Search in sources :

Example 41 with Session

use of org.apache.shiro.session.Session in project shiro by apache.

the class Quickstart method main.

public static void main(String[] args) {
    // The easiest way to create a Shiro SecurityManager with configured
    // realms, users, roles and permissions is to use the simple INI config.
    // We'll do that by using a factory that can ingest a .ini file and
    // return a SecurityManager instance:
    // Use the shiro.ini file at the root of the classpath
    // (file: and url: prefixes load from files and urls respectively):
    Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
    SecurityManager securityManager = factory.getInstance();
    // for this simple example quickstart, make the SecurityManager
    // accessible as a JVM singleton.  Most applications wouldn't do this
    // and instead rely on their container configuration or web.xml for
    // webapps.  That is outside the scope of this simple quickstart, so
    // we'll just do the bare minimum so you can continue to get a feel
    // for things.
    SecurityUtils.setSecurityManager(securityManager);
    // Now that a simple Shiro environment is set up, let's see what you can do:
    // get the currently executing user:
    Subject currentUser = SecurityUtils.getSubject();
    // Do some stuff with a Session (no need for a web or EJB container!!!)
    Session session = currentUser.getSession();
    session.setAttribute("someKey", "aValue");
    String value = (String) session.getAttribute("someKey");
    if (value.equals("aValue")) {
        log.info("Retrieved the correct value! [" + value + "]");
    }
    // let's login the current user so we can check against roles and permissions:
    if (!currentUser.isAuthenticated()) {
        UsernamePasswordToken token = new UsernamePasswordToken("lonestarr", "vespa");
        token.setRememberMe(true);
        try {
            currentUser.login(token);
        } catch (UnknownAccountException uae) {
            log.info("There is no user with username of " + token.getPrincipal());
        } catch (IncorrectCredentialsException ice) {
            log.info("Password for account " + token.getPrincipal() + " was incorrect!");
        } catch (LockedAccountException lae) {
            log.info("The account for username " + token.getPrincipal() + " is locked.  " + "Please contact your administrator to unlock it.");
        }// ... catch more exceptions here (maybe custom ones specific to your application?
         catch (AuthenticationException ae) {
        // unexpected condition?  error?
        }
    }
    // say who they are:
    // print their identifying principal (in this case, a username):
    log.info("User [" + currentUser.getPrincipal() + "] logged in successfully.");
    // test a role:
    if (currentUser.hasRole("schwartz")) {
        log.info("May the Schwartz be with you!");
    } else {
        log.info("Hello, mere mortal.");
    }
    // test a typed permission (not instance-level)
    if (currentUser.isPermitted("lightsaber:wield")) {
        log.info("You may use a lightsaber ring.  Use it wisely.");
    } else {
        log.info("Sorry, lightsaber rings are for schwartz masters only.");
    }
    // a (very powerful) Instance Level permission:
    if (currentUser.isPermitted("winnebago:drive:eagle5")) {
        log.info("You are permitted to 'drive' the winnebago with license plate (id) 'eagle5'.  " + "Here are the keys - have fun!");
    } else {
        log.info("Sorry, you aren't allowed to drive the 'eagle5' winnebago!");
    }
    // all done - log out!
    currentUser.logout();
    System.exit(0);
}
Also used : IniSecurityManagerFactory(org.apache.shiro.config.IniSecurityManagerFactory) SecurityManager(org.apache.shiro.mgt.SecurityManager) Subject(org.apache.shiro.subject.Subject) Session(org.apache.shiro.session.Session)

Example 42 with Session

use of org.apache.shiro.session.Session in project shiro by apache.

the class QuickstartGuice method main.

