		</listener>
77 | 		
78 | 		<persistence-unit-ref>
79 |                 <persistence-unit-ref-name>persistence/SimpleShiroSecuredApplicationPU</persistence-unit-ref-name>
80 |                 <persistence-unit-name>SimpleShiroSecuredApplicationPU</persistence-unit-name>
81 |         </persistence-unit-ref> 
82 | </web-app>
83 | 


--------------------------------------------------------------------------------
/src/main/webapp/index.jsp:
--------------------------------------------------------------------------------
 1 | <html>
 2 | <body>
 3 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 4 | <h2>Welcome</h2>
 5 | Simple web application for trying out Shiro security framework. There is no security yet. <br>
 6 | <a href="<c:url value="/simpleshirosecuredapplication/account/login.jsp"/>">login</a><br>
 7 | <a href="<c:url value="/simpleshirosecuredapplication/account/allapplicationfunctions.jsp"/>">all application functions</a><br>
 8 | <a href="<c:url value="/simpleshirosecuredapplication/account/viewallaccounts.jsp"/>">view all accounts</a><br>
 9 | <a href="<c:url value="/simpleshirosecuredapplication/account/personalaccountpage.jsp"/>">personal account page</a><br>
10 | <a href="<c:url value="/simpleshirosecuredapplication/adminarea/administratorspage.jsp"/>">administrators page</a><br>
11 | <a href="<c:url value="/simpleshirosecuredapplication/repairmen/repairmen.jsp"/>">repairmen page</a><br>
12 | <a href="<c:url value="/simpleshirosecuredapplication/sales/sales.jsp"/>">sales page</a><br>
13 | <a href="<c:url value="/simpleshirosecuredapplication/scientists/scientists.jsp"/>">scientists page</a><br>
14 | <a href="<c:url value="/simpleshirosecuredapplication/account/logout.jsp"/>">logout</a><br>
15 | </body>
16 | </html>
17 | 


--------------------------------------------------------------------------------
/src/main/webapp/simpleshirosecuredapplication/account/accessdenied.jsp:
--------------------------------------------------------------------------------
 1 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 2 |     pageEncoding="ISO-8859-1"%>
 3 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 4 | <html>
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 7 | <title>Access Denied</title>
 8 | </head>
 9 | <body>
10 | <%@include file="/simpleshirosecuredapplication/common/commonformstuff.jsp" %>
11 | Sorry, you do not have access rights to that area.
12 | </body>
13 | </html>


--------------------------------------------------------------------------------
/src/main/webapp/simpleshirosecuredapplication/account/allapplicationfunctions.jsp:
--------------------------------------------------------------------------------
 1 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 2 |     pageEncoding="ISO-8859-1"%>
 3 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 4 | <html>
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 7 | <title>All Application Functions</title>
 8 | </head>
 9 | <body>
10 | <%@page import="org.meri.simpleshirosecuredapplication.actions.Actions"%>
11 | 
12 | <form action="/simpleshirosecuredapplication/masterservlet" method="get">
13 | <%@include file="/simpleshirosecuredapplication/common/commonformstuff.jsp" %>
14 | All functions available in the application:
15 |     <table class="sample">
16 |         <thead>
17 |         <tr>
18 |             <th>Function Name</th>
19 |             <th>Do It</th>
20 |         </tr>
21 |         </thead>
22 |         <tbody>
23 | 		<% for (Actions action : Actions.values()) { %>
24 |         <tr>
25 |             <td><%=action.getName() %> </td>
26 |             <td><button type="submit" name="action" value="<%=action.getName()%>">Do It</button></td>
27 |         </tr>
28 | 		<% } %>
29 |         </tbody>
30 |     </table>
31 | </form>
32 | 
33 | </body>
34 | </html>


