From 4d6b274243349c7c3eedcf09af11e2e1a9265296 Mon Sep 17 00:00:00 2001
From: "DamonXue(Fibonacci)"
Date: Tue, 12 Sep 2023 11:02:00 +0800
Subject: [PATCH] refactor.
---
.asf.yaml | 8 +-
.github/pull_request_template.md | 47 +-
CONTRIBUTING.md | 53 +-
LICENSE | 400 +++---
README.md | 8 +-
RELEASE-NOTES | 1144 ++++++++---------
.../org/apache/shiro/authc/SimpleAccount.java | 13 +-
.../credential/HashedCredentialsMatcher.java | 18 +-
.../pam/AbstractAuthenticationStrategy.java | 15 +-
.../authc/pam/AllSuccessfulStrategy.java | 8 +-
.../pam/AtLeastOneSuccessfulStrategy.java | 4 +-
.../authc/pam/AuthenticationStrategy.java | 21 +-
.../authc/pam/FirstSuccessfulStrategy.java | 9 +-
.../org/apache/shiro/authz/Authorizer.java | 9 +-
.../shiro/authz/ModularRealmAuthorizer.java | 23 +-
.../annotation/RequiresAuthentication.java | 4 +-
.../aop/AuthenticatedAnnotationHandler.java | 8 +-
...uthorizingAnnotationMethodInterceptor.java | 4 +-
.../authz/aop/GuestAnnotationHandler.java | 8 +-
.../aop/GuestAnnotationMethodInterceptor.java | 4 +-
.../aop/PermissionAnnotationHandler.java | 5 +-
...PermissionAnnotationMethodInterceptor.java | 5 +-
.../authz/aop/RoleAnnotationHandler.java | 10 +-
.../aop/RolesAllowedAnnotationHandler.java | 5 +-
.../authz/aop/UserAnnotationHandler.java | 12 +-
.../aop/UserAnnotationMethodInterceptor.java | 4 +-
.../authz/permission/PermissionResolver.java | 9 +-
.../authz/permission/WildcardPermission.java | 13 +-
.../shiro/mgt/AbstractRememberMeManager.java | 12 +-
.../shiro/mgt/AuthorizingSecurityManager.java | 4 +-
.../shiro/mgt/DefaultSecurityManager.java | 4 +-
.../shiro/mgt/RealmSecurityManager.java | 5 +-
.../shiro/mgt/SessionsSecurityManager.java | 7 +-
.../shiro/realm/AuthenticatingRealm.java | 6 +-
.../apache/shiro/realm/AuthorizingRealm.java | 7 +-
.../java/org/apache/shiro/realm/Realm.java | 6 +-
.../activedirectory/ActiveDirectoryRealm.java | 10 +-
.../apache/shiro/realm/jdbc/JdbcRealm.java | 14 +-
.../shiro/realm/ldap/AbstractLdapRealm.java | 11 +-
.../shiro/realm/ldap/DefaultLdapRealm.java | 3 +-
.../realm/ldap/JndiLdapContextFactory.java | 2 +-
.../shiro/realm/text/PropertiesRealm.java | 4 +-
.../mgt/AbstractNativeSessionManager.java | 9 +-
.../mgt/SessionValidationScheduler.java | 4 +-
.../shiro/session/mgt/SimpleSession.java | 5 +-
.../org/apache/shiro/subject/Subject.java | 5 +-
.../apache/shiro/util/PermissionUtils.java | 4 +-
.../org/apache/shiro/util/ThreadContext.java | 4 +-
.../event/LoggingBeanEventListenerTest.groovy | 2 +-
.../apache/shiro/lang/codec/H64Test.groovy | 2 +-
.../shiro/mgt/DefaultSubjectDAOTest.groovy | 2 +-
.../authc/AbstractAuthenticatorTest.java | 9 +-
.../ActiveDirectoryRealmTest.java | 5 +-
.../shiro/realm/jdbc/JDBCRealmTest.java | 5 +-
.../text/TextConfigurationRealmTest.java | 9 +-
.../shiro/util/AntPathMatcherTests.java | 5 +-
...tyManagerFactoryTest.propsRealm.properties | 6 +-
core/src/test/resources/test.shiro.ini | 40 +-
.../crypto/hash/DefaultHashServiceTest.groovy | 2 +-
.../hash/format/Shiro1CryptFormatTest.groovy | 2 +-
.../support/hashes/argon2/Argon2Hash.java | 25 +-
...ngleArgumentMethodEventListenerTest.groovy | 1 +
.../guice/SampleShiroServletModule.java | 6 +-
.../WEB-INF/errorpages/invalidErrorPage.xhtml | 44 +-
.../src/main/webapp/WEB-INF/faces-config.xml | 6 +-
.../src/main/webapp/WEB-INF/payara-web.xml | 3 +-
.../src/main/webapp/WEB-INF/web.xml | 4 +-
.../jakarta-ee/src/main/webapp/index.xhtml | 14 +-
.../src/main/webapp/shiro/adminpage.xhtml | 20 +-
.../main/webapp/shiro/auth/loginform.xhtml | 53 +-
.../webapp/shiro/auth/unauthenticated.xhtml | 14 +-
.../main/webapp/shiro/auth/unauthorized.xhtml | 20 +-
.../src/main/webapp/shiro/form.xhtml | 81 +-
.../src/main/webapp/shiro/index.xhtml | 26 +-
.../src/main/webapp/shiro/protected.xhtml | 26 +-
.../webapp/shiro/unprotected/manybeans.xhtml | 94 +-
.../main/webapp/shiro/unprotected/tags.xhtml | 44 +-
.../src/test/resources/arquillian.xml | 6 +-
.../jaxrs/app/config/ShiroServletFilter.java | 6 +-
.../app/src/main/resources/META-INF/beans.xml | 2 +-
.../app/src/main/webapp/WEB-INF/beans.xml | 2 +-
.../meecrowave/src/test/resources/log4j2.xml | 92 +-
.../src/main/liberty/config/server.xml | 6 +-
.../jaxrs/openliberty/OpenLibertyIT.java | 5 +-
.../jaxrs/tests/AbstractShiroJaxRsIT.java | 5 +-
.../testing/web/AbstractContainerIT.java | 5 +-
.../samples/aspectj/bank/BankService.java | 4 +-
.../aspectj/bank/SecureBankService.java | 5 +-
.../aspectj/bank/SecureBankServiceTest.java | 5 +-
.../guice/SampleShiroGuiceBootstrap.java | 6 +-
...ampleShiroNativeSessionsServletModule.java | 8 +-
.../guice/SampleShiroServletModule.java | 6 +-
samples/spring-boot-web/README.md | 3 +-
samples/spring-boot/README.md | 3 +-
.../sprhib/web/CurrentUserInterceptor.java | 5 +-
.../sprhib/web/ManageUsersController.java | 6 +-
.../sprhib/web/SecurityController.java | 4 +-
samples/spring-mvc/README.md | 3 +-
.../spring/BootstrapDataPopulator.java | 5 +-
.../samples/spring/DefaultSampleManager.java | 9 +-
.../spring/realm/SaltAwareJdbcRealm.java | 4 +-
.../src/main/resources/application.properties | 13 +-
.../spring-mvc/src/main/resources/ehcache.xml | 2 +-
.../main/webapp/WEB-INF/resources/login.jsp | 2 +-
samples/spring/README.md | 3 +-
.../src/main/webapp/account/index.jsp | 3 +-
samples/web-jakarta/src/main/webapp/home.jsp | 3 +-
.../jakarta/JakartaAbstractContainerIT.java | 4 +-
.../test/web/jakarta/WebContainerTest.java | 5 +-
samples/web/src/main/webapp/account/index.jsp | 3 +-
samples/web/src/main/webapp/home.jsp | 3 +-
src/license/header_format.xml | 8 +-
...notationsAuthorizingMethodInterceptor.java | 4 +-
.../shiro/aspectj/SecuredDummyService.java | 4 +-
.../apache/shiro/cache/ehcache/ehcache.xml | 2 +-
.../features/src/main/resources/features.xml | 19 +-
.../apache/shiro/guice/BeanTypeListener.java | 16 +-
.../shiro/guice/LifecycleTypeListener.java | 7 +-
.../org/apache/shiro/guice/ShiroModule.java | 14 +-
.../shiro/guice/web/GuiceShiroFilter.java | 6 +-
.../shiro/guice/web/ShiroWebModule.java | 27 +-
.../DestroyableInjectionListenerTest.java | 5 +-
.../shiro/guice/aop/ShiroAopModuleTest.java | 5 +-
.../shiro/guice/web/DefaultFiltersTest.java | 5 +-
.../shiro/guice/web/ShiroWebModuleTest.java | 11 +-
.../web/SimpleFilterChainResolverTest.java | 9 +-
.../guice/web/WebGuiceEnvironmentTest.java | 4 +-
.../shiro/ee/filters/FormResubmitSupport.java | 9 +-
.../resources/META-INF/shiro-faces.taglib.xml | 6 +-
.../jaxrs/AnnotationAuthorizationFilter.java | 4 +-
.../QuartzSessionValidationScheduler.java | 7 +-
.../ShiroWebFilterConfiguration.java | 4 +-
...itional-spring-configuration-metadata.json | 1 +
.../main/resources/META-INF/spring.factories | 3 +-
.../src/test/resources/logback.xml | 12 +-
.../ShiroEventBusBeanPostProcessor.java | 12 +-
...notationsAuthorizingMethodInterceptor.java | 3 +-
.../config/AbstractShiroWebConfiguration.java | 20 +-
.../config/ShiroBeanConfigurationTest.groovy | 1 +
.../config/ShiroConfigurationTest.groovy | 2 +-
.../config/ShiroWebConfigurationTest.groovy | 2 +-
.../ShiroWebFilterConfigurationTest.groovy | 3 +-
.../apache/shiro/spring/web/DummyFilter.java | 5 +-
.../web/ShiroFilterFactoryBeanTest.java | 4 +-
...actAuthorizationAnnotationTest-context.xml | 96 +-
...apcAuthorizationAnnotationTest-context.xml | 70 +-
...emaAuthorizationAnnotationTest-context.xml | 100 +-
...ConfigurationTestSameSiteStrict.properties | 5 +-
.../org/apache/shiro/tools/hasher/Hasher.java | 29 +-
.../web/config/ShiroFilterConfiguration.java | 12 +-
.../shiro/web/env/EnvironmentLoader.java | 4 +-
.../shiro/web/env/IniWebEnvironment.java | 9 +-
.../shiro/web/filter/AccessControlFilter.java | 8 +-
.../shiro/web/filter/PathMatchingFilter.java | 11 +-
.../filter/authc/AuthenticationFilter.java | 3 +-
.../authc/FormAuthenticationFilter.java | 9 +-
.../authc/HttpAuthenticationFilter.java | 8 +-
.../shiro/web/filter/authc/LogoutFilter.java | 10 +-
.../authc/PassThruAuthenticationFilter.java | 5 +-
.../shiro/web/filter/authc/UserFilter.java | 3 +-
.../web/filter/authz/AuthorizationFilter.java | 7 +-
.../authz/HttpMethodPermissionFilter.java | 3 +-
.../shiro/web/filter/authz/SslFilter.java | 6 +-
.../mgt/PathMatchingFilterChainResolver.java | 4 +-
.../web/servlet/AbstractShiroFilter.java | 11 +-
.../shiro/web/servlet/NameableFilter.java | 3 +-
.../web/servlet/ShiroHttpServletRequest.java | 20 +-
.../shiro/web/servlet/SimpleCookie.java | 10 +-
.../apache/shiro/web/tags/PrincipalTag.java | 7 +-
.../org/apache/shiro/web/util/WebUtils.java | 13 +-
web/src/main/resources/META-INF/shiro.tld | 282 ++--
.../PathMatchingFilterParameterizedTest.java | 9 +-
.../web/filter/PathMatchingFilterTest.java | 5 +-
.../BasicHttpFilterAuthenticationTest.java | 4 +-
.../web/mgt/CookieRememberMeManagerTest.java | 11 +-
.../shiro/web/servlet/SimpleCookieTest.java | 1 -
176 files changed, 1921 insertions(+), 1914 deletions(-)
diff --git a/.asf.yaml b/.asf.yaml
index 7ad465ec65..36306ad458 100644
--- a/.asf.yaml
+++ b/.asf.yaml
@@ -25,12 +25,12 @@ github:
issues: true
projects: true
enabled_merge_buttons:
- squash: false
- merge: true
- rebase: false
+ squash: false
+ merge: true
+ rebase: false
notifications:
pullrequests: commits@shiro.apache.org
commits: commits@shiro.apache.org
- issues: issues@shiro.apache.org
+ issues: issues@shiro.apache.org
jira_options: link label worklog
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 64280a08db..d3180e0408 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -5,36 +5,29 @@ For more details on how to report a vulnerablity see: https://www.apache.org/sec
Following this checklist to help us incorporate your contribution quickly and easily:
-- [ ] Make sure there is a [GitHub issue](https://github.com/apache/shiro/issues) filed
- for the change (usually before you start working on it). Trivial changes like typos do not
- require a GitHub issue. Your pull request should address just this issue, without pulling in other changes.
-- [ ] Each commit in the pull request should have a meaningful subject line and body.
-- [ ] Format the pull request title like `[#XXX] - Fixes bug in SessionManager`,
- where you replace `#XXX` with the appropriate GitHub issue. Best practice
- is to use the GitHub issue title in the pull request title and in the first line of the commit message.
-- [ ] Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
-- [ ] add `fixes #XXX` if merging the PR should close a related issue.
-- [ ] Run `mvn verify` to make sure basic checks pass. A more thorough check will be performed on your pull request
- automatically.
-- [ ] If you have a group of commits related to the same change, please squash your commits into one and force push your
- branch using `git rebase -i`.
-- [ ] Committers: Make sure a milestone is set on the PR
-
-Trivial changes like typos do not require a GitHub issue (javadoc, comments...).
+ - [ ] Make sure there is a [GitHub issue](https://github.com/apache/shiro/issues) filed
+ for the change (usually before you start working on it). Trivial changes like typos do not
+ require a GitHub issue. Your pull request should address just this issue, without pulling in other changes.
+ - [ ] Each commit in the pull request should have a meaningful subject line and body.
+ - [ ] Format the pull request title like `[#XXX] - Fixes bug in SessionManager`,
+ where you replace `#XXX` with the appropriate GitHub issue. Best practice
+ is to use the GitHub issue title in the pull request title and in the first line of the commit message.
+ - [ ] Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
+ - [ ] add `fixes #XXX` if merging the PR should close a related issue.
+ - [ ] Run `mvn verify` to make sure basic checks pass. A more thorough check will be performed on your pull request automatically.
+ - [ ] If you have a group of commits related to the same change, please squash your commits into one and force push your branch using `git rebase -i`.
+ - [ ] Committers: Make sure a milestone is set on the PR
+
+Trivial changes like typos do not require a GitHub issue (javadoc, comments...).
In this case, just format the pull request title like `[DOC] - Add javadoc in SessionManager`.
+
+If this is your first contribution, you have to read the [Contribution Guidelines](https://github.com/apache/shiro/blob/master/CONTRIBUTING.md)
-If this is your first contribution, you have to read
-the [Contribution Guidelines](https://github.com/apache/shiro/blob/master/CONTRIBUTING.md)
-
-If your pull request is about ~20 lines of code you don't need to sign
-an [Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf)
+If your pull request is about ~20 lines of code you don't need to sign an [Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf)
if you are unsure please ask on the developers list.
-To make clear that you license your contribution under
-the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0)
+To make clear that you license your contribution under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0)
you have to acknowledge this by using the following check-box.
-- [ ] I hereby declare this contribution to be licenced under
- the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0)
-- [ ] In any other case, please file
- an [Apache Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf).
+ - [ ] I hereby declare this contribution to be licenced under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0)
+ - [ ] In any other case, please file an [Apache Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf).
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 48bd0cbb88..3953cf37bb 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -3,9 +3,7 @@ Contributing to Apache Shiro
Summary
-------
-This document covers how to contribute to the Apache Shiro project. These instructions assume you have a GitHub.com
-account, so if you don't have one you will have to create one. Your proposed code changes will be published to your own
-fork of the Apache Shiro project and you will submit a Pull Request for your changes to be added.
+This document covers how to contribute to the Apache Shiro project. These instructions assume you have a GitHub.com account, so if you don't have one you will have to create one. Your proposed code changes will be published to your own fork of the Apache Shiro project and you will submit a Pull Request for your changes to be added.
_Lets get started!!!_
@@ -17,8 +15,7 @@ In your browser, navigate to: [https://github.com/apache/shiro](https://github.c
Fork the repository by clicking on the 'Fork' button on the top right hand side.
The fork will happen and you will be taken to your own fork of the repository.
-Copy the Git repository URL by clicking on the clipboard next to the URL on the right hand side of the page under '*
-*HTTPS** clone URL'.
+Copy the Git repository URL by clicking on the clipboard next to the URL on the right hand side of the page under '**HTTPS** clone URL'.
You will paste this URL when doing the following `git clone` command.
On your computer, follow these steps to setup a local repository for working on Apache Shiro:
@@ -32,18 +29,15 @@ $ git fetch upstream
$ git rebase upstream/main
```
+
Making changes
--------------
-It is important that you create a new branch to make changes on and that you do not change the `main` branch (other than
-to rebase in changes from `upstream/main`).
-In this example I will assume you will be making your changes to a branch called `feature_x`. This `feature_x` branch
-will be created on your local repository and
-will be pushed to your forked repository on GitHub. Once this branch is on your fork you will create a Pull Request for
-the changes to be added to the Apache Shiro project.
+It is important that you create a new branch to make changes on and that you do not change the `main` branch (other than to rebase in changes from `upstream/main`).
+In this example I will assume you will be making your changes to a branch called `feature_x`. This `feature_x` branch will be created on your local repository and
+will be pushed to your forked repository on GitHub. Once this branch is on your fork you will create a Pull Request for the changes to be added to the Apache Shiro project.
-It is best practice to create a new branch each time you want to contribute to the project and only track the changes
-for that pull request in this branch.
+It is best practice to create a new branch each time you want to contribute to the project and only track the changes for that pull request in this branch.
``` bash
$ git checkout -b feature_x
@@ -53,20 +47,16 @@ $ git add .
$ git commit -a -m "descriptive commit message for your changes"
```
-> The `-b` specifies that you want to create a new branch called `feature_x`. You only specify `-b` the first time you
-> checkout because you are creating a new branch.
+> The `-b` specifies that you want to create a new branch called `feature_x`. You only specify `-b` the first time you checkout because you are creating a new branch.
> Once the `feature_x` branch exists, you can later switch to it with only `git checkout feature_x`.
Rebase `feature_x` to include updates from `upstream/main`
------------------------------------------------------------
-It is important that you maintain an up-to-date `main` branch in your local repository. This is done by rebasing in the
-code changes from `upstream/main`
-(the official Apache Shiro project repository) into your local repository. You will want to do this before you start
-working on a feature as well as right
-before you submit your changes as a pull request. I recommend you do this process periodically while you work to make
-sure you are working off the most recent project code.
