Example 81 with PrincipalCollection
use of org.apache.shiro.subject.PrincipalCollection in project shiro by apache.
the class CookieRememberMeManagerTest method getRememberedPrincipals.
// SHIRO-69
@Test
public void getRememberedPrincipals() {
HttpServletRequest mockRequest = createMock(HttpServletRequest.class);
HttpServletResponse mockResponse = createMock(HttpServletResponse.class);
WebSubjectContext context = new DefaultWebSubjectContext();
context.setServletRequest(mockRequest);
context.setServletResponse(mockResponse);
expect(mockRequest.getAttribute(ShiroHttpServletRequest.IDENTITY_REMOVED_KEY)).andReturn(null);
// The following base64 string was determined from the log output of the above 'onSuccessfulLogin' test.
// This will have to change any time the PrincipalCollection implementation changes:
final String userPCAesBase64 = "WlD5MLzzZznN3dQ1lPJO/eScSuY245k29aECNmjUs31o7Yu478hWhaM5Sj" + "jmoe900/72JNu3hcJaPG6Q17Vuz4F8x0kBjbFnPVx4PqzsZYT6yreeS2jwO6OwfI+efqXOKyB2a5KPtnr" + "7jt5kZsyH38XJISb81cf6xqTGUru8zC+kNqJFz7E5RpO0kraBofS5jhMm45gDVjDRkjgPJAzocVWMtrza" + "zy67P8eb+kMSBCqGI251JTNAGboVgQ28KjfaAJ/6LXRJUj7kB7CGia7mgRk+hxzEJGDs81at5VOPqODJr" + "xb8tcIdemFUFIkiYVP9bGs4dP3ECtmw7aNrCzv+84sx3vRFUrd5DbDYpEuE12hF2Y9owDK9sxStbXoF0y" + "A32dhfGDIqS+agsass0sWn8WX2TM9i8SxrUjiFbxqyIG49HbqGrZp5QLM9IuIwO+TzGfF1FzumQGdwmWT" + "xkVapw5UESl34YvA615cb+82ue1I=";
Cookie[] cookies = new Cookie[] { new Cookie(CookieRememberMeManager.DEFAULT_REMEMBER_ME_COOKIE_NAME, userPCAesBase64) };
expect(mockRequest.getCookies()).andReturn(cookies);
replay(mockRequest);
CookieRememberMeManager mgr = new CookieRememberMeManager();
mgr.setCipherKey(Base64.decode("kPH+bIxk5D2deZiIxcaaaA=="));
PrincipalCollection collection = mgr.getRememberedPrincipals(context);
verify(mockRequest);
assertTrue(collection != null);
// noinspection ConstantConditions
assertTrue(collection.iterator().next().equals("user"));
}
Also used :
ShiroHttpServletRequest(org.apache.shiro.web.servlet.ShiroHttpServletRequest)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Cookie(javax.servlet.http.Cookie)
SimpleCookie(org.apache.shiro.web.servlet.SimpleCookie)
DefaultWebSubjectContext(org.apache.shiro.web.subject.support.DefaultWebSubjectContext)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
WebSubjectContext(org.apache.shiro.web.subject.WebSubjectContext)
DefaultWebSubjectContext(org.apache.shiro.web.subject.support.DefaultWebSubjectContext)
Test(org.junit.Test)
Example 82 with PrincipalCollection
use of org.apache.shiro.subject.PrincipalCollection in project shiro by apache.
the class DefaultWebSecurityManagerTest method testBuildNonWebSubjectWithDefaultServletContainerSessionManager.
/**
* Asserts fix for <a href="https://issues.apache.org/jira/browse/SHIRO-350">SHIRO-350</a>.
*/
@Test
public void testBuildNonWebSubjectWithDefaultServletContainerSessionManager() {
Ini ini = new Ini();
Ini.Section section = ini.addSection(IniRealm.USERS_SECTION_NAME);
section.put("user1", "user1");
WebIniSecurityManagerFactory factory = new WebIniSecurityManagerFactory(ini);
WebSecurityManager securityManager = (WebSecurityManager) factory.getInstance();
PrincipalCollection principals = new SimplePrincipalCollection("user1", "iniRealm");
Subject subject = new Subject.Builder(securityManager).principals(principals).buildSubject();
assertNotNull(subject);
assertEquals("user1", subject.getPrincipal());
}
Also used :
Ini(org.apache.shiro.config.Ini)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
WebIniSecurityManagerFactory(org.apache.shiro.web.config.WebIniSecurityManagerFactory)
WebSubject(org.apache.shiro.web.subject.WebSubject)
Subject(org.apache.shiro.subject.Subject)
Test(org.junit.Test)
Example 83 with PrincipalCollection
use of org.apache.shiro.subject.PrincipalCollection in project shiro by apache.
the class DefaultWebSubjectFactory method createSubject.