--------------------------------------------------------------------------------
/src/main/webapp/simpleshirosecuredapplication/account/login.jsp:
--------------------------------------------------------------------------------
 1 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 2 |     pageEncoding="ISO-8859-1"%>
 3 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 4 | <html>
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 7 | <title>Please Log In</title>
 8 | </head>
 9 | <body>
10 | <%@include file="/simpleshirosecuredapplication/common/commonformstuff.jsp" %>
11 | <%
12 |   String errorDescription = (String) request.getAttribute("simpleShiroApplicationLoginFailure");
13 |   if (errorDescription!=null) {
14 | %>
15 | Login attempt was unsuccessful: <%=errorDescription%>
16 | <%
17 |   }
18 | %><form name="loginform" action="" method="post">
19 |     <table align="left" border="0" cellspacing="0" cellpadding="3">
20 |         <tr>
21 |             <td>Username:</td>
22 |             <td><input type="text" name="user" maxlength="30"></td>
23 |         </tr>
24 |         <tr>
25 |             <td>Password:</td>
26 |             <td><input type="password" name="pass" maxlength="30"></td>
27 |         </tr>
28 |         <tr>
29 |             <td colspan="2" align="left"><input type="checkbox" name="remember"><font size="2">Remember Me</font></td>
30 |         </tr>
31 |         <tr>
32 |             <td colspan="2" align="right"><input type="submit" name="submit" value="Login"></td>
33 |         </tr>
34 |     </table>
35 | </form>
36 | </body>
37 | </html>


--------------------------------------------------------------------------------
/src/main/webapp/simpleshirosecuredapplication/account/logout.jsp:
--------------------------------------------------------------------------------
 1 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 2 |     pageEncoding="ISO-8859-1"%>
 3 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 4 | <html>
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 7 | <title>Logout</title>
 8 | </head>
 9 | <body>
10 | <%@include file="/simpleshirosecuredapplication/common/commonformstuff.jsp" %>
11 | <%@ page import="org.apache.shiro.SecurityUtils" %>
12 | <% SecurityUtils.getSubject().logout();%>
13 | <p>You have successfully logged out. 
14 | </body>
15 | </html>


--------------------------------------------------------------------------------
/src/main/webapp/simpleshirosecuredapplication/account/personalaccountpage.jsp:
--------------------------------------------------------------------------------
 1 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 2 | 	pageEncoding="ISO-8859-1"%>
 3 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 4 | <html>
 5 | <head>
 6 | <style type="text/css">
 7 | label {
 8 | 	width: 100px;
 9 | 	float: left;
10 | 	display: block;
11 | }
12 | </style>
13 | <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
14 | <title>Personal Account</title>
15 | </head>
16 | <body>
17 | <form action="/simpleshirosecuredapplication/accountpageservlet" method="get">
18 | <%@page import="org.apache.shiro.SecurityUtils"%>
19 | <%@include file="/simpleshirosecuredapplication/common/commonformstuff.jsp"%>
20 | <%@ page import="org.meri.simpleshirosecuredapplication.model.ModelProvider"%>
21 | <%@ page import="org.meri.simpleshirosecuredapplication.model.UserPersonalData"%>
22 | <%
23 | ModelProvider mp = new ModelProvider();
24 | UserPersonalData loggedUserData = mp.getCurrentUserData();
25 | mp.close();
26 | String loggedUser = (String)SecurityUtils.getSubject().getPrincipal();
27 | String firstname = loggedUserData==null || loggedUserData.getFirstname() == null? "" : loggedUserData.getFirstname();
28 | String lastname = loggedUserData==null || loggedUserData.getLastname() == null? "" : loggedUserData.getLastname();
29 | String about = loggedUserData==null ? null : loggedUserData.getAbout();
30 | %>
31 | Hi <%=loggedUser%>. You can edit all your data here. <br>
32 | <br>
33 | <label>First Name:</label><input type="text" name="firstname" value="<%=firstname%>" size="20" /><br>
34 | <label>Last Name:</label> <input type="text" name="lastname" value="<%=lastname%>" size="20" /><br>
35 | <label>About:</label><textarea rows="10" cols="20" name="about"><%=about%>
36 | </textarea><br>
37 | <label>&nbsp;</label><button type="submit" name="save" value="save">Save</button>
38 | </form>
39 | 
40 | </body>
41 | </html>


