Java Code Examples for org.apache.shiro.web.util.WebUtils#getHttpRequest()
The following examples show how to use
org.apache.shiro.web.util.WebUtils#getHttpRequest() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: AbstractIamSessionManager.java From super-cloudops with Apache License 2.0 | 6 votes |
|
@Override
protected void onStart(Session session, SessionContext context) {
if (!WebUtils.isHttp(context)) {
throw new IllegalStateException(String.format("IAM currently only supports HTTP protocol family!"));
}
HttpServletRequest request = WebUtils.getHttpRequest(context);
HttpServletResponse response = WebUtils.getHttpResponse(context);
if (isSessionIdCookieEnabled()) {
if (StringUtils2.isEmpty(session.getId())) {
throw new IllegalArgumentException("sessionId cannot be null when persisting for subsequent requests.");
}
// Storage session token
saveSessionIdCookieIfNecessary(request, response, session.getId().toString());
} else {
log.debug("Session ID cookie is disabled. No cookie has been set for new session with id {}", session.getId());
}
request.removeAttribute(REFERENCED_SESSION_ID_SOURCE);
request.setAttribute(REFERENCED_SESSION_IS_NEW, TRUE);
}
Example 2
| Source File: CookieRememberMeManager.java From nano-framework with Apache License 2.0 | 6 votes |
|
@Override
protected void rememberSerializedIdentity(Subject subject, byte[] serialized) {
if (!WebUtils.isHttp(subject)) {
if (LOGGER.isDebugEnabled()) {
String msg = "Subject argument is not an HTTP-aware instance. This is required to obtain a servlet " +
"request and response in order to set the rememberMe cookie. Returning immediately and " +
"ignoring rememberMe operation.";
LOGGER.debug(msg);
}
return;
}
HttpServletRequest request = WebUtils.getHttpRequest(subject);
HttpServletResponse response = WebUtils.getHttpResponse(subject);
// base 64 encode it and store as a cookie:
String base64 = Base64.encodeToString(serialized);
// the class attribute is really a template for the outgoing cookies
Cookie cookie = getCookie();
cookie.setValue(base64);
cookie.saveTo(request, response);
}
Example 3
| Source File: DefaultWebSessionManager.java From nano-framework with Apache License 2.0 | 6 votes |
|
@Override
protected void onStart(final Session session, final SessionContext context) {
if (!WebUtils.isHttp(context)) {
LOGGER.debug("SessionContext argument is not HTTP compatible or does not have an HTTP request/response " +
"pair. No session ID cookie will be set.");
return;
}
final HttpServletRequest request = WebUtils.getHttpRequest(context);
final HttpServletResponse response = WebUtils.getHttpResponse(context);
if (isSessionIdCookieEnabled()) {
final Serializable sessionId = session.getId();
storeSessionId(sessionId, request, response);
} else {
LOGGER.debug("Session ID cookie is disabled. No cookie has been set for new session with id {}", session.getId());
}
request.removeAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE);
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_IS_NEW, Boolean.TRUE);
}
Example 4
| Source File: SessionEvaluator.java From jqm with Apache License 2.0 | 6 votes |
|
@Override
public boolean isSessionStorageEnabled(Subject subject)
{
// If disabled in request (e.g. by using the noSessionCreation filter, it stays disabled.
if (WebUtils.isWeb(subject))
{
HttpServletRequest request = WebUtils.getHttpRequest(subject);
Object o = request.getAttribute(DefaultSubjectContext.SESSION_CREATION_ENABLED);
if (o != null && !((Boolean) o))
{
return false;
}
}
// Then only allow humans, not API-only users, to create a session
if (subject.hasRole("human"))
{
return true;
}
// By default, no sessions allowed.
return false;
}
Example 5
| Source File: HttpRequestSessionManager.java From usergrid with Apache License 2.0 | 6 votes |
|
@Override
public Session start( SessionContext context ) throws AuthorizationException {
if ( !WebUtils.isHttp( context ) ) {
String msg = "SessionContext must be an HTTP compatible implementation.";
throw new IllegalArgumentException( msg );
}
HttpServletRequest request = WebUtils.getHttpRequest( context );
String host = getHost( context );
Session session = createSession( request, host );
request.setAttribute( REQUEST_ATTRIBUTE_KEY, session );
return session;
}
Example 6
| Source File: HttpRequestSessionManager.java From usergrid with Apache License 2.0 | 5 votes |
|
@Override
public Session getSession( SessionKey key ) throws SessionException {
if ( !WebUtils.isHttp( key ) ) {
String msg = "SessionKey must be an HTTP compatible implementation.";
throw new IllegalArgumentException( msg );
}
HttpServletRequest request = WebUtils.getHttpRequest( key );
return ( Session ) request.getAttribute( REQUEST_ATTRIBUTE_KEY );
}
Example 7
| Source File: BaseView.java From okta-auth-java with Apache License 2.0 | 4 votes |
|
public String getCsrf() {
Subject subject = SecurityUtils.getSubject();
HttpServletRequest request = WebUtils.getHttpRequest(subject);
return (String) request.getAttribute("_csrf");
}
Example 8
| Source File: CustomWebSessionManager.java From jee-universal-bms with Apache License 2.0 | 4 votes |
|
protected void onStart(Session session, SessionContext context) {
super.onStart(session,context);
HttpServletRequest request = WebUtils.getHttpRequest(context);
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, ShiroHttpServletRequest.COOKIE_SESSION_ID_SOURCE);
}