+It is important that you maintain an up-to-date `main` branch in your local repository. This is done by rebasing in the code changes from `upstream/main`
+(the official Apache Shiro project repository) into your local repository. You will want to do this before you start working on a feature as well as right
+before you submit your changes as a pull request. I recommend you do this process periodically while you work to make sure you are working off the most recent project code.
This process will do the following:
@@ -88,12 +78,10 @@ $ git rebase main
Make a GitHub Pull Request to contribute your changes
-----------------------------------------------------
-When you are happy with your changes and you are ready to contribute them, you will create a Pull Request on GitHub to
-do so. This is done by pushing your local changes
+When you are happy with your changes and you are ready to contribute them, you will create a Pull Request on GitHub to do so. This is done by pushing your local changes
to your forked repository (default remote name is `origin`) and then initiating a pull request on GitHub.
-> **IMPORTANT:** Make sure you have rebased your `feature_x` branch to include the latest code from `upstream/main`
-_before_ you do this.
+> **IMPORTANT:** Make sure you have rebased your `feature_x` branch to include the latest code from `upstream/main` _before_ you do this.
``` bash
$ git push origin main
@@ -104,27 +92,22 @@ Now that the `feature_x` branch has been pushed to your GitHub repository, you c
To initiate the pull request, do the following:
-1. In your browser, navigate to your forked
- repository: [https://github.com/YOUR_ACCOUNT/shiro](https://github.com/YOUR_ACCOUNT/shiro)
-2. Click the new button called '**Compare & pull request**' that showed up just above the main area in your forked
- repository
+1. In your browser, navigate to your forked repository: [https://github.com/YOUR_ACCOUNT/shiro](https://github.com/YOUR_ACCOUNT/shiro)
+2. Click the new button called '**Compare & pull request**' that showed up just above the main area in your forked repository
3. Validate the pull request will be into the upstream `main` and will be from your `feature_x` branch
4. Enter a detailed description of the work you have done and then click '**Send pull request**'
-If you are requested to make modifications to your proposed changes, make the changes locally on your `feature_x`
-branch, re-push the `feature_x` branch to your fork.
+If you are requested to make modifications to your proposed changes, make the changes locally on your `feature_x` branch, re-push the `feature_x` branch to your fork.
The existing pull request should automatically pick up the change and update accordingly.
Cleaning up after a successful pull request
-------------------------------------------
-Once the `feature_x` branch has been committed into the `upstream/main` branch, your local `feature_x` branch and
-the `origin/feature_x` branch are no longer needed.
+Once the `feature_x` branch has been committed into the `upstream/main` branch, your local `feature_x` branch and the `origin/feature_x` branch are no longer needed.
If you want to make additional changes, restart the process with a new branch.
-> **IMPORTANT:** Make sure that your changes are in `upstream/main` before you delete your `feature_x`
-> and `origin/feature_x` branches!
+> **IMPORTANT:** Make sure that your changes are in `upstream/main` before you delete your `feature_x` and `origin/feature_x` branches!
You can delete these deprecated branches with the following:
diff --git a/LICENSE b/LICENSE
index f49a4e16e6..753842b672 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,201 +1,201 @@
- Apache License
- Version 2.0, January 2004
- http://www.apache.org/licenses/
-
- TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
- 1. Definitions.
-
- "License" shall mean the terms and conditions for use, reproduction,
- and distribution as defined by Sections 1 through 9 of this document.
-
- "Licensor" shall mean the copyright owner or entity authorized by
- the copyright owner that is granting the License.
-
- "Legal Entity" shall mean the union of the acting entity and all
- other entities that control, are controlled by, or are under common
- control with that entity. For the purposes of this definition,
- "control" means (i) the power, direct or indirect, to cause the
- direction or management of such entity, whether by contract or
- otherwise, or (ii) ownership of fifty percent (50%) or more of the
- outstanding shares, or (iii) beneficial ownership of such entity.
-
- "You" (or "Your") shall mean an individual or Legal Entity
- exercising permissions granted by this License.
-
- "Source" form shall mean the preferred form for making modifications,
- including but not limited to software source code, documentation
- source, and configuration files.
-
- "Object" form shall mean any form resulting from mechanical
- transformation or translation of a Source form, including but
- not limited to compiled object code, generated documentation,
- and conversions to other media types.
-
- "Work" shall mean the work of authorship, whether in Source or
- Object form, made available under the License, as indicated by a
- copyright notice that is included in or attached to the work
- (an example is provided in the Appendix below).
-
- "Derivative Works" shall mean any work, whether in Source or Object
- form, that is based on (or derived from) the Work and for which the
- editorial revisions, annotations, elaborations, or other modifications
- represent, as a whole, an original work of authorship. For the purposes
- of this License, Derivative Works shall not include works that remain
- separable from, or merely link (or bind by name) to the interfaces of,
- the Work and Derivative Works thereof.
-
- "Contribution" shall mean any work of authorship, including
- the original version of the Work and any modifications or additions
- to that Work or Derivative Works thereof, that is intentionally
- submitted to Licensor for inclusion in the Work by the copyright owner
- or by an individual or Legal Entity authorized to submit on behalf of
- the copyright owner. For the purposes of this definition, "submitted"
- means any form of electronic, verbal, or written communication sent
- to the Licensor or its representatives, including but not limited to
- communication on electronic mailing lists, source code control systems,
- and issue tracking systems that are managed by, or on behalf of, the
- Licensor for the purpose of discussing and improving the Work, but
- excluding communication that is conspicuously marked or otherwise
- designated in writing by the copyright owner as "Not a Contribution."
-
- "Contributor" shall mean Licensor and any individual or Legal Entity
- on behalf of whom a Contribution has been received by Licensor and
- subsequently incorporated within the Work.
-
- 2. Grant of Copyright License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- copyright license to reproduce, prepare Derivative Works of,
- publicly display, publicly perform, sublicense, and distribute the
- Work and such Derivative Works in Source or Object form.
-
- 3. Grant of Patent License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- (except as stated in this section) patent license to make, have made,
- use, offer to sell, sell, import, and otherwise transfer the Work,
- where such license applies only to those patent claims licensable
- by such Contributor that are necessarily infringed by their
- Contribution(s) alone or by combination of their Contribution(s)
- with the Work to which such Contribution(s) was submitted. If You
- institute patent litigation against any entity (including a
- cross-claim or counterclaim in a lawsuit) alleging that the Work
- or a Contribution incorporated within the Work constitutes direct
- or contributory patent infringement, then any patent licenses
- granted to You under this License for that Work shall terminate
- as of the date such litigation is filed.
-
- 4. Redistribution. You may reproduce and distribute copies of the
- Work or Derivative Works thereof in any medium, with or without
- modifications, and in Source or Object form, provided that You
- meet the following conditions:
-
- (a) You must give any other recipients of the Work or
- Derivative Works a copy of this License; and
-
- (b) You must cause any modified files to carry prominent notices
- stating that You changed the files; and
-
- (c) You must retain, in the Source form of any Derivative Works
- that You distribute, all copyright, patent, trademark, and
- attribution notices from the Source form of the Work,
- excluding those notices that do not pertain to any part of
- the Derivative Works; and
-
- (d) If the Work includes a "NOTICE" text file as part of its
- distribution, then any Derivative Works that You distribute must
- include a readable copy of the attribution notices contained
- within such NOTICE file, excluding those notices that do not
- pertain to any part of the Derivative Works, in at least one
- of the following places: within a NOTICE text file distributed
- as part of the Derivative Works; within the Source form or
- documentation, if provided along with the Derivative Works; or,
- within a display generated by the Derivative Works, if and
- wherever such third-party notices normally appear. The contents
- of the NOTICE file are for informational purposes only and
- do not modify the License. You may add Your own attribution
- notices within Derivative Works that You distribute, alongside
- or as an addendum to the NOTICE text from the Work, provided
- that such additional attribution notices cannot be construed
- as modifying the License.
-
- You may add Your own copyright statement to Your modifications and
- may provide additional or different license terms and conditions
- for use, reproduction, or distribution of Your modifications, or
- for any such Derivative Works as a whole, provided Your use,
- reproduction, and distribution of the Work otherwise complies with
- the conditions stated in this License.
-
- 5. Submission of Contributions. Unless You explicitly state otherwise,
- any Contribution intentionally submitted for inclusion in the Work
- by You to the Licensor shall be under the terms and conditions of
- this License, without any additional terms or conditions.
- Notwithstanding the above, nothing herein shall supersede or modify
- the terms of any separate license agreement you may have executed
- with Licensor regarding such Contributions.
-
- 6. Trademarks. This License does not grant permission to use the trade
- names, trademarks, service marks, or product names of the Licensor,
- except as required for reasonable and customary use in describing the
- origin of the Work and reproducing the content of the NOTICE file.
-
- 7. Disclaimer of Warranty. Unless required by applicable law or
- agreed to in writing, Licensor provides the Work (and each
- Contributor provides its Contributions) on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
- implied, including, without limitation, any warranties or conditions
- of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
- PARTICULAR PURPOSE. You are solely responsible for determining the
- appropriateness of using or redistributing the Work and assume any
- risks associated with Your exercise of permissions under this License.
-
- 8. Limitation of Liability. In no event and under no legal theory,
- whether in tort (including negligence), contract, or otherwise,
- unless required by applicable law (such as deliberate and grossly
- negligent acts) or agreed to in writing, shall any Contributor be
- liable to You for damages, including any direct, indirect, special,
- incidental, or consequential damages of any character arising as a
- result of this License or out of the use or inability to use the
- Work (including but not limited to damages for loss of goodwill,
- work stoppage, computer failure or malfunction, or any and all
- other commercial damages or losses), even if such Contributor
- has been advised of the possibility of such damages.
-
- 9. Accepting Warranty or Additional Liability. While redistributing
- the Work or Derivative Works thereof, You may choose to offer,
- and charge a fee for, acceptance of support, warranty, indemnity,
- or other liability obligations and/or rights consistent with this
- License. However, in accepting such obligations, You may act only
- on Your own behalf and on Your sole responsibility, not on behalf
- of any other Contributor, and only if You agree to indemnify,
- defend, and hold each Contributor harmless for any liability
- incurred by, or claims asserted against, such Contributor by reason
- of your accepting any such warranty or additional liability.
-
- END OF TERMS AND CONDITIONS
-
- APPENDIX: How to apply the Apache License to your work.
-
- To apply the Apache License to your work, attach the following
- boilerplate notice, with the fields enclosed by brackets "[]"
- replaced with your own identifying information. (Don't include
- the brackets!) The text should be enclosed in the appropriate
- comment syntax for the file format. We also recommend that a
- file or class name and description of purpose be included on the
- same "printed page" as the copyright notice for easier
- identification within third-party archives.
-
- Copyright [yyyy] [name of copyright owner]
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
limitations under the License.
\ No newline at end of file
diff --git a/README.md b/README.md
index 4d01f468c2..effbff5373 100644
--- a/README.md
+++ b/README.md
@@ -7,10 +7,7 @@
Apache Shiro
============
-[Apache Shiro](http://shiro.apache.org) is a powerful and easy-to-use Java security framework that performs
-authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can
-quickly and easily secure any application – from the smallest mobile applications to the largest web and enterprise
-applications.
+[Apache Shiro](http://shiro.apache.org) is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly and easily secure any application – from the smallest mobile applications to the largest web and enterprise applications.
Documentation and Examples
--------------------------
@@ -18,9 +15,8 @@ http://shiro.apache.org
Tutorials
---------
-
* [10 Minute Tutorial](http://shiro.apache.org/10-minute-tutorial.html)
-* [Web Application](http://shiro.apache.org/webapp-tutorial.html)
+* [Web Application](http://shiro.apache.org/webapp-tutorial.html)
License
-------
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 2be485aecd..58e3501db0 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -1,572 +1,572 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-This is not an official release notes document. It exists for Shiro developers
-to jot down their notes while working in the source code. These notes will be
-combined with Jira’s auto-generated release notes during a release for the
-total set.
-
-###########################################################
-# 2.0.0
-###########################################################
-
-Improvement
-
- [SHIRO-290] Implement bcrypt and argon2 KDF algorithms
-
-Backwards Incompatible Changes
---------------------------------
-
-* Changed default DefaultPasswordService.java algorithm to "Argon2id".
-* PasswordService.encryptPassword(Object plaintext) will now throw a NullPointerException on null parameter.
- It was never specified how this method would behave.
-* Made salt non-nullable.
-* Removed methods in PasswordMatcher.
-
-
-###########################################################
-# 1.7.1
-###########################################################
-
-Bug
-
- [SHIRO-797] - Shiro 1.7.0 is lower than using springboot version 2.0.7 dependency error
-
-
-###########################################################
-# 1.7.0
-###########################################################
-
-Bug
-
- [SHIRO-767] - org.apache.shiro.util.ClassUtil cannot load the array of Primitive DataType when use undertow as web container
- [SHIRO-792] - ShiroWebFilterConfiguration seems to conflict with other FilterRegistrationBean
-
-New Feature
-
- [SHIRO-789] - Also add cookie SameSite option to Spring
-
-Improvement
-
- [SHIRO-740] - SslFilter with HTTP Strict Transport Security (HSTS)
- [SHIRO-794] - Add system property to enable backslash path normalization
- [SHIRO-795] - Disable session path rewriting by default
-
-Task
-
- [SHIRO-793] - deleteMe cookie should use the defined "sameSite"
-
-
-###########################################################
-# 1.6.0
-###########################################################
-
-Bug
-
- [SHIRO-610] - Incorrect filterchainResolver in 1.4.0-RC2
- [SHIRO-762] - SecurityUtils.securityManager should be volatile
- [SHIRO-766] - ArrayIndexOutOfBoundsException in Base64#decode
-
-New Feature
-
- [SHIRO-788] - Add support for Global Filters
-
-Wish
-
- [SHIRO-780] - NOTICE files of shiro components don't match NOTICE in source code repository
-
-
-###########################################################
-# 1.5.3
-###########################################################
-
-Bug
-
- [SHIRO-530] - INI parser does not properly handled backslashes at end of values
- [SHIRO-751] - SimplePrincipalMap and SimplePrincipalCollection throw different exceptions for the same problem
- [SHIRO-753] - Regression in URI parsing in Shiro 1.5.2
-
-Dependency upgrade
-
- [SHIRO-754] - Upgrade to Apache Commons Codec 1.14
- [SHIRO-755] - Upgrade to Hazelcast 3.12.6
- [SHIRO-756] - Upgrade to Spring 5.2.5.RELEASE and Spring boot 2.2.6.RELEASE
- [SHIRO-757] - Upgrade to Htmlunit 2.39.0
- [SHIRO-758] - Upgrade to Jetty 9.4.27.v20200227
- [SHIRO-759] - Upgrade to Karaf 4.2.8
-
-
-###########################################################
-# 1.5.2
-###########################################################
-
-Bug
-
- [SHIRO-747] - FirstSuccessfulStrategy doesn't properly short circuit
- [SHIRO-749] - shiro-all jar is missing cache package
-
-Improvement
-
- [SHIRO-748] - Update Commons Configuration to 2.7
-
-
-###########################################################
-# 1.5.1
-###########################################################
-
-Bug
-
- [SHIRO-736] - DefaultCipherInstance is an alias which is not available in every JVM or JCA Provider
- [SHIRO-739] - Bean reflection property failed with Enum values
- [SHIRO-741] - Matching of / (root) is broken
- [SHIRO-742] - fix throw exception when request uri is /
-
-Dependency upgrade
-
- [SHIRO-738] - Upgrade to Spring 5.2.3.RELEASE and Spring boot 2.2.4.RELEASE
-
-
-###########################################################
-# 1.5.0
-###########################################################
-
-Notes: this release require a JRE 8 minimum.
-
-Bug
-
- [SHIRO-458] - Possible leaked timing information from DefaultPasswordService
- [SHIRO-469] - Wrong description of JdbcRealm#setPermissionsQuery
- [SHIRO-552] - JdbcRealm in SaltStyle.COLUMN assumes that password column is Base64 but salt column is utf8 bytes
- [SHIRO-661] - Add check for the principal of subject whether is null
- [SHIRO-682] - fix the potential threat when use "uri = uri + '/' " to bypassed shiro protect
- [SHIRO-684] - INI parser keeps escape characters in keys and values
- [SHIRO-685] - Potential NullPointerException if PermissionResolver return null/empty string
- [SHIRO-687] - Additional Servlet Filters are not available to ShiroFilterFactorBean (unless using XML based beans)
-
-New Feature
-
- [SHIRO-694] - Adds BearerToken support
- [SHIRO-722] - Add SameSite option to cookies
-
-Improvement
-
- [SHIRO-668] - Catch unexpected errors which can lead to oom
- [SHIRO-669] - Included a boolean flag in FirstSuccessfulStrategy to break after first successful authentication
- [SHIRO-670] - ByteSource Serializable
- [SHIRO-681] - Upgrade to compiler Java 8
- [SHIRO-693] - Update plugins
- [SHIRO-700] - Minor spring updates
- [SHIRO-706] - Switch to Guice4 by default in the build
- [SHIRO-709] - Fix Shiro Spring feature
- [SHIRO-710] - Update Commons Lang3 + remove older Commons Lang
- [SHIRO-711] - Deprecate JavaEnvironment
- [SHIRO-712] - Add BasicIniEnvironment
- [SHIRO-715] - Remove old JSTL jars
- [SHIRO-720] - Update Commons BeanUtils
- [SHIRO-724] - Update Jetty, Spring, Spring Boot, Htmlunit dependencies
- [SHIRO-726] - Add dynamic import package
- [SHIRO-728] - Update Spring Boot to 2.1.10
- [SHIRO-729] - Update Quartz
- [SHIRO-730] - Updates the default Cipher mode to GCM in AesCipherService
- [SHIRO-731] - Use OWasp Java Encoder to escape user supplied content to the logs
-
-Test
-
- [SHIRO-697] - Reduce shiro test logging level to INFO
-
-Task
-
- [SHIRO-690] - Validate JDK11 compatibility
- [SHIRO-692] - Upgrade and enforce min build maven version to 3.5.0
- [SHIRO-698] - Improve build with maven profile
- [SHIRO-734] - Remove Spring-client sample
- [SHIRO-735] - Shiro does not support servlet-3.1 void method(@Suspended AsyncResponse)
-
-Dependency upgrade
-
- [SHIRO-688] - Upgrade to commons-cli 1.4
- [SHIRO-689] - Upgrade to commons-codec 1.12
- [SHIRO-691] - Upgrade to maven-jar-plugin 3.1.1
- [SHIRO-695] - Update Hazelcast
- [SHIRO-696] - Update Jetty
- [SHIRO-699] - Fix maven warning for exec-maven-plugin and upgrade to 1.6.0
- [SHIRO-701] - Update logback
- [SHIRO-702] - Upgrade to jacoco-maven-plugin 0.8.4
- [SHIRO-703] - Update HSQL
- [SHIRO-704] - Update Spring, Spring Boot, Hibernate
- [SHIRO-705] - Update Easymock + Powermock
- [SHIRO-707] - Misc dependency updates
- [SHIRO-716] - Upgrade to commons-codec 1.13
- [SHIRO-717] - Upgrade to maven-pmd-plugin 3.12.0
- [SHIRO-718] - Upgrade to xmlsec 2.1.4
- [SHIRO-719] - Upgrade to Karaf 4.2.6
-
-Request
-
- [SHIRO-723] - Provide Minor Shiro Release that includes CVE-2019-10086 Fix
-
-
-###########################################################
-# 1.4.2
-###########################################################
-
-Bug
-
- [SHIRO-721] - RememberMe Padding Oracle Vulnerability
-
-Improvement
-
- [SHIRO-730] - Updates the default Cipher mode to GCM in AesCipherService
-
-
-###########################################################
-# 1.4.1
-###########################################################
-
-Bug
-
- [SHIRO-457] - Login without static VM security manager cause exception in debug
- [SHIRO-563] - shiro-aspectj karaf feature can't be installed
- [SHIRO-624] - OSGI: commons configuration import should be optional
- [SHIRO-626] - Bundle symbolic name conflict
- [SHIRO-637] - Refresh cached session in HTTP request after user logs out
- [SHIRO-650] - Shiro JAX-RS is not an OSGi bundle
- [SHIRO-653] - Spring-boot registers shiro filter only on REQUEST dispatcher
- [SHIRO-655] - shiro-core has an undesirable runtime OSGi dependency to spring-beans
- [SHIRO-658] - Problems building shiro on openjdk-8 on current debian stable (9.6 "stretch")
- [SHIRO-660] - Bug in FirstSuccessfulStrategy
- [SHIRO-680] - Duplicate Bundle-SymbolicName for Different Shiro Modules
-
-New Feature
-
- [SHIRO-638] - Update osgi bundle manifest to support Spring 4.x
-
-Improvement
-
- [SHIRO-560] - Shiro-web feature can't be installed in karaf 4.0.4
- [SHIRO-652] - Upgrade Shiro Feature to Karaf 4.x
- [SHIRO-664] - Upgrade to Apache pom parent 21
- [SHIRO-665] - Upgrade to maven-bundle-plugin 4.1.0
- [SHIRO-667] - Upgrade to Spring 4.3.22-RELEASE
- [SHIRO-672] - Upgrade to jacoco-maven-plugin 0.8.3
- [SHIRO-673] - Upgrade to maven-compiler-plugin 3.8.0
- [SHIRO-674] - Upgrade to maven-dependency-plugin to 3.1.1
- [SHIRO-675] - Upgrade to maven-surefire-plugins 3.0.0-M3
- [SHIRO-676] - Upgrade to maven-jar-plugin 3.1.0
- [SHIRO-677] - Upgrade to versions-maven-plugin 2.7
- [SHIRO-683] - Upgrade to spring-boot 1.5.19.RELEASE
-
-Task
-
- [SHIRO-662] - Constant Name Change in AuthenticationRealm
- [SHIRO-663] - Clean up pom parent relative path
-
-Dependency upgrade
-
- [SHIRO-659] - Upgrade to OWASP dependency-check-maven plugin 4.0.0
-
-
-###########################################################
-# 1.4.0
-###########################################################
-
-Bug
-
- [SHIRO-559] - shiro-guice violates the JEE specification
- [SHIRO-579] - Permission filter is validating last matched path
- [SHIRO-603] - Endless recursion in ShiroSecurityContext.getUserPrincipal()
- [SHIRO-605] - ShiroWebModule creates out of order filter chain.