--------------------------------------------------------------------------------
/src/main/webapp/simpleshirosecuredapplication/account/viewallaccounts.jsp:
--------------------------------------------------------------------------------
 1 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 2 |     pageEncoding="ISO-8859-1"%>
 3 | <%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
 4 | 
 5 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 6 | <html>
 7 | <head>
 8 | <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 9 | <title>View All Accounts</title>
10 | </head>
11 | <body>
12 | <%@include file="/simpleshirosecuredapplication/common/commonformstuff.jsp" %>
13 | <%@page import="org.apache.shiro.SecurityUtils"%>
14 | <%@page import="org.meri.simpleshirosecuredapplication.model.ModelProvider"%>
15 | <%@page import="org.meri.simpleshirosecuredapplication.model.UserPersonalData"%>
16 | <%@page import="java.util.List"%>
17 | All users with filled account data:
18 | <%
19 | ModelProvider mp = new ModelProvider();
20 | List<UserPersonalData> usersData = mp.getAllUsersData();
21 | pageContext.setAttribute("allusers", usersData);
22 | mp.close();
23 | %>
24 | <ul>
25 | <%
26 | for (UserPersonalData data : usersData) {
27 | %>
28 | <li><label><%=data.getUserName()%>:</label> <%=data.getFirstname()%> <%=data.getLastname()%><br>
29 | <textarea readonly="readonly"><%=data.getAbout()%></textarea>
30 | </li>
31 | <% } %>
32 | </ul>
33 | </body>
34 | </html>


--------------------------------------------------------------------------------
/src/main/webapp/simpleshirosecuredapplication/adminarea/administratorspage.jsp:
--------------------------------------------------------------------------------
 1 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 2 |     pageEncoding="ISO-8859-1"%>
 3 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 4 | <html>
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 7 | <title>Administrator Page</title>
 8 | </head>
 9 | <body>
10 | <%@page import="org.meri.simpleshirosecuredapplication.actions.Actions"%>
11 | 
12 | <form action="/simpleshirosecuredapplication/masterservlet" method="get">
13 | <%@include file="/simpleshirosecuredapplication/common/commonformstuff.jsp" %>
14 | <h2>Administrator Page</h2>
15 | This page is meant for administrators only. If you are not one, please go away. Available functions:
16 |     <table class="sample">
17 |         <thead>
18 |         <tr>
19 |             <th>Function Name</th>
20 |             <th>Do It</th>
21 |         </tr>
22 |         </thead>
23 |         <tbody>
24 |         <tr>
25 |             <td>Manage Repairmen: </td>
26 |             <td><button type="submit" name="action" value="<%=Actions.MANAGE_REPAIRMEN.getName()%>">Do It</button></td>
27 |         </tr>
28 |         <tr>
29 |             <td>Manage Sales: </td>
30 |             <td><button type="submit" name="action" value="<%=Actions.MANAGE_SALES.getName()%>">Do It</button></td>
31 |         </tr>
32 |         <tr>
33 |             <td>Manage Scientists: </td>
34 |             <td><button type="submit" name="action" value="<%=Actions.MANAGE_SCIENTISTS.getName()%>">Do It</button></td>
35 |         </tr>
36 |         </tbody>
37 |     </table>
38 | </form>
39 | </body>
40 | </html>


--------------------------------------------------------------------------------
/src/main/webapp/simpleshirosecuredapplication/common/commonformstuff.jsp:
--------------------------------------------------------------------------------
 1 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 2 | <a href="<c:url value="/simpleshirosecuredapplication/index.jsp"/>">Go Home</a>
 3 | <a href="<c:url value="/simpleshirosecuredapplication/account/logout.jsp"/>">logout</a><br>
 4 | <%
 5 |     String reqUrl = request.getServletPath().toString();
 6 | 	String actionMessage = (String) request.getAttribute("actionResultMessage");
 7 | 	if (actionMessage!=null) {
 8 | %>
 9 | <li><%=actionMessage %></li><br>
10 | <%} %>
11 | <input type="hidden" name="originalPage" value="<%=reqUrl%>">
12 | 


--------------------------------------------------------------------------------
/src/main/webapp/simpleshirosecuredapplication/index.jsp:
--------------------------------------------------------------------------------
1 | <jsp:forward page="../index.jsp"/>


