Examples with UnavailableSecurityManagerException org.apache.shiro.UnavailableSecurityManagerException used on opensource projects

Example 1 with UnavailableSecurityManagerException

use of org.apache.shiro.UnavailableSecurityManagerException in project atmosphere by Atmosphere.

the class ShiroInterceptor method inspect.

@Override
public Action inspect(AtmosphereResource r) {
    if (Utils.webSocketMessage(r))
        return Action.CONTINUE;
    if (r.getRequest().localAttributes().containsKey(FrameworkConfig.SECURITY_SUBJECT) == false) {
        try {
            Subject currentUser = null;
            if (r.transport().equals(TRANSPORT.WEBSOCKET)) {
                WebEnvironment env = WebUtils.getRequiredWebEnvironment(r.getAtmosphereConfig().getServletContext());
                currentUser = new WebSubject.Builder(env.getSecurityManager(), r.getRequest(), r.getResponse()).buildWebSubject();
            } else {
                currentUser = SecurityUtils.getSubject();
            }
            if (currentUser != null) {
                r.getRequest().setAttribute(FrameworkConfig.SECURITY_SUBJECT, currentUser);
            }
        } catch (UnavailableSecurityManagerException ex) {
            logger.info("Shiro Web Security : {}", ex.getMessage());
        } catch (java.lang.IllegalStateException ex) {
            logger.info("Shiro Web Environment : {}", ex.getMessage());
        }
    }
    return Action.CONTINUE;
}

Example 2 with UnavailableSecurityManagerException

use of org.apache.shiro.UnavailableSecurityManagerException in project mica2 by obiba.

the class AbstractShiroTest method tearDownShiro.

@AfterClass
public static void tearDownShiro() {
    doClearSubject();
    try {
        SecurityManager securityManager = getSecurityManager();
        LifecycleUtils.destroy(securityManager);
    } catch (UnavailableSecurityManagerException e) {
    // we don't care about this when cleaning up the test environment
    // (for example, maybe the subclass is a unit test and it didn't
    // need a SecurityManager instance because it was using only
    // mock Subject instances)
    }
    setSecurityManager(null);
}

Example 3 with UnavailableSecurityManagerException

use of org.apache.shiro.UnavailableSecurityManagerException in project ddf by codice.

the class Security method runWithSubjectOrElevate.

/**
     * Runs the {@link Callable} in the current thread as the current security framework's
     * {@link Subject}. If the security framework's {@link Subject} is not currently set and
     * the Java Subject contains the admin role, elevates and runs the {@link Callable} as the
     * system {@link Subject}.
     *
     * @param codeToRun code to run
     * @param <T>       type of the returned value
     * @return value returned by the {@link Callable}
     * @throws SecurityServiceException  if the current subject didn' have enough permissions to run
     *                                   the code
     * @throws InvocationTargetException wraps any exception thrown by {@link Callable#call()}.
     *                                   {@link Callable} exception can be retrieved using the
     *                                   {@link InvocationTargetException#getCause()}.
     */
public <T> T runWithSubjectOrElevate(@NotNull Callable<T> codeToRun) throws SecurityServiceException, InvocationTargetException {
    notNull(codeToRun, "Callable cannot be null");
    try {
        try {
            org.apache.shiro.subject.Subject subject = org.apache.shiro.SecurityUtils.getSubject();
            return subject.execute(codeToRun);
        } catch (IllegalStateException | UnavailableSecurityManagerException e) {
            LOGGER.debug("No shiro subject available for running command, trying with Java Subject");
        }
        Subject subject = getSystemSubject();
        if (subject == null) {
            SecurityLogger.audit(INSUFFICIENT_PERMISSIONS_ERROR);
            throw new SecurityServiceException(INSUFFICIENT_PERMISSIONS_ERROR);
        }
        SecurityLogger.auditWarn("Elevating current user permissions to use System subject");
        return subject.execute(codeToRun);
    } catch (ExecutionException e) {
        throw new InvocationTargetException(e.getCause());
    }
}

Example 4 with UnavailableSecurityManagerException

use of org.apache.shiro.UnavailableSecurityManagerException in project ddf by codice.

the class SecurityTest method testRunWithSubjectOrElevateWhenSystemSubjectHasAdminRole.

@Test
public void testRunWithSubjectOrElevateWhenSystemSubjectHasAdminRole() throws Exception {
    when(SecurityUtils.getSubject()).thenThrow(new UnavailableSecurityManagerException(""));
    when(systemSubject.execute(callable)).thenReturn("Success!");
    configureMocksForBundleContext("server");
    String result = security.runAsAdminWithException(() -> security.runWithSubjectOrElevate(callable));
    assertThat(result, is("Success!"));
    verifyStatic();
    SecurityLogger.auditWarn("Elevating current user permissions to use System subject");
    verifyZeroInteractions(shiroSubject);
}

Example 5 with UnavailableSecurityManagerException

use of org.apache.shiro.UnavailableSecurityManagerException in project perry by ca-cwds.

the class AbstractApiSecurityTest method tearDownShiro.

@AfterClass
public static void tearDownShiro() {
    doClearSubject();
    try {
        SecurityManager securityManager = getSecurityManager();
        LifecycleUtils.destroy(securityManager);
    } catch (UnavailableSecurityManagerException e) {
    // we don't care about this when cleaning up the test environment
    // (for example, maybe the subclass is a unit test and it didn't
    // need a SecurityManager instance because it was using only
    // mock Subject instances)
    }
    setSecurityManager(null);
}