- [SHIRO-607] - AuthorizationAttributeSourceAdvisor ignores type-annotations
- [SHIRO-608] - Use a ServiceLoader to discover WebEnvironments
- [SHIRO-611] - Spring web module does not load correct SessionStorageEvaluator
-
-Improvement
-
- [SHIRO-596] - shiro-tools-hasher needs private salt option
- [SHIRO-618] - Spring Boot Web Starter- Autoconfiguration for Realm and ShiroFilterChainDefinition
-
-
-###########################################################
-# 1.4.0-RC2
-###########################################################
-
-Bug
-
- [SHIRO-493] - shiro-guice not working with the guice 4.x
- [SHIRO-576] - Commons-beanutils dependency is not security compliant
- [SHIRO-586] - Can't Search For Groups In Active Directory Without A System User
- [SHIRO-587] - Can't Access Groups If userPrincipalName Doesn't Exist
- [SHIRO-591] - Basic Auth Filter permissive mode does NOT work
- [SHIRO-592] - ModularRealmAuthenticator causes log spam when one realm throws exception
- [SHIRO-593] - Allow for IniWebEnvironment subclasses to specify defaults objects to ReflectionBuilder
- [SHIRO-594] - Update Hazelcast version to latest supported version (3.7.2)
- [SHIRO-595] - Allow for POST only logout requests
- [SHIRO-612] - Need to upgrade BeanUtils to avoid vulnerability
-
-New Feature
-
- [SHIRO-501] - Add ability to set system properties in shiro.ini
- [SHIRO-589] - Add Servlet 3.x fragment
- [SHIRO-590] - Add Spring Boot support / starters
-
-Improvement
-
- [SHIRO-296] - Typo fixes
- [SHIRO-301] - Call permissionResolver directly in AuthorizingRealm
- [SHIRO-392] - Shiro Extension for JAX-RS
- [SHIRO-599] - Fix file encoding warnings during maven build and reporting
-
-
-###########################################################
-# 1.3.2
-###########################################################
-
-Bug
-
- [SHIRO-584] - URL Path matching issue with WebUtils.getPathWithinApplication
-
-
-###########################################################
-# 1.3.1
-###########################################################
-
-Bug
-
- [SHIRO-577] - Regression - Unable to set custom SessionValidationScheduler
- [SHIRO-581] - Improve log message when remember me cipher has changed
-
-
-###########################################################
-# 1.3.0
-###########################################################
-
-Bug
-
- [SHIRO-373] - Complete CAS remember-me support
- [SHIRO-397] - SingleArgumentMethodEventListenerTest fails
- [SHIRO-421] - Unable to set long timeouts on HttpServletSession
- [SHIRO-435] - SecurityManager is not a singleton in ShiroWebModule
- [SHIRO-473] - DefaultAnnotationResolver.getAnnotation throws NullPointerException
- [SHIRO-480] - setTarget method in DomainPermission does not set targets
- [SHIRO-483] - passwordsMatch() returns false with right plain password-encrypted password in JVM with default locale tr_TR
- [SHIRO-502] - OSGi import of com.google.inject in shiro-guice has incorrect version range
- [SHIRO-513] - Misleading error message when using custom WebEnvironment
- [SHIRO-515] - ExecutorServiceSessionValidationScheduler leaks resources due to improper synchronization
- [SHIRO-547] - Use MessageDigest#isEqual() instead of Arrays#equals() for comparing digests
- [SHIRO-568] - hash iterations is calculated wrongly in SimpleHash
- [SHIRO-570] - SimpleCookie should check the path of the cookie
-
-New Feature
-
- [SHIRO-200] - Add ability to configure basic authentication for specific HTTP methods
- [SHIRO-395] - Add an Event Bus for event publishing and low-coupling for custom components/plugins.
- [SHIRO-412] - Hazelcast-based caching and session clustering
- [SHIRO-436] - Add EnvironmentLoader finalizeEnvironment method
-
-Improvement
-
- [SHIRO-278] - Rename JndiLdapRealm to DefaultLdapRealm
- [SHIRO-300] - WildcardPermission: change visibility of field 'parts' to protected
- [SHIRO-361] - HttpServletResponse.encodeURL: only append JSESSIONID when necessary
- [SHIRO-428] - AuthorizingRealm "no cache" logging should be at DEBUG level, not INFO, OR is should log only once
- [SHIRO-437] - WildcardPermission: conformed toString
- [SHIRO-514] - ExecutorServiceSessionValidationScheduler should create threads with a configurable name
- [SHIRO-564] - WildcardPermission case-insensitive makes parts collections twice
- [SHIRO-566] - CollectionUtils should use Collections wrappers of arrays if possible
-
-Task
-
- [SHIRO-208] - Correct JDK 1.5 / 1.6 incompatibilities
- [SHIRO-320] - Add an example for using Guice integration.
- [SHIRO-571] - Mark shiro-cas deprecated (replaced with buji-pac4j)
-
-
-###########################################################
-# 1.2.6
-###########################################################
-
-Bug
-
- [SHIRO-545] - JavaEnvironment version getter
- [SHIRO-567] - shiro-root-1.2.5.pom uses invalid encoding, fails to parse with Gradle 2.14
-
-
-###########################################################
-# 1.2.5
-###########################################################
-
-Bug
-
- [SHIRO-443] - SessionValidationScheduler created multiple times, enabling it is not thread safe
- [SHIRO-462] - Authentication exceptions are swallowed
- [SHIRO-467] - Authentication exception gets swallowed
- [SHIRO-550] - Randomize default remember me cipher
-
-Improvement
-
- [SHIRO-504] - Java 8 support
- [SHIRO-516] - Explicitly specify the version of aspectjtools to avoid build warning
- [SHIRO-562] - WildcardPermission calls String.trim() twice in setParts()
-
-
-###########################################################
-# 1.2.4
-###########################################################
-
-Bug
-
- [SHIRO-517] - Caused by: java.lang.NoClassDefFoundError: Lcom/google/inject/internal/util/$ImmutableList;
- [SHIRO-518] - Shiro-CAS: Security Problem in cas-client-core versions older than 3.3.2
- [SHIRO-556] - https://shiro.apache.org/realm.html appears to link to the javadoc under static/current/apidocs not static/latest
-
-Improvement
-
- [SHIRO-332] - Change access level of method 'isPermitted' in org.apache.shiro.realm.AuthorizingRealm (line 461) from private to protected
- [SHIRO-496] - Update shiro.guice dependency
- [SHIRO-498] - ThreadLocal should not be created when not necessary
-
-
-###########################################################
-# 1.2.2
-###########################################################
-
-Bug:
-
- [SHIRO-316] - Annotations in samples-aspectj Project Does not Work
- [SHIRO-351] - Shiro Native Session implementation cannot extract JSESSIONID From URL if JSESSIONID is URL parameter (not HTTP parameter)
- [SHIRO-379] - SimpleAccountRealm concurrency access to roles and users
- [SHIRO-380] - runAs feature (still) doesn't work
- [SHIRO-387] - EnvironmentLoader destroys wrong environment
- [SHIRO-388] - Stackoverflow org.apache.shiro.session.SessionListener.onStop()
- [SHIRO-389] - Fix OSGI Exports for shiro-ehcache
- [SHIRO-390] - OSGi Import for JSP (javax.servlet.jsp) should be declared optional
- [SHIRO-394] - PropertiesRealm reloading not working when loading from file
- [SHIRO-399] - Memory leak for invalid sessions
- [SHIRO-403] - Trunk will not build under JDK 1.7 due to webstart plugin
- [SHIRO-413] - init() method is not called on class that implements org.apache.shiro.util.Initializable
- [SHIRO-415] - isLoginAttempt method in BasicHttpAuthenticationFilter class fails if used in any locale other than English
- [SHIRO-418] - Javadoc typo in JdbcRealm.SaltStyle
- [SHIRO-423] - INI ReflectionBuilder should not wrap reference values
- [SHIRO-429] - perms filter parsing is too sensitive to a trailing space
- [SHIRO-431] - please use git ignore
- [SHIRO-447] - Broken Javadoc links
-
-
-###########################################################
-# 1.2.1
-###########################################################
-
-Bug:
-
- [SHIRO-341] - ReflectionBuilder has invalid log message format
- [SHIRO-342] - Running the example as described at http://shiro.apache.org/10-minute-tutorial.html fails
- [SHIRO-344] - runAs feature doesn't work
- [SHIRO-350] - Creating a subject should not create a session
- [SHIRO-353] - DefaultSecurityManager has invalid SLF4J log instruction
- [SHIRO-354] - Authentication cache
- [SHIRO-358] - Source Tarball doesn't Build
- [SHIRO-363] - PasswordMatcher should support character arrays
- [SHIRO-368] - DomainPermission(string, string) constructor sets targets to the same value as actions
- [SHIRO-375] - Basic authentication issue when using COLON character
- [SHIRO-376] - shiro-cas feature should not depend on shiro-cas
- [SHIRO-377] - PropertiesRealm unable to reload Properties
-
-
-###########################################################
-# 1.2.0
-###########################################################
-
-Backwards Incompatible Changes
---------------------------------
-- The following org.apache.shiro.mgt.DefaultSecurityManager methods have been removed:
- bindPrincipalsToSession(principals, context)
-
- This logic has been moved into a SubjectDAO concept to allow end-users to control
- exactly how the Session may be used for subject state persistence. This allows a
- single point of control rather than needing to configure Shiro in multiple places.
-
- If you overrode this method in Shiro 1.0 or 1.1, please look at the new
- org.apache.shiro.mgt.DefaultSubjectDAO implementation, which performs compatible logic.
- Documentation for this is covered here:
- http://shiro.apache.org/session-management.html#SessionManagement-SessionsandSubjectState
-
-- The org.apache.shiro.web.session.mgt.ServletContainerSessionManager implementation
- (enabled by default for all web applications) no longer subclasses
- org.apache.shiro.session.mgt.AbstractSessionManager. AbstractSessionManager existed
- originally to consolidate a 'globalSessionTimeout' configuration property for
- subclasses. However, the ServletContainerSessionManager has been changed to always
- reflect the session configuration from web.xml (per its namesake). Because web.xml
- is the definitive source for session timeout configuration, the 'extends' clause
- was removed to avoid configuration confusion: if someone attempted to configure
- 'globalSessionTimeout' on a ServletContainerSessionManager instance, it would never
- be honored. It was better to remove the extends clause to ensure that any
- such configuration would fail fast when Shiro starts up to reflect the invalid config.
-
-
-Potential Breaking Changes
---------------------------------
-- The org.apache.shiro.web.filter.mgt.FilterChainManager class's
- addFilter(String name, Filter filter) semantics have changed. It now no longer
- attempts to initialize a filter by default before adding the filter to the chain.
- If you ever called this method, you can call the
- addFilter(name, filter, true) method to achieve the <= 1.1 behavior.
-
-- The org.apache.shiro.crypto.SecureRandomNumberGenerator previously defaulted to generating
- 128 random _bytes_ each time the nextBytes() method was called. This is too large for most purposes, so the
- default has been changed to 16 _bytes_ (which equals 128 bits - what was originally intended). If for some reason
- you need more than 16 bytes (128 bits) of randomly generated bits, you will need to configure the
- 'defaultNextByteSize' property to match your desired size (in bytes, NOT bits).
-
-- Shiro's Block Cipher Services (AesCipherService, BlowfishCipherService) have had the following changes:
-
- 1) The internal Cipher Mode and Streaming Cipher Mode have been changed from CFB to the new default of CBC.
- CBC is more commonly used for block ciphers today (e.g. SSL).
- If you were using an AES or Blowfish CipherService you will want to revert to the previous defaults in your config
- to ensure you can still decrypt previously encrypted data. For example, in code:
-
- blockCipherService.setMode(OperationMode.CFB);
- blockCipherService.setStreamingMode(OperationMode.CFB);
-
- or, in shiro.ini:
-
- blockCipherService.modeName = CFB
- blockCipherService.streamingModeName = CFB
-
- 2) The internal Streaming Padding Scheme has been changed from NONE to PKCS5 as PKCS5 is more commonly used.
- If you were using an AES or Blowfish CipherService for streaming operations, you will want to revert to the
- previous padding scheme default to ensure you can still decrypt previously encrypted data. For example, in code:
-
- blockCipherService.setStreamingPaddingScheme(PaddingScheme.NONE);
-
- or, in shiro.ini:
-
- blockCipherService.streamingPaddingSchemeName = NoPadding
-
- Note the difference in code vs shiro.ini in this last example: 'NoPadding' is the correct text value, 'NONE' is
- the correct Enum value.
-
-###########################################################
-# 1.1.0
-###########################################################
-
-Backwards Incompatible Changes
---------------------------------
-- The org.apache.shiro.web.util.RedirectView class's
- appendQueryProperties(StringBuffer targetUrl, Map model, String encodingScheme)
- method has been changed to accept a StringBuilder argument instead of a
- StringBuffer per SHIRO-191. RedirectView is considered an internal
- implementation support class and Shiro end-users should not be affected by this.
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+This is not an official release notes document. It exists for Shiro developers
+to jot down their notes while working in the source code. These notes will be
+combined with Jira’s auto-generated release notes during a release for the
+total set.
+
+###########################################################
+# 2.0.0
+###########################################################
+
+Improvement
+
+ [SHIRO-290] Implement bcrypt and argon2 KDF algorithms
+
+Backwards Incompatible Changes
+--------------------------------
+
+* Changed default DefaultPasswordService.java algorithm to "Argon2id".
+* PasswordService.encryptPassword(Object plaintext) will now throw a NullPointerException on null parameter.
+ It was never specified how this method would behave.
+* Made salt non-nullable.
+* Removed methods in PasswordMatcher.
+
+
+###########################################################
+# 1.7.1
+###########################################################
+
+Bug
+
+ [SHIRO-797] - Shiro 1.7.0 is lower than using springboot version 2.0.7 dependency error
+
+
+###########################################################
+# 1.7.0
+###########################################################
+
+Bug
+
+ [SHIRO-767] - org.apache.shiro.util.ClassUtil cannot load the array of Primitive DataType when use undertow as web container
+ [SHIRO-792] - ShiroWebFilterConfiguration seems to conflict with other FilterRegistrationBean
+
+New Feature
+
+ [SHIRO-789] - Also add cookie SameSite option to Spring
+
+Improvement
+
+ [SHIRO-740] - SslFilter with HTTP Strict Transport Security (HSTS)
+ [SHIRO-794] - Add system property to enable backslash path normalization
+ [SHIRO-795] - Disable session path rewriting by default
+
+Task
+
+ [SHIRO-793] - deleteMe cookie should use the defined "sameSite"
+
+
+###########################################################
+# 1.6.0
+###########################################################
+
+Bug
+
+ [SHIRO-610] - Incorrect filterchainResolver in 1.4.0-RC2
+ [SHIRO-762] - SecurityUtils.securityManager should be volatile
+ [SHIRO-766] - ArrayIndexOutOfBoundsException in Base64#decode
+
+New Feature
+
+ [SHIRO-788] - Add support for Global Filters
+
+Wish
+
+ [SHIRO-780] - NOTICE files of shiro components don't match NOTICE in source code repository
+
+
+###########################################################
+# 1.5.3
+###########################################################
+
+Bug
+
+ [SHIRO-530] - INI parser does not properly handled backslashes at end of values
+ [SHIRO-751] - SimplePrincipalMap and SimplePrincipalCollection throw different exceptions for the same problem
+ [SHIRO-753] - Regression in URI parsing in Shiro 1.5.2
+
+Dependency upgrade
+
+ [SHIRO-754] - Upgrade to Apache Commons Codec 1.14
+ [SHIRO-755] - Upgrade to Hazelcast 3.12.6
+ [SHIRO-756] - Upgrade to Spring 5.2.5.RELEASE and Spring boot 2.2.6.RELEASE
+ [SHIRO-757] - Upgrade to Htmlunit 2.39.0
+ [SHIRO-758] - Upgrade to Jetty 9.4.27.v20200227
+ [SHIRO-759] - Upgrade to Karaf 4.2.8
+
+
+###########################################################
+# 1.5.2
+###########################################################
+
+Bug
+
+ [SHIRO-747] - FirstSuccessfulStrategy doesn't properly short circuit
+ [SHIRO-749] - shiro-all jar is missing cache package
+
+Improvement
+
+ [SHIRO-748] - Update Commons Configuration to 2.7
+
+
+###########################################################
+# 1.5.1
+###########################################################
+
+Bug
+
+ [SHIRO-736] - DefaultCipherInstance is an alias which is not available in every JVM or JCA Provider
+ [SHIRO-739] - Bean reflection property failed with Enum values
+ [SHIRO-741] - Matching of / (root) is broken
+ [SHIRO-742] - fix throw exception when request uri is /
+
+Dependency upgrade
+
+ [SHIRO-738] - Upgrade to Spring 5.2.3.RELEASE and Spring boot 2.2.4.RELEASE
+
+
+###########################################################
+# 1.5.0
+###########################################################
+
+Notes: this release require a JRE 8 minimum.