--------------------------------------------------------------------------------
/src/main/webapp/simpleshirosecuredapplication/repairmen/repairmen.jsp:
--------------------------------------------------------------------------------
 1 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 2 |     pageEncoding="ISO-8859-1"%>
 3 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 4 | <html>
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 7 | <title>Repairmen Page</title>
 8 | </head>
 9 | <body>
10 | <%@page import="org.meri.simpleshirosecuredapplication.actions.Actions"%>
11 | 
12 | <form action="/simpleshirosecuredapplication/masterservlet" method="get">
13 | <%@include file="/simpleshirosecuredapplication/common/commonformstuff.jsp" %>
14 | <h2>Repairmen Page</h2>
15 | This page is meant for repairmen only. If you are not one, please go away. Available functions:
16 |     <table class="sample">
17 |         <thead>
18 |         <tr>
19 |             <th>Function Name</th>
20 |             <th>Do It</th>
21 |         </tr>
22 |         </thead>
23 |         <tbody>
24 |         <tr>
25 |             <td>Repair refrigerator: </td>
26 |             <td><button type="submit" name="action" value="<%=Actions.REPAIR_REFRIGERATOR.getName()%>">Do It</button></td>
27 |         </tr>
28 |         <tr>
29 |             <td>Repair fridge: </td>
30 |             <td><button type="submit" name="action" value="<%=Actions.REPAIR_FRIDGE.getName()%>">Do It</button></td>
31 |         </tr>
32 |         <tr>
33 |             <td>Repair door: </td>
34 |             <td><button type="submit" name="action" value="<%=Actions.REPAIR_DOOR.getName()%>">Do It</button></td>
35 |         </tr>
36 |         </tbody>
37 |     </table>
38 | </form>
39 | </body>
40 | </html>


--------------------------------------------------------------------------------
/src/main/webapp/simpleshirosecuredapplication/sales/sales.jsp:
--------------------------------------------------------------------------------
 1 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 2 |     pageEncoding="ISO-8859-1"%>
 3 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 4 | <html>
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 7 | <title>Sales Page</title>
 8 | </head>
 9 | <body>
10 | <%@page import="org.meri.simpleshirosecuredapplication.actions.Actions"%>
11 | 
12 | <form action="/simpleshirosecuredapplication/masterservlet" method="get">
13 | <%@include file="/simpleshirosecuredapplication/common/commonformstuff.jsp" %>
14 | <h2>Sales Page</h2>
15 | This page is meant for sales only. If you are not one, please go away. Available functions:
16 |     <table class="sample">
17 |         <thead>
18 |         <tr>
19 |             <th>Function Name</th>
20 |             <th>Do It</th>
21 |         </tr>
22 |         </thead>
23 |         <tbody>
24 |         <tr>
25 |             <td>Sale product: </td>
26 |             <td><button type="submit" name="action" value="<%=Actions.SALE_PRODUCT.getName()%>">Do It</button></td>
27 |         </tr>
28 |         <tr>
29 |             <td>Collect bonus: </td>
30 |             <td><button type="submit" name="action" value="<%=Actions.COLLECT_BONUS.getName()%>">Do It</button></td>
31 |         </tr>
32 |         <tr>
33 |             <td>Meet customer: </td>
34 |             <td><button type="submit" name="action" value="<%=Actions.MEET_CUSTOMER.getName()%>">Do It</button></td>
35 |         </tr>
36 |         </tbody>
37 |     </table>
38 | </form>
39 | </body>
40 | </html>


--------------------------------------------------------------------------------
/src/main/webapp/simpleshirosecuredapplication/scientists/scientists.jsp:
--------------------------------------------------------------------------------
 1 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 2 |     pageEncoding="ISO-8859-1"%>
 3 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 4 | <html>
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 7 | <title>Scientists Page</title>
 8 | </head>
 9 | <body>
10 | <%@page import="org.meri.simpleshirosecuredapplication.actions.Actions"%>
11 | 
12 | <form action="/simpleshirosecuredapplication/masterservlet" method="get">
13 | <%@include file="/simpleshirosecuredapplication/common/commonformstuff.jsp" %>
14 | <h2>Scientists Page</h2>
15 | This page is meant for scientists only. If you are not one, please go away. Available functions:
16 |     <table class="sample">
17 |         <thead>
18 |         <tr>
19 |             <th>Function Name</th>
20 |             <th>Do It</th>
21 |         </tr>
22 |         </thead>
23 |         <tbody>
24 |         <tr>
25 |             <td>Research: </td>
26 |             <td><button type="submit" name="action" value="<%=Actions.RESEARCH_NEW_STUFF.getName()%>">Do It</button></td>
27 |         </tr>
28 |         <tr>
29 |             <td>Write article: </td>
30 |             <td><button type="submit" name="action" value="<%=Actions.WRITE_ARTICLE.getName()%>">Do It</button></td>
31 |         </tr>
32 |         <tr>
33 |             <td>Prepare talk: </td>
34 |             <td><button type="submit" name="action" value="<%=Actions.PREPARE_TALK.getName()%>">Do It</button></td>
35 |         </tr>
36 |         </tbody>
37 |     </table>
38 | </form>
39 | </body>
40 | </html>


