JAVA-13856 Create new security-modules (#12622)

2022-08-20 13:47:25 +05:30
parent b38eb760d1
commit 14c998c3ac
237 changed files with 1420 additions and 1392 deletions
@@ -0,0 +1,96 @@
+package com.baeldung.comparison.shiro;
+
+import java.sql.Connection;
+import java.sql.SQLException;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.authc.AuthenticationInfo;
+import org.apache.shiro.authc.AuthenticationToken;
+import org.apache.shiro.authc.SimpleAuthenticationInfo;
+import org.apache.shiro.authc.UnknownAccountException;
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.authz.AuthorizationInfo;
+import org.apache.shiro.authz.SimpleAuthorizationInfo;
+import org.apache.shiro.realm.jdbc.JdbcRealm;
+import org.apache.shiro.subject.PrincipalCollection;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class CustomRealm extends JdbcRealm {
+    
+    private Logger logger = LoggerFactory.getLogger(CustomRealm.class);
+
+    private Map<String, String> credentials = new HashMap<>();
+    private Map<String, Set<String>> roles = new HashMap<>();
+    private Map<String, Set<String>> permissions = new HashMap<>();
+
+    {
+        credentials.put("Tom", "password");
+        credentials.put("Jerry", "password");
+
+        roles.put("Jerry", new HashSet<>(Arrays.asList("ADMIN")));
+        roles.put("Tom", new HashSet<>(Arrays.asList("USER")));
+
+        permissions.put("ADMIN", new HashSet<>(Arrays.asList("READ", "WRITE")));
+        permissions.put("USER", new HashSet<>(Arrays.asList("READ")));
+    }
+
+    @Override
+    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
+
+        UsernamePasswordToken userToken = (UsernamePasswordToken) token;
+
+        if (userToken.getUsername() == null || userToken.getUsername()
+            .isEmpty() || !credentials.containsKey(userToken.getUsername())) {
+            throw new UnknownAccountException("User doesn't exist");
+        }
+
+        return new SimpleAuthenticationInfo(userToken.getUsername(), credentials.get(userToken.getUsername()), getName());
+    }
+
+    @Override
+    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
+        Set<String> roles = new HashSet<>();
+        Set<String> permissions = new HashSet<>();
+
+        for (Object user : principals) {
+            try {
+                roles.addAll(getRoleNamesForUser(null, (String) user));
+                permissions.addAll(getPermissions(null, null, roles));
+            } catch (SQLException e) {
+                logger.error(e.getMessage());
+            }
+        }
+        SimpleAuthorizationInfo authInfo = new SimpleAuthorizationInfo(roles);
+        authInfo.setStringPermissions(permissions);
+        return authInfo;
+    }
+
+    @Override
+    protected Set<String> getRoleNamesForUser(Connection conn, String username) throws SQLException {
+        if (!roles.containsKey(username)) {
+            throw new SQLException("User doesn't exist");
+        }
+        return roles.get(username);
+    }
+
+    @Override
+    protected Set<String> getPermissions(Connection conn, String username, Collection<String> roles) throws SQLException {
+        Set<String> userPermissions = new HashSet<>();
+
+        for (String role : roles) {
+            if (!permissions.containsKey(role)) {
+                throw new SQLException("Role doesn't exist");
+            }
+            userPermissions.addAll(permissions.get(role));
+        }
+        return userPermissions;
+    }
+
+}
@@ -0,0 +1,33 @@
+package com.baeldung.comparison.shiro;
+
+import org.apache.shiro.realm.Realm;
+import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;
+import org.apache.shiro.spring.web.config.ShiroFilterChainDefinition;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
+import org.springframework.context.annotation.Bean;
+
+@SpringBootApplication(exclude = SecurityAutoConfiguration.class)
+public class ShiroApplication {
+
+    public static void main(String... args) {
+        SpringApplication.run(ShiroApplication.class, args);
+    }
+
+    @Bean
+    public Realm customRealm() {
+        return new CustomRealm();
+    }
+
+    @Bean
+    public ShiroFilterChainDefinition shiroFilterChainDefinition() {
+        DefaultShiroFilterChainDefinition filter = new DefaultShiroFilterChainDefinition();
+
+        filter.addPathDefinition("/home", "authc");
+        filter.addPathDefinition("/**", "anon");
+
+        return filter;
+    }
+
+}
@@ -0,0 +1,99 @@
+package com.baeldung.comparison.shiro.controllers;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.subject.Subject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.servlet.mvc.support.RedirectAttributes;
