Example 11 with PrincipalCollection
use of org.apache.shiro.subject.PrincipalCollection in project ddf by codice.
the class TestResourceUsagePlugin method setSubject.
private void setSubject(String expectedUsername) {
AuthorizingRealm realm = mock(AuthorizingRealm.class);
when(realm.getName()).thenReturn("mockRealm");
when(realm.isPermitted(any(PrincipalCollection.class), any(Permission.class))).thenReturn(true);
Collection<Realm> realms = new ArrayList<>();
realms.add(realm);
DefaultSecurityManager manager = new DefaultSecurityManager();
manager.setRealms(realms);
SimplePrincipalCollection principalCollection = new SimplePrincipalCollection(new Principal() {
@Override
public String getName() {
return expectedUsername;
}
@Override
public String toString() {
return expectedUsername;
}
}, realm.getName());
subject = new MockSubject(manager, principalCollection);
}
Also used :
Permission(org.apache.shiro.authz.Permission)
ArrayList(java.util.ArrayList)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
Matchers.anyString(org.mockito.Matchers.anyString)
DefaultSecurityManager(org.apache.shiro.mgt.DefaultSecurityManager)
AuthorizingRealm(org.apache.shiro.realm.AuthorizingRealm)
Realm(org.apache.shiro.realm.Realm)
AuthorizingRealm(org.apache.shiro.realm.AuthorizingRealm)
Principal(java.security.Principal)
Example 12 with PrincipalCollection
use of org.apache.shiro.subject.PrincipalCollection in project Ganster-CMS by Gangster-trio.
the class UserShiroRealm method doGetAuthorizationInfo.
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
User user = (User) principals.getPrimaryPrincipal();
List<Group> groupList = groupService.selectByUserId(user.getUserId());
Set<String> groupSet = groupList.stream().map(Group::getGroupName).collect(Collectors.toSet());
Set<String> permissionSet = groupSet.stream().flatMap(group -> permissionService.selectByGroupName(group).stream().map(Permission::getPermissionName)).collect(Collectors.toSet());
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
simpleAuthorizationInfo.setStringPermissions(permissionSet);
simpleAuthorizationInfo.setRoles(groupSet);
return simpleAuthorizationInfo;
}
Also used :
PermissionService(com.ganster.cms.core.service.PermissionService)
Logger(org.slf4j.Logger)
org.apache.shiro.authc(org.apache.shiro.authc)
AuthorizationInfo(org.apache.shiro.authz.AuthorizationInfo)
LoggerFactory(org.slf4j.LoggerFactory)
Resource(javax.annotation.Resource)
Permission(com.ganster.cms.core.pojo.Permission)
Set(java.util.Set)
Collectors(java.util.stream.Collectors)
UserService(com.ganster.cms.core.service.UserService)
List(java.util.List)
Subject(org.apache.shiro.subject.Subject)
UserExample(com.ganster.cms.core.pojo.UserExample)
User(com.ganster.cms.core.pojo.User)
AuthorizingRealm(org.apache.shiro.realm.AuthorizingRealm)
Group(com.ganster.cms.core.pojo.Group)
GroupService(com.ganster.cms.core.service.GroupService)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo)
SecurityUtils(org.apache.shiro.SecurityUtils)
Group(com.ganster.cms.core.pojo.Group)
User(com.ganster.cms.core.pojo.User)
SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo)
Permission(com.ganster.cms.core.pojo.Permission)
Example 13 with PrincipalCollection
use of org.apache.shiro.subject.PrincipalCollection in project shiro by apache.
the class DefaultSecurityManager method resolvePrincipals.
/**
* Attempts to resolve an identity (a {@link PrincipalCollection}) for the context using heuristics. This
* implementation functions as follows:
* <ol>
* <li>Check the context to see if it can already {@link SubjectContext#resolvePrincipals resolve an identity}. If
* so, this method does nothing and returns the method argument unaltered.</li>
* <li>Check for a RememberMe identity by calling {@link #getRememberedIdentity}. If that method returns a
* non-null value, place the remembered {@link PrincipalCollection} in the context.</li>
* </ol>
*
* @param context the subject context data that may provide (directly or indirectly through one of its values) a
* {@link PrincipalCollection} identity.
* @return The Subject context to use to pass to a {@link SubjectFactory} for subject creation.