--------------------------------------------------------------------------------
/src/test/java/org/meri/simpleshirosecuredapplication/RunWaitTest.java:
--------------------------------------------------------------------------------
 1 | package org.meri.simpleshirosecuredapplication;
 2 | 
 3 | import java.io.IOException;
 4 | import java.net.MalformedURLException;
 5 | 
 6 | import org.junit.Test;
 7 | import org.meri.simpleshirosecuredapplication.test.AbstractContainerTest;
 8 | 
 9 | import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
10 | 
11 | public class RunWaitTest extends AbstractContainerTest {
12 | 
13 | 	@Test
14 | 	public void sleepForever() throws FailingHttpStatusCodeException, MalformedURLException, IOException, InterruptedException {
15 | 		while (true)
16 | 			Thread.sleep(9999);
17 | 	}
18 | 
19 | }
20 | 


--------------------------------------------------------------------------------
/src/test/java/org/meri/simpleshirosecuredapplication/test/AbstractContainerTest.java:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Licensed to the Apache Software Foundation (ASF) under one
  3 |  * or more contributor license agreements.  See the NOTICE file
  4 |  * distributed with this work for additional information
  5 |  * regarding copyright ownership.  The ASF licenses this file
  6 |  * to you under the Apache License, Version 2.0 (the
  7 |  * "License"); you may not use this file except in compliance
  8 |  * with the License.  You may obtain a copy of the License at
  9 |  *
 10 |  *     http://www.apache.org/licenses/LICENSE-2.0
 11 |  *
 12 |  * Unless required by applicable law or agreed to in writing,
 13 |  * software distributed under the License is distributed on an
 14 |  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 15 |  * KIND, either express or implied.  See the License for the
 16 |  * specific language governing permissions and limitations
 17 |  * under the License.
 18 |  */
 19 | package org.meri.simpleshirosecuredapplication.test;
 20 | 
 21 | import static org.junit.Assert.assertTrue;
 22 | 
 23 | import org.junit.Before;
 24 | import org.junit.BeforeClass;
 25 | import org.mortbay.jetty.Connector;
 26 | import org.mortbay.jetty.Server;
 27 | import org.mortbay.jetty.nio.SelectChannelConnector;
 28 | import org.mortbay.jetty.security.SslSocketConnector;
 29 | import org.mortbay.jetty.webapp.WebAppContext;
 30 | 
 31 | import com.gargoylesoftware.htmlunit.WebClient;
 32 | 
 33 | public abstract class AbstractContainerTest {
 34 |     protected static PauseableServer server;
 35 | 
 36 |     protected static final int port = 9180;
 37 |     protected static final int sslPort = 8443;
 38 | 
 39 |     protected static final String BASEURI = "http://localhost:" + port + "/";
 40 | 
 41 |     protected final WebClient webClient = new WebClient();
 42 |     
 43 |     private static String[] configurationClasses =
 44 |     {
 45 |     	"org.mortbay.jetty.webapp.JettyWebXmlConfiguration",
 46 |     	"org.mortbay.jetty.webapp.WebInfConfiguration",
 47 |     	"org.mortbay.jetty.plus.webapp.EnvConfiguration",
 48 |     	"org.mortbay.jetty.plus.webapp.Configuration",
 49 |     	"org.mortbay.jetty.webapp.TagLibConfiguration"
 50 |     } ; 
 51 | 
 52 | 
 53 |     @BeforeClass
 54 |     public static void startContainer() throws Exception {
 55 |         if (server == null) {
 56 |             server = new PauseableServer();
 57 |             Connector connector = createHttpConnector();
 58 |             SslSocketConnector sslConnector = createSslConnector();
 59 |             server.setConnectors(new Connector[]{connector, sslConnector});
 60 |             
 61 |             WebAppContext context = createWebAppContext();
 62 | 						server.setHandler(context);
 63 | 						
 64 |             server.start();
 65 |             assertTrue(server.isStarted());
 66 |         }
 67 |     }
 68 | 
 69 | 		private static WebAppContext createWebAppContext() {
 70 | 	    WebAppContext context = new WebAppContext("src/main/webapp", "/");
 71 | 	    context.setConfigurationClasses(configurationClasses);
 72 | 	    
 73 | 	    return context;
 74 |     }
 75 | 
 76 | 		private static SslSocketConnector createSslConnector() {
 77 | 	    SslSocketConnector sslConnector = new SslSocketConnector();
 78 | 	    sslConnector.setPort(sslPort);
 79 | 	    sslConnector.setKeyPassword("secret");
 80 | 	    sslConnector.setKeystore("src/test/resources/keystore");
 81 | 	    sslConnector.setTrustPassword("secret");
 82 | 	    sslConnector.setTruststore("src/main/resources/truststore");
 83 | 	    sslConnector.setPassword("secret");
 84 | 	    sslConnector.setWantClientAuth(true);
 85 | 	    //sslConnector.setNeedClientAuth(true);
 86 | 	    
 87 | 	    return sslConnector;
 88 |     }
 89 | 
 90 | 		private static Connector createHttpConnector() {
 91 | 	    Connector connector = new SelectChannelConnector();
 92 | 	    connector.setPort(port);
 93 | 	    return connector;
 94 |     }
 95 | 
 96 |     @Before
 97 |     public void beforeTest() {
 98 |         webClient.setThrowExceptionOnFailingStatusCode(true);
 99 |     }
100 | 
101 |     public void pauseServer(boolean paused) {
102 |         if (server != null) server.pause(paused);
103 |     }
104 | 
105 |     public static class PauseableServer extends Server {
106 |         public synchronized void pause(boolean paused) {
107 |             try {
108 |                 if (paused) for (Connector connector : getConnectors())
109 |                     connector.stop();
110 |                 else for (Connector connector : getConnectors())
111 |                     connector.start();
112 |             } catch (Exception e) {
113 |             }
114 |         }
115 |     }
116 | }
117 | 