+
+Bug
+
+ [SHIRO-458] - Possible leaked timing information from DefaultPasswordService
+ [SHIRO-469] - Wrong description of JdbcRealm#setPermissionsQuery
+ [SHIRO-552] - JdbcRealm in SaltStyle.COLUMN assumes that password column is Base64 but salt column is utf8 bytes
+ [SHIRO-661] - Add check for the principal of subject whether is null
+ [SHIRO-682] - fix the potential threat when use "uri = uri + '/' " to bypassed shiro protect
+ [SHIRO-684] - INI parser keeps escape characters in keys and values
+ [SHIRO-685] - Potential NullPointerException if PermissionResolver return null/empty string
+ [SHIRO-687] - Additional Servlet Filters are not available to ShiroFilterFactorBean (unless using XML based beans)
+
+New Feature
+
+ [SHIRO-694] - Adds BearerToken support
+ [SHIRO-722] - Add SameSite option to cookies
+
+Improvement
+
+ [SHIRO-668] - Catch unexpected errors which can lead to oom
+ [SHIRO-669] - Included a boolean flag in FirstSuccessfulStrategy to break after first successful authentication
+ [SHIRO-670] - ByteSource Serializable
+ [SHIRO-681] - Upgrade to compiler Java 8
+ [SHIRO-693] - Update plugins
+ [SHIRO-700] - Minor spring updates
+ [SHIRO-706] - Switch to Guice4 by default in the build
+ [SHIRO-709] - Fix Shiro Spring feature
+ [SHIRO-710] - Update Commons Lang3 + remove older Commons Lang
+ [SHIRO-711] - Deprecate JavaEnvironment
+ [SHIRO-712] - Add BasicIniEnvironment
+ [SHIRO-715] - Remove old JSTL jars
+ [SHIRO-720] - Update Commons BeanUtils
+ [SHIRO-724] - Update Jetty, Spring, Spring Boot, Htmlunit dependencies
+ [SHIRO-726] - Add dynamic import package
+ [SHIRO-728] - Update Spring Boot to 2.1.10
+ [SHIRO-729] - Update Quartz
+ [SHIRO-730] - Updates the default Cipher mode to GCM in AesCipherService
+ [SHIRO-731] - Use OWasp Java Encoder to escape user supplied content to the logs
+
+Test
+
+ [SHIRO-697] - Reduce shiro test logging level to INFO
+
+Task
+
+ [SHIRO-690] - Validate JDK11 compatibility
+ [SHIRO-692] - Upgrade and enforce min build maven version to 3.5.0
+ [SHIRO-698] - Improve build with maven profile
+ [SHIRO-734] - Remove Spring-client sample
+ [SHIRO-735] - Shiro does not support servlet-3.1 void method(@Suspended AsyncResponse)
+
+Dependency upgrade
+
+ [SHIRO-688] - Upgrade to commons-cli 1.4
+ [SHIRO-689] - Upgrade to commons-codec 1.12
+ [SHIRO-691] - Upgrade to maven-jar-plugin 3.1.1
+ [SHIRO-695] - Update Hazelcast
+ [SHIRO-696] - Update Jetty
+ [SHIRO-699] - Fix maven warning for exec-maven-plugin and upgrade to 1.6.0
+ [SHIRO-701] - Update logback
+ [SHIRO-702] - Upgrade to jacoco-maven-plugin 0.8.4
+ [SHIRO-703] - Update HSQL
+ [SHIRO-704] - Update Spring, Spring Boot, Hibernate
+ [SHIRO-705] - Update Easymock + Powermock
+ [SHIRO-707] - Misc dependency updates
+ [SHIRO-716] - Upgrade to commons-codec 1.13
+ [SHIRO-717] - Upgrade to maven-pmd-plugin 3.12.0
+ [SHIRO-718] - Upgrade to xmlsec 2.1.4
+ [SHIRO-719] - Upgrade to Karaf 4.2.6
+
+Request
+
+ [SHIRO-723] - Provide Minor Shiro Release that includes CVE-2019-10086 Fix
+
+
+###########################################################
+# 1.4.2
+###########################################################
+
+Bug
+
+ [SHIRO-721] - RememberMe Padding Oracle Vulnerability
+
+Improvement
+
+ [SHIRO-730] - Updates the default Cipher mode to GCM in AesCipherService
+
+
+###########################################################
+# 1.4.1
+###########################################################
+
+Bug
+
+ [SHIRO-457] - Login without static VM security manager cause exception in debug
+ [SHIRO-563] - shiro-aspectj karaf feature can't be installed
+ [SHIRO-624] - OSGI: commons configuration import should be optional
+ [SHIRO-626] - Bundle symbolic name conflict
+ [SHIRO-637] - Refresh cached session in HTTP request after user logs out
+ [SHIRO-650] - Shiro JAX-RS is not an OSGi bundle
+ [SHIRO-653] - Spring-boot registers shiro filter only on REQUEST dispatcher
+ [SHIRO-655] - shiro-core has an undesirable runtime OSGi dependency to spring-beans
+ [SHIRO-658] - Problems building shiro on openjdk-8 on current debian stable (9.6 "stretch")
+ [SHIRO-660] - Bug in FirstSuccessfulStrategy
+ [SHIRO-680] - Duplicate Bundle-SymbolicName for Different Shiro Modules
+
+New Feature
+
+ [SHIRO-638] - Update osgi bundle manifest to support Spring 4.x
+
+Improvement
+
+ [SHIRO-560] - Shiro-web feature can't be installed in karaf 4.0.4
+ [SHIRO-652] - Upgrade Shiro Feature to Karaf 4.x
+ [SHIRO-664] - Upgrade to Apache pom parent 21
+ [SHIRO-665] - Upgrade to maven-bundle-plugin 4.1.0
+ [SHIRO-667] - Upgrade to Spring 4.3.22-RELEASE
+ [SHIRO-672] - Upgrade to jacoco-maven-plugin 0.8.3
+ [SHIRO-673] - Upgrade to maven-compiler-plugin 3.8.0
+ [SHIRO-674] - Upgrade to maven-dependency-plugin to 3.1.1
+ [SHIRO-675] - Upgrade to maven-surefire-plugins 3.0.0-M3
+ [SHIRO-676] - Upgrade to maven-jar-plugin 3.1.0
+ [SHIRO-677] - Upgrade to versions-maven-plugin 2.7
+ [SHIRO-683] - Upgrade to spring-boot 1.5.19.RELEASE
+
+Task
+
+ [SHIRO-662] - Constant Name Change in AuthenticationRealm
+ [SHIRO-663] - Clean up pom parent relative path
+
+Dependency upgrade
+
+ [SHIRO-659] - Upgrade to OWASP dependency-check-maven plugin 4.0.0
+
+
+###########################################################
+# 1.4.0
+###########################################################
+
+Bug
+
+ [SHIRO-559] - shiro-guice violates the JEE specification
+ [SHIRO-579] - Permission filter is validating last matched path
+ [SHIRO-603] - Endless recursion in ShiroSecurityContext.getUserPrincipal()
+ [SHIRO-605] - ShiroWebModule creates out of order filter chain.
+ [SHIRO-607] - AuthorizationAttributeSourceAdvisor ignores type-annotations
+ [SHIRO-608] - Use a ServiceLoader to discover WebEnvironments
+ [SHIRO-611] - Spring web module does not load correct SessionStorageEvaluator
+
+Improvement
+
+ [SHIRO-596] - shiro-tools-hasher needs private salt option
+ [SHIRO-618] - Spring Boot Web Starter- Autoconfiguration for Realm and ShiroFilterChainDefinition
+
+
+###########################################################
+# 1.4.0-RC2
+###########################################################
+
+Bug
+
+ [SHIRO-493] - shiro-guice not working with the guice 4.x
+ [SHIRO-576] - Commons-beanutils dependency is not security compliant
+ [SHIRO-586] - Can't Search For Groups In Active Directory Without A System User
+ [SHIRO-587] - Can't Access Groups If userPrincipalName Doesn't Exist
+ [SHIRO-591] - Basic Auth Filter permissive mode does NOT work
+ [SHIRO-592] - ModularRealmAuthenticator causes log spam when one realm throws exception
+ [SHIRO-593] - Allow for IniWebEnvironment subclasses to specify defaults objects to ReflectionBuilder
+ [SHIRO-594] - Update Hazelcast version to latest supported version (3.7.2)
+ [SHIRO-595] - Allow for POST only logout requests
+ [SHIRO-612] - Need to upgrade BeanUtils to avoid vulnerability
+
+New Feature
+
+ [SHIRO-501] - Add ability to set system properties in shiro.ini
+ [SHIRO-589] - Add Servlet 3.x fragment
+ [SHIRO-590] - Add Spring Boot support / starters
+
+Improvement
+
+ [SHIRO-296] - Typo fixes
+ [SHIRO-301] - Call permissionResolver directly in AuthorizingRealm
+ [SHIRO-392] - Shiro Extension for JAX-RS
+ [SHIRO-599] - Fix file encoding warnings during maven build and reporting
+
+
+###########################################################
+# 1.3.2
+###########################################################
+
+Bug
+
+ [SHIRO-584] - URL Path matching issue with WebUtils.getPathWithinApplication
+
+
+###########################################################
+# 1.3.1
+###########################################################
+
+Bug
+
+ [SHIRO-577] - Regression - Unable to set custom SessionValidationScheduler
+ [SHIRO-581] - Improve log message when remember me cipher has changed
+
+
+###########################################################
+# 1.3.0
+###########################################################
+
+Bug
+
+ [SHIRO-373] - Complete CAS remember-me support
+ [SHIRO-397] - SingleArgumentMethodEventListenerTest fails
+ [SHIRO-421] - Unable to set long timeouts on HttpServletSession
+ [SHIRO-435] - SecurityManager is not a singleton in ShiroWebModule
+ [SHIRO-473] - DefaultAnnotationResolver.getAnnotation throws NullPointerException
+ [SHIRO-480] - setTarget method in DomainPermission does not set targets
+ [SHIRO-483] - passwordsMatch() returns false with right plain password-encrypted password in JVM with default locale tr_TR
+ [SHIRO-502] - OSGi import of com.google.inject in shiro-guice has incorrect version range
+ [SHIRO-513] - Misleading error message when using custom WebEnvironment
+ [SHIRO-515] - ExecutorServiceSessionValidationScheduler leaks resources due to improper synchronization
+ [SHIRO-547] - Use MessageDigest#isEqual() instead of Arrays#equals() for comparing digests
+ [SHIRO-568] - hash iterations is calculated wrongly in SimpleHash
+ [SHIRO-570] - SimpleCookie should check the path of the cookie
+
+New Feature
+
+ [SHIRO-200] - Add ability to configure basic authentication for specific HTTP methods
+ [SHIRO-395] - Add an Event Bus for event publishing and low-coupling for custom components/plugins.
+ [SHIRO-412] - Hazelcast-based caching and session clustering
+ [SHIRO-436] - Add EnvironmentLoader finalizeEnvironment method
+
+Improvement
+
+ [SHIRO-278] - Rename JndiLdapRealm to DefaultLdapRealm
+ [SHIRO-300] - WildcardPermission: change visibility of field 'parts' to protected
+ [SHIRO-361] - HttpServletResponse.encodeURL: only append JSESSIONID when necessary
+ [SHIRO-428] - AuthorizingRealm "no cache" logging should be at DEBUG level, not INFO, OR is should log only once
+ [SHIRO-437] - WildcardPermission: conformed toString
+ [SHIRO-514] - ExecutorServiceSessionValidationScheduler should create threads with a configurable name
+ [SHIRO-564] - WildcardPermission case-insensitive makes parts collections twice
+ [SHIRO-566] - CollectionUtils should use Collections wrappers of arrays if possible
+
+Task
+
+ [SHIRO-208] - Correct JDK 1.5 / 1.6 incompatibilities
+ [SHIRO-320] - Add an example for using Guice integration.
+ [SHIRO-571] - Mark shiro-cas deprecated (replaced with buji-pac4j)
+
+
+###########################################################
+# 1.2.6
+###########################################################
+
+Bug
+
+ [SHIRO-545] - JavaEnvironment version getter
+ [SHIRO-567] - shiro-root-1.2.5.pom uses invalid encoding, fails to parse with Gradle 2.14
+
+
+###########################################################
+# 1.2.5
+###########################################################
+
+Bug
+
+ [SHIRO-443] - SessionValidationScheduler created multiple times, enabling it is not thread safe
+ [SHIRO-462] - Authentication exceptions are swallowed
+ [SHIRO-467] - Authentication exception gets swallowed
+ [SHIRO-550] - Randomize default remember me cipher
+
+Improvement
+
+ [SHIRO-504] - Java 8 support
+ [SHIRO-516] - Explicitly specify the version of aspectjtools to avoid build warning
+ [SHIRO-562] - WildcardPermission calls String.trim() twice in setParts()
+
+
+###########################################################
+# 1.2.4
+###########################################################
+
+Bug
+
+ [SHIRO-517] - Caused by: java.lang.NoClassDefFoundError: Lcom/google/inject/internal/util/$ImmutableList;
+ [SHIRO-518] - Shiro-CAS: Security Problem in cas-client-core versions older than 3.3.2
+ [SHIRO-556] - https://shiro.apache.org/realm.html appears to link to the javadoc under static/current/apidocs not static/latest
+
+Improvement
+
+ [SHIRO-332] - Change access level of method 'isPermitted' in org.apache.shiro.realm.AuthorizingRealm (line 461) from private to protected
+ [SHIRO-496] - Update shiro.guice dependency
+ [SHIRO-498] - ThreadLocal should not be created when not necessary
+
+
+###########################################################
+# 1.2.2
+###########################################################
+
+Bug:
+
+ [SHIRO-316] - Annotations in samples-aspectj Project Does not Work
+ [SHIRO-351] - Shiro Native Session implementation cannot extract JSESSIONID From URL if JSESSIONID is URL parameter (not HTTP parameter)
+ [SHIRO-379] - SimpleAccountRealm concurrency access to roles and users
+ [SHIRO-380] - runAs feature (still) doesn't work
+ [SHIRO-387] - EnvironmentLoader destroys wrong environment
+ [SHIRO-388] - Stackoverflow org.apache.shiro.session.SessionListener.onStop()
+ [SHIRO-389] - Fix OSGI Exports for shiro-ehcache
+ [SHIRO-390] - OSGi Import for JSP (javax.servlet.jsp) should be declared optional
+ [SHIRO-394] - PropertiesRealm reloading not working when loading from file
+ [SHIRO-399] - Memory leak for invalid sessions
+ [SHIRO-403] - Trunk will not build under JDK 1.7 due to webstart plugin
+ [SHIRO-413] - init() method is not called on class that implements org.apache.shiro.util.Initializable
+ [SHIRO-415] - isLoginAttempt method in BasicHttpAuthenticationFilter class fails if used in any locale other than English
+ [SHIRO-418] - Javadoc typo in JdbcRealm.SaltStyle
+ [SHIRO-423] - INI ReflectionBuilder should not wrap reference values
+ [SHIRO-429] - perms filter parsing is too sensitive to a trailing space
+ [SHIRO-431] - please use git ignore
+ [SHIRO-447] - Broken Javadoc links
+
+
+###########################################################
+# 1.2.1
+###########################################################
+
+Bug:
+
+ [SHIRO-341] - ReflectionBuilder has invalid log message format
+ [SHIRO-342] - Running the example as described at http://shiro.apache.org/10-minute-tutorial.html fails
+ [SHIRO-344] - runAs feature doesn't work
+ [SHIRO-350] - Creating a subject should not create a session
+ [SHIRO-353] - DefaultSecurityManager has invalid SLF4J log instruction
+ [SHIRO-354] - Authentication cache
+ [SHIRO-358] - Source Tarball doesn't Build
+ [SHIRO-363] - PasswordMatcher should support character arrays
+ [SHIRO-368] - DomainPermission(string, string) constructor sets targets to the same value as actions
+ [SHIRO-375] - Basic authentication issue when using COLON character
+ [SHIRO-376] - shiro-cas feature should not depend on shiro-cas
+ [SHIRO-377] - PropertiesRealm unable to reload Properties
+
+
+###########################################################
+# 1.2.0
+###########################################################
+
+Backwards Incompatible Changes
+--------------------------------
+- The following org.apache.shiro.mgt.DefaultSecurityManager methods have been removed:
+ bindPrincipalsToSession(principals, context)
+
+ This logic has been moved into a SubjectDAO concept to allow end-users to control
+ exactly how the Session may be used for subject state persistence. This allows a
+ single point of control rather than needing to configure Shiro in multiple places.
+
+ If you overrode this method in Shiro 1.0 or 1.1, please look at the new
+ org.apache.shiro.mgt.DefaultSubjectDAO implementation, which performs compatible logic.
+ Documentation for this is covered here:
+ http://shiro.apache.org/session-management.html#SessionManagement-SessionsandSubjectState
+
+- The org.apache.shiro.web.session.mgt.ServletContainerSessionManager implementation
+ (enabled by default for all web applications) no longer subclasses
+ org.apache.shiro.session.mgt.AbstractSessionManager. AbstractSessionManager existed
+ originally to consolidate a 'globalSessionTimeout' configuration property for
+ subclasses. However, the ServletContainerSessionManager has been changed to always
+ reflect the session configuration from web.xml (per its namesake). Because web.xml
+ is the definitive source for session timeout configuration, the 'extends' clause
+ was removed to avoid configuration confusion: if someone attempted to configure
+ 'globalSessionTimeout' on a ServletContainerSessionManager instance, it would never
+ be honored. It was better to remove the extends clause to ensure that any
+ such configuration would fail fast when Shiro starts up to reflect the invalid config.
+
+
+Potential Breaking Changes
+--------------------------------
+- The org.apache.shiro.web.filter.mgt.FilterChainManager class's
+ addFilter(String name, Filter filter) semantics have changed. It now no longer
+ attempts to initialize a filter by default before adding the filter to the chain.
