Example 51 with Session
use of org.apache.shiro.session.Session in project ddf by codice.
the class OAuthPluginTest method getSubject.
private Subject getSubject() {
Session session = mock(Session.class);
when(session.getId()).thenReturn(SESSION);
Subject subject = mock(Subject.class);
when(subject.getSession(false)).thenReturn(session);
return subject;
}Example 52 with Session
use of org.apache.shiro.session.Session in project ddf by codice.
the class OAuthSecurityImpl method setUserTokenOnClient.
/**
* Gets the user's access token from the token storage to set it to the OAUTH header. Used when a
* source is configured to use Authentication Code flow/grant.
*
* @param client Non-null client to set the access token on.
* @param subject subject used to get the session ID
* @param sourceId the id of the source using OAuth needed to get the correct tokens
*/
@Override
public void setUserTokenOnClient(Client client, Subject subject, String sourceId) {
if (client == null || subject == null || Strings.isBlank(sourceId)) {
return;
}
Session session = subject.getSession(false);
if (session == null) {
LOGGER.warn("The user's session is not available.");
return;
}
String sessionId = (String) session.getId();
if (sessionId == null) {
LOGGER.warn("The user's session ID is not available.");
return;
}
TokenInformation.TokenEntry tokenEntry = tokenStorage.read(sessionId, sourceId);
if (tokenEntry == null) {
return;
}
LOGGER.debug(ADDING_TOKEN);
client.header(OAUTH, BEARER + tokenEntry.getAccessToken());
}
Also used :
TokenEntry(org.codice.ddf.security.token.storage.api.TokenInformation.TokenEntry)
TokenInformation(org.codice.ddf.security.token.storage.api.TokenInformation)
Session(org.apache.shiro.session.Session)
Example 53 with Session
use of org.apache.shiro.session.Session in project ddf by codice.
the class OAuthSecurityImplTest method getSubject.
private Subject getSubject() {
Session session = mock(Session.class);
when(session.getId()).thenReturn(SESSION_ID);
Subject subject = mock(Subject.class);
when(subject.getSession(false)).thenReturn(session);
return subject;
}Example 54 with Session
use of org.apache.shiro.session.Session in project mica2 by obiba.
the class AuthenticationInterceptor method filter.
@Override
public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException {
// Set the cookie if the user is still authenticated
String path = micaConfigService.getContextPath() + "/";
if (isUserAuthenticated()) {
Session session = SecurityUtils.getSubject().getSession();
session.touch();
int timeout = (int) (session.getTimeout() / 1000);
NewCookie sidCookie = new NewCookie(MICA_SESSION_ID_COOKIE_NAME, session.getId().toString(), path, null, null, timeout, true, true);
MultivaluedMap<String, Object> headers = responseContext.getHeaders();
List<Object> cookies = headers.get(HttpHeaders.SET_COOKIE);
if (cookies == null)
headers.putSingle(HttpHeaders.SET_COOKIE, sidCookie);
else
headers.add(HttpHeaders.SET_COOKIE, sidCookie);
Object cookieValue = session.getAttribute(HttpHeaders.SET_COOKIE);
if (cookieValue != null) {
headers.add(HttpHeaders.SET_COOKIE, NewCookie.valueOf(cookieValue.toString()));
}
} else {
if (responseContext.getHeaders().get(HttpHeaders.SET_COOKIE) == null) {
responseContext.getHeaders().putSingle(HttpHeaders.SET_COOKIE, new NewCookie(MICA_SESSION_ID_COOKIE_NAME, null, path, null, "Mica session deleted", 0, true, true));
}
}
}Example 55 with Session
use of org.apache.shiro.session.Session in project mica2 by obiba.
the class CurrentSessionResource method deleteSession.
@DELETE
public Response deleteSession() {
// Delete the Shiro session
try {
Session session = SecurityUtils.getSubject().getSession();
Object cookieValue = session.getAttribute(HttpHeaders.SET_COOKIE);
SecurityUtils.getSubject().logout();
if (cookieValue != null) {
NewCookie cookie = NewCookie.valueOf(cookieValue.toString());
if (OBIBA_ID_COOKIE_NAME.equals(cookie.getName())) {
return Response.ok().header(HttpHeaders.SET_COOKIE, new NewCookie(OBIBA_ID_COOKIE_NAME, null, micaConfigService.getContextPath() + "/", cookie.getDomain(), "Obiba session deleted", 0, true, true)).build();
}
}
} catch (InvalidSessionException e) {
// Ignore
}
return Response.ok().build();
}
Also used :
InvalidSessionException(org.apache.shiro.session.InvalidSessionException)
Session(org.apache.shiro.session.Session)
NewCookie(javax.ws.rs.core.NewCookie)
DELETE(javax.ws.rs.DELETE)
Aggregations
Session (org.apache.shiro.session.Session)93
Subject (org.apache.shiro.subject.Subject)34
Test (org.junit.Test)21
Serializable (java.io.Serializable)11
PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)8
UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)6
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)6
SecurityManager (org.apache.shiro.mgt.SecurityManager)5
SessionListener (org.apache.shiro.session.SessionListener)5
ResponseBody (org.springframework.web.bind.annotation.ResponseBody)5
User (com.hfut.entity.User)4
Subject (ddf.security.Subject)4
ApiOperation (io.swagger.annotations.ApiOperation)4
Date (java.util.Date)4
HttpServletRequest (javax.servlet.http.HttpServletRequest)4
AuthenticationException (org.apache.shiro.authc.AuthenticationException)4
InvalidSessionException (org.apache.shiro.session.InvalidSessionException)4
SessionListenerAdapter (org.apache.shiro.session.SessionListenerAdapter)4
ArrayList (java.util.ArrayList)3
HashMap (java.util.HashMap)3
