Example 91 with UsernamePasswordToken
use of org.apache.shiro.authc.UsernamePasswordToken in project shiro by apache.
the class DelegatingSubjectTest method testRunAs.
@Test
public void testRunAs() {
Ini ini = new Ini();
Ini.Section users = ini.addSection("users");
users.put("user1", "user1,role1");
users.put("user2", "user2,role2");
users.put("user3", "user3,role3");
IniSecurityManagerFactory factory = new IniSecurityManagerFactory(ini);
SecurityManager sm = factory.getInstance();
// login as user1
Subject subject = new Subject.Builder(sm).buildSubject();
subject.login(new UsernamePasswordToken("user1", "user1"));
assertFalse(subject.isRunAs());
assertEquals("user1", subject.getPrincipal());
assertTrue(subject.hasRole("role1"));
assertFalse(subject.hasRole("role2"));
assertFalse(subject.hasRole("role3"));
// no previous principals since we haven't called runAs yet
assertNull(subject.getPreviousPrincipals());
// runAs user2:
subject.runAs(new SimplePrincipalCollection("user2", IniSecurityManagerFactory.INI_REALM_NAME));
assertTrue(subject.isRunAs());
assertEquals("user2", subject.getPrincipal());
assertTrue(subject.hasRole("role2"));
assertFalse(subject.hasRole("role1"));
assertFalse(subject.hasRole("role3"));
// assert we still have the previous (user1) principals:
PrincipalCollection previous = subject.getPreviousPrincipals();
assertFalse(previous == null || previous.isEmpty());
assertTrue(previous.getPrimaryPrincipal().equals("user1"));
// test the stack functionality: While as user2, run as user3:
subject.runAs(new SimplePrincipalCollection("user3", IniSecurityManagerFactory.INI_REALM_NAME));
assertTrue(subject.isRunAs());
assertEquals("user3", subject.getPrincipal());
assertTrue(subject.hasRole("role3"));
assertFalse(subject.hasRole("role1"));
assertFalse(subject.hasRole("role2"));
// assert we still have the previous (user2) principals in the stack:
previous = subject.getPreviousPrincipals();
assertFalse(previous == null || previous.isEmpty());
assertTrue(previous.getPrimaryPrincipal().equals("user2"));
// drop down to user2:
subject.releaseRunAs();
// assert still run as:
assertTrue(subject.isRunAs());
assertEquals("user2", subject.getPrincipal());
assertTrue(subject.hasRole("role2"));
assertFalse(subject.hasRole("role1"));
assertFalse(subject.hasRole("role3"));
// assert we still have the previous (user1) principals:
previous = subject.getPreviousPrincipals();
assertFalse(previous == null || previous.isEmpty());
assertTrue(previous.getPrimaryPrincipal().equals("user1"));
// drop down to original user1:
subject.releaseRunAs();
// assert we're no longer runAs:
assertFalse(subject.isRunAs());
assertEquals("user1", subject.getPrincipal());
assertTrue(subject.hasRole("role1"));
assertFalse(subject.hasRole("role2"));
assertFalse(subject.hasRole("role3"));
// no previous principals in orig state
assertNull(subject.getPreviousPrincipals());
subject.logout();
LifecycleUtils.destroy(sm);
}
Also used :
IniSecurityManagerFactory(org.apache.shiro.config.IniSecurityManagerFactory)
DefaultSecurityManager(org.apache.shiro.mgt.DefaultSecurityManager)
SecurityManager(org.apache.shiro.mgt.SecurityManager)
Ini(org.apache.shiro.config.Ini)
DelegatingSubject(org.apache.shiro.subject.support.DelegatingSubject)
UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)
Test(org.junit.Test)
Example 92 with UsernamePasswordToken
use of org.apache.shiro.authc.UsernamePasswordToken in project shiro by apache.
the class DefaultSecurityManagerTest method testDefaultConfig.
