Examples with Session org.apache.shiro.session.Session used on opensource projects

Search in sources :

Example 91 with Session

use of org.apache.shiro.session.Session in project graylog2-server by Graylog2.

the class UserSessionTerminationService method runGlobalSessionTermination.

/**
 * Terminate all user sessions, if the revision is outdated.
 * <p>
 * To make sure that we don't terminate user sessions concurrently, this method should be called on the primary
 * node only.
 */
public void runGlobalSessionTermination() {
    final GlobalTerminationRevisionConfig globalTerminationRevisionConfig = clusterConfigService.getOrDefault(GlobalTerminationRevisionConfig.class, GlobalTerminationRevisionConfig.initial());
    if (!globalTerminationRevisionConfig.isOutdated()) {
        LOG.debug("Global session termination not required");
        return;
    }
    long terminatedSessions = 0;
    for (final Session activeSession : sessionDao.getActiveSessions()) {
        terminateSessionForID(activeSession.getId());
        terminatedSessions++;
    }
    LOG.info("Globally terminated {} session(s)", terminatedSessions);
    clusterConfigService.write(GlobalTerminationRevisionConfig.withCurrentRevision());
}
Also used : Session(org.apache.shiro.session.Session)

Example 92 with Session

use of org.apache.shiro.session.Session in project graylog2-server by Graylog2.

the class SessionAuthenticator method doGetAuthenticationInfo.

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    SessionIdToken sessionIdToken = (SessionIdToken) token;
    final Subject subject = new Subject.Builder().sessionId(sessionIdToken.getSessionId()).buildSubject();
    final Session session = subject.getSession(false);
    if (session == null) {
        LOG.debug("Invalid session. Either it has expired or did not exist.");
        return null;
    }
    final Object userId = subject.getPrincipal();
    final User user = userService.loadById(String.valueOf(userId));
    if (user == null) {
        LOG.debug("No user with userId {} found for session", userId);
        return null;
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("Found session for userId {}", userId);
    }
    final String sessionUsername = (String) session.getAttribute(HTTPHeaderAuthenticationRealm.SESSION_AUTH_HEADER);
    if (sessionUsername != null) {
        final HTTPHeaderAuthConfig httpHeaderConfig = loadHTTPHeaderConfig();
        final Optional<String> usernameHeader = ShiroRequestHeadersBinder.getHeaderFromThreadContext(httpHeaderConfig.usernameHeader());
        if (httpHeaderConfig.enabled() && usernameHeader.isPresent() && !usernameHeader.get().equalsIgnoreCase(sessionUsername)) {
            LOG.warn("Terminating session where user <{}> does not match trusted HTTP header <{}>.", sessionUsername, usernameHeader.get());
            session.stop();
            return null;
        }
    }
    final Optional<String> noSessionExtension = ShiroRequestHeadersBinder.getHeaderFromThreadContext(X_GRAYLOG_NO_SESSION_EXTENSION);
    if (noSessionExtension.isPresent() && "true".equalsIgnoreCase(noSessionExtension.get())) {
        LOG.debug("Not extending session because the request indicated not to.");
    } else {
        session.touch();
    }
    ThreadContext.bind(subject);
    return new SimpleAccount(user.getId(), null, "session authenticator");
}
Also used : SimpleAccount(org.apache.shiro.authc.SimpleAccount) HTTPHeaderAuthConfig(org.graylog2.security.headerauth.HTTPHeaderAuthConfig) User(org.graylog2.plugin.database.users.User) SessionIdToken(org.graylog2.shared.security.SessionIdToken) Subject(org.apache.shiro.subject.Subject) Session(org.apache.shiro.session.Session)

Example 93 with Session

use of org.apache.shiro.session.Session in project nutzboot by nutzam.

the class ShiroEnvStarter method getWebSecurityManager.

@IocBean(name = "shiroWebSecurityManager")
public WebSecurityManager getWebSecurityManager() {
    DefaultWebSecurityManager webSecurityManager = new DefaultWebSecurityManager() {

        protected SubjectContext resolveSession(SubjectContext context) {
            if (context.resolveSession() != null) {
                return context;
            }
            try {
                Session session = resolveContextSession(context);
                if (session != null) {
                    context.setSession(session);
                }
            } catch (InvalidSessionException e) {
            }
            return context;
        }
    };
    // Shiro Session相关
    if (conf.getBoolean(PROP_SESSION_ENABLE, true)) {
        webSecurityManager.setSessionManager(ioc.get(WebSessionManager.class, "shiroWebSessionManager"));
    }
    List<Realm> realms = new ArrayList<>();
    for (String realmName : ioc.getNamesByType(Realm.class)) {
        realms.add(ioc.get(Realm.class, realmName));
    }
    if (realms.size() > 0)
        webSecurityManager.setRealms(realms);
    webSecurityManager.setRememberMeManager(ioc.get(RememberMeManager.class, "shiroRememberMeManager"));
    return webSecurityManager;
}
Also used : InvalidSessionException(org.apache.shiro.session.InvalidSessionException) RememberMeManager(org.apache.shiro.mgt.RememberMeManager) CookieRememberMeManager(org.apache.shiro.web.mgt.CookieRememberMeManager) SubjectContext(org.apache.shiro.subject.SubjectContext) DefaultWebSecurityManager(org.apache.shiro.web.mgt.DefaultWebSecurityManager) ArrayList(java.util.ArrayList) DefaultWebSessionManager(org.apache.shiro.web.session.mgt.DefaultWebSessionManager) WebSessionManager(org.apache.shiro.web.session.mgt.WebSessionManager) Realm(org.apache.shiro.realm.Realm) Session(org.apache.shiro.session.Session) IocBean(org.nutz.ioc.loader.annotation.IocBean)

Aggregations

Session (org.apache.shiro.session.Session)93 Subject (org.apache.shiro.subject.Subject)34 Test (org.junit.Test)21 Serializable (java.io.Serializable)11 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)8 UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)6 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)6 SecurityManager (org.apache.shiro.mgt.SecurityManager)5 SessionListener (org.apache.shiro.session.SessionListener)5 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)5 User (com.hfut.entity.User)4 Subject (ddf.security.Subject)4 ApiOperation (io.swagger.annotations.ApiOperation)4 Date (java.util.Date)4 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 AuthenticationException (org.apache.shiro.authc.AuthenticationException)4 InvalidSessionException (org.apache.shiro.session.InvalidSessionException)4 SessionListenerAdapter (org.apache.shiro.session.SessionListenerAdapter)4 ArrayList (java.util.ArrayList)3 HashMap (java.util.HashMap)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial