org.apache.shiro.web.servlet.ShiroHttpServletRequest Java Examples

The following examples show how to use org.apache.shiro.web.servlet.ShiroHttpServletRequest. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SessionManager.java    From easyweb with Apache License 2.0 6 votes vote down vote up 
@Override
protected Serializable getSessionId(ServletRequest request, ServletResponse response) {
	// 如果参数中包含“__sid”参数,则使用此sid会话。 例如:http://localhost/project?__sid=xxx&__cookie=true
	String sid = request.getParameter("__sid");
	if (StringUtils.isNotBlank(sid)) {
		// 是否将sid保存到cookie,浏览器模式下使用此参数。
		if (WebUtils.isTrue(request, "__cookie")){
	        HttpServletRequest rq = (HttpServletRequest)request;
	        HttpServletResponse rs = (HttpServletResponse)response;
			Cookie template = getSessionIdCookie();
	        Cookie cookie = new SimpleCookie(template);
			cookie.setValue(sid); cookie.saveTo(rq, rs);
		}
		// 设置当前session状态
           request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE,
                   ShiroHttpServletRequest.URL_SESSION_ID_SOURCE); // session来源与url
           request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, sid);
           request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);
       	return sid;
	}else{
		return super.getSessionId(request, response);
	}
}
Example #2
Source File: DefaultWebSessionManager.java    From nano-framework with Apache License 2.0 6 votes vote down vote up 
@Override
protected void onStart(final Session session, final SessionContext context) {
    if (!WebUtils.isHttp(context)) {
        LOGGER.debug("SessionContext argument is not HTTP compatible or does not have an HTTP request/response " +
                "pair. No session ID cookie will be set.");
        return;
    }
    
    final HttpServletRequest request = WebUtils.getHttpRequest(context);
    final HttpServletResponse response = WebUtils.getHttpResponse(context);

    if (isSessionIdCookieEnabled()) {
        final Serializable sessionId = session.getId();
        storeSessionId(sessionId, request, response);
    } else {
        LOGGER.debug("Session ID cookie is disabled.  No cookie has been set for new session with id {}", session.getId());
    }

    request.removeAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE);
    request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_IS_NEW, Boolean.TRUE);
}
Example #3
Source File: MySessionManager.java    From spring-boot-shiro with Apache License 2.0 5 votes vote down vote up 
@Override
protected Serializable getSessionId(ServletRequest request, ServletResponse response) {
    String id = WebUtils.toHttp(request).getHeader(AUTHORIZATION);
    //如果请求头中有 Authorization 则其值为sessionId
    if (!StringUtils.isEmpty(id)) {
        request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, REFERENCED_SESSION_ID_SOURCE);
        request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, id);
        request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);
        return id;
    } else {
        //否则按默认规则从cookie取sessionId
        return super.getSessionId(request, response);
    }
}
Example #4
Source File: AdminWebSessionManager.java    From dts-shop with GNU Lesser General Public License v3.0 5 votes vote down vote up 
@Override
protected Serializable getSessionId(ServletRequest request, ServletResponse response) {
	String id = WebUtils.toHttp(request).getHeader(LOGIN_TOKEN_KEY);
	if (!StringUtils.isEmpty(id)) {
		request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, REFERENCED_SESSION_ID_SOURCE);
		request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, id);
		request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);
		return id;
	} else {
		return super.getSessionId(request, response);
	}
}
Example #5
Source File: MySessionManager.java    From scaffold-cloud with MIT License 5 votes vote down vote up 
@Override
protected Serializable getSessionId(ServletRequest request, ServletResponse response) {
    String id = WebUtils.toHttp(request).getHeader(AUTHORIZATION);
    //如果请求头中有 Authorization 则其值为sessionId
    if (!StrUtil.isEmpty(id)) {
        request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, REFERENCED_SESSION_ID_SOURCE);
        request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, id);
        request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);
        return id;
    } else {
        //否则按默认规则从cookie取sessionId
        return super.getSessionId(request, response);
    }
}
Example #6
Source File: AdminWebSessionManager.java    From mall with MIT License 5 votes vote down vote up 
@Override
protected Serializable getSessionId(ServletRequest request, ServletResponse response) {
    String id = WebUtils.toHttp(request).getHeader(LOGIN_TOKEN_KEY);
     if (!StringUtils.isEmpty(id)) {
        request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, REFERENCED_SESSION_ID_SOURCE);
        request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, id);
        request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);
        return id;
     } else {
          return super.getSessionId(request, response);
     }
}
Example #7
Source File: AdminWebSessionManager.java    From litemall with MIT License 5 votes vote down vote up 
@Override
protected Serializable getSessionId(ServletRequest request, ServletResponse response) {
    String id = WebUtils.toHttp(request).getHeader(LOGIN_TOKEN_KEY);
    if (!StringUtils.isEmpty(id)) {
        request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, REFERENCED_SESSION_ID_SOURCE);
        request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, id);
        request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);
        return id;
    } else {
        return super.getSessionId(request, response);
    }
}
Example #8
Source File: RestfulPermissionFilter.java    From zhcc-server with Apache License 2.0 5 votes vote down vote up 
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
        throws Exception {
    String method = ((HttpServletRequest) request).getMethod();