+ If you ever called this method, you can call the
+ addFilter(name, filter, true) method to achieve the <= 1.1 behavior.
+
+- The org.apache.shiro.crypto.SecureRandomNumberGenerator previously defaulted to generating
+ 128 random _bytes_ each time the nextBytes() method was called. This is too large for most purposes, so the
+ default has been changed to 16 _bytes_ (which equals 128 bits - what was originally intended). If for some reason
+ you need more than 16 bytes (128 bits) of randomly generated bits, you will need to configure the
+ 'defaultNextByteSize' property to match your desired size (in bytes, NOT bits).
+
+- Shiro's Block Cipher Services (AesCipherService, BlowfishCipherService) have had the following changes:
+
+ 1) The internal Cipher Mode and Streaming Cipher Mode have been changed from CFB to the new default of CBC.
+ CBC is more commonly used for block ciphers today (e.g. SSL).
+ If you were using an AES or Blowfish CipherService you will want to revert to the previous defaults in your config
+ to ensure you can still decrypt previously encrypted data. For example, in code:
+
+ blockCipherService.setMode(OperationMode.CFB);
+ blockCipherService.setStreamingMode(OperationMode.CFB);
+
+ or, in shiro.ini:
+
+ blockCipherService.modeName = CFB
+ blockCipherService.streamingModeName = CFB
+
+ 2) The internal Streaming Padding Scheme has been changed from NONE to PKCS5 as PKCS5 is more commonly used.
+ If you were using an AES or Blowfish CipherService for streaming operations, you will want to revert to the
+ previous padding scheme default to ensure you can still decrypt previously encrypted data. For example, in code:
+
+ blockCipherService.setStreamingPaddingScheme(PaddingScheme.NONE);
+
+ or, in shiro.ini:
+
+ blockCipherService.streamingPaddingSchemeName = NoPadding
+
+ Note the difference in code vs shiro.ini in this last example: 'NoPadding' is the correct text value, 'NONE' is
+ the correct Enum value.
+
+###########################################################
+# 1.1.0
+###########################################################
+
+Backwards Incompatible Changes
+--------------------------------
+- The org.apache.shiro.web.util.RedirectView class's
+ appendQueryProperties(StringBuffer targetUrl, Map model, String encodingScheme)
+ method has been changed to accept a StringBuilder argument instead of a
+ StringBuffer per SHIRO-191. RedirectView is considered an internal
+ implementation support class and Shiro end-users should not be affected by this.
diff --git a/core/src/main/java/org/apache/shiro/authc/SimpleAccount.java b/core/src/main/java/org/apache/shiro/authc/SimpleAccount.java
index 790668b6bf..d173ebd73b 100644
--- a/core/src/main/java/org/apache/shiro/authc/SimpleAccount.java
+++ b/core/src/main/java/org/apache/shiro/authc/SimpleAccount.java
@@ -96,9 +96,9 @@ public SimpleAccount(Object principal, Object credentials, String realmName) {
* @see org.apache.shiro.authc.credential.HashedCredentialsMatcher HashedCredentialsMatcher
* @since 1.1
*/
- @SuppressWarnings("checkstyle:LineLength")
public SimpleAccount(Object principal, Object hashedCredentials, ByteSource credentialsSalt, String realmName) {
- this(principal instanceof PrincipalCollection ? (PrincipalCollection) principal : new SimplePrincipalCollection(principal, realmName),
+ this(principal instanceof PrincipalCollection ? (PrincipalCollection) principal
+ : new SimplePrincipalCollection(principal, realmName),
hashedCredentials, credentialsSalt);
}
@@ -164,8 +164,8 @@ public SimpleAccount(PrincipalCollection principals, Object credentials, Set roleNames, Set permissions) {
+ public SimpleAccount(Object principal, Object credentials, String realmName,
+ Set roleNames, Set permissions) {
this.authcInfo = new SimpleAuthenticationInfo(new SimplePrincipalCollection(principal, realmName), credentials);
this.authzInfo = new SimpleAuthorizationInfo(roleNames);
this.authzInfo.setObjectPermissions(permissions);
@@ -182,8 +182,9 @@ public SimpleAccount(Object principal, Object credentials, String realmName, Set
* @param roleNames the names of the roles assigned to this account.
* @param permissions the permissions assigned to this account directly (not those assigned to any of the realms).
*/
- @SuppressWarnings("checkstyle:LineLength")
- public SimpleAccount(Collection principals, Object credentials, String realmName, Set roleNames, Set permissions) {
+
+ public SimpleAccount(Collection principals, Object credentials, String realmName,
+ Set roleNames, Set permissions) {
this.authcInfo = new SimpleAuthenticationInfo(new SimplePrincipalCollection(principals, realmName), credentials);
this.authzInfo = new SimpleAuthorizationInfo(roleNames);
this.authzInfo.setObjectPermissions(permissions);
diff --git a/core/src/main/java/org/apache/shiro/authc/credential/HashedCredentialsMatcher.java b/core/src/main/java/org/apache/shiro/authc/credential/HashedCredentialsMatcher.java
index 0ba10d6464..87c663079c 100644
--- a/core/src/main/java/org/apache/shiro/authc/credential/HashedCredentialsMatcher.java
+++ b/core/src/main/java/org/apache/shiro/authc/credential/HashedCredentialsMatcher.java
@@ -212,7 +212,6 @@ public void setStoredCredentialsHexEncoded(boolean storedCredentialsHexEncoded)
this.storedCredentialsHexEncoded = storedCredentialsHexEncoded;
}
- @SuppressWarnings("checkstyle:LineLength")
/**
* Returns {@code true} if a submitted {@code AuthenticationToken}'s credentials should be salted when hashing,
* {@code false} if it should not be salted.
@@ -225,7 +224,8 @@ public void setStoredCredentialsHexEncoded(boolean storedCredentialsHexEncoded)
* {@code false} if it should not be salted.
* @deprecated since Shiro 1.1. Hash salting is now expected to be based on if the {@link AuthenticationInfo}
* returned from the {@code Realm} is a {@link SaltedAuthenticationInfo} instance and its
- * {@link org.apache.shiro.authc.SaltedAuthenticationInfo#getCredentialsSalt() getCredentialsSalt()} method returns a non-null value.
+ * {@link org.apache.shiro.authc.SaltedAuthenticationInfo#getCredentialsSalt() getCredentialsSalt()} method
+ * returns a non-null value.
* This method and the 1.0 behavior still exists for backwards compatibility if the {@code Realm} does not return
* {@code SaltedAuthenticationInfo} instances, but it is highly recommended that {@code Realm} implementations
* that support hashed credentials start returning {@link SaltedAuthenticationInfo SaltedAuthenticationInfo}
@@ -244,14 +244,16 @@ public boolean isHashSalted() {
/**
* Sets whether to salt a submitted {@code AuthenticationToken}'s credentials when hashing.
*
- * If enabled, the salt used will be obtained via the {@link #getSalt(org.apache.shiro.authc.AuthenticationToken) getCredentialsSalt} method.
+ * If enabled, the salt used will be obtained via the
+ * {@link #getSalt(org.apache.shiro.authc.AuthenticationToken) getCredentialsSalt} method.
*
* The default value is {@code false}.
*
* @param hashSalted whether to salt a submitted {@code AuthenticationToken}'s credentials when hashing.
* @deprecated since Shiro 1.1. Hash salting is now expected to be based on if the {@link AuthenticationInfo}
* returned from the {@code Realm} is a {@link SaltedAuthenticationInfo} instance and its
- * {@link org.apache.shiro.authc.SaltedAuthenticationInfo#getCredentialsSalt() getCredentialsSalt()} method returns a non-null value.
+ * {@link org.apache.shiro.authc.SaltedAuthenticationInfo#getCredentialsSalt() getCredentialsSalt()}
+ * method returns a non-null value.
* This method and the 1.0 behavior still exists for backwards compatibility if the {@code Realm} does not return
* {@code SaltedAuthenticationInfo} instances, but it is highly recommended that {@code Realm} implementations
* that support hashed credentials start returning {@link SaltedAuthenticationInfo SaltedAuthenticationInfo}
@@ -299,7 +301,6 @@ public void setHashIterations(int hashIterations) {
}
}
- @SuppressWarnings("checkstyle:LineLength")
/**
* Returns a salt value used to hash the token's credentials.
*
@@ -311,7 +312,8 @@ public void setHashIterations(int hashIterations) {
* @return a salt value to use to hash the authentication token's credentials.
* @deprecated since Shiro 1.1. Hash salting is now expected to be based on if the {@link AuthenticationInfo}
* returned from the {@code Realm} is a {@link SaltedAuthenticationInfo} instance and its
- * {@link org.apache.shiro.authc.SaltedAuthenticationInfo#getCredentialsSalt() getCredentialsSalt()} method returns a non-null value.
+ * {@link org.apache.shiro.authc.SaltedAuthenticationInfo#getCredentialsSalt() getCredentialsSalt()} method
+ * returns a non-null value.
* This method and the 1.0 behavior still exists for backwards compatibility if the {@code Realm} does not return
* {@code SaltedAuthenticationInfo} instances, but it is highly recommended that {@code Realm} implementations
* that support hashed credentials start returning {@link SaltedAuthenticationInfo SaltedAuthenticationInfo}
@@ -451,10 +453,10 @@ protected Hash hashProvidedCredentials(Object credentials, Object salt, int hash
return new SimpleHash(hashAlgorithmName, credentials, requireNonNull(salt, "salt cannot be null."), hashIterations);
}
- @SuppressWarnings("checkstyle:LineLength")
/**
* Returns a new, uninitialized instance, without its byte array set. Used as a utility method in the
- * {@link SimpleCredentialsMatcher#getCredentials(org.apache.shiro.authc.AuthenticationInfo) getCredentials(AuthenticationInfo)} implementation.
+ * {@link SimpleCredentialsMatcher#getCredentials(org.apache.shiro.authc.AuthenticationInfo)
+ * getCredentials(AuthenticationInfo)} implementation.
*
* @return a new, uninitialized instance, without its byte array set.
*/
diff --git a/core/src/main/java/org/apache/shiro/authc/pam/AbstractAuthenticationStrategy.java b/core/src/main/java/org/apache/shiro/authc/pam/AbstractAuthenticationStrategy.java
index 28ebc64985..718578f954 100644
--- a/core/src/main/java/org/apache/shiro/authc/pam/AbstractAuthenticationStrategy.java
+++ b/core/src/main/java/org/apache/shiro/authc/pam/AbstractAuthenticationStrategy.java
@@ -36,20 +36,21 @@
*/
public abstract class AbstractAuthenticationStrategy implements AuthenticationStrategy {
- @SuppressWarnings("checkstyle:LineLength")
/**
- * Simply returns new {@link org.apache.shiro.authc.SimpleAuthenticationInfo SimpleAuthenticationInfo}();, which supports
+ * Simply returns new {@link org.apache.shiro.authc.SimpleAuthenticationInfo SimpleAuthenticationInfo}();,
+ * which supports
* aggregating account data across realms.
*/
- public AuthenticationInfo beforeAllAttempts(Collection extends Realm> realms, AuthenticationToken token) throws AuthenticationException {
+ public AuthenticationInfo beforeAllAttempts(Collection extends Realm> realms, AuthenticationToken token)
+ throws AuthenticationException {
return new SimpleAuthenticationInfo();
}
- @SuppressWarnings("checkstyle:LineLength")
/**
* Simply returns the aggregate method argument, without modification.
*/
- public AuthenticationInfo beforeAttempt(Realm realm, AuthenticationToken token, AuthenticationInfo aggregate) throws AuthenticationException {
+ public AuthenticationInfo beforeAttempt(Realm realm, AuthenticationToken token, AuthenticationInfo aggregate)
+ throws AuthenticationException {
return aggregate;
}
@@ -95,11 +96,11 @@ protected AuthenticationInfo merge(AuthenticationInfo info, AuthenticationInfo a
}
}
- @SuppressWarnings("checkstyle:LineLength")
/**
* Simply returns the aggregate argument without modification. Can be overridden for custom behavior.
*/
- public AuthenticationInfo afterAllAttempts(AuthenticationToken token, AuthenticationInfo aggregate) throws AuthenticationException {
+ public AuthenticationInfo afterAllAttempts(AuthenticationToken token, AuthenticationInfo aggregate)
+ throws AuthenticationException {
return aggregate;
}
}
diff --git a/core/src/main/java/org/apache/shiro/authc/pam/AllSuccessfulStrategy.java b/core/src/main/java/org/apache/shiro/authc/pam/AllSuccessfulStrategy.java
index 05b7fb9ba9..8d200a85dc 100644
--- a/core/src/main/java/org/apache/shiro/authc/pam/AllSuccessfulStrategy.java
+++ b/core/src/main/java/org/apache/shiro/authc/pam/AllSuccessfulStrategy.java
@@ -45,10 +45,10 @@ public class AllSuccessfulStrategy extends AbstractAuthenticationStrategy {
*/
private static final Logger LOGGER = LoggerFactory.getLogger(AllSuccessfulStrategy.class);
- @SuppressWarnings("checkstyle:LineLength")
/**
* Because all realms in this strategy must complete successfully, this implementation ensures that the given
- * Realm {@link org.apache.shiro.realm.Realm#supports(org.apache.shiro.authc.AuthenticationToken) supports} the given
+ * Realm {@link org.apache.shiro.realm.Realm#supports(org.apache.shiro.authc.AuthenticationToken) supports}
+ * the given
* token argument. If it does not, this method throws an
* {@link UnsupportedTokenException UnsupportedTokenException} to end the authentication
* process immediately. If the realm does support the token, the info argument is returned immediately.
@@ -76,8 +76,8 @@ public AuthenticationInfo beforeAttempt(Realm realm, AuthenticationToken token,
* realm did in fact authenticate successfully
*
*/
- @SuppressWarnings("checkstyle:LineLength")
- public AuthenticationInfo afterAttempt(Realm realm, AuthenticationToken token, AuthenticationInfo info, AuthenticationInfo aggregate, Throwable t)
+ public AuthenticationInfo afterAttempt(Realm realm, AuthenticationToken token,
+ AuthenticationInfo info, AuthenticationInfo aggregate, Throwable t)
throws AuthenticationException {
if (t != null) {
if (t instanceof AuthenticationException) {
diff --git a/core/src/main/java/org/apache/shiro/authc/pam/AtLeastOneSuccessfulStrategy.java b/core/src/main/java/org/apache/shiro/authc/pam/AtLeastOneSuccessfulStrategy.java
index 1278ea7310..c1928d583c 100644
--- a/core/src/main/java/org/apache/shiro/authc/pam/AtLeastOneSuccessfulStrategy.java
+++ b/core/src/main/java/org/apache/shiro/authc/pam/AtLeastOneSuccessfulStrategy.java
@@ -51,8 +51,8 @@ private static boolean isEmpty(PrincipalCollection pc) {
* is not null, and if either is null, throws an AuthenticationException to indicate
* that none of the realms authenticated successfully.
*/
- @SuppressWarnings("checkstyle:LineLength")
- public AuthenticationInfo afterAllAttempts(AuthenticationToken token, AuthenticationInfo aggregate) throws AuthenticationException {
+ public AuthenticationInfo afterAllAttempts(AuthenticationToken token, AuthenticationInfo aggregate)
+ throws AuthenticationException {
//we know if one or more were able to successfully authenticate if the aggregated account object does not
//contain null or empty data:
if (aggregate == null || isEmpty(aggregate.getPrincipals())) {
diff --git a/core/src/main/java/org/apache/shiro/authc/pam/AuthenticationStrategy.java b/core/src/main/java/org/apache/shiro/authc/pam/AuthenticationStrategy.java
index 622bfb8f64..0231b6212b 100644
--- a/core/src/main/java/org/apache/shiro/authc/pam/AuthenticationStrategy.java
+++ b/core/src/main/java/org/apache/shiro/authc/pam/AuthenticationStrategy.java
@@ -56,10 +56,9 @@ public interface AuthenticationStrategy {
* @return an empty AuthenticationInfo object that will populated with data from multiple realms.
* @throws AuthenticationException if the strategy implementation does not wish the Authentication attempt to execute.
*/
- @SuppressWarnings("checkstyle:LineLength")
- AuthenticationInfo beforeAllAttempts(Collection extends Realm> realms, AuthenticationToken token) throws AuthenticationException;
+ AuthenticationInfo beforeAllAttempts(Collection extends Realm> realms, AuthenticationToken token)
+ throws AuthenticationException;
- @SuppressWarnings("checkstyle:LineLength")
/**
* Method invoked by the ModularAuthenticator just prior to the realm being consulted for account data,
* allowing pre-authentication-attempt logic for that realm only.
@@ -73,12 +72,13 @@ public interface AuthenticationStrategy {
* @param aggregate the aggregated AuthenticationInfo object being used across the multi-realm authentication attempt
* @return the AuthenticationInfo object that will be presented to further realms in the authentication process - returning
* the {@code aggregate} method argument is the normal case if no special action needs to be taken.
- * @throws org.apache.shiro.authc.AuthenticationException an exception thrown by the Strategy implementation if it wishes the login
- * process for the associated subject (user) to stop immediately.
+ * @throws org.apache.shiro.authc.AuthenticationException
+ * an exception thrown by the Strategy implementation if it wishes the login process
+ * for the associated subject (user) to stop immediately.
*/
- AuthenticationInfo beforeAttempt(Realm realm, AuthenticationToken token, AuthenticationInfo aggregate) throws AuthenticationException;
+ AuthenticationInfo beforeAttempt(Realm realm, AuthenticationToken token, AuthenticationInfo aggregate)
+ throws AuthenticationException;
- @SuppressWarnings("checkstyle:LineLength")
/**
* Method invoked by the ModularAuthenticator just after the given realm has been consulted for authentication,
* allowing post-authentication-attempt logic for that realm only.
@@ -91,7 +91,8 @@ public interface AuthenticationStrategy {
* @param token the {@code AuthenticationToken} submitted for the subject attempting system log-in.
* @param singleRealmInfo the info returned from a single realm.
* @param aggregateInfo the aggregate info representing all realms in a multi-realm environment.
- * @param t the Throwable thrown by the Realm during the attempt, or {@code null} if the method returned normally.
+ * @param t the Throwable thrown by the Realm during the attempt,
+ * or {@code null} if the method returned normally.
* @return the AuthenticationInfo object that will be presented to further realms in the authentication process - returning
* the {@code aggregateAccount} method argument is the normal case if no special action needs to be taken.
* @throws AuthenticationException an exception thrown by the Strategy implementation if it wishes the login process
@@ -102,13 +103,13 @@ AuthenticationInfo afterAttempt(Realm realm, AuthenticationToken token,
AuthenticationInfo aggregateInfo, Throwable t)
throws AuthenticationException;
- @SuppressWarnings("checkstyle:LineLength")
/**
* Method invoked by the ModularAuthenticator signifying that all of its configured Realms have been consulted
* for account data, allowing post-processing after all realms have completed.
*
*
Returns the final AuthenticationInfo object that will be returned from the Authenticator to the authenticate() caller.
