org.apache.shiro.web.subject.WebSubjectContext Java Examples
The following examples show how to use
org.apache.shiro.web.subject.WebSubjectContext.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: AccountSubjectFactory.java From mblog with GNU General Public License v3.0 | 6 votes |
|
@Override
public Subject createSubject(SubjectContext context) {
if (!(context instanceof WebSubjectContext)) {
return super.createSubject(context);
} else {
WebSubjectContext wsc = (WebSubjectContext)context;
SecurityManager securityManager = wsc.resolveSecurityManager();
Session session = wsc.resolveSession();
boolean sessionEnabled = wsc.isSessionCreationEnabled();
PrincipalCollection principals = wsc.resolvePrincipals();
boolean authenticated = wsc.resolveAuthenticated();
String host = wsc.resolveHost();
ServletRequest request = wsc.resolveServletRequest();
ServletResponse response = wsc.resolveServletResponse();
Subject subject = new WebDelegatingSubject(principals, authenticated, host, session, sessionEnabled, request, response, securityManager);
handlerSession(subject);
return subject;
}
}
Example #2
| Source File: IamSubjectFactory.java From super-cloudops with Apache License 2.0 | 4 votes |
|
/**
* Assertion request accessToken(signature) validity.
*
* @param context
* @throws UnauthenticatedException
* @see {@link AbstractIamAuthenticationFilter#makeLoggedResponse}
*/
private final void assertRequestAccessTokenValidity(SubjectContext context) throws UnauthenticatedException {
// Additional signature verification will only be performed on those
// who have logged in successful.
// e.g: Authentication requests or internal API requests does not
// require signature verification.
if (context.isAuthenticated() || isNull(context.getSession()))
return;
WebSubjectContext wsc = (WebSubjectContext) context;
Session session = wsc.getSession();
HttpServletRequest request = toHttp(wsc.resolveServletRequest());
// Gets protocol configure info.
String sessionId = valueOf(session.getId());
String accessTokenSignKey = (String) session.getAttribute(KEY_ACCESSTOKEN_SIGN_NAME);
IamAuthenticationToken authcToken = (IamAuthenticationToken) session.getAttribute(KEY_AUTHC_TOKEN);
// Gets request accessToken.
final String accessToken = getRequestAccessToken(request);
log.debug("Asserting accessToken, sessionId:{}, accessTokenSignKey: {}, authcToken: {}, accessToken: {}", sessionId,
accessTokenSignKey, authcToken, accessToken);
// Only the account-password authentication is verified.
// if (authcToken instanceof ClientSecretIamAuthenticationToken) {
hasText(accessToken, UnauthenticatedException.class, "accessToken is required");
hasText(sessionId, UnauthenticatedException.class, "sessionId is required");
hasText(accessTokenSignKey, UnauthenticatedException.class, "No accessTokenSignKey"); // Shouldn't-here
// Calculating accessToken(signature).
final String validAccessToken = generateAccessToken(session, accessTokenSignKey);
log.debug(
"Asserted accessToken of sessionId: {}, accessTokenSignKey: {}, validAccessToken: {}, accessToken: {}, authcToken: {}",
sessionId, accessTokenSignKey, validAccessToken, accessToken, authcToken);
// Compare accessToken(signature)
if (!accessToken.equals(validAccessToken)) {
throw new InvalidAccessTokenAuthenticationException(
format("Illegal authentication accessToken: %s, accessTokenSignKey: %s", accessToken, accessTokenSignKey));
}
// }
}
Example #3
| Source File: IamSubjectFactory.java From super-cloudops with Apache License 2.0 | 2 votes |
|
/**
* Is assertion request accessTokens validity.
*
* @param context
* @return
*/
protected boolean isAssertRequestAccessTokens(SubjectContext context) {
HttpServletRequest request = toHttp(((WebSubjectContext) context).resolveServletRequest());
return config.getSession().isEnableAccessTokenValidity() && !isMediaRequest(request)
&& !isInternalProtocolNonAccessTokenRequest(request);
}