public Subject createSubject(SubjectContext context) {
if (!(context instanceof WebSubjectContext)) {
return super.createSubject(context);
}
WebSubjectContext wsc = (WebSubjectContext) context;
SecurityManager securityManager = wsc.resolveSecurityManager();
Session session = wsc.resolveSession();
boolean sessionEnabled = wsc.isSessionCreationEnabled();
PrincipalCollection principals = wsc.resolvePrincipals();
boolean authenticated = wsc.resolveAuthenticated();
String host = wsc.resolveHost();
ServletRequest request = wsc.resolveServletRequest();
ServletResponse response = wsc.resolveServletResponse();
return new WebDelegatingSubject(principals, authenticated, host, session, sessionEnabled, request, response, securityManager);
}
Also used :
ServletRequest(javax.servlet.ServletRequest)
ServletResponse(javax.servlet.ServletResponse)
SecurityManager(org.apache.shiro.mgt.SecurityManager)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
WebSubjectContext(org.apache.shiro.web.subject.WebSubjectContext)
Session(org.apache.shiro.session.Session)
WebDelegatingSubject(org.apache.shiro.web.subject.support.WebDelegatingSubject)
Example 84 with PrincipalCollection
use of org.apache.shiro.subject.PrincipalCollection in project shiro by apache.
the class CasRealm method doGetAuthenticationInfo.
/**
* Authenticates a user and retrieves its information.
*
* @param token the authentication token
* @throws AuthenticationException if there is an error during authentication.
*/
@Override
@SuppressWarnings("unchecked")
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
CasToken casToken = (CasToken) token;
if (token == null) {
return null;
}
String ticket = (String) casToken.getCredentials();
if (!StringUtils.hasText(ticket)) {
return null;
}
TicketValidator ticketValidator = ensureTicketValidator();
try {
// contact CAS server to validate service ticket
Assertion casAssertion = ticketValidator.validate(ticket, getCasService());
// get principal, user id and attributes
AttributePrincipal casPrincipal = casAssertion.getPrincipal();
String userId = casPrincipal.getName();
log.debug("Validate ticket : {} in CAS server : {} to retrieve user : {}", new Object[] { ticket, getCasServerUrlPrefix(), userId });
Map<String, Object> attributes = casPrincipal.getAttributes();
// refresh authentication token (user id + remember me)
casToken.setUserId(userId);
String rememberMeAttributeName = getRememberMeAttributeName();
String rememberMeStringValue = (String) attributes.get(rememberMeAttributeName);
boolean isRemembered = rememberMeStringValue != null && Boolean.parseBoolean(rememberMeStringValue);
if (isRemembered) {
casToken.setRememberMe(true);
}
// create simple authentication info
List<Object> principals = CollectionUtils.asList(userId, attributes);
PrincipalCollection principalCollection = new SimplePrincipalCollection(principals, getName());
return new SimpleAuthenticationInfo(principalCollection, ticket);
} catch (TicketValidationException e) {
throw new CasAuthenticationException("Unable to validate ticket [" + ticket + "]", e);
}
}
Also used :
SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
AttributePrincipal(org.jasig.cas.client.authentication.AttributePrincipal)
Example 85 with PrincipalCollection
use of org.apache.shiro.subject.PrincipalCollection in project vertx-auth by vert-x3.
the class ShiroUser method setAuthProvider.
@Override
public void setAuthProvider(AuthProvider authProvider) {
if (authProvider instanceof ShiroAuthProviderImpl) {
ShiroAuthProviderImpl shiroAuthProvider = (ShiroAuthProviderImpl) authProvider;
this.vertx = shiroAuthProvider.getVertx();
this.securityManager = shiroAuthProvider.getSecurityManager();
// before doing any shiro operations set the context
SecurityUtils.setSecurityManager(securityManager);
// generate the subject back from the provider
SubjectContext subjectContext = new DefaultSubjectContext();
PrincipalCollection coll = new SimplePrincipalCollection(username, shiroAuthProvider.getRealmName());
subjectContext.setPrincipals(coll);
subject = securityManager.createSubject(subjectContext);
} else {
throw new IllegalArgumentException("Not a ShiroAuthProviderImpl");
}
}
Also used :
SubjectContext(org.apache.shiro.subject.SubjectContext)
DefaultSubjectContext(org.apache.shiro.subject.support.DefaultSubjectContext)
DefaultSubjectContext(org.apache.shiro.subject.support.DefaultSubjectContext)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
Aggregations
PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)88
SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)40
Test (org.junit.Test)36
SecurityAssertion (ddf.security.assertion.SecurityAssertion)23
Subject (ddf.security.Subject)15
Subject (org.apache.shiro.subject.Subject)15
Principal (java.security.Principal)14
ArrayList (java.util.ArrayList)10
DefaultSecurityManager (org.apache.shiro.mgt.DefaultSecurityManager)10
AuthorizationInfo (org.apache.shiro.authz.AuthorizationInfo)9
Permission (org.apache.shiro.authz.Permission)8
Session (org.apache.shiro.session.Session)8
SimpleSession (org.apache.shiro.session.mgt.SimpleSession)8
HttpServletRequest (javax.servlet.http.HttpServletRequest)7
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)7
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)6
Attribute (ddf.security.assertion.Attribute)5
Map (java.util.Map)5
AuthenticationToken (org.apache.shiro.authc.AuthenticationToken)5
CollectionPermission (ddf.security.permission.CollectionPermission)4