@Test
public void testDefaultConfig() {
Subject subject = SecurityUtils.getSubject();
AuthenticationToken token = new UsernamePasswordToken("guest", "guest");
subject.login(token);
assertTrue(subject.isAuthenticated());
assertTrue("guest".equals(subject.getPrincipal()));
assertTrue(subject.hasRole("guest"));
Session session = subject.getSession();
session.setAttribute("key", "value");
assertEquals(session.getAttribute("key"), "value");
subject.logout();
assertNull(subject.getSession(false));
assertNull(subject.getPrincipal());
assertNull(subject.getPrincipals());
}
Also used :
AuthenticationToken(org.apache.shiro.authc.AuthenticationToken)
Subject(org.apache.shiro.subject.Subject)
UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)
Session(org.apache.shiro.session.Session)
Test(org.junit.Test)
Example 93 with UsernamePasswordToken
use of org.apache.shiro.authc.UsernamePasswordToken in project shiro by apache.
the class JDBCRealmTest method testRolePresent.
@Test
public void testRolePresent() throws Exception {
String testMethodName = name.getMethodName();
JdbcRealm realm = realmMap.get(testMethodName);
createDefaultSchema(testMethodName, false);
realm.setSaltStyle(JdbcRealm.SaltStyle.NO_SALT);
Subject.Builder builder = new Subject.Builder(securityManager);
Subject currentUser = builder.buildSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username, plainTextPassword);
currentUser.login(token);
Assert.assertTrue(currentUser.hasRole(testRole));
}
Also used :
Subject(org.apache.shiro.subject.Subject)
UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)
Example 94 with UsernamePasswordToken
use of org.apache.shiro.authc.UsernamePasswordToken in project shiro by apache.
the class JDBCRealmTest method testExternalSuccess.
@Test
public void testExternalSuccess() throws Exception {
String testMethodName = name.getMethodName();
JdbcRealm realm = realmMap.get(testMethodName);
createDefaultSchema(testMethodName, true);
realm.setSaltStyle(JdbcRealm.SaltStyle.EXTERNAL);
Subject.Builder builder = new Subject.Builder(securityManager);
Subject currentUser = builder.buildSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username, plainTextPassword);
currentUser.login(token);
currentUser.logout();
}
Also used :
Subject(org.apache.shiro.subject.Subject)
UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)
Example 95 with UsernamePasswordToken
use of org.apache.shiro.authc.UsernamePasswordToken in project shiro by apache.
the class JDBCRealmTest method testRoleNotPresent.
@Test
public void testRoleNotPresent() throws Exception {
String testMethodName = name.getMethodName();
JdbcRealm realm = realmMap.get(testMethodName);
createDefaultSchema(testMethodName, false);
realm.setSaltStyle(JdbcRealm.SaltStyle.NO_SALT);
Subject.Builder builder = new Subject.Builder(securityManager);
Subject currentUser = builder.buildSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username, plainTextPassword);
currentUser.login(token);
Assert.assertFalse(currentUser.hasRole("Game Overall Director"));
}
Also used :
Subject(org.apache.shiro.subject.Subject)
UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)
Aggregations
UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)118
Subject (org.apache.shiro.subject.Subject)52
Test (org.junit.Test)30
AuthenticationException (org.apache.shiro.authc.AuthenticationException)28
AuthenticationToken (org.apache.shiro.authc.AuthenticationToken)28
SimpleAuthenticationInfo (org.apache.shiro.authc.SimpleAuthenticationInfo)19
AuthenticationInfo (org.apache.shiro.authc.AuthenticationInfo)16
HttpServletRequest (javax.servlet.http.HttpServletRequest)11
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)11
Test (org.testng.annotations.Test)11
LockedAccountException (org.apache.shiro.authc.LockedAccountException)10
IncorrectCredentialsException (org.apache.shiro.authc.IncorrectCredentialsException)9
UnknownAccountException (org.apache.shiro.authc.UnknownAccountException)9
HttpServletResponse (javax.servlet.http.HttpServletResponse)8
DelegatingSubject (org.apache.shiro.subject.support.DelegatingSubject)7
Session (org.apache.shiro.session.Session)6
SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)6
ResponseBody (org.springframework.web.bind.annotation.ResponseBody)6
DisabledAccountException (org.apache.shiro.authc.DisabledAccountException)4
AuthorizationInfo (org.apache.shiro.authz.AuthorizationInfo)4