- * This is most likely the aggregate AuthenticationInfo object that has been populated by many realms, but the actual return value is
+ * This is most likely the aggregate AuthenticationInfo object that has been populated by many realms,
+ * but the actual return value is
* always up to the implementation.
*
* @param token the {@code AuthenticationToken} submitted for the subject attempting system log-in.
diff --git a/core/src/main/java/org/apache/shiro/authc/pam/FirstSuccessfulStrategy.java b/core/src/main/java/org/apache/shiro/authc/pam/FirstSuccessfulStrategy.java
index 98907aa9ba..2845edf30d 100644
--- a/core/src/main/java/org/apache/shiro/authc/pam/FirstSuccessfulStrategy.java
+++ b/core/src/main/java/org/apache/shiro/authc/pam/FirstSuccessfulStrategy.java
@@ -51,20 +51,19 @@ public boolean getStopAfterFirstSuccess() {
* Returns {@code null} immediately, relying on this class's {@link #merge merge} implementation to return
* only the first {@code info} object it encounters, ignoring all subsequent ones.
*/
- @SuppressWarnings("checkstyle:LineLength")
- public AuthenticationInfo beforeAllAttempts(Collection extends Realm> realms, AuthenticationToken token) throws AuthenticationException {
+ public AuthenticationInfo beforeAllAttempts(Collection extends Realm> realms, AuthenticationToken token)
+ throws AuthenticationException {
return null;
}
-
- @SuppressWarnings("checkstyle:LineLength")
/**
* Throws ShortCircuitIterationException if stopAfterFirstSuccess is set and authentication is
* successful with a previously consulted realm.
* Returns the aggregate method argument, without modification
* otherwise.
*/
- public AuthenticationInfo beforeAttempt(Realm realm, AuthenticationToken token, AuthenticationInfo aggregate) throws AuthenticationException {
+ public AuthenticationInfo beforeAttempt(Realm realm, AuthenticationToken token, AuthenticationInfo aggregate)
+ throws AuthenticationException {
if (getStopAfterFirstSuccess() && aggregate != null && !isEmpty(aggregate.getPrincipals())) {
throw new ShortCircuitIterationException();
}
diff --git a/core/src/main/java/org/apache/shiro/authz/Authorizer.java b/core/src/main/java/org/apache/shiro/authz/Authorizer.java
index 7f77ba6769..9245dc3366 100644
--- a/core/src/main/java/org/apache/shiro/authz/Authorizer.java
+++ b/core/src/main/java/org/apache/shiro/authz/Authorizer.java
@@ -254,17 +254,16 @@ public interface Authorizer {
*/
void checkRoles(PrincipalCollection subjectPrincipal, Collection roleIdentifiers) throws AuthorizationException;
- @SuppressWarnings("checkstyle:LineLength")
/**
* Same as {@link #checkRoles(org.apache.shiro.subject.PrincipalCollection, java.util.Collection)
- * checkRoles(PrincipalCollection subjectPrincipal, Collection<String> roleIdentifiers)} but doesn't require a collection
- * as an argument.
- * Asserts the corresponding Subject/user has all of the specified roles by returning quietly if they do or
+ * checkRoles(PrincipalCollection subjectPrincipal,
+ * Collection<String> roleIdentifiers)} but doesn't require a collection as an argument.
+ * Asserts the corresponding Subject/user has all the specified roles by returning quietly if they do or
* throwing an {@link AuthorizationException} if they do not.
*
* @param subjectPrincipal the application-specific subject/user identifier.
* @param roleIdentifiers the application-specific role identifiers to check (usually role ids or role names).
- * @throws AuthorizationException if the user does not have all of the specified roles.
+ * @throws AuthorizationException if the user does not have all the specified roles.
* @since 1.1.0
*/
void checkRoles(PrincipalCollection subjectPrincipal, String... roleIdentifiers) throws AuthorizationException;
diff --git a/core/src/main/java/org/apache/shiro/authz/ModularRealmAuthorizer.java b/core/src/main/java/org/apache/shiro/authz/ModularRealmAuthorizer.java
index 78f439108f..a038a230ba 100644
--- a/core/src/main/java/org/apache/shiro/authz/ModularRealmAuthorizer.java
+++ b/core/src/main/java/org/apache/shiro/authz/ModularRealmAuthorizer.java
@@ -102,7 +102,6 @@ public PermissionResolver getPermissionResolver() {
return this.permissionResolver;
}
- @SuppressWarnings("checkstyle:LineLength")
/**
* Sets the specified {@link PermissionResolver PermissionResolver} on all of the wrapped realms that
* implement the {@link org.apache.shiro.authz.permission.PermissionResolverAware PermissionResolverAware} interface.
@@ -111,8 +110,9 @@ public PermissionResolver getPermissionResolver() {
* PermissionResolver interface. If you do not want this to occur, the realms must
* configure themselves individually (or be configured individually).
*
- * @param permissionResolver the permissionResolver to set on all of the wrapped realms that implement the
- * {@link org.apache.shiro.authz.permission.PermissionResolverAware PermissionResolverAware} interface.
+ * @param permissionResolver the permissionResolver to set on all the wrapped realms that implement the
+ * {@link org.apache.shiro.authz.permission.PermissionResolverAware PermissionResolverAware}
+ * interface.
*/
public void setPermissionResolver(PermissionResolver permissionResolver) {
this.permissionResolver = permissionResolver;
@@ -156,7 +156,6 @@ public RolePermissionResolver getRolePermissionResolver() {
return this.rolePermissionResolver;
}
- @SuppressWarnings("checkstyle:LineLength")
/**
* Sets the specified {@link RolePermissionResolver RolePermissionResolver} on all of the wrapped realms that
* implement the {@link org.apache.shiro.authz.permission.RolePermissionResolverAware PermissionResolverAware} interface.
@@ -165,8 +164,9 @@ public RolePermissionResolver getRolePermissionResolver() {
* RolePermissionResolver interface. If you do not want this to occur, the realms must
* configure themselves individually (or be configured individually).
*
- * @param rolePermissionResolver the rolePermissionResolver to set on all of the wrapped realms that implement the
- * {@link org.apache.shiro.authz.permission.RolePermissionResolverAware RolePermissionResolverAware} interface.
+ * @param rolePermissionResolver the rolePermissionResolver to set on all the wrapped realms that implement the
+ * {@link org.apache.shiro.authz.permission.RolePermissionResolverAware RolePermissionResolverAware}
+ * interface.
*/
public void setRolePermissionResolver(RolePermissionResolver rolePermissionResolver) {
this.rolePermissionResolver = rolePermissionResolver;
@@ -180,7 +180,8 @@ public void setRolePermissionResolver(RolePermissionResolver rolePermissionResol
* {@link org.apache.shiro.authz.permission.RolePermissionResolverAware RolePermissionResolverAware} interface.
*
* This method is called after setting a rolePermissionResolver on this ModularRealmAuthorizer via the
- * {@link #setRolePermissionResolver(org.apache.shiro.authz.permission.RolePermissionResolver) setRolePermissionResolver} method.
+ * {@link #setRolePermissionResolver(org.apache.shiro.authz.permission.RolePermissionResolver) setRolePermissionResolver}
+ * method.
*
* It is also called after setting one or more realms via the {@link #setRealms setRealms} method to allow these
* newly available realms to be given the RolePermissionResolver already in use.
@@ -356,13 +357,13 @@ public void checkPermissions(PrincipalCollection principals, String... permissio
}
}
- @SuppressWarnings("checkstyle:LineLength")
/**
* If !{@link #isPermitted(org.apache.shiro.subject.PrincipalCollection, Permission) isPermitted(permission)} for
* all the given Permissions, throws
* an UnauthorizedException otherwise returns quietly.
*/
- public void checkPermissions(PrincipalCollection principals, Collection permissions) throws AuthorizationException {
+ public void checkPermissions(PrincipalCollection principals, Collection permissions)
+ throws AuthorizationException {
assertRealmsConfigured();
if (permissions != null) {
for (Permission permission : permissions) {
@@ -433,9 +434,9 @@ public void checkRole(PrincipalCollection principals, String role) throws Author
}
}
- @SuppressWarnings("checkstyle:LineLength")
/**
- * Calls {@link #checkRoles(PrincipalCollection principals, String... roles) checkRoles(PrincipalCollection principals, String... roles) }.
+ * Calls {@link #checkRoles(PrincipalCollection principals, String... roles)
+ * checkRoles(PrincipalCollection principals, String... roles) }.
*/
public void checkRoles(PrincipalCollection principals, Collection roles) throws AuthorizationException {
//SHIRO-234 - roles.toArray() -> roles.toArray(new String[roles.size()])
diff --git a/core/src/main/java/org/apache/shiro/authz/annotation/RequiresAuthentication.java b/core/src/main/java/org/apache/shiro/authz/annotation/RequiresAuthentication.java
index 1f84ddb209..a7e33ee193 100644
--- a/core/src/main/java/org/apache/shiro/authz/annotation/RequiresAuthentication.java
+++ b/core/src/main/java/org/apache/shiro/authz/annotation/RequiresAuthentication.java
@@ -24,14 +24,14 @@
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
-@SuppressWarnings("checkstyle:LineLength")
/**
* Requires the current Subject to have been authenticated during their current session for the annotated
* class/instance/method to be accessed or invoked. This is more restrictive than the
* {@link RequiresUser RequiresUser} annotation.
*
* This annotation basically ensures that
- * {@link org.apache.shiro.subject.Subject subject}.{@link org.apache.shiro.subject.Subject#isAuthenticated() isAuthenticated()} === true
+ * {@link org.apache.shiro.subject.Subject subject}.
+ * {@link org.apache.shiro.subject.Subject#isAuthenticated() isAuthenticated()} === true
*
* See the {@link RequiresUser RequiresUser} and
* {@link org.apache.shiro.authc.RememberMeAuthenticationToken RememberMeAuthenticationToken} JavaDoc for an
diff --git a/core/src/main/java/org/apache/shiro/authz/aop/AuthenticatedAnnotationHandler.java b/core/src/main/java/org/apache/shiro/authz/aop/AuthenticatedAnnotationHandler.java
index 2d13b0d002..3abf06e0c9 100644
--- a/core/src/main/java/org/apache/shiro/authz/aop/AuthenticatedAnnotationHandler.java
+++ b/core/src/main/java/org/apache/shiro/authz/aop/AuthenticatedAnnotationHandler.java
@@ -18,11 +18,11 @@
*/
package org.apache.shiro.authz.aop;
-import java.lang.annotation.Annotation;
-
import org.apache.shiro.authz.UnauthenticatedException;
import org.apache.shiro.authz.annotation.RequiresAuthentication;
+import java.lang.annotation.Annotation;
+
/**
* Handles {@link RequiresAuthentication RequiresAuthentication} annotations and ensures the calling subject is
@@ -40,10 +40,10 @@ public AuthenticatedAnnotationHandler() {
super(RequiresAuthentication.class);
}
- @SuppressWarnings("checkstyle:LineLength")
/**
* Ensures that the calling Subject is authenticated, and if not, throws an
- * {@link org.apache.shiro.authz.UnauthenticatedException UnauthenticatedException} indicating the method is not allowed to be executed.
+ * {@link org.apache.shiro.authz.UnauthenticatedException UnauthenticatedException}
+ * indicating the method is not allowed to be executed.
*
* @param a the annotation to inspect
* @throws org.apache.shiro.authz.UnauthenticatedException if the calling Subject has not yet
diff --git a/core/src/main/java/org/apache/shiro/authz/aop/AuthorizingAnnotationMethodInterceptor.java b/core/src/main/java/org/apache/shiro/authz/aop/AuthorizingAnnotationMethodInterceptor.java
index 26d02dbad6..e49f4d02ba 100644
--- a/core/src/main/java/org/apache/shiro/authz/aop/AuthorizingAnnotationMethodInterceptor.java
+++ b/core/src/main/java/org/apache/shiro/authz/aop/AuthorizingAnnotationMethodInterceptor.java
@@ -68,14 +68,14 @@ public Object invoke(MethodInvocation methodInvocation) throws Throwable {
return methodInvocation.proceed();
}
- @SuppressWarnings("checkstyle:LineLength")
/**
* Ensures the calling Subject is authorized to execute the specified MethodInvocation.
*
* As this is an AnnotationMethodInterceptor, this implementation merely delegates to the internal
* {@link AuthorizingAnnotationHandler AuthorizingAnnotationHandler} by first acquiring the annotation by
* calling {@link #getAnnotation(MethodInvocation) getAnnotation(methodInvocation)} and then calls
- * {@link AuthorizingAnnotationHandler#assertAuthorized(java.lang.annotation.Annotation) handler.assertAuthorized(annotation)}.
+ * {@link AuthorizingAnnotationHandler#assertAuthorized(java.lang.annotation.Annotation)
+ * handler.assertAuthorized(annotation)}.
*
* @param mi the MethodInvocation to check to see if it is allowed to proceed/execute.
* @throws AuthorizationException if the method invocation is not allowed to continue/execute.
diff --git a/core/src/main/java/org/apache/shiro/authz/aop/GuestAnnotationHandler.java b/core/src/main/java/org/apache/shiro/authz/aop/GuestAnnotationHandler.java
index c74e86b67f..10e567741f 100644
--- a/core/src/main/java/org/apache/shiro/authz/aop/GuestAnnotationHandler.java
+++ b/core/src/main/java/org/apache/shiro/authz/aop/GuestAnnotationHandler.java
@@ -18,19 +18,19 @@
*/
package org.apache.shiro.authz.aop;
-import java.lang.annotation.Annotation;
-
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.UnauthenticatedException;
import org.apache.shiro.authz.annotation.RequiresGuest;
-@SuppressWarnings("checkstyle:LineLength")
+import java.lang.annotation.Annotation;
+
/**
* Checks to see if a @{@link org.apache.shiro.authz.annotation.RequiresGuest RequiresGuest} annotation
* is declared, and if so, ensures the calling Subject does not
* have an {@link org.apache.shiro.subject.Subject#getPrincipal() identity} before invoking the method.
*
- * This annotation essentially ensures that subject.{@link org.apache.shiro.subject.Subject#getPrincipal() getPrincipal()} == null.
+ * This annotation essentially ensures that subject.
+ * {@link org.apache.shiro.subject.Subject#getPrincipal() getPrincipal()} == null.
*
* @since 0.9.0
*/
diff --git a/core/src/main/java/org/apache/shiro/authz/aop/GuestAnnotationMethodInterceptor.java b/core/src/main/java/org/apache/shiro/authz/aop/GuestAnnotationMethodInterceptor.java
index a89409bbf0..7acaa5454e 100644
--- a/core/src/main/java/org/apache/shiro/authz/aop/GuestAnnotationMethodInterceptor.java
+++ b/core/src/main/java/org/apache/shiro/authz/aop/GuestAnnotationMethodInterceptor.java
@@ -20,13 +20,13 @@
import org.apache.shiro.aop.AnnotationResolver;
-@SuppressWarnings("checkstyle:LineLength")
/**
* Checks to see if a @{@link org.apache.shiro.authz.annotation.RequiresGuest RequiresGuest} annotation
* is declared, and if so, ensures the calling Subject does not
* have an {@link org.apache.shiro.subject.Subject#getPrincipal() identity} before invoking the method.
*
- * This annotation essentially ensures that subject.{@link org.apache.shiro.subject.Subject#getPrincipal() getPrincipal()} == null.
+ * This annotation essentially ensures that subject.
+ * {@link org.apache.shiro.subject.Subject#getPrincipal() getPrincipal()} == null.
*
* @since 0.9.0
*/
diff --git a/core/src/main/java/org/apache/shiro/authz/aop/PermissionAnnotationHandler.java b/core/src/main/java/org/apache/shiro/authz/aop/PermissionAnnotationHandler.java
index d943a28c77..d8cfb9031e 100644
--- a/core/src/main/java/org/apache/shiro/authz/aop/PermissionAnnotationHandler.java
+++ b/core/src/main/java/org/apache/shiro/authz/aop/PermissionAnnotationHandler.java
@@ -53,14 +53,13 @@ protected String[] getAnnotationValue(Annotation a) {
return rpAnnotation.value();
}
- @SuppressWarnings("checkstyle:LineLength")
/**
* Ensures that the calling Subject has the Annotation's specified permissions, and if not, throws an
* AuthorizingException indicating access is denied.
*
* @param a the RequiresPermission annotation being inspected to check for one or more permissions
- * @throws org.apache.shiro.authz.AuthorizationException if the calling Subject does not have the permission(s) necessary to
- * continue access or execution.
+ * @throws org.apache.shiro.authz.AuthorizationException if the calling Subject does not have
+ * the permission(s) necessary to continue access or execution.
*/
public void assertAuthorized(Annotation a) throws AuthorizationException {
if (!(a instanceof RequiresPermissions)) {
diff --git a/core/src/main/java/org/apache/shiro/authz/aop/PermissionAnnotationMethodInterceptor.java b/core/src/main/java/org/apache/shiro/authz/aop/PermissionAnnotationMethodInterceptor.java
index 1a20e486cc..244fc673d3 100644
--- a/core/src/main/java/org/apache/shiro/authz/aop/PermissionAnnotationMethodInterceptor.java
+++ b/core/src/main/java/org/apache/shiro/authz/aop/PermissionAnnotationMethodInterceptor.java
@@ -20,10 +20,9 @@
import org.apache.shiro.aop.AnnotationResolver;
-@SuppressWarnings("checkstyle:LineLength")
/**
- * Checks to see if a @{@link org.apache.shiro.authz.annotation.RequiresPermissions RequiresPermissions} annotation is declared, and if so, performs
- * a permission check to see if the calling Subject is allowed to call the method.
+ * Checks to see if a @{@link org.apache.shiro.authz.annotation.RequiresPermissions RequiresPermissions} annotation is declared,
+ * and if so, performs a permission check to see if the calling Subject is allowed to call the method.
*
* @since 0.9
*/
diff --git a/core/src/main/java/org/apache/shiro/authz/aop/RoleAnnotationHandler.java b/core/src/main/java/org/apache/shiro/authz/aop/RoleAnnotationHandler.java
index d827ce807d..0cc8de0614 100644
--- a/core/src/main/java/org/apache/shiro/authz/aop/RoleAnnotationHandler.java
+++ b/core/src/main/java/org/apache/shiro/authz/aop/RoleAnnotationHandler.java
@@ -25,10 +25,9 @@
import java.lang.annotation.Annotation;
import java.util.Arrays;
-@SuppressWarnings("checkstyle:LineLength")
/**
- * Checks to see if a @{@link org.apache.shiro.authz.annotation.RequiresRoles RequiresRoles} annotation is declared, and if so, performs
- * a role check to see if the calling Subject is allowed to proceed.
+ * Checks to see if a @{@link org.apache.shiro.authz.annotation.RequiresRoles RequiresRoles} annotation is declared,
+ * and if so, performs a role check to see if the calling Subject is allowed to proceed.
*
* @since 0.9.0
*/
@@ -42,14 +41,13 @@ public RoleAnnotationHandler() {
super(RequiresRoles.class);
}
- @SuppressWarnings("checkstyle:LineLength")
/**
* Ensures that the calling Subject has the Annotation's specified roles, and if not, throws an
* AuthorizingException indicating that access is denied.