* @since 1.0
*/
@SuppressWarnings({ "unchecked" })
protected SubjectContext resolvePrincipals(SubjectContext context) {
PrincipalCollection principals = context.resolvePrincipals();
if (isEmpty(principals)) {
log.trace("No identity (PrincipalCollection) found in the context. Looking for a remembered identity.");
principals = getRememberedIdentity(context);
if (!isEmpty(principals)) {
log.debug("Found remembered PrincipalCollection. Adding to the context to be used " + "for subject construction by the SubjectFactory.");
context.setPrincipals(principals);
// The following call was removed (commented out) in Shiro 1.2 because it uses the session as an
// implementation strategy. Session use for Shiro's own needs should be controlled in a single place
// to be more manageable for end-users: there are a number of stateless (e.g. REST) applications that
// use Shiro that need to ensure that sessions are only used when desirable. If Shiro's internal
// implementations used Subject sessions (setting attributes) whenever we wanted, it would be much
// harder for end-users to control when/where that occurs.
//
// Because of this, the SubjectDAO was created as the single point of control, and session state logic
// has been moved to the DefaultSubjectDAO implementation.
// Removed in Shiro 1.2. SHIRO-157 is still satisfied by the new DefaultSubjectDAO implementation
// introduced in 1.2
// Satisfies SHIRO-157:
// bindPrincipalsToSession(principals, context);
} else {
log.trace("No remembered identity found. Returning original context.");
}
}
return context;
}
Also used :
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
Example 14 with PrincipalCollection
use of org.apache.shiro.subject.PrincipalCollection in project shiro by apache.
the class DefaultSecurityManager method logout.
public void logout(Subject subject) {
if (subject == null) {
throw new IllegalArgumentException("Subject method argument cannot be null.");
}
beforeLogout(subject);
PrincipalCollection principals = subject.getPrincipals();
if (principals != null && !principals.isEmpty()) {
if (log.isDebugEnabled()) {
log.debug("Logging out subject with primary principal {}", principals.getPrimaryPrincipal());
}
Authenticator authc = getAuthenticator();
if (authc instanceof LogoutAware) {
((LogoutAware) authc).onLogout(principals);
}
}
try {
delete(subject);
} catch (Exception e) {
if (log.isDebugEnabled()) {
String msg = "Unable to cleanly unbind Subject. Ignoring (logging out).";
log.debug(msg, e);
}
} finally {
try {
stopSession(subject);
} catch (Exception e) {
if (log.isDebugEnabled()) {
String msg = "Unable to cleanly stop Session for Subject [" + subject.getPrincipal() + "] " + "Ignoring (logging out).";
log.debug(msg, e);
}
}
}
}
Also used :
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
LogoutAware(org.apache.shiro.authc.LogoutAware)
Authenticator(org.apache.shiro.authc.Authenticator)
InvalidSessionException(org.apache.shiro.session.InvalidSessionException)
AuthenticationException(org.apache.shiro.authc.AuthenticationException)
Example 15 with PrincipalCollection
use of org.apache.shiro.subject.PrincipalCollection in project shiro by apache.
the class AbstractRememberMeManager method rememberIdentity.
/**
* Remembers a subject-unique identity for retrieval later. This implementation first
* {@link #getIdentityToRemember resolves} the exact
* {@link PrincipalCollection principals} to remember. It then remembers the principals by calling
* {@link #rememberIdentity(org.apache.shiro.subject.Subject, org.apache.shiro.subject.PrincipalCollection)}.
* <p/>
* This implementation ignores the {@link AuthenticationToken} argument, but it is available to subclasses if
* necessary for custom logic.
*
* @param subject the subject for which the principals are being remembered.
* @param token the token that resulted in a successful authentication attempt.
* @param authcInfo the authentication info resulting from the successful authentication attempt.
*/
public void rememberIdentity(Subject subject, AuthenticationToken token, AuthenticationInfo authcInfo) {
PrincipalCollection principals = getIdentityToRemember(subject, authcInfo);
rememberIdentity(subject, principals);
}
Also used :
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
Aggregations
PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)87
SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)40
Test (org.junit.Test)36
SecurityAssertion (ddf.security.assertion.SecurityAssertion)23
Subject (ddf.security.Subject)15
Principal (java.security.Principal)14
Subject (org.apache.shiro.subject.Subject)14
ArrayList (java.util.ArrayList)10
DefaultSecurityManager (org.apache.shiro.mgt.DefaultSecurityManager)10
AuthorizationInfo (org.apache.shiro.authz.AuthorizationInfo)9
Permission (org.apache.shiro.authz.Permission)8
Session (org.apache.shiro.session.Session)8
SimpleSession (org.apache.shiro.session.mgt.SimpleSession)8
HttpServletRequest (javax.servlet.http.HttpServletRequest)7
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)7
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)6
Attribute (ddf.security.assertion.Attribute)5
AuthenticationToken (org.apache.shiro.authc.AuthenticationToken)5
CollectionPermission (ddf.security.permission.CollectionPermission)4
KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)4
