ref #18

pom.xml

@@ -32,11 +32,17 @@
             <version>1.6.1</version>
             <scope>provided</scope>
         </dependency>
+
+        <!--jee security api-->
         <dependency>
-            <groupId>org.glassfish</groupId>
-            <artifactId>javax.faces</artifactId>
-            <version>2.3.7</version>
-            <scope>provided</scope>
+            <groupId>org.glassfish.soteria</groupId>
+            <artifactId>javax.security.enterprise</artifactId>
+            <version>1.0</version>
+        </dependency>
+        <dependency>
+            <groupId>de.svenkubiak</groupId>
+            <artifactId>jBCrypt</artifactId>
+            <version>0.4.1</version>
         </dependency>
 
         <!--hibernate-->
@@ -140,7 +146,13 @@
             <scope>runtime</scope>
         </dependency>
 
-        <!--primefaces-->
+        <!--jsf & primefaces-->
+        <dependency>
+            <groupId>org.glassfish</groupId>
+            <artifactId>javax.faces</artifactId>
+            <version>2.3.7</version>
+            <scope>provided</scope>
+        </dependency>
         <dependency>
             <groupId>org.primefaces</groupId>
             <artifactId>primefaces</artifactId>
@@ -205,7 +217,7 @@
         <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
-            <version>26.0-jre</version>
+            <version>27.0-jre</version>
         </dependency>
 
         <!--mustache-->
@@ -215,13 +227,6 @@
             <version>0.9.5</version>
         </dependency>
 
-        <!--shiro-ee-->
-        <dependency>
-            <groupId>br.eti.arthurgregorio</groupId>
-            <artifactId>shiro-ee</artifactId>
-            <version>1.4.0</version>
-        </dependency>
-
         <!--SL4J-->
         <dependency>
             <groupId>org.slf4j</groupId>

src/main/java/br/eti/arthurgregorio/library/application/controllers/AuthenticationBean.java

@@ -1,15 +1,13 @@
 package br.eti.arthurgregorio.library.application.controllers;
 
-import br.eti.arthurgregorio.shiroee.auth.Authenticator;
-import br.eti.arthurgregorio.shiroee.auth.Credential;
+import br.eti.arthurgregorio.library.infrastructure.soteria.auth.Authenticator;
+import br.eti.arthurgregorio.library.infrastructure.soteria.auth.CredentialHolder;
 import lombok.Getter;
-import org.apache.shiro.authc.AuthenticationException;
-import org.apache.shiro.authc.IncorrectCredentialsException;
-import org.apache.shiro.authc.UnknownAccountException;
 
 import javax.faces.view.ViewScoped;
 import javax.inject.Inject;
 import javax.inject.Named;
+import javax.security.enterprise.AuthenticationException;
 
 /**
  * The authentication controller 
@@ -22,9 +20,9 @@
 @Named
 @ViewScoped
 public class AuthenticationBean extends AbstractBean {
-    
+
     @Getter
-    private Credential credential;
+    private CredentialHolder credentialHolder;
 
     @Inject
     private Authenticator authenticator;
@@ -36,8 +34,8 @@ public class AuthenticationBean extends AbstractBean {
      * @return the dashboard outcome or empty to stay in the login page
      */
     public String initialize() {
-        if (this.authenticator.authenticationIsNeeded()) {
-            this.credential = new Credential();
+        if (this.authenticator.needToAuthenticate()) {
+            this.credentialHolder = new CredentialHolder();
             return "";
         } else {
             return "/secured/dashboard.xhtml?faces-redirect=true";
@@ -51,14 +49,10 @@ public String initialize() {
      */
     public String doLogin() {
         try {
-            this.authenticator.login(this.credential);
+            this.authenticator.login(this.credentialHolder.toCredential());
             return "/secured/dashboard.xhtml?faces-redirect=true";
-        } catch (UnknownAccountException ex) {
-            this.addError(true, "error.authentication.unknown-account");
-        } catch (IncorrectCredentialsException ex) {
-            this.addError(true, "error.authentication.incorrect-credentials");
         } catch (AuthenticationException ex) {
-            this.addError(true, "error.authentication.failed");
+            this.addError(true, "error.authentication");
         }
         return null;
     }

src/main/java/br/eti/arthurgregorio/library/application/controllers/ProfileBean.java