+
+import com.baeldung.comparison.shiro.models.UserCredentials;
+
+@Controller
+public class ShiroController {
+    
+    private Logger logger = LoggerFactory.getLogger(ShiroController.class);
+
+    @GetMapping("/")
+    public String getIndex() {
+        return "comparison/index";
+    }
+
+    @GetMapping("/login")
+    public String showLoginPage() {
+        return "comparison/login";
+    }
+
+    @PostMapping("/login")
+    public String doLogin(HttpServletRequest req, UserCredentials credentials, RedirectAttributes attr) {
+
+        Subject subject = SecurityUtils.getSubject();
+
+        if (!subject.isAuthenticated()) {
+            UsernamePasswordToken token = new UsernamePasswordToken(credentials.getUsername(), credentials.getPassword());
+            try {
+                subject.login(token);
+            } catch (AuthenticationException ae) {
+                logger.error(ae.getMessage());
+                attr.addFlashAttribute("error", "Invalid Credentials");
+                return "redirect:/login";
+            }
+        }
+        return "redirect:/home";
+    }
+
+    @GetMapping("/home")
+    public String getMeHome(Model model) {
+
+        addUserAttributes(model);
+
+        return "comparison/home";
+    }
+
+    @GetMapping("/admin")
+    public String adminOnly(Model model) {
+        addUserAttributes(model);
+
+        Subject currentUser = SecurityUtils.getSubject();
+        if (currentUser.hasRole("ADMIN")) {
+            model.addAttribute("adminContent", "only admin can view this");
+        }
+        return "comparison/home";
+    }
+
+    @PostMapping("/logout")
+    public String logout() {
+        Subject subject = SecurityUtils.getSubject();
+        subject.logout();
+        return "redirect:/";
+    }
+
+    private void addUserAttributes(Model model) {
+        Subject currentUser = SecurityUtils.getSubject();
+        String permission = "";
+
+        if (currentUser.hasRole("ADMIN")) {
+            model.addAttribute("role", "ADMIN");
+        } else if (currentUser.hasRole("USER")) {
+            model.addAttribute("role", "USER");
+        }
+
+        if (currentUser.isPermitted("READ")) {
+            permission = permission + " READ";
+        }
+
+        if (currentUser.isPermitted("WRITE")) {
+            permission = permission + " WRITE";
+        }
+        model.addAttribute("username", currentUser.getPrincipal());
+        model.addAttribute("permission", permission);
+    }
+
+}
@@ -0,0 +1,28 @@
+package com.baeldung.comparison.shiro.models;
+
+public class UserCredentials {
+
+    private String username;
+    private String password;
+
+    public String getUsername() {
+        return username;
+    }
+
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
+    @Override
+    public String toString() {
+        return "username = " + getUsername();
+    }
+}
@@ -0,0 +1,19 @@
+package com.baeldung.comparison.springsecurity;
+
+import org.apache.shiro.spring.boot.autoconfigure.ShiroAnnotationProcessorAutoConfiguration;
+import org.apache.shiro.spring.boot.autoconfigure.ShiroAutoConfiguration;
+import org.apache.shiro.spring.config.web.autoconfigure.ShiroWebAutoConfiguration;
+import org.apache.shiro.spring.config.web.autoconfigure.ShiroWebFilterConfiguration;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication(exclude = {ShiroAutoConfiguration.class,
+        ShiroAnnotationProcessorAutoConfiguration.class,
+        ShiroWebAutoConfiguration.class,
+        ShiroWebFilterConfiguration.class})
+public class Application {
+
+    public static void main(String[] args) {
+        SpringApplication.run(Application.class, args);
+    }
+}
@@ -0,0 +1,45 @@
+package com.baeldung.comparison.springsecurity.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@EnableWebSecurity
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.csrf().disable().authorizeRequests(authorize -> authorize.antMatchers("/index", "/login")
+            .permitAll()
+            .antMatchers("/home", "/logout")
+            .authenticated()
+            .antMatchers("/admin/**")
+            .hasRole("ADMIN"))
+            .formLogin(formLogin -> formLogin.loginPage("/login")
+                .failureUrl("/login-error"));
+    }
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.inMemoryAuthentication()
+            .withUser("Jerry")
+            .password(passwordEncoder().encode("password"))
+            .authorities("READ", "WRITE")
+            .roles("ADMIN")
+            .and()
+            .withUser("Tom")