public static void main(String[] args) {
    // We will utilize standard Guice bootstrapping to create a Shiro SecurityManager.
    Injector injector = Guice.createInjector(new QuickstartShiroModule());
    SecurityManager securityManager = injector.getInstance(SecurityManager.class);
    // for this simple example quickstart, make the SecurityManager
    // accessible as a JVM singleton.  Most applications wouldn't do this
    // and instead rely on their container configuration or web.xml for
    // webapps.  That is outside the scope of this simple quickstart, so
    // we'll just do the bare minimum so you can continue to get a feel
    // for things.
    SecurityUtils.setSecurityManager(securityManager);
    // Now that a simple Shiro environment is set up, let's see what you can do:
    // get the currently executing user:
    Subject currentUser = SecurityUtils.getSubject();
    // Do some stuff with a Session (no need for a web or EJB container!!!)
    Session session = currentUser.getSession();
    session.setAttribute("someKey", "aValue");
    String value = (String) session.getAttribute("someKey");
    if (value.equals("aValue")) {
        log.info("Retrieved the correct value! [" + value + "]");
    }
    // let's login the current user so we can check against roles and permissions:
    if (!currentUser.isAuthenticated()) {
        UsernamePasswordToken token = new UsernamePasswordToken("lonestarr", "vespa");
        token.setRememberMe(true);
        try {
            currentUser.login(token);
        } catch (UnknownAccountException uae) {
            log.info("There is no user with username of " + token.getPrincipal());
        } catch (IncorrectCredentialsException ice) {
            log.info("Password for account " + token.getPrincipal() + " was incorrect!");
        } catch (LockedAccountException lae) {
            log.info("The account for username " + token.getPrincipal() + " is locked.  " + "Please contact your administrator to unlock it.");
        }// ... catch more exceptions here (maybe custom ones specific to your application?
         catch (AuthenticationException ae) {
        // unexpected condition?  error?
        }
    }
    // say who they are:
    // print their identifying principal (in this case, a username):
    log.info("User [" + currentUser.getPrincipal() + "] logged in successfully.");
    // test a role:
    if (currentUser.hasRole("schwartz")) {
        log.info("May the Schwartz be with you!");
    } else {
        log.info("Hello, mere mortal.");
    }
    // test a typed permission (not instance-level)
    if (currentUser.isPermitted("lightsaber:weild")) {
        log.info("You may use a lightsaber ring.  Use it wisely.");
    } else {
        log.info("Sorry, lightsaber rings are for schwartz masters only.");
    }
    // a (very powerful) Instance Level permission:
    if (currentUser.isPermitted("winnebago:drive:eagle5")) {
        log.info("You are permitted to 'drive' the winnebago with license plate (id) 'eagle5'.  " + "Here are the keys - have fun!");
    } else {
        log.info("Sorry, you aren't allowed to drive the 'eagle5' winnebago!");
    }
    // all done - log out!
    currentUser.logout();
    System.exit(0);
}
Also used : SecurityManager(org.apache.shiro.mgt.SecurityManager) Injector(com.google.inject.Injector) Subject(org.apache.shiro.subject.Subject) Session(org.apache.shiro.session.Session)

Example 43 with Session

use of org.apache.shiro.session.Session in project shiro by apache.

the class ShiroHttpServletRequest method getSession.

public HttpSession getSession(boolean create) {
    HttpSession httpSession;
    if (isHttpSessions()) {
        httpSession = super.getSession(false);
        if (httpSession == null && create) {
            // Shiro 1.2: assert that creation is enabled (SHIRO-266):
            if (WebUtils._isSessionCreationEnabled(this)) {
                httpSession = super.getSession(create);
            } else {
                throw newNoSessionCreationException();
            }
        }
    } else {
        if (this.session == null) {
            boolean existing = getSubject().getSession(false) != null;
            Session shiroSession = getSubject().getSession(create);
            if (shiroSession != null) {
                this.session = new ShiroHttpSession(shiroSession, this, this.servletContext);
                if (!existing) {
                    setAttribute(REFERENCED_SESSION_IS_NEW, Boolean.TRUE);
                }
            }
        }
        httpSession = this.session;
    }
    return httpSession;
}
Also used : HttpSession(javax.servlet.http.HttpSession) HttpSession(javax.servlet.http.HttpSession) Session(org.apache.shiro.session.Session)

Example 44 with Session

use of org.apache.shiro.session.Session in project shiro by apache.

the class ServletContainerSessionManager method getSession.

public Session getSession(SessionKey key) throws SessionException {
    if (!WebUtils.isHttp(key)) {
        String msg = "SessionKey must be an HTTP compatible implementation.";
        throw new IllegalArgumentException(msg);
    }
    HttpServletRequest request = WebUtils.getHttpRequest(key);
    Session session = null;
    HttpSession httpSession = request.getSession(false);
    if (httpSession != null) {
        session = createSession(httpSession, request.getRemoteHost());
    }
    return session;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpSession(javax.servlet.http.HttpSession) HttpSession(javax.servlet.http.HttpSession) HttpServletSession(org.apache.shiro.web.session.HttpServletSession) Session(org.apache.shiro.session.Session)

Example 45 with Session

use of org.apache.shiro.session.Session in project shiro by apache.

the class WebUtils method getAndClearSavedRequest.

public static SavedRequest getAndClearSavedRequest(ServletRequest request) {
    SavedRequest savedRequest = getSavedRequest(request);
    if (savedRequest != null) {
        Subject subject = SecurityUtils.getSubject();
        Session session = subject.getSession();
        session.removeAttribute(SAVED_REQUEST_KEY);
    }
    return savedRequest;
}
Also used : Subject(org.apache.shiro.subject.Subject) Session(org.apache.shiro.session.Session)

Aggregations

Session (org.apache.shiro.session.Session)93 Subject (org.apache.shiro.subject.Subject)34 Test (org.junit.Test)21 Serializable (java.io.Serializable)11 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)8 UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)6 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)6 SecurityManager (org.apache.shiro.mgt.SecurityManager)5 SessionListener (org.apache.shiro.session.SessionListener)5 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)5 User (com.hfut.entity.User)4 Subject (ddf.security.Subject)4 ApiOperation (io.swagger.annotations.ApiOperation)4 Date (java.util.Date)4 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 AuthenticationException (org.apache.shiro.authc.AuthenticationException)4 InvalidSessionException (org.apache.shiro.session.InvalidSessionException)4 SessionListenerAdapter (org.apache.shiro.session.SessionListenerAdapter)4 ArrayList (java.util.ArrayList)3 HashMap (java.util.HashMap)3