@@ -1,8 +1,8 @@
 package br.eti.arthurgregorio.library.application.controllers;
 
-import br.eti.arthurgregorio.library.domain.model.entities.tools.Profile;
-import br.eti.arthurgregorio.library.domain.model.entities.tools.ThemeType;
-import br.eti.arthurgregorio.library.domain.model.entities.tools.User;
+import br.eti.arthurgregorio.library.domain.model.entities.configurations.Profile;
+import br.eti.arthurgregorio.library.domain.model.entities.configurations.ThemeType;
+import br.eti.arthurgregorio.library.domain.model.entities.configurations.User;
 import br.eti.arthurgregorio.library.domain.services.UserAccountService;
 import javax.annotation.PostConstruct;
 import javax.faces.view.ViewScoped;
@@ -44,7 +44,7 @@ public class ProfileBean extends AbstractBean {
     @PostConstruct
     public void initialize() {
         this.passwordChangeDTO = new PasswordChangeDTO();
-        this.profile = this.userSessionBean.getPrincipal().getProfile();
+        this.profile = this.userSessionBean.getPrincipalProfile();
     }
 
     /**

src/main/java/br/eti/arthurgregorio/library/application/controllers/UserSessionBean.java

@@ -1,23 +1,21 @@
 package br.eti.arthurgregorio.library.application.controllers;
 
-import br.eti.arthurgregorio.library.domain.model.entities.tools.Profile;
-import br.eti.arthurgregorio.library.domain.model.entities.tools.User;
-import br.eti.arthurgregorio.library.domain.repositories.tools.UserRepository;
-import java.io.Serializable;
+import br.eti.arthurgregorio.library.domain.model.entities.configurations.Profile;
+import br.eti.arthurgregorio.library.domain.model.entities.configurations.User;
+import br.eti.arthurgregorio.library.domain.repositories.configurations.UserRepository;
+import br.eti.arthurgregorio.library.infrastructure.cdi.qualifier.AuthenticatedUser;
+import lombok.Getter;
+
 import javax.annotation.PostConstruct;
 import javax.enterprise.context.SessionScoped;
 import javax.enterprise.inject.Produces;
 import javax.inject.Inject;
 import javax.inject.Named;
-import lombok.Getter;
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.authc.AuthenticationException;
-import org.apache.shiro.subject.Subject;
-import br.eti.arthurgregorio.library.infrastructure.cdi.qualifier.AuthenticatedUser;
+import javax.security.enterprise.SecurityContext;
+import java.io.Serializable;
 
 /**
- * The controller of the session bean. This class hold the current user on the
- * application and his data
+ * The controller of the session bean. This class hold the current user on the application and his data
  * 
  * @author Arthur Gregorio
  *
@@ -33,72 +31,48 @@ public class UserSessionBean implements Serializable {
 
     @Inject
     private UserRepository userRepository;
-
+
+    @Inject
+    private SecurityContext securityContext;
+
     /**
      * Initialize the session
      */
     @PostConstruct
     protected void initialize() {
-
-        final String principalUsername = String.valueOf(
-                this.getSubject().getPrincipal());
-
+
+        final String principalUsername = this.securityContext.getCallerPrincipal().getName();
+
         this.principal = this.userRepository
                 .findOptionalByUsername(principalUsername)
-                .orElseThrow(() -> new AuthenticationException(String.format(
-                        "User %s has no local user", principalUsername)));
+                .orElseThrow(() -> new IllegalStateException(String.format("User %s has no local user", principalUsername)));
     }
-    
+
     /**
      * @return the current user profile
      */
     public Profile getPrincipalProfile() {
         return this.principal.getProfile();
     }
 