+            .password(passwordEncoder().encode("password"))
+            .authorities("READ")
+            .roles("USER");
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+}
@@ -0,0 +1,79 @@
+package com.baeldung.comparison.springsecurity.web;
+
+import java.util.Collection;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+public class SpringController {
+
+    @GetMapping("/")
+    public String getIndex() {
+        return "comparison/index";
+    }
+
+    @GetMapping("/login")
+    public String showLoginPage() {
+        return "comparison/login";
+    }
+
+    @RequestMapping("/login-error")
+    public String loginError(Model model) {
+        model.addAttribute("error", "Invalid Credentials");
+        return "comparison/login";
+    }
+
+    @PostMapping("/login")
+    public String doLogin(HttpServletRequest req) {
+        return "redirect:/home";
+    }
+
+    @GetMapping("/home")
+    public String showHomePage(HttpServletRequest req, Model model) {
+        addUserAttributes(model);
+        return "comparison/home";
+    }
+
+    @GetMapping("/admin")
+    public String adminOnly(HttpServletRequest req, Model model) {
+        addUserAttributes(model);
+        model.addAttribute("adminContent", "only admin can view this");
+        return "comparison/home";
+    }
+
+    private void addUserAttributes(Model model) {
+        Authentication auth = SecurityContextHolder.getContext()
+            .getAuthentication();
+        if (auth != null && !auth.getClass()
+            .equals(AnonymousAuthenticationToken.class)) {
+            User user = (User) auth.getPrincipal();
+            model.addAttribute("username", user.getUsername());
+
+            Collection<GrantedAuthority> authorities = user.getAuthorities();
+
+            for (GrantedAuthority authority : authorities) {
+                if (authority.getAuthority()
+                    .contains("USER")) {
+                    model.addAttribute("role", "USER");
+                    model.addAttribute("permission", "READ");
+                } else if (authority.getAuthority()
+                    .contains("ADMIN")) {
+                    model.addAttribute("role", "ADMIN");
+                    model.addAttribute("permission", "READ WRITE");
+                }
+            }
+        }
+    }
+
+}
@@ -0,0 +1,88 @@
+package com.baeldung.intro;
+
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.authc.IncorrectCredentialsException;
+import org.apache.shiro.authc.LockedAccountException;
+import org.apache.shiro.authc.UnknownAccountException;
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.mgt.DefaultSecurityManager;
+import org.apache.shiro.mgt.SecurityManager;
+import org.apache.shiro.realm.Realm;
+import org.apache.shiro.session.Session;
+import org.apache.shiro.subject.Subject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class Main {
+
+    private static final transient Logger log = LoggerFactory.getLogger(Main.class);
+
+    public static void main(String[] args) {
+
+        Realm realm = new MyCustomRealm();
+        SecurityManager securityManager = new DefaultSecurityManager(realm);
+
+        SecurityUtils.setSecurityManager(securityManager);
+        Subject currentUser = SecurityUtils.getSubject();
+
+        if (!currentUser.isAuthenticated()) {
+          UsernamePasswordToken token 
+            = new UsernamePasswordToken("user", "password");
+          token.setRememberMe(true);
+          try {
+              currentUser.login(token);
+          } catch (UnknownAccountException uae) {
+              log.error("Username Not Found!", uae);
+          } catch (IncorrectCredentialsException ice) {
+              log.error("Invalid Credentials!", ice);
+          } catch (LockedAccountException lae) {
+              log.error("Your Account is Locked!", lae);
+          } catch (AuthenticationException ae) {
+              log.error("Unexpected Error!", ae);
+          }
+        }
+
+        log.info("User [" + currentUser.getPrincipal() + "] logged in successfully.");
+
+        if (currentUser.hasRole("admin")) {
+            log.info("Welcome Admin");
+        } else if(currentUser.hasRole("editor")) {
+            log.info("Welcome, Editor!");
+        } else if(currentUser.hasRole("author")) {
+            log.info("Welcome, Author");
+        } else {
+            log.info("Welcome, Guest");
+        }
+
+        if(currentUser.isPermitted("articles:compose")) {
+            log.info("You can compose an article");
+        } else {
+            log.info("You are not permitted to compose an article!");