--------------------------------------------------------------------------------
/src/test/java/org/meri/simpleshirosecuredapplication/util/AnalyzeKeystore.java:
--------------------------------------------------------------------------------
 1 | package org.meri.simpleshirosecuredapplication.util;
 2 | 
 3 | import java.io.FileInputStream;
 4 | import java.io.IOException;
 5 | import java.math.BigInteger;
 6 | import java.security.KeyStore;
 7 | import java.security.cert.X509Certificate;
 8 | import java.util.Enumeration;
 9 | 
10 | import org.apache.xerces.impl.dv.util.Base64;
11 | 
12 | /**
13 |  * Utility class. Investigates keystore file and prints all certificates along with authority names and serial numbers.  
14 |  */
15 | public class AnalyzeKeystore {
16 | 	
17 | 	public static void main(String[] args) {
18 | 		AnalyzeKeystore instance = new AnalyzeKeystore();
19 | 		instance.certificateOK("src/main/resources/truststore", "secret");
20 | 	}
21 | 	
22 | 	private void certificateOK(String truststore, String password) {
23 | 		FileInputStream stream = null;
24 | 
25 | 		try {
26 | 			stream = new FileInputStream(truststore);
27 | 			KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
28 | 			keyStore.load(stream, password.toCharArray());
29 | 			
30 | 			Enumeration<String> aliases = keyStore.aliases();
31 | 			while (aliases.hasMoreElements()) {
32 | 				String alias = aliases.nextElement();
33 | 				X509Certificate certificate = (X509Certificate) keyStore.getCertificate(alias);
34 | 				
35 | 				BigInteger serialNumber = certificate.getSerialNumber();
36 | 				String issuerName = certificate.getIssuerDN().getName();
37 | 				String base64Serial = Base64.encode(serialNumber.toByteArray());
38 | 				
39 | 				System.out.println(alias + ": " + base64Serial + "|XX|" + issuerName);
40 | 			}
41 | 			
42 | 		} catch (Exception ex) {
43 | 			ex.printStackTrace();
44 | 		} finally {
45 | 			try {
46 | 				stream.close();
47 | 			} catch (IOException e) {
48 | 			}
49 | 		}
50 | 	}
51 | 
52 | }
53 | 