-    /**
-     * @return if the current session of the user is valid or not 
-     */
-    public boolean isValid() {
-        final Subject subject = this.getSubject();
-        return subject.isAuthenticated() && subject.getPrincipal() != null;
-    }
-
-    /**
-     * To check if the given role is permitted to the current user
-     * 
-     * @param role the role to be tested
-     * @return true if is permitted, false otherwise
-     */
-    public boolean hasRole(String role) {
-        return this.getSubject().hasRole(role);
-    }
-
     /**
      * To check if the given permission is granted to the current user
-     * 
+     *
      * @param permission the permission to be tested
      * @return true if is granted, false otherwise
      */
     public boolean isPermitted(String permission) {
-        return this.getSubject().isPermitted(permission);
+        return this.securityContext.isCallerInRole(permission);
     }
 
     /**
-     * @return return the current {@link Subject} of the application
-     */
-    private Subject getSubject() {
-        return SecurityUtils.getSubject();
-    }
-
-    /**
-     * Simple producer to make the user object of the current principal available 
-     * to other functionalities of the system, like the audit mechanism
-     * 
+     * Simple producer to make the user object of the current principal available to other functionalities of the
+     * system, like the audit mechanism
+     *
      * @return the current principal user object
      */
     @Produces
-    @AuthenticatedUser 
+    @AuthenticatedUser
     User producePrincipal() {
         return this.principal;
     }

src/main/java/br/eti/arthurgregorio/library/application/controllers/tools/GroupBean.java → src/main/java/br/eti/arthurgregorio/library/application/controllers/configurations/GroupBean.java

@@ -1,4 +1,4 @@
-package br.eti.arthurgregorio.library.application.controllers.tools;
+package br.eti.arthurgregorio.library.application.controllers.configurations;
 
 import static br.eti.arthurgregorio.library.application.components.NavigationManager.PageType.ADD_PAGE;
 import static br.eti.arthurgregorio.library.application.components.NavigationManager.PageType.DELETE_PAGE;
@@ -8,11 +8,11 @@
 import br.eti.arthurgregorio.library.application.controllers.FormBean;
 import br.eti.arthurgregorio.library.application.components.ViewState;
 import br.eti.arthurgregorio.library.application.components.table.Page;
-import br.eti.arthurgregorio.library.domain.model.entities.tools.Authorization;
-import br.eti.arthurgregorio.library.domain.model.entities.tools.Grant;
-import br.eti.arthurgregorio.library.domain.model.entities.tools.Group;
-import br.eti.arthurgregorio.library.domain.model.entities.tools.Permissions;
-import br.eti.arthurgregorio.library.domain.repositories.tools.GroupRepository;
+import br.eti.arthurgregorio.library.domain.model.entities.configurations.Authorization;
+import br.eti.arthurgregorio.library.domain.model.entities.configurations.Grant;
+import br.eti.arthurgregorio.library.domain.model.entities.configurations.Group;
+import br.eti.arthurgregorio.library.domain.model.entities.configurations.Permissions;
+import br.eti.arthurgregorio.library.domain.repositories.configurations.GroupRepository;
 import br.eti.arthurgregorio.library.domain.services.UserAccountService;
 import java.util.ArrayList;
 import java.util.HashSet;
@@ -28,7 +28,7 @@
 import org.primefaces.model.TreeNode;
 
 /**
- * The controller for the user groups operations
+ * The controller for the {@link User} groups operations
  *
  * @author Arthur Gregorio
  *

src/main/java/br/eti/arthurgregorio/library/application/controllers/tools/UserBean.java → src/main/java/br/eti/arthurgregorio/library/application/controllers/configurations/UserBean.java

@@ -1,4 +1,4 @@
-package br.eti.arthurgregorio.library.application.controllers.tools;
+package br.eti.arthurgregorio.library.application.controllers.configurations;
 