+        }
+
+        if(currentUser.isPermitted("articles:save")) {
+            log.info("You can save articles");
+        } else {
+            log.info("You can not save articles");
+        }
+
+        if(currentUser.isPermitted("articles:publish")) {
+            log.info("You can publish articles");
+        } else {
+            log.info("You can not publish articles");
+        }
+
+        Session session = currentUser.getSession();
+        session.setAttribute("key", "value");
+        String value = (String) session.getAttribute("key");
+        if (value.equals("value")) {
+            log.info("Retrieved the correct value! [" + value + "]");
+        }
+
+        currentUser.logout();
+
+        System.exit(0);
+    }
+
+}
@@ -0,0 +1,110 @@
+package com.baeldung.intro;
+
+import java.sql.Connection;
+import java.sql.SQLException;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.authc.AuthenticationInfo;
+import org.apache.shiro.authc.AuthenticationToken;
+import org.apache.shiro.authc.SimpleAuthenticationInfo;
+import org.apache.shiro.authc.UnknownAccountException;
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.authz.AuthorizationInfo;
+import org.apache.shiro.authz.SimpleAuthorizationInfo;
+import org.apache.shiro.realm.jdbc.JdbcRealm;
+import org.apache.shiro.subject.PrincipalCollection;
+
+public class MyCustomRealm extends JdbcRealm {
+
+    private Map<String, String> credentials = new HashMap<>();
+    private Map<String, Set<String>> roles = new HashMap<>();
+    private Map<String, Set<String>> perm = new HashMap<>();
+
+    {
+      credentials.put("user", "password");
+      credentials.put("user2", "password2");
+      credentials.put("user3", "password3");
+
+      roles.put("user", new HashSet<>(Arrays.asList("admin")));
+      roles.put("user2", new HashSet<>(Arrays.asList("editor")));
+      roles.put("user3", new HashSet<>(Arrays.asList("author")));
+
+      perm.put("admin", new HashSet<>(Arrays.asList("*")));
+      perm.put("editor", new HashSet<>(Arrays.asList("articles:*")));
+      perm.put("author",
+        new HashSet<>(Arrays.asList("articles:compose",
+          "articles:save")));
+
+    }
+
+    @Override
+    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
+      throws AuthenticationException {
+
+        UsernamePasswordToken uToken = (UsernamePasswordToken) token;
+
+        if(uToken.getUsername() == null
+          || uToken.getUsername().isEmpty()
+          || !credentials.containsKey(uToken.getUsername())
+          ) {
+            throw new UnknownAccountException("username not found!");
+        }
+
+
+        return new SimpleAuthenticationInfo(
+          uToken.getUsername(), credentials.get(uToken.getUsername()),
+          getName());
+    }
+
+    @Override
+    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
+        Set<String> roleNames = new HashSet<>();
+        Set<String> permissions = new HashSet<>();
+
+        principals.forEach(p -> {
+            try {
+                Set<String> roles = getRoleNamesForUser(null, (String) p);
+                roleNames.addAll(roles);
+                permissions.addAll(getPermissions(null, null,roles));
+            } catch (SQLException e) {
+                e.printStackTrace();
+            }
+        });
+
+        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roleNames);
+        info.setStringPermissions(permissions);
+        return info;
+    }
+
+    @Override
+    protected Set<String> getRoleNamesForUser(Connection conn, String username) throws SQLException {
+        if(!roles.containsKey(username)) {
+            throw new SQLException("username not found!");
+        }
+
+       return roles.get(username);
+    }
+
+    @Override
+    protected Set<String> getPermissions(Connection conn, String username, Collection<String> roleNames) throws SQLException {
+        for (String role : roleNames) {
+            if (!perm.containsKey(role)) {
+                throw new SQLException("role not found!");
+            }
+        }
+
+        Set<String> finalSet = new HashSet<>();
+        for (String role : roleNames) {
+            finalSet.addAll(perm.get(role));
+        }
+
+        return finalSet;
+    }
+
+}
@@ -0,0 +1,46 @@
+package com.baeldung.intro;
+
+import org.apache.shiro.realm.Realm;
+import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;
+import org.apache.shiro.spring.web.config.ShiroFilterChainDefinition;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
+import org.springframework.context.annotation.Bean;
+
+/**
+ * Created by smatt on 21/08/2017.
