Example 66 with Session
use of org.apache.shiro.session.Session in project graylog2-server by Graylog2.
the class SessionCreatorTest method extendExpiredSession.
@Test
public void extendExpiredSession() {
setUpUserMock();
// Create an expired session and store it.
SimpleSession oldSession = new SimpleSession();
oldSession.setLastAccessTime(new Date(0));
((DefaultSessionManager) securityManager.getSessionManager()).getSessionDAO().create(oldSession);
String oldSessionId = oldSession.getId().toString();
assertFalse(SecurityUtils.getSubject().isAuthenticated());
Optional<Session> session = sessionCreator.create(oldSessionId, "host", validToken);
assertTrue(session.isPresent());
// User will get a new session
assertNotEquals(oldSessionId, session.get().getId());
assertTrue(SecurityUtils.getSubject().isAuthenticated());
}
Also used :
Mockito.anyString(org.mockito.Mockito.anyString)
SimpleSession(org.apache.shiro.session.mgt.SimpleSession)
Date(java.util.Date)
Session(org.apache.shiro.session.Session)
SimpleSession(org.apache.shiro.session.mgt.SimpleSession)
Test(org.junit.Test)
Example 67 with Session
use of org.apache.shiro.session.Session in project wechat by dllwh.
the class CustomSessionManager method forbidUserById.
/**
* @方法描述: 查询要禁用的用户是否在线。
* @param id
* @param status
*/
public void forbidUserById(Integer id, Long status) {
for (OnlineUser bo : getAllUser()) {
if (bo.getId().equals(id)) {
// 匹配用户
// 获取用户Session
Session session = shiroSessionRepository.getSession(bo.getSessionId());
// 标记用户Session
SessionStatus sessionStatus = (SessionStatus) session.getAttribute(CacheConstans.SESSION_STATUS);
// 是否踢出 true:有效,false:踢出。
sessionStatus.setOnlineStatus(status.intValue() == 1);
}
}
}
Also used :
OnlineUser(com.cdeledu.model.system.OnlineUser)
Session(org.apache.shiro.session.Session)
Example 68 with Session
use of org.apache.shiro.session.Session in project shiro by apache.
the class DefaultSubjectDAO method mergeAuthenticationState.
/**
* Merges the Subject's current authentication state with whatever may be in
* any available session. Only updates the Subject's session if the session does not match the current
* authentication state.
*
* @param subject the Subject for which principals will potentially be merged into the Subject's session.
*/
protected void mergeAuthenticationState(Subject subject) {
Session session = subject.getSession(false);
if (session == null) {
if (subject.isAuthenticated()) {
session = subject.getSession();
session.setAttribute(DefaultSubjectContext.AUTHENTICATED_SESSION_KEY, Boolean.TRUE);
}
// otherwise no session and not authenticated - nothing to save
} else {
Boolean existingAuthc = (Boolean) session.getAttribute(DefaultSubjectContext.AUTHENTICATED_SESSION_KEY);
if (subject.isAuthenticated()) {
if (existingAuthc == null || !existingAuthc) {
session.setAttribute(DefaultSubjectContext.AUTHENTICATED_SESSION_KEY, Boolean.TRUE);
}
// otherwise authc state matches - no need to update the session
} else {
if (existingAuthc != null) {
// existing doesn't match the current state - remove it:
session.removeAttribute(DefaultSubjectContext.AUTHENTICATED_SESSION_KEY);
}
// otherwise not in the session and not authenticated - no need to update the session
}
}
}
Also used :
Session(org.apache.shiro.session.Session)
Example 69 with Session
use of org.apache.shiro.session.Session in project shiro by apache.
the class DefaultSubjectDAO method mergePrincipals.
/**
* Merges the Subject's current {@link org.apache.shiro.subject.Subject#getPrincipals()} with whatever may be in
* any available session. Only updates the Subject's session if the session does not match the current principals
* state.
*
* @param subject the Subject for which principals will potentially be merged into the Subject's session.
*/
protected void mergePrincipals(Subject subject) {
// merge PrincipalCollection state:
PrincipalCollection currentPrincipals = null;
// A more comprehensive review / cleaning of runAs should be performed for Shiro 1.3 / 2.0 +
if (subject.isRunAs() && subject instanceof DelegatingSubject) {
try {
Field field = DelegatingSubject.class.getDeclaredField("principals");
field.setAccessible(true);
currentPrincipals = (PrincipalCollection) field.get(subject);
} catch (Exception e) {
throw new IllegalStateException("Unable to access DelegatingSubject principals property.", e);
}
}
if (currentPrincipals == null || currentPrincipals.isEmpty()) {
currentPrincipals = subject.getPrincipals();
}
Session session = subject.getSession(false);
if (session == null) {
if (!isEmpty(currentPrincipals)) {
session = subject.getSession();
session.setAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY, currentPrincipals);
}
// otherwise no session and no principals - nothing to save
} else {
PrincipalCollection existingPrincipals = (PrincipalCollection) session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
if (isEmpty(currentPrincipals)) {
if (!isEmpty(existingPrincipals)) {
session.removeAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
}
// otherwise both are null or empty - no need to update the session
} else {
if (!currentPrincipals.equals(existingPrincipals)) {
session.setAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY, currentPrincipals);
}
// otherwise they're the same - no need to update the session
}
}
}
Also used :
Field(java.lang.reflect.Field)
DelegatingSubject(org.apache.shiro.subject.support.DelegatingSubject)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
Session(org.apache.shiro.session.Session)
Example 70 with Session
use of org.apache.shiro.session.Session in project shiro by apache.
the class DefaultSubjectDAO method removeFromSession.
/**
* Removes any existing subject state from the Subject's session (if the session exists). If the session
* does not exist, this method does not do anything.
*
* @param subject the subject for which any existing subject state will be removed from its session.
*/
protected void removeFromSession(Subject subject) {
Session session = subject.getSession(false);
if (session != null) {
session.removeAttribute(DefaultSubjectContext.AUTHENTICATED_SESSION_KEY);
session.removeAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
}
}
Also used :
Session(org.apache.shiro.session.Session)
Aggregations
Session (org.apache.shiro.session.Session)93
Subject (org.apache.shiro.subject.Subject)34
Test (org.junit.Test)21
Serializable (java.io.Serializable)11
PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)8
UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)6
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)6
SecurityManager (org.apache.shiro.mgt.SecurityManager)5
SessionListener (org.apache.shiro.session.SessionListener)5
ResponseBody (org.springframework.web.bind.annotation.ResponseBody)5
User (com.hfut.entity.User)4
Subject (ddf.security.Subject)4
ApiOperation (io.swagger.annotations.ApiOperation)4
Date (java.util.Date)4
HttpServletRequest (javax.servlet.http.HttpServletRequest)4
AuthenticationException (org.apache.shiro.authc.AuthenticationException)4
InvalidSessionException (org.apache.shiro.session.InvalidSessionException)4
SessionListenerAdapter (org.apache.shiro.session.SessionListenerAdapter)4
ArrayList (java.util.ArrayList)3
HashMap (java.util.HashMap)3