--------------------------------------------------------------------------------
/src/test/java/org/meri/simpleshirosecuredapplication/util/HashPassword.java:
--------------------------------------------------------------------------------
 1 | package org.meri.simpleshirosecuredapplication.util;
 2 | 
 3 | import org.apache.shiro.crypto.hash.Sha256Hash;
 4 | import org.apache.shiro.util.SimpleByteSource;
 5 | 
 6 | public class HashPassword {
 7 | 
 8 | 	/**
 9 | 	 * @param args
10 | 	 */
11 | 	public static void main(String[] args) {
12 | 		simpleHash("heslo");
13 | 		simpleSaltedHash("administrator", "heslo");
14 | 		simpleSaltedHash("friendlyrepairman", "heslo");
15 | 		simpleSaltedHash("unfriendlyrepairman", "heslo");
16 | 		simpleSaltedHash("mathematician", "heslo");
17 | 		simpleSaltedHash("physicien", "heslo");
18 | 		simpleSaltedHash("productsales", "heslo");
19 | 		simpleSaltedHash("servicessales", "heslo");
20 | 
21 | 	}
22 | 
23 | 	private static String simpleHash(String password) {
24 | 	  Sha256Hash sha256Hash = new Sha256Hash(password);
25 | 		String result = sha256Hash.toHex();
26 | 
27 | 		System.out.println("Simple hash: " + result);
28 | 	  return result;
29 |   }
30 | 
31 | 	private static String simpleSaltedHash(String username, String password) {
32 | 	  Sha256Hash sha256Hash = new Sha256Hash(password, (new SimpleByteSource("random_salt_value_" + username)).getBytes());
33 | 		String result = sha256Hash.toHex();
34 | 
35 | 		System.out.println(username + " simple salted hash: " + result);
36 | 	  return result;
37 |   }
38 | 
39 | }
40 | 


--------------------------------------------------------------------------------
/src/test/resources/clients/administrator/administrator.cer:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SomMeri/SimpleShiroSecuredApplication/778f37b22fb023873a13976860e3692c55dce424/src/test/resources/clients/administrator/administrator.cer


--------------------------------------------------------------------------------
/src/test/resources/clients/administrator/administrator.jks:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SomMeri/SimpleShiroSecuredApplication/778f37b22fb023873a13976860e3692c55dce424/src/test/resources/clients/administrator/administrator.jks


--------------------------------------------------------------------------------
/src/test/resources/clients/administrator/administrator.p12:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SomMeri/SimpleShiroSecuredApplication/778f37b22fb023873a13976860e3692c55dce424/src/test/resources/clients/administrator/administrator.p12


--------------------------------------------------------------------------------
/src/test/resources/clients/friendlyrepaiman/friendlyrepairman.cer:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SomMeri/SimpleShiroSecuredApplication/778f37b22fb023873a13976860e3692c55dce424/src/test/resources/clients/friendlyrepaiman/friendlyrepairman.cer


--------------------------------------------------------------------------------
/src/test/resources/clients/friendlyrepaiman/friendlyrepairman.jks:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SomMeri/SimpleShiroSecuredApplication/778f37b22fb023873a13976860e3692c55dce424/src/test/resources/clients/friendlyrepaiman/friendlyrepairman.jks


--------------------------------------------------------------------------------
/src/test/resources/clients/friendlyrepaiman/friendlyrepairman.p12:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SomMeri/SimpleShiroSecuredApplication/778f37b22fb023873a13976860e3692c55dce424/src/test/resources/clients/friendlyrepaiman/friendlyrepairman.p12


--------------------------------------------------------------------------------
/src/test/resources/clients/mathematician/mathematician.cer:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SomMeri/SimpleShiroSecuredApplication/778f37b22fb023873a13976860e3692c55dce424/src/test/resources/clients/mathematician/mathematician.cer