+ */
+@SpringBootApplication(exclude = SecurityAutoConfiguration.class)
+public class ShiroSpringApplication {
+
+    private static final transient Logger log = LoggerFactory.getLogger(ShiroSpringApplication.class);
+
+    public static void main(String... args) {
+        SpringApplication.run(ShiroSpringApplication.class, args);
+    }
+
+
+    @Bean
+    public Realm realm() {
+        return new MyCustomRealm();
+    }
+
+
+    @Bean
+    public ShiroFilterChainDefinition filterChainDefinition() {
+        DefaultShiroFilterChainDefinition filter
+          = new DefaultShiroFilterChainDefinition();
+
+        filter.addPathDefinition("/secure", "authc");
+        filter.addPathDefinition("/**", "anon");
+
+        return filter;
+    }
+
+
+
+
+}
@@ -0,0 +1,101 @@
+package com.baeldung.intro.controllers;
+
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.subject.Subject;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.ModelMap;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.servlet.mvc.support.RedirectAttributes;
+
+import com.baeldung.intro.models.UserCredentials;
+
+import javax.servlet.http.HttpServletRequest;
+
+@Controller
+public class ShiroSpringController {
+
+    @GetMapping("/")
+    public String index() {
+       return "index";
+    }
+
+    @RequestMapping( value = "/login", method = {RequestMethod.GET, RequestMethod.POST})
+    public String login(HttpServletRequest req, UserCredentials cred, RedirectAttributes attr) {
+
+      if(req.getMethod().equals(RequestMethod.GET.toString())) {
+        return "login";
+      } else {
+        Subject subject = SecurityUtils.getSubject();
+
+        if(!subject.isAuthenticated()) {
+          UsernamePasswordToken token = new UsernamePasswordToken(
+            cred.getUsername(), cred.getPassword(), cred.isRememberMe());
+          try {
+            subject.login(token);
+          } catch (AuthenticationException ae) {
+              ae.printStackTrace();
+              attr.addFlashAttribute("error", "Invalid Credentials");
+              return "redirect:/login";
+          }
+        }
+
+        return "redirect:/secure";
+      }
+    }
+
+
+    @GetMapping("/secure")
+    public String secure(ModelMap modelMap) {
+
+        Subject currentUser = SecurityUtils.getSubject();
+        String role = "", permission = "";
+
+        if(currentUser.hasRole("admin")) {
+            role = role  + "You are an Admin";
+        }
+        else if(currentUser.hasRole("editor")) {
+            role = role + "You are an Editor";
+        }
+        else if(currentUser.hasRole("author")) {
+            role = role + "You are an Author";
+        }
+
+        if(currentUser.isPermitted("articles:compose")) {
+            permission = permission + "You can compose an article, ";
+        } else {
+            permission = permission + "You are not permitted to compose an article!, ";
+        }
+
+        if(currentUser.isPermitted("articles:save")) {
+            permission = permission + "You can save articles, ";
+        } else {
+            permission = permission + "\nYou can not save articles, ";
+        }
+
+        if(currentUser.isPermitted("articles:publish")) {
+            permission = permission  + "\nYou can publish articles";
+        } else {
+            permission = permission + "\nYou can not publish articles";
+        }
+
+        modelMap.addAttribute("username", currentUser.getPrincipal());
+        modelMap.addAttribute("permission", permission);
+        modelMap.addAttribute("role", role);
+
+        return "secure";
+    }
+
+
+    @PostMapping("/logout")
+    public String logout() {
+       Subject subject = SecurityUtils.getSubject();
+       subject.logout();
+       return "redirect:/";
+    }
+
+}
@@ -0,0 +1,40 @@
+package com.baeldung.intro.models;
+
+public class UserCredentials {
+
+    private String username;
+    private String password;
+    private boolean rememberMe = false;
+
+    public UserCredentials() {}