    // 处理跨域请求
    if (request instanceof ShiroHttpServletRequest) {
        if (StringUtils.equalsIgnoreCase("OPTIONS", method)) {
            return true;
        }
    }

    String permissionString = ((String[]) mappedValue)[0];
    Subject subject = getSubject(request, response);
    switch (method.toLowerCase()) {
    case "get":
        permissionString += ":read";
        break;
    case "put":
        permissionString += ":update";
        break;
    case "post":
        permissionString += ":create";
        break;
    case "delete":
        permissionString += ":delete";
        break;
    }
    return subject.isPermitted(permissionString);
}
Example #9
Source File: JwtAuthcFilter.java    From zhcc-server with Apache License 2.0 5 votes vote down vote up 
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
        throws Exception {
    //处理跨域请求
    if(request instanceof ShiroHttpServletRequest) {
        if(StringUtils.equalsIgnoreCase("OPTIONS", ((ShiroHttpServletRequest) request).getMethod())) {
            return true;
        }
    }
    
    // 拦截后先进入该方法。直接返回false,交由onAccessDenied处理鉴权与登录逻辑
    return false;
}
Example #10
Source File: AjaxSessionManager.java    From easyweb with Apache License 2.0 5 votes vote down vote up 
/**
 * 获取sessionId从请求中
 *
 * @param request
 * @param response
 * @return
 */
private Serializable getReferencedSessionId(ServletRequest request, ServletResponse response) {
    String id = this.getSessionIdCookieValue(request, response);
    if (id != null) {
        request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, "cookie");
    } else {
        id = this.getUriPathSegmentParamValue(request, "JSESSIONID");
        if (id == null) {
            // 获取请求头中的session
            id = WebUtils.toHttp(request).getHeader(this.authorization);
            if (id == null) {
                String name = this.getSessionIdName();
                id = request.getParameter(name);
                if (id == null) {
                    id = request.getParameter(name.toLowerCase());
                }
            }
        }
        if (id != null) {
            request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, "url");
        }
    }

    if (id != null) {
        request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, id);
        request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);
    }

    return id;
}
Example #11
Source File: SecurityConfiguration.java    From tapestry-security with Apache License 2.0 5 votes vote down vote up 
public boolean service(final HttpServletRequest originalRequest, final HttpServletResponse response, final HttpServletRequestHandler handler)
		throws IOException {
	// TODO consider whether this guard is necessary at all? I think possibly if container forwards the request internally
	// or, more generically, if the same thread/container-level filter mapping handles the request twice
	if (originalRequest instanceof ShiroHttpServletRequest) return handler.service(originalRequest, response);

	final HttpServletRequest request = new ShiroHttpServletRequest(originalRequest, servletContext, true);

	final String requestURI = loginContextService.getLocalelessPathWithinApplication();

	runChainListeners();

	final SecurityFilterChain chain = getMatchingChain(requestURI);

	requestGlobals.storeServletRequestResponse(request, response);

	ThreadContext.bind(securityManager);
	WebSubject subject = new WebSubject.Builder(securityManager, request, response).buildWebSubject();
	ThreadContext.bind(subject);

	try {
		// return subject.execute(new Callable<Boolean>() {
		// public Boolean call() throws Exception {
		if (chain == null) return handler.service(request, response);
		else {
			boolean handled = chain.getHandler().service(request, response);
			return handled || handler.service(request, response);
		}
		// }
		// });
	}
	finally {
		/**
		 * final 'clean up' operation that removes the underlying {@link ThreadLocal ThreadLocal} from the thread
		 * at the end of execution to prevent leaks in pooled thread environments.
		 */
		ThreadContext.remove(subject);
		ThreadContext.remove();
	}
}
Example #12
Source File: CustomWebSessionManager.java    From jee-universal-bms with Apache License 2.0 4 votes vote down vote up 
protected void onStart(Session session, SessionContext context) {
    super.onStart(session,context);
    HttpServletRequest request = WebUtils.getHttpRequest(context);
    request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, ShiroHttpServletRequest.COOKIE_SESSION_ID_SOURCE);
}
Example #13
Source File: ShiroPermissionsFilter.java    From jee-universal-bms with Apache License 2.0 2 votes vote down vote up 
/**
 * 对访问的Url和当前用户进行权限认证
 * @param request       封装了HttpServletRequest
 * @param response      封装了HttpServletRequest
 * @param mappedValue   配置中传递的数据,这里不需要
 * @return
 */
public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
    String url = ((ShiroHttpServletRequest) request).getRequestURI();
    Subject subject = this.getSubject(request, response);
    return subject.isPermitted(url);
}