From 198a8b10f732af7fda4fe6158c4754f9feb34b7e Mon Sep 17 00:00:00 2001
From: Claus Ibsen <claus.ibsen@gmail.com>
Date: Sun, 10 Mar 2024 12:19:07 +0100
Subject: [PATCH] CAMEL-20491: camel-shiro - Upgrade to 2.0 that is jakarta ee
 compatible (#13430)

---
 components/camel-shiro/pom.xml                    |  8 ++++++--
 .../shiro/security/ShiroSecurityHelper.java       |  4 ++--
 .../shiro/security/ShiroSecurityPolicy.java       | 15 +++++++--------
 .../shiro/security/ShiroSecurityProcessor.java    | 10 +++++-----
 .../security/ShiroSecurityTokenInjector.java      |  6 +++---
 .../ROOT/pages/camel-4x-upgrade-guide-4_5.adoc    |  4 ++++
 parent/pom.xml                                    |  2 +-
 7 files changed, 28 insertions(+), 21 deletions(-)

diff --git a/components/camel-shiro/pom.xml b/components/camel-shiro/pom.xml
index 939f005050b61..473cbfecc6cbd 100644
--- a/components/camel-shiro/pom.xml
+++ b/components/camel-shiro/pom.xml
@@ -44,8 +44,12 @@
         </dependency>
         <dependency>
             <groupId>org.apache.shiro</groupId>
-            <artifactId>shiro-core</artifactId>
-            <classifier>jakarta</classifier>
+            <artifactId>shiro-jakarta-ee</artifactId>
+            <version>${shiro-version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.shiro</groupId>
+            <artifactId>shiro-crypto-cipher</artifactId>
             <version>${shiro-version}</version>
         </dependency>
 
diff --git a/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityHelper.java b/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityHelper.java
index 488c50e6d834a..51b46fe100083 100644
--- a/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityHelper.java
+++ b/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityHelper.java
@@ -19,8 +19,8 @@
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
-import org.apache.shiro.crypto.CipherService;
-import org.apache.shiro.util.ByteSource;
+import org.apache.shiro.crypto.cipher.CipherService;
+import org.apache.shiro.lang.util.ByteSource;
 
 public final class ShiroSecurityHelper {
 
diff --git a/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityPolicy.java b/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityPolicy.java
index 6ca0b64e9e4db..f31a7310fae74 100644
--- a/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityPolicy.java
+++ b/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityPolicy.java
@@ -26,11 +26,10 @@
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.authz.Permission;
 import org.apache.shiro.config.Ini;
-import org.apache.shiro.config.IniSecurityManagerFactory;
-import org.apache.shiro.crypto.AesCipherService;
-import org.apache.shiro.crypto.CipherService;
+import org.apache.shiro.crypto.cipher.AesCipherService;
+import org.apache.shiro.crypto.cipher.CipherService;
+import org.apache.shiro.ini.IniSecurityManagerFactory;
 import org.apache.shiro.mgt.SecurityManager;
-import org.apache.shiro.util.Factory;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -56,15 +55,15 @@ public ShiroSecurityPolicy() {
 
     public ShiroSecurityPolicy(String iniResourcePath) {
         this();
-        Factory<SecurityManager> factory = new IniSecurityManagerFactory(iniResourcePath);
-        securityManager = factory.getInstance();
+        Ini ini = new Ini();
+        ini.loadFromPath(iniResourcePath);
+        securityManager = new IniSecurityManagerFactory(ini).getInstance();
         SecurityUtils.setSecurityManager(securityManager);
     }
 
     public ShiroSecurityPolicy(Ini ini) {
         this();
-        Factory<SecurityManager> factory = new IniSecurityManagerFactory(ini);
-        securityManager = factory.getInstance();
+        securityManager = new IniSecurityManagerFactory(ini).getInstance();
         SecurityUtils.setSecurityManager(securityManager);
     }
 
diff --git a/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityProcessor.java b/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityProcessor.java
index e32584d75460e..05002aefc6914 100644
--- a/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityProcessor.java
+++ b/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityProcessor.java
@@ -31,9 +31,10 @@
 import org.apache.shiro.authc.UnknownAccountException;
 import org.apache.shiro.authc.UsernamePasswordToken;
 import org.apache.shiro.authz.Permission;
-import org.apache.shiro.codec.Base64;
+import org.apache.shiro.crypto.cipher.ByteSourceBroker;
+import org.apache.shiro.lang.codec.Base64;
+import org.apache.shiro.lang.util.ByteSource;
 import org.apache.shiro.subject.Subject;
-import org.apache.shiro.util.ByteSource;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -113,9 +114,8 @@ private void applySecurityPolicy(Exchange exchange) throws Exception {
                     exchange);
         }
 
-        ByteSource decryptedToken = policy.getCipherService().decrypt(encryptedToken.getBytes(), policy.getPassPhrase());
-
-        ShiroSecurityToken securityToken = ShiroSecurityHelper.deserialize(decryptedToken.getBytes());
+        ByteSourceBroker decryptedToken = policy.getCipherService().decrypt(encryptedToken.getBytes(), policy.getPassPhrase());
+        ShiroSecurityToken securityToken = ShiroSecurityHelper.deserialize(decryptedToken.getClonedBytes());
 
         Subject currentUser = SecurityUtils.getSubject();
 
diff --git a/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityTokenInjector.java b/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityTokenInjector.java
index 353c5cecc8b6c..6fbd4cfe565d7 100644
--- a/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityTokenInjector.java
+++ b/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityTokenInjector.java
@@ -18,9 +18,9 @@
 
 import org.apache.camel.Exchange;
 import org.apache.camel.Processor;
-import org.apache.shiro.crypto.AesCipherService;
-import org.apache.shiro.crypto.CipherService;
-import org.apache.shiro.util.ByteSource;
+import org.apache.shiro.crypto.cipher.AesCipherService;
+import org.apache.shiro.crypto.cipher.CipherService;
+import org.apache.shiro.lang.util.ByteSource;
 
 public class ShiroSecurityTokenInjector implements Processor {
     private byte[] passPhrase;
diff --git a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_5.adoc b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_5.adoc
index 98e2921388b19..338038f69f12f 100644
--- a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_5.adoc
+++ b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_5.adoc
@@ -222,6 +222,10 @@ calls the `/api-doc` endpoint.
 
 Added a Cookie Handler allowing the addition, retrieval and expiry of Cookies.
 
+=== camel-shiro
+
+Upgraded Apache Shiro from 1.13 to 2.0.
+
 === camel-twilio
 
 Upgraded to Twilio 10.1.0 which removed `call-feedback` and `call-feedback-summary` from the available APIs,
diff --git a/parent/pom.xml b/parent/pom.xml
index d0383ea06899f..ab3aa0e3fe0e1 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -414,7 +414,7 @@
         <rxjava2-version>2.2.21</rxjava2-version>
         <saxon-version>12.4</saxon-version>
         <scala-datasonnet-version>2.13.13</scala-datasonnet-version>
-        <shiro-version>1.13.0</shiro-version>
+        <shiro-version>2.0.0</shiro-version>
         <slack-api-model-version>1.38.1</slack-api-model-version>
         <slf4j-api-version>2.0.12</slf4j-api-version>
         <slf4j-version>2.0.12</slf4j-version>