*
* @param a the RequiresRoles annotation to use to check for one or more roles
- * @throws org.apache.shiro.authz.AuthorizationException if the calling Subject does not have the role(s) necessary to
- * proceed.
+ * @throws org.apache.shiro.authz.AuthorizationException if the calling Subject does not have the role(s)
+ * necessary to proceed.
*/
public void assertAuthorized(Annotation a) throws AuthorizationException {
if (!(a instanceof RequiresRoles)) {
diff --git a/core/src/main/java/org/apache/shiro/authz/aop/RolesAllowedAnnotationHandler.java b/core/src/main/java/org/apache/shiro/authz/aop/RolesAllowedAnnotationHandler.java
index 745d90e173..8ab9327760 100644
--- a/core/src/main/java/org/apache/shiro/authz/aop/RolesAllowedAnnotationHandler.java
+++ b/core/src/main/java/org/apache/shiro/authz/aop/RolesAllowedAnnotationHandler.java
@@ -39,14 +39,13 @@ public RolesAllowedAnnotationHandler() {
super(RolesAllowed.class);
}
- @SuppressWarnings("checkstyle:LineLength")
/**
* Ensures that the calling Subject has one of the Annotation's specified roles, and if not, throws an
* AuthorizingException indicating that access is denied.
*
* @param a the RolesAllowed annotation to use to check for one or more roles
- * @throws org.apache.shiro.authz.AuthorizationException if the calling Subject does not have the role necessary to
- * proceed.
+ * @throws org.apache.shiro.authz.AuthorizationException if the calling Subject does not have the role
+ * necessary to proceed.
*/
@Override
public void assertAuthorized(Annotation a) throws AuthorizationException {
diff --git a/core/src/main/java/org/apache/shiro/authz/aop/UserAnnotationHandler.java b/core/src/main/java/org/apache/shiro/authz/aop/UserAnnotationHandler.java
index a3ebe94fb9..77bd16a7f4 100644
--- a/core/src/main/java/org/apache/shiro/authz/aop/UserAnnotationHandler.java
+++ b/core/src/main/java/org/apache/shiro/authz/aop/UserAnnotationHandler.java
@@ -18,20 +18,20 @@
*/
package org.apache.shiro.authz.aop;
-import java.lang.annotation.Annotation;
-
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.UnauthenticatedException;
import org.apache.shiro.authz.annotation.RequiresUser;
-@SuppressWarnings("checkstyle:LineLength")
+import java.lang.annotation.Annotation;
+
/**
* Checks to see if a @{@link org.apache.shiro.authz.annotation.RequiresUser RequiresUser} annotation
* is declared, and if so, ensures the calling Subject is either
* {@link org.apache.shiro.subject.Subject#isAuthenticated() authenticated} or remembered via remember
* me services before allowing access.
*
- * This annotation essentially ensures that subject.{@link org.apache.shiro.subject.Subject#getPrincipal() getPrincipal()} != null.
+ * This annotation essentially ensures that subject.
+ * {@link org.apache.shiro.subject.Subject#getPrincipal() getPrincipal()} != null.
*
* @since 0.9.0
*/
@@ -46,7 +46,6 @@ public UserAnnotationHandler() {
super(RequiresUser.class);
}
- @SuppressWarnings("checkstyle:LineLength")
/**
* Ensures that the calling Subject is a user, that is, they are either
* {@link org.apache.shiro.subject.Subject#isAuthenticated() authenticated} or remembered via remember
@@ -54,7 +53,8 @@ public UserAnnotationHandler() {
* AuthorizingException indicating access is not allowed.
*
* @param a the RequiresUser annotation to check
- * @throws org.apache.shiro.authz.AuthorizationException if the calling Subject is not authenticated or remembered via rememberMe services.
+ * @throws org.apache.shiro.authz.AuthorizationException if the calling Subject is not authenticated
+ * or remembered via rememberMe services.
*/
public void assertAuthorized(Annotation a) throws AuthorizationException {
if (a instanceof RequiresUser && getSubject().getPrincipal() == null) {
diff --git a/core/src/main/java/org/apache/shiro/authz/aop/UserAnnotationMethodInterceptor.java b/core/src/main/java/org/apache/shiro/authz/aop/UserAnnotationMethodInterceptor.java
index 3c5532b28f..5c569fc8c5 100644
--- a/core/src/main/java/org/apache/shiro/authz/aop/UserAnnotationMethodInterceptor.java
+++ b/core/src/main/java/org/apache/shiro/authz/aop/UserAnnotationMethodInterceptor.java
@@ -20,14 +20,14 @@
import org.apache.shiro.aop.AnnotationResolver;
-@SuppressWarnings("checkstyle:LineLength")
/**
* Checks to see if a @{@link org.apache.shiro.authz.annotation.RequiresUser RequiresUser} annotation
* is declared, and if so, ensures the calling Subject is either
* {@link org.apache.shiro.subject.Subject#isAuthenticated() authenticated} or remembered via remember
* me services before invoking the method.
*
- * This annotation essentially ensures that subject.{@link org.apache.shiro.subject.Subject#getPrincipal() getPrincipal()} != null.
+ * This annotation essentially ensures that subject.
+ * {@link org.apache.shiro.subject.Subject#getPrincipal() getPrincipal()} != null.
*
* @since 0.9.0
*/
diff --git a/core/src/main/java/org/apache/shiro/authz/permission/PermissionResolver.java b/core/src/main/java/org/apache/shiro/authz/permission/PermissionResolver.java
index 7fa1df20ad..9da96a4306 100644
--- a/core/src/main/java/org/apache/shiro/authz/permission/PermissionResolver.java
+++ b/core/src/main/java/org/apache/shiro/authz/permission/PermissionResolver.java
@@ -20,7 +20,6 @@
import org.apache.shiro.authz.Permission;
-@SuppressWarnings("checkstyle:LineLength")
/**
* A {@code PermissionResolver} resolves a String value and converts it into a
* {@link org.apache.shiro.authz.Permission Permission} instance.
@@ -43,9 +42,11 @@
* Although this happens to be the Shiro default, you are of course free to provide custom
* String-to-Permission conversion by providing Shiro components any instance of this interface.
*
- * @see org.apache.shiro.authz.ModularRealmAuthorizer#setPermissionResolver(PermissionResolver) ModularRealmAuthorizer.setPermissionResolver
- * @see org.apache.shiro.realm.AuthorizingRealm#setPermissionResolver(PermissionResolver) AuthorizingRealm.setPermissionResolver
- * @see PermissionResolverAware PermissionResolverAware
+ * @see org.apache.shiro.authz.ModularRealmAuthorizer#setPermissionResolver(PermissionResolver)
+ * ModularRealmAuthorizer.setPermissionResolver
+ * @see org.apache.shiro.realm.AuthorizingRealm#setPermissionResolver(PermissionResolver)
+ * AuthorizingRealm.setPermissionResolver
+ * @see PermissionResolverAware PermissionResolverAware
* @since 0.9
*/
public interface PermissionResolver {
diff --git a/core/src/main/java/org/apache/shiro/authz/permission/WildcardPermission.java b/core/src/main/java/org/apache/shiro/authz/permission/WildcardPermission.java
index f4c91e35be..dd8f1c5011 100644
--- a/core/src/main/java/org/apache/shiro/authz/permission/WildcardPermission.java
+++ b/core/src/main/java/org/apache/shiro/authz/permission/WildcardPermission.java
@@ -105,8 +105,6 @@
*/
public class WildcardPermission implements Permission, Serializable {
- //TODO - JavaDoc methods
-
/*--------------------------------------------
| C O N S T A N T S |
============================================*/
@@ -148,12 +146,12 @@ protected void setParts(String wildcardString) {
setParts(wildcardString, DEFAULT_CASE_SENSITIVE);
}
- @SuppressWarnings("checkstyle:LineLength")
protected void setParts(String wildcardString, boolean caseSensitive) {
wildcardString = StringUtils.clean(wildcardString);
if (wildcardString == null || wildcardString.isEmpty()) {
- throw new IllegalArgumentException("Wildcard string cannot be null or empty. Make sure permission strings are properly formatted.");
+ throw new IllegalArgumentException("Wildcard string cannot be null or empty."
+ + "Make sure permission strings are properly formatted.");
}
if (!caseSensitive) {
@@ -167,14 +165,15 @@ protected void setParts(String wildcardString, boolean caseSensitive) {
Set subparts = CollectionUtils.asSet(part.split(SUBPART_DIVIDER_TOKEN));
if (subparts.isEmpty()) {
- throw new IllegalArgumentException(
- "Wildcard string cannot contain parts with only dividers. Make sure permission strings are properly formatted.");
+ throw new IllegalArgumentException("Wildcard string cannot contain parts with only dividers."
+ + "Make sure permission strings are properly formatted.");
}
this.parts.add(subparts);
}
if (this.parts.isEmpty()) {
- throw new IllegalArgumentException("Wildcard string cannot contain only dividers. Make sure permission strings are properly formatted.");
+ throw new IllegalArgumentException("Wildcard string cannot contain only dividers."
+ + "Make sure permission strings are properly formatted.");
}
}
diff --git a/core/src/main/java/org/apache/shiro/mgt/AbstractRememberMeManager.java b/core/src/main/java/org/apache/shiro/mgt/AbstractRememberMeManager.java
index 0dcf38c69b..f5896e033a 100644
--- a/core/src/main/java/org/apache/shiro/mgt/AbstractRememberMeManager.java
+++ b/core/src/main/java/org/apache/shiro/mgt/AbstractRememberMeManager.java
@@ -18,15 +18,12 @@
*/
package org.apache.shiro.mgt;
-import java.util.Objects;
-import java.util.function.Supplier;
-
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.RememberMeAuthenticationToken;
-import org.apache.shiro.crypto.cipher.ByteSourceBroker;
import org.apache.shiro.crypto.cipher.AesCipherService;
+import org.apache.shiro.crypto.cipher.ByteSourceBroker;
import org.apache.shiro.crypto.cipher.CipherService;
import org.apache.shiro.lang.io.DefaultSerializer;
import org.apache.shiro.lang.io.Serializer;
@@ -38,6 +35,9 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.util.Objects;
+import java.util.function.Supplier;
+
/**
* Abstract implementation of the {@code RememberMeManager} interface that handles
* {@link #setSerializer(Serializer) serialization} and
@@ -455,14 +455,14 @@ protected PrincipalCollection convertBytesToPrincipals(byte[] bytes, SubjectCont
* is being used to construct a {@link Subject} instance.
* @return nothing - the original {@code RuntimeException} is propagated in all cases.
*/
- @SuppressWarnings("checkstyle:LineLength")
protected PrincipalCollection onRememberedPrincipalFailure(RuntimeException e, SubjectContext context) {
if (LOGGER.isWarnEnabled()) {
String message = "There was a failure while trying to retrieve remembered principals. This could be due to a "
+ "configuration problem or corrupted principals. This could also be due to a recently "
+ "changed encryption key, if you are using a shiro.ini file, this property would be "
- + "'securityManager.rememberMeManager.cipherKey' see: http://shiro.apache.org/web.html#Web-RememberMeServices. "
+ + "'securityManager.rememberMeManager.cipherKey'"
+ + "see: http://shiro.apache.org/web.html#Web-RememberMeServices. "
+ "The remembered identity will be forgotten and not used for this request.";
LOGGER.warn(message);
}
diff --git a/core/src/main/java/org/apache/shiro/mgt/AuthorizingSecurityManager.java b/core/src/main/java/org/apache/shiro/mgt/AuthorizingSecurityManager.java
index daf2d27664..0cbea9dc02 100644
--- a/core/src/main/java/org/apache/shiro/mgt/AuthorizingSecurityManager.java
+++ b/core/src/main/java/org/apache/shiro/mgt/AuthorizingSecurityManager.java
@@ -145,8 +145,8 @@ public void checkPermissions(PrincipalCollection principals, String... permissio
this.authorizer.checkPermissions(principals, permissions);
}
- @SuppressWarnings("checkstyle:LineLength")
- public void checkPermissions(PrincipalCollection principals, Collection permissions) throws AuthorizationException {
+ public void checkPermissions(PrincipalCollection principals, Collection permissions)
+ throws AuthorizationException {
this.authorizer.checkPermissions(principals, permissions);
}
diff --git a/core/src/main/java/org/apache/shiro/mgt/DefaultSecurityManager.java b/core/src/main/java/org/apache/shiro/mgt/DefaultSecurityManager.java
index fb2962ebf1..9912f6ab14 100644
--- a/core/src/main/java/org/apache/shiro/mgt/DefaultSecurityManager.java
+++ b/core/src/main/java/org/apache/shiro/mgt/DefaultSecurityManager.java
@@ -119,11 +119,11 @@ public SubjectFactory getSubjectFactory() {
return subjectFactory;
}
- @SuppressWarnings("checkstyle:LineLength")
/**
* Sets the {@code SubjectFactory} responsible for creating {@link Subject} instances exposed to the application.
*
- * @param subjectFactory the {@code SubjectFactory} responsible for creating {@link Subject} instances exposed to the application.
+ * @param subjectFactory the {@code SubjectFactory} responsible for creating
+ * {@link Subject} instances exposed to the application.
*/
public void setSubjectFactory(SubjectFactory subjectFactory) {
this.subjectFactory = subjectFactory;
diff --git a/core/src/main/java/org/apache/shiro/mgt/RealmSecurityManager.java b/core/src/main/java/org/apache/shiro/mgt/RealmSecurityManager.java
index 891bb1554d..748ddd169a 100644
--- a/core/src/main/java/org/apache/shiro/mgt/RealmSecurityManager.java
+++ b/core/src/main/java/org/apache/shiro/mgt/RealmSecurityManager.java
@@ -147,11 +147,10 @@ protected void applyEventBusToRealms() {
}
}
- @SuppressWarnings("checkstyle:LineLength")
/**
* Simply calls {@link #applyCacheManagerToRealms() applyCacheManagerToRealms()} to allow the
- * newly set {@link org.apache.shiro.cache.CacheManager CacheManager} to be propagated to the internal collection of Realm
- * that would need to use it.
+ * newly set {@link org.apache.shiro.cache.CacheManager CacheManager} to be propagated to the
+ * internal collection of Realm that would need to use it.
*/
protected void afterCacheManagerSet() {
super.afterCacheManagerSet();
diff --git a/core/src/main/java/org/apache/shiro/mgt/SessionsSecurityManager.java b/core/src/main/java/org/apache/shiro/mgt/SessionsSecurityManager.java
index 3f9dfd3f73..e2180888e8 100644
--- a/core/src/main/java/org/apache/shiro/mgt/SessionsSecurityManager.java
+++ b/core/src/main/java/org/apache/shiro/mgt/SessionsSecurityManager.java
@@ -97,11 +97,10 @@ public SessionManager getSessionManager() {
return this.sessionManager;
}
- @SuppressWarnings("checkstyle:LineLength")
/**
- * Calls {@link org.apache.shiro.mgt.AuthorizingSecurityManager#afterCacheManagerSet() super.afterCacheManagerSet()} and then immediately calls
- * {@link #applyCacheManagerToSessionManager() applyCacheManagerToSessionManager()} to ensure the
- * CacheManager is applied to the SessionManager as necessary.
+ * Calls {@link org.apache.shiro.mgt.AuthorizingSecurityManager#afterCacheManagerSet() super.afterCacheManagerSet()}
+ * and then immediately calls {@link #applyCacheManagerToSessionManager() applyCacheManagerToSessionManager()}
+ * to ensure the CacheManager is applied to the SessionManager as necessary.
*/
@Override
protected void afterCacheManagerSet() {
diff --git a/core/src/main/java/org/apache/shiro/realm/AuthenticatingRealm.java b/core/src/main/java/org/apache/shiro/realm/AuthenticatingRealm.java
index be0395352a..58ea1e9652 100644
--- a/core/src/main/java/org/apache/shiro/realm/AuthenticatingRealm.java
+++ b/core/src/main/java/org/apache/shiro/realm/AuthenticatingRealm.java
@@ -494,10 +494,9 @@ private AuthenticationInfo getCachedAuthenticationInfo(AuthenticationToken token
return info;
}
- @SuppressWarnings("checkstyle:LineLength")
/**
* Caches the specified info if authentication caching
- * {@link #isAuthenticationCachingEnabled(org.apache.shiro.authc.AuthenticationToken, org.apache.shiro.authc.AuthenticationInfo) isEnabled}
+ * {@link #isAuthenticationCachingEnabled(AuthenticationToken, AuthenticationInfo) isEnabled}
* for the specific token/info pair and a cache instance is available to be used.
*
* @param token the authentication token submitted which resulted in a successful authentication attempt.
@@ -538,7 +537,6 @@ protected boolean isAuthenticationCachingEnabled(AuthenticationToken token, Auth
return isAuthenticationCachingEnabled();
}
- @SuppressWarnings("checkstyle:LineLength")
/**
* This implementation functions as follows:
*
@@ -548,7 +546,7 @@ protected boolean isAuthenticationCachingEnabled(AuthenticationToken token, Auth
*
If there is no cached {@link AuthenticationInfo} found, delegate to the
* {@link #doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)} method to perform the actual
* lookup. If authentication caching is enabled and possible, any returned info object will be
- * {@link #cacheAuthenticationInfoIfPossible(org.apache.shiro.authc.AuthenticationToken, org.apache.shiro.authc.AuthenticationInfo) cached}
+ * {@link #cacheAuthenticationInfoIfPossible(AuthenticationToken, AuthenticationInfo) cached}
* to be used in future authentication attempts.
*
If an AuthenticationInfo instance is not found in the cache or by lookup, {@code null} is returned to
* indicate an account cannot be found.
diff --git a/core/src/main/java/org/apache/shiro/realm/AuthorizingRealm.java b/core/src/main/java/org/apache/shiro/realm/AuthorizingRealm.java
index fd9f94555b..aa702c2eb3 100644
--- a/core/src/main/java/org/apache/shiro/realm/AuthorizingRealm.java
+++ b/core/src/main/java/org/apache/shiro/realm/AuthorizingRealm.java
@@ -59,7 +59,7 @@
*
* If you find that you do not want to utilize the {@link AuthorizationInfo AuthorizationInfo} construct,
* you are of course free to subclass the {@link AuthenticatingRealm AuthenticatingRealm} directly instead and
- * implement the remaining Realm interface methods directly. You might do this if you want have better control
+ * implement the remaining Realm interface methods directly. You might do this if you want to have better control
* over how the Role and Permission checks occur for your specific data source. However, using AuthorizationInfo
* (and its default implementation {@link org.apache.shiro.authz.SimpleAuthorizationInfo SimpleAuthorizationInfo})
* is sufficient in the large
@@ -68,7 +68,7 @@
* @see org.apache.shiro.authz.SimpleAuthorizationInfo
* @since 0.2
*/
-@SuppressWarnings({"checkstyle:MethodCount", "checkstyle:LineLength"})
+@SuppressWarnings({"checkstyle:MethodCount"})
public abstract class AuthorizingRealm extends AuthenticatingRealm
implements Authorizer, Initializable, PermissionResolverAware, RolePermissionResolverAware {
@@ -579,7 +579,8 @@ public void checkPermissions(PrincipalCollection subjectIdentifier, String... pe
}
}
- public void checkPermissions(PrincipalCollection principal, Collection permissions) throws AuthorizationException {
+ public void checkPermissions(PrincipalCollection principal,
+ Collection permissions) throws AuthorizationException {
AuthorizationInfo info = getAuthorizationInfo(principal);
checkPermissions(permissions, info);
}
diff --git a/core/src/main/java/org/apache/shiro/realm/Realm.java b/core/src/main/java/org/apache/shiro/realm/Realm.java
index 52c348275c..0a1430f467 100644
--- a/core/src/main/java/org/apache/shiro/realm/Realm.java
+++ b/core/src/main/java/org/apache/shiro/realm/Realm.java
@@ -85,7 +85,6 @@ public interface Realm {
*/
boolean supports(AuthenticationToken token);
- @SuppressWarnings("checkstyle:LineLength")
/**
* Returns an account's authentication-specific information for the specified token,
* or null if no account could be found based on the token.