 import static br.eti.arthurgregorio.library.application.components.NavigationManager.PageType.ADD_PAGE;
 import static br.eti.arthurgregorio.library.application.components.NavigationManager.PageType.DELETE_PAGE;
@@ -7,20 +7,18 @@
 import static br.eti.arthurgregorio.library.application.components.NavigationManager.PageType.UPDATE_PAGE;
 import br.eti.arthurgregorio.library.application.components.ViewState;
 import br.eti.arthurgregorio.library.application.components.table.Page;
-import br.eti.arthurgregorio.library.domain.model.entities.tools.User;
-import br.eti.arthurgregorio.library.domain.model.entities.tools.StoreType;
+import br.eti.arthurgregorio.library.domain.model.entities.configurations.User;
+import br.eti.arthurgregorio.library.domain.model.entities.configurations.StoreType;
 import br.eti.arthurgregorio.library.domain.model.exception.BusinessLogicException;
-import br.eti.arthurgregorio.library.domain.repositories.tools.GroupRepository;
-import br.eti.arthurgregorio.library.domain.repositories.tools.UserRepository;
+import br.eti.arthurgregorio.library.domain.repositories.configurations.GroupRepository;
+import br.eti.arthurgregorio.library.domain.repositories.configurations.UserRepository;
 import br.eti.arthurgregorio.library.domain.services.UserAccountService;
-import br.eti.arthurgregorio.shiroee.config.ldap.LdapUser;
-import br.eti.arthurgregorio.shiroee.config.ldap.LdapUserProvider;
 import java.util.List;
 import javax.faces.view.ViewScoped;
 import javax.inject.Inject;
 import javax.inject.Named;
 import br.eti.arthurgregorio.library.application.controllers.FormBean;
-import br.eti.arthurgregorio.library.domain.model.entities.tools.Group;
+import br.eti.arthurgregorio.library.domain.model.entities.configurations.Group;
 import br.eti.arthurgregorio.library.infrastructure.utilities.Configurations;
 import lombok.Getter;
 import org.primefaces.model.SortOrder;
@@ -48,8 +46,8 @@ public class UserBean extends FormBean<User> {
     @Inject
     private UserAccountService userAccountService;
 
-    @Inject
-    private LdapUserProvider ldapUserProvider;
+//    @Inject
+//    private LdapUserProvider ldapUserProvider;
 
     /**
      * {@inheritDoc}
@@ -135,21 +133,21 @@ public String doDelete() {
      */
     public void findUserOnLdap() {
 
-        final boolean ldapEnable = Configurations.getAsBoolean("ldap.enabled");
-
-        if (!ldapEnable) {
-            throw new IllegalStateException("error.user.ldap-not-enabled");
-        }
-
-        final String username = this.value.getUsername();
-
-        final LdapUser userDetails = this.ldapUserProvider
-                .search(username)
-                .orElseThrow(() -> BusinessLogicException.create("error.user.not-found-ldap", username));
-
-        this.value.setUsername(userDetails.getSAMAccountName());
-        this.value.setEmail(userDetails.getMail());
-        this.value.setName(userDetails.getName());
+//        final boolean ldapEnable = Configurations.getAsBoolean("ldap.enabled");
+//
+//        if (!ldapEnable) {
+//            throw new IllegalStateException("error.user.ldap-not-enabled");
+//        }
+//
+//        final String username = this.value.getUsername();
+//
+//        final LdapUser userDetails = this.ldapUserProvider
+//                .search(username)
+//                .orElseThrow(() -> new BusinessLogicException("error.user.not-found-ldap", username));
+//
+//        this.value.setUsername(userDetails.getSAMAccountName());
+//        this.value.setEmail(userDetails.getMail());
+//        this.value.setName(userDetails.getName());
 
 
     }

src/main/java/br/eti/arthurgregorio/library/domain/model/entities/RevisionListener.java

@@ -1,7 +1,6 @@
 package br.eti.arthurgregorio.library.domain.model.entities;
 
 import java.util.Date;
-import org.apache.shiro.SecurityUtils;
 
 /**
  * The listener to add more info to the revision of the audited entities
@@ -33,10 +32,10 @@ public void newRevision(Object revisionEntity) {
      * @return the username of the logged user
      */
     private String getLoggedUser() {
-        try {
-            return String.valueOf(SecurityUtils.getSubject().getPrincipal());
-        } catch (Exception ex) {
+//        try {
+//            return String.valueOf(SecurityUtils.getSubject().getPrincipal());
+//        } catch (Exception ex) {
             return "unknown";
-        }
+//        }
     }
 }