Example 81 with Session
use of org.apache.shiro.session.Session in project shiro by apache.
the class DefaultWebSecurityManagerTest method testGetSubjectByRequestSessionId.
@Test
public void testGetSubjectByRequestSessionId() {
shiroSessionModeInit();
HttpServletRequest mockRequest = createNiceMock(HttpServletRequest.class);
HttpServletResponse mockResponse = createNiceMock(HttpServletResponse.class);
replay(mockRequest);
replay(mockResponse);
Subject subject = newSubject(mockRequest, mockResponse);
Session session = subject.getSession();
Serializable sessionId = session.getId();
assertNotNull(sessionId);
verify(mockRequest);
verify(mockResponse);
mockRequest = createNiceMock(HttpServletRequest.class);
mockResponse = createNiceMock(HttpServletResponse.class);
// now simulate the cookie going with the request and the Subject should be acquired based on that:
Cookie[] cookies = new Cookie[] { new Cookie(ShiroHttpSession.DEFAULT_SESSION_ID_NAME, sessionId.toString()) };
expect(mockRequest.getCookies()).andReturn(cookies).anyTimes();
expect(mockRequest.getParameter(isA(String.class))).andReturn(null).anyTimes();
replay(mockRequest);
replay(mockResponse);
subject = newSubject(mockRequest, mockResponse);
session = subject.getSession(false);
assertNotNull(session);
assertEquals(sessionId, session.getId());
verify(mockRequest);
verify(mockResponse);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Cookie(javax.servlet.http.Cookie)
Serializable(java.io.Serializable)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
WebSubject(org.apache.shiro.web.subject.WebSubject)
Subject(org.apache.shiro.subject.Subject)
Session(org.apache.shiro.session.Session)
ShiroHttpSession(org.apache.shiro.web.servlet.ShiroHttpSession)
Test(org.junit.Test)
Example 82 with Session
use of org.apache.shiro.session.Session in project shiro by apache.
the class DefaultWebSubjectFactory method createSubject.
public Subject createSubject(SubjectContext context) {
if (!(context instanceof WebSubjectContext)) {
return super.createSubject(context);
}
WebSubjectContext wsc = (WebSubjectContext) context;
SecurityManager securityManager = wsc.resolveSecurityManager();
Session session = wsc.resolveSession();
boolean sessionEnabled = wsc.isSessionCreationEnabled();
PrincipalCollection principals = wsc.resolvePrincipals();
boolean authenticated = wsc.resolveAuthenticated();
String host = wsc.resolveHost();
ServletRequest request = wsc.resolveServletRequest();
ServletResponse response = wsc.resolveServletResponse();
return new WebDelegatingSubject(principals, authenticated, host, session, sessionEnabled, request, response, securityManager);
}
Also used :
ServletRequest(javax.servlet.ServletRequest)
ServletResponse(javax.servlet.ServletResponse)
SecurityManager(org.apache.shiro.mgt.SecurityManager)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
WebSubjectContext(org.apache.shiro.web.subject.WebSubjectContext)
Session(org.apache.shiro.session.Session)
WebDelegatingSubject(org.apache.shiro.web.subject.support.WebDelegatingSubject)
Example 83 with Session
use of org.apache.shiro.session.Session in project shiro by apache.
the class WebUtils method getSavedRequest.
public static SavedRequest getSavedRequest(ServletRequest request) {
SavedRequest savedRequest = null;
Subject subject = SecurityUtils.getSubject();
Session session = subject.getSession(false);
if (session != null) {
savedRequest = (SavedRequest) session.getAttribute(SAVED_REQUEST_KEY);
}
return savedRequest;
}Example 84 with Session
use of org.apache.shiro.session.Session in project shiro by apache.
the class ShiroSessionScopeTest method testScope.
@Test
public void testScope() throws Exception {
Subject subject = createMock(Subject.class);
try {
ThreadContext.bind(subject);
final Key<SomeClass> key = Key.get(SomeClass.class);
Provider<SomeClass> mockProvider = createMock(Provider.class);
Session session = createMock(Session.class);
SomeClass retuned = new SomeClass();
expect(subject.getSession()).andReturn(session);
expect(session.getAttribute(key)).andReturn(null);
expect(mockProvider.get()).andReturn(retuned);
expect(subject.getSession()).andReturn(session);
expect(session.getAttribute(key)).andReturn(retuned);
replay(subject, mockProvider, session);
ShiroSessionScope underTest = new ShiroSessionScope();
// first time the session doesn't contain it, we expect the provider to be invoked
assertSame(retuned, underTest.scope(key, mockProvider).get());
// second time the session does contain it, we expect the provider to not be invoked
assertSame(retuned, underTest.scope(key, mockProvider).get());
verify(subject, mockProvider, session);
} finally {
ThreadContext.unbindSubject();
}
}Example 85 with Session
use of org.apache.shiro.session.Session in project shiro by apache.
the class IndexController method buildModel.
protected Model buildModel(Model model) {
Subject subject = SecurityUtils.getSubject();
boolean hasRole1 = subject.hasRole("role1");
boolean hasRole2 = subject.hasRole("role2");
model.addAttribute("hasRole1", hasRole1);
model.addAttribute("hasRole2", hasRole2);
Session session = subject.getSession();
Map<Object, Object> sessionAttributes = new LinkedHashMap<Object, Object>();
for (Object key : session.getAttributeKeys()) {
sessionAttributes.put(key, session.getAttribute(key));
}
model.addAttribute("sessionAttributes", sessionAttributes);
model.addAttribute("subjectSession", subject.getSession());
return model;
}
Also used :
Subject(org.apache.shiro.subject.Subject)
Session(org.apache.shiro.session.Session)
LinkedHashMap(java.util.LinkedHashMap)
Aggregations
Session (org.apache.shiro.session.Session)93
Subject (org.apache.shiro.subject.Subject)34
Test (org.junit.Test)21
Serializable (java.io.Serializable)11
PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)8
UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)6
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)6
SecurityManager (org.apache.shiro.mgt.SecurityManager)5
SessionListener (org.apache.shiro.session.SessionListener)5
ResponseBody (org.springframework.web.bind.annotation.ResponseBody)5
User (com.hfut.entity.User)4
Subject (ddf.security.Subject)4
ApiOperation (io.swagger.annotations.ApiOperation)4
Date (java.util.Date)4
HttpServletRequest (javax.servlet.http.HttpServletRequest)4
AuthenticationException (org.apache.shiro.authc.AuthenticationException)4
InvalidSessionException (org.apache.shiro.session.InvalidSessionException)4
SessionListenerAdapter (org.apache.shiro.session.SessionListenerAdapter)4
ArrayList (java.util.ArrayList)3
HashMap (java.util.HashMap)3