--------------------------------------------------------------------------------
/src/test/resources/clients/mathematician/mathematician.jks:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SomMeri/SimpleShiroSecuredApplication/778f37b22fb023873a13976860e3692c55dce424/src/test/resources/clients/mathematician/mathematician.jks


--------------------------------------------------------------------------------
/src/test/resources/clients/mathematician/mathematician.p12:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SomMeri/SimpleShiroSecuredApplication/778f37b22fb023873a13976860e3692c55dce424/src/test/resources/clients/mathematician/mathematician.p12


--------------------------------------------------------------------------------
/src/test/resources/clients/physicien/physicien.cer:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SomMeri/SimpleShiroSecuredApplication/778f37b22fb023873a13976860e3692c55dce424/src/test/resources/clients/physicien/physicien.cer


--------------------------------------------------------------------------------
/src/test/resources/clients/physicien/physicien.jks:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SomMeri/SimpleShiroSecuredApplication/778f37b22fb023873a13976860e3692c55dce424/src/test/resources/clients/physicien/physicien.jks


--------------------------------------------------------------------------------
/src/test/resources/clients/physicien/physicien.p12:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SomMeri/SimpleShiroSecuredApplication/778f37b22fb023873a13976860e3692c55dce424/src/test/resources/clients/physicien/physicien.p12


--------------------------------------------------------------------------------
/src/test/resources/clients/productsales/productsales.cer:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SomMeri/SimpleShiroSecuredApplication/778f37b22fb023873a13976860e3692c55dce424/src/test/resources/clients/productsales/productsales.cer


--------------------------------------------------------------------------------
/src/test/resources/clients/productsales/productsales.jks:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SomMeri/SimpleShiroSecuredApplication/778f37b22fb023873a13976860e3692c55dce424/src/test/resources/clients/productsales/productsales.jks


--------------------------------------------------------------------------------
/src/test/resources/clients/productsales/productsales.p12:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SomMeri/SimpleShiroSecuredApplication/778f37b22fb023873a13976860e3692c55dce424/src/test/resources/clients/productsales/productsales.p12


--------------------------------------------------------------------------------
/src/test/resources/clients/servicessales/servicessales.cer:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SomMeri/SimpleShiroSecuredApplication/778f37b22fb023873a13976860e3692c55dce424/src/test/resources/clients/servicessales/servicessales.cer


--------------------------------------------------------------------------------
/src/test/resources/clients/servicessales/servicessales.jks:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SomMeri/SimpleShiroSecuredApplication/778f37b22fb023873a13976860e3692c55dce424/src/test/resources/clients/servicessales/servicessales.jks


--------------------------------------------------------------------------------
/src/test/resources/clients/servicessales/servicessales.p12:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SomMeri/SimpleShiroSecuredApplication/778f37b22fb023873a13976860e3692c55dce424/src/test/resources/clients/servicessales/servicessales.p12


--------------------------------------------------------------------------------
/src/test/resources/clients/unfriendlyrepaiman/unfriendlyrepairman.cer:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SomMeri/SimpleShiroSecuredApplication/778f37b22fb023873a13976860e3692c55dce424/src/test/resources/clients/unfriendlyrepaiman/unfriendlyrepairman.cer


--------------------------------------------------------------------------------
/src/test/resources/clients/unfriendlyrepaiman/unfriendlyrepairman.jks:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SomMeri/SimpleShiroSecuredApplication/778f37b22fb023873a13976860e3692c55dce424/src/test/resources/clients/unfriendlyrepaiman/unfriendlyrepairman.jks


--------------------------------------------------------------------------------
/src/test/resources/clients/unfriendlyrepaiman/unfriendlyrepairman.p12:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SomMeri/SimpleShiroSecuredApplication/778f37b22fb023873a13976860e3692c55dce424/src/test/resources/clients/unfriendlyrepaiman/unfriendlyrepairman.p12


--------------------------------------------------------------------------------
/src/test/resources/keystore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SomMeri/SimpleShiroSecuredApplication/778f37b22fb023873a13976860e3692c55dce424/src/test/resources/keystore


--------------------------------------------------------------------------------
/target/test-classes/keystore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SomMeri/SimpleShiroSecuredApplication/778f37b22fb023873a13976860e3692c55dce424/target/test-classes/keystore


--------------------------------------------------------------------------------