+
+    public String getUsername() {
+        return username;
+    }
+
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
+    public boolean isRememberMe() {
+        return rememberMe;
+    }
+
+    public void setRememberMe(boolean rememberMe) {
+        this.rememberMe = rememberMe;
+    }
+
+    @Override
+    public String toString() {
+        return "username = " + getUsername()
+                + "\nrememberMe = " + isRememberMe();
+    }
+}
@@ -0,0 +1,69 @@
+package com.baeldung.permissions.custom;
+
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.authc.IncorrectCredentialsException;
+import org.apache.shiro.authc.LockedAccountException;
+import org.apache.shiro.authc.UnknownAccountException;
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.config.Ini;
+import org.apache.shiro.mgt.DefaultSecurityManager;
+import org.apache.shiro.mgt.SecurityManager;
+import org.apache.shiro.realm.text.IniRealm;
+import org.apache.shiro.subject.Subject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class Main {
+
+    private static final transient Logger log = LoggerFactory.getLogger(Main.class);
+
+    public static void main(String[] args) {
+
+        IniRealm realm = new IniRealm();
+        Ini ini = Ini.fromResourcePath(Main.class.getResource("/com/baeldung/shiro/permissions/custom/shiro.ini").getPath());
+        realm.setIni(ini);
+        realm.setPermissionResolver(new PathPermissionResolver());
+        realm.init();
+        SecurityManager securityManager = new DefaultSecurityManager(realm);
+
+        SecurityUtils.setSecurityManager(securityManager);
+        Subject currentUser = SecurityUtils.getSubject();
+
+        if (!currentUser.isAuthenticated()) {
+          UsernamePasswordToken token = new UsernamePasswordToken("paul.reader", "password4");
+          token.setRememberMe(true);
+          try {
+              currentUser.login(token);
+          } catch (UnknownAccountException uae) {
+              log.error("Username Not Found!", uae);
+          } catch (IncorrectCredentialsException ice) {
+              log.error("Invalid Credentials!", ice);
+          } catch (LockedAccountException lae) {
+              log.error("Your Account is Locked!", lae);
+          } catch (AuthenticationException ae) {
+              log.error("Unexpected Error!", ae);
+          }
+        }
+
+        log.info("User [" + currentUser.getPrincipal() + "] logged in successfully.");
+
+        if (currentUser.hasRole("admin")) {
+            log.info("Welcome Admin");
+        } else if(currentUser.hasRole("editor")) {
+            log.info("Welcome, Editor!");
+        } else if(currentUser.hasRole("author")) {
+            log.info("Welcome, Author");
+        } else {
+            log.info("Welcome, Guest");
+        }
+
+        if(currentUser.isPermitted("/articles/drafts/new-article")) {
+            log.info("You can access articles");
+        } else {
+            log.info("You cannot access articles!");
+        }
+        currentUser.logout();
+    }
+
+}
@@ -0,0 +1,22 @@
+package com.baeldung.permissions.custom;
+
+import org.apache.shiro.authz.Permission;
+
+import java.nio.file.Path;
+
+public class PathPermission implements Permission {
+
+    private final Path path;
+
+    public PathPermission(Path path) {
+        this.path = path;
+    }
+
+    @Override
+    public boolean implies(Permission p) {
+        if(p instanceof PathPermission) {
+            return ((PathPermission) p).path.startsWith(path);
+        }
+        return false;
+    }
+}
@@ -0,0 +1,13 @@
+package com.baeldung.permissions.custom;
+
+import org.apache.shiro.authz.Permission;
+import org.apache.shiro.authz.permission.PermissionResolver;
+
+import java.nio.file.Paths;
+
+public class PathPermissionResolver implements PermissionResolver {
+    @Override
+    public Permission resolvePermission(String permissionString) {
+        return new PathPermission(Paths.get(permissionString));
+    }
+}