@@ -98,8 +97,9 @@ public interface Realm {
* @param token the application-specific representation of an account principal and credentials.
* @return the authentication information for the account associated with the specified token,
* or null if no account could be found.
- * @throws org.apache.shiro.authc.AuthenticationException if there is an error obtaining or constructing an AuthenticationInfo object based on the
- * specified token or implementation-specific login behavior fails.
+ * @throws org.apache.shiro.authc.AuthenticationException if there is an error obtaining or constructing
+ * an AuthenticationInfo objectbased on the specified token
+ * or implementation-specific login behavior fails.
*/
AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException;
diff --git a/core/src/main/java/org/apache/shiro/realm/activedirectory/ActiveDirectoryRealm.java b/core/src/main/java/org/apache/shiro/realm/activedirectory/ActiveDirectoryRealm.java
index 2bf28669d3..98a894cbaf 100644
--- a/core/src/main/java/org/apache/shiro/realm/activedirectory/ActiveDirectoryRealm.java
+++ b/core/src/main/java/org/apache/shiro/realm/activedirectory/ActiveDirectoryRealm.java
@@ -88,11 +88,10 @@ public void setGroupRolesMap(Map groupRolesMap) {
| M E T H O D S |
============================================*/
- @SuppressWarnings("checkstyle:LineLength")
/**
* Builds an {@link AuthenticationInfo} object by querying the active directory LDAP context for the
* specified username. This method binds to the LDAP server using the provided username and password -
- * which if successful, indicates that the password is correct.
+ * which is successful, indicates that the password is correct.
*
* This method can be overridden by subclasses to query the LDAP server in a more complex way.
*
@@ -101,7 +100,8 @@ public void setGroupRolesMap(Map groupRolesMap) {
* @return an {@link AuthenticationInfo} instance containing information retrieved from LDAP.
* @throws NamingException if any LDAP errors occur during the search.
*/
- protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException {
+ protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, LdapContextFactory ldapContextFactory)
+ throws NamingException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
@@ -159,7 +159,6 @@ protected AuthorizationInfo buildAuthorizationInfo(Set roleNames) {
return new SimpleAuthorizationInfo(roleNames);
}
- @SuppressWarnings("checkstyle:LineLength")
protected Set getRoleNamesForUser(String username, LdapContext ldapContext) throws NamingException {
Set roleNames;
roleNames = new LinkedHashSet();
@@ -168,7 +167,8 @@ protected Set getRoleNamesForUser(String username, LdapContext ldapConte
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
String userPrincipalName = username;
- if (principalSuffix != null && !userPrincipalName.toLowerCase(Locale.ROOT).endsWith(principalSuffix.toLowerCase(Locale.ROOT))) {
+ if (principalSuffix != null
+ && !userPrincipalName.toLowerCase(Locale.ROOT).endsWith(principalSuffix.toLowerCase(Locale.ROOT))) {
userPrincipalName += principalSuffix;
}
diff --git a/core/src/main/java/org/apache/shiro/realm/jdbc/JdbcRealm.java b/core/src/main/java/org/apache/shiro/realm/jdbc/JdbcRealm.java
index a2e9ca87f6..2d476ac14d 100644
--- a/core/src/main/java/org/apache/shiro/realm/jdbc/JdbcRealm.java
+++ b/core/src/main/java/org/apache/shiro/realm/jdbc/JdbcRealm.java
@@ -46,7 +46,6 @@
import java.util.LinkedHashSet;
import java.util.Set;
-@SuppressWarnings("checkstyle:LineLength")
/**
* Realm that allows authentication and authorization via JDBC calls. The default queries suggest a potential schema
* for retrieving the user's password for authentication, and querying for a user's roles and permissions. The
@@ -55,7 +54,8 @@
* If the default implementation
* of authentication and authorization cannot handle your schema, this class can be subclassed and the
* appropriate methods overridden. (usually {@link #doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)},
- * {@link #getRoleNamesForUser(java.sql.Connection, String)}, and/or {@link #getPermissions(java.sql.Connection, String, java.util.Collection)}
+ * {@link #getRoleNamesForUser(java.sql.Connection, String)},
+ * and/or {@link #getPermissions(java.sql.Connection, String, java.util.Collection)}
*
* This realm supports caching by extending from {@link org.apache.shiro.realm.AuthorizingRealm}.
*
@@ -63,8 +63,6 @@
*/
public class JdbcRealm extends AuthorizingRealm {
- //TODO - complete JavaDoc
-
/*--------------------------------------------
| C O N S T A N T S |
============================================*/
@@ -76,8 +74,8 @@ public class JdbcRealm extends AuthorizingRealm {
/**
* The default query used to retrieve account data for the user when {@link #saltStyle} is COLUMN.
*/
- @SuppressWarnings("checkstyle:LineLength")
- protected static final String DEFAULT_SALTED_AUTHENTICATION_QUERY = "select password, password_salt from users where username = ?";
+ protected static final String DEFAULT_SALTED_AUTHENTICATION_QUERY
+ = "select password, password_salt from users where username = ?";
/**
* The default query used to retrieve the roles that apply to a user.
@@ -286,7 +284,6 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
return info;
}
- @SuppressWarnings("checkstyle:LineLength")
private String[] getPasswordForUser(Connection conn, String username) throws SQLException {
String[] result;
@@ -317,7 +314,8 @@ private String[] getPasswordForUser(Connection conn, String username) throws SQL
// Check to ensure only one row is processed
if (foundResult) {
- throw new AuthenticationException("More than one user row found for user [" + username + "]. Usernames must be unique.");
+ throw new AuthenticationException("More than one user row found for user ["
+ + username + "]. Usernames must be unique.");
}
result[0] = rs.getString(1);
diff --git a/core/src/main/java/org/apache/shiro/realm/ldap/AbstractLdapRealm.java b/core/src/main/java/org/apache/shiro/realm/ldap/AbstractLdapRealm.java
index 475993e09e..edd6e52832 100644
--- a/core/src/main/java/org/apache/shiro/realm/ldap/AbstractLdapRealm.java
+++ b/core/src/main/java/org/apache/shiro/realm/ldap/AbstractLdapRealm.java
@@ -228,10 +228,8 @@ protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principal
* @return an {@link AuthenticationInfo} instance containing information retrieved from the LDAP server.
* @throws NamingException if any LDAP errors occur during the search.
*/
- @SuppressWarnings("checkstyle:LineLength")
- protected abstract AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, LdapContextFactory ldapContextFactory)
- throws NamingException;
-
+ protected abstract AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token,
+ LdapContextFactory ldapContextFactory) throws NamingException;
/**
*
Abstract method that should be implemented by subclasses to builds an
@@ -243,8 +241,7 @@ protected abstract AuthenticationInfo queryForAuthenticationInfo(AuthenticationT
* @return an {@link AuthorizationInfo} instance containing information retrieved from the LDAP server.
* @throws NamingException if any LDAP errors occur during the search.
*/
- @SuppressWarnings("checkstyle:LineLength")
- protected abstract AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principal, LdapContextFactory ldapContextFactory)
- throws NamingException;
+ protected abstract AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principal,
+ LdapContextFactory ldapContextFactory) throws NamingException;
}
diff --git a/core/src/main/java/org/apache/shiro/realm/ldap/DefaultLdapRealm.java b/core/src/main/java/org/apache/shiro/realm/ldap/DefaultLdapRealm.java
index ed01701e29..d742f7bf30 100644
--- a/core/src/main/java/org/apache/shiro/realm/ldap/DefaultLdapRealm.java
+++ b/core/src/main/java/org/apache/shiro/realm/ldap/DefaultLdapRealm.java
@@ -343,14 +343,13 @@ protected Object getLdapPrincipal(AuthenticationToken token) {
return principal;
}
- @SuppressWarnings("checkstyle:LineLength")
/**
* This implementation opens an LDAP connection using the token's
* {@link #getLdapPrincipal(org.apache.shiro.authc.AuthenticationToken) discovered principal} and provided
* {@link AuthenticationToken#getCredentials() credentials}. If the connection opens successfully, the
* authentication attempt is immediately considered successful and a new
* {@link AuthenticationInfo} instance is
- * {@link #createAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken, Object, Object, javax.naming.ldap.LdapContext) created}
+ * {@link #createAuthenticationInfo(AuthenticationToken, Object, Object, LdapContext) created}
* and returned. If the connection cannot be opened, either because LDAP authentication failed or some other
* JNDI problem, an {@link NamingException} will be thrown.
*
diff --git a/core/src/main/java/org/apache/shiro/realm/ldap/JndiLdapContextFactory.java b/core/src/main/java/org/apache/shiro/realm/ldap/JndiLdapContextFactory.java
index fcfd313e9a..4659b26f0d 100644
--- a/core/src/main/java/org/apache/shiro/realm/ldap/JndiLdapContextFactory.java
+++ b/core/src/main/java/org/apache/shiro/realm/ldap/JndiLdapContextFactory.java
@@ -504,7 +504,7 @@ protected LdapContext createLdapContext(Hashtable env) throws NamingException {
* @param environment the JNDI environment settings to be validated
* @throws AuthenticationException if a configuration problem is detected
*/
- @SuppressWarnings({"checkstyle:LineLength", "checkstyle:BooleanExpressionComplexity"})
+ @SuppressWarnings({"checkstyle:BooleanExpressionComplexity"})
protected void validateAuthenticationInfo(Hashtable environment)
throws AuthenticationException {
// validate when using Simple auth both principal and credentials are set
diff --git a/core/src/main/java/org/apache/shiro/realm/text/PropertiesRealm.java b/core/src/main/java/org/apache/shiro/realm/text/PropertiesRealm.java
index d60ba48c03..fc48083ea8 100644
--- a/core/src/main/java/org/apache/shiro/realm/text/PropertiesRealm.java
+++ b/core/src/main/java/org/apache/shiro/realm/text/PropertiesRealm.java
@@ -184,11 +184,11 @@ public void destroy() {
}
}
- @SuppressWarnings("checkstyle:LineLength")
protected void startReloadThread() {
if (this.reloadIntervalSeconds > 0) {
this.scheduler = Executors.newSingleThreadScheduledExecutor();
- ((ScheduledExecutorService) this.scheduler).scheduleAtFixedRate(this, reloadIntervalSeconds, reloadIntervalSeconds, TimeUnit.SECONDS);
+ ((ScheduledExecutorService) this.scheduler)
+ .scheduleAtFixedRate(this, reloadIntervalSeconds, reloadIntervalSeconds, TimeUnit.SECONDS);
}
}
diff --git a/core/src/main/java/org/apache/shiro/session/mgt/AbstractNativeSessionManager.java b/core/src/main/java/org/apache/shiro/session/mgt/AbstractNativeSessionManager.java
index f6a701e0dd..a172a01d03 100644
--- a/core/src/main/java/org/apache/shiro/session/mgt/AbstractNativeSessionManager.java
+++ b/core/src/main/java/org/apache/shiro/session/mgt/AbstractNativeSessionManager.java
@@ -42,7 +42,7 @@
*
* @since 1.0
*/
-@SuppressWarnings({"checkstyle:MethodCount", "checkstyle:LineLength"})
+@SuppressWarnings({"checkstyle:MethodCount"})
public abstract class AbstractNativeSessionManager extends AbstractSessionManager implements NativeSessionManager, EventBusAware {
private static final Logger LOGGER = LoggerFactory.getLogger(AbstractSessionManager.class);
@@ -114,9 +114,10 @@ public Session start(SessionContext context) {
* {@link SessionFactory} when instantiating the internal {@code Session} instance.
* @return the new {@code Session} instance.
* @throws org.apache.shiro.authz.HostUnauthorizedException if the system access control policy restricts access based
- * on client location/IP and the specified hostAddress hasn't been enabled.
- * @throws AuthorizationException if the system access control policy does not allow the currently executing
- * caller to start sessions.
+ * on client location/IP and
+ * the specified hostAddress hasn't been enabled.
+ * @throws AuthorizationException if the system access control policy does not allow
+ * the currently executing caller to start sessions.
*/
protected abstract Session createSession(SessionContext context) throws AuthorizationException;
diff --git a/core/src/main/java/org/apache/shiro/session/mgt/SessionValidationScheduler.java b/core/src/main/java/org/apache/shiro/session/mgt/SessionValidationScheduler.java
index 5fad2a7eda..260b3c22fb 100644
--- a/core/src/main/java/org/apache/shiro/session/mgt/SessionValidationScheduler.java
+++ b/core/src/main/java/org/apache/shiro/session/mgt/SessionValidationScheduler.java
@@ -18,10 +18,10 @@
*/
package org.apache.shiro.session.mgt;
-@SuppressWarnings("checkstyle:LineLength")
/**
* Interface that should be implemented by classes that can control validating sessions on a regular
- * basis. This interface is used as a delegate for session validation by the {@link org.apache.shiro.session.mgt.DefaultSessionManager}
+ * basis. This interface is used as a delegate for session validation
+ * by the {@link org.apache.shiro.session.mgt.DefaultSessionManager}
*
* @see org.apache.shiro.session.mgt.DefaultSessionManager#setSessionValidationScheduler(SessionValidationScheduler)
* @since 0.1
diff --git a/core/src/main/java/org/apache/shiro/session/mgt/SimpleSession.java b/core/src/main/java/org/apache/shiro/session/mgt/SimpleSession.java
index 0a0c0932d1..8b125a3184 100644
--- a/core/src/main/java/org/apache/shiro/session/mgt/SimpleSession.java
+++ b/core/src/main/java/org/apache/shiro/session/mgt/SimpleSession.java
@@ -379,11 +379,12 @@ public boolean equals(Object obj) {
* @return true if all the attributes, except the id, are equal to this object's attributes.
* @since 1.0
*/
- @SuppressWarnings({"checkstyle:BooleanExpressionComplexity", "checkstyle:MethodCount", "checkstyle:LineLength"})
+ @SuppressWarnings({"checkstyle:BooleanExpressionComplexity", "checkstyle:MethodCount"})
protected boolean onEquals(SimpleSession ss) {
return (getStartTimestamp() != null ? getStartTimestamp().equals(ss.getStartTimestamp()) : ss.getStartTimestamp() == null)
&& (getStopTimestamp() != null ? getStopTimestamp().equals(ss.getStopTimestamp()) : ss.getStopTimestamp() == null)
- && (getLastAccessTime() != null ? getLastAccessTime().equals(ss.getLastAccessTime()) : ss.getLastAccessTime() == null)
+ && (getLastAccessTime() != null
+ ? getLastAccessTime().equals(ss.getLastAccessTime()) : ss.getLastAccessTime() == null)
&& (getTimeout() == ss.getTimeout())
&& (isExpired() == ss.isExpired())
&& (getHost() != null ? getHost().equals(ss.getHost()) : ss.getHost() == null)
diff --git a/core/src/main/java/org/apache/shiro/subject/Subject.java b/core/src/main/java/org/apache/shiro/subject/Subject.java
index 2da9716d53..7b1c83f967 100644
--- a/core/src/main/java/org/apache/shiro/subject/Subject.java
+++ b/core/src/main/java/org/apache/shiro/subject/Subject.java
@@ -725,7 +725,6 @@ public Builder session(Session session) {
return this;
}
- @SuppressWarnings("checkstyle:LineLength")
/**
* Ensures the {@code Subject} being built will reflect the specified principals (aka identity).
*
@@ -735,7 +734,7 @@ public Builder session(Session session) {
* was named "{@code myRealm}", you might create the '{@code jsmith} {@code Subject} instance this
* way:
*
- * PrincipalCollection identity = new {@link org.apache.shiro.subject.SimplePrincipalCollection#SimplePrincipalCollection(Object, String)
+ * PrincipalCollection identity = new {@link SimplePrincipalCollection#SimplePrincipalCollection(Object, String)
* SimplePrincipalCollection}("jsmith", "myRealm");
* Subject jsmith = new Subject.Builder().principals(identity).buildSubject();
*
@@ -745,7 +744,7 @@ public Builder session(Session session) {
* instance this way:
*
* long userId = //get user ID from somewhere
- * PrincipalCollection userIdentity = new {@link org.apache.shiro.subject.SimplePrincipalCollection#SimplePrincipalCollection(Object, String)
+ * PrincipalCollection userIdentity = new {@link SimplePrincipalCollection#SimplePrincipalCollection(Object, String)
* SimplePrincipalCollection}(userId, "jdbcRealm");
* Subject user = new Subject.Builder().principals(identity).buildSubject();
*
diff --git a/core/src/main/java/org/apache/shiro/util/PermissionUtils.java b/core/src/main/java/org/apache/shiro/util/PermissionUtils.java
index f1e0ba1097..f574b96487 100644
--- a/core/src/main/java/org/apache/shiro/util/PermissionUtils.java
+++ b/core/src/main/java/org/apache/shiro/util/PermissionUtils.java
@@ -51,8 +51,8 @@ public static Set toPermissionStrings(String permissionsString) {
return null;
}
- @SuppressWarnings("checkstyle:LineLength")
- public static Set resolvePermissions(Collection permissionStrings, PermissionResolver permissionResolver) {
+ public static Set resolvePermissions(Collection permissionStrings,
+ PermissionResolver permissionResolver) {
Set permissions = new LinkedHashSet<>(permissionStrings.size());
for (String permissionString : permissionStrings) {
permissions.add(permissionResolver.resolvePermission(permissionString));
diff --git a/core/src/main/java/org/apache/shiro/util/ThreadContext.java b/core/src/main/java/org/apache/shiro/util/ThreadContext.java
index 6fe7b3f71c..267a7949b9 100644
--- a/core/src/main/java/org/apache/shiro/util/ThreadContext.java
+++ b/core/src/main/java/org/apache/shiro/util/ThreadContext.java
@@ -328,8 +328,8 @@ public static Subject unbindSubject() {
return (Subject) remove(SUBJECT_KEY);
}
- @SuppressWarnings("checkstyle:LineLength")
- private static final class InheritableThreadLocalMap> extends InheritableThreadLocal