Examples with SimplePrincipalCollection org.apache.shiro.subject.SimplePrincipalCollection used on opensource projects

Example 16 with SimplePrincipalCollection

use of org.apache.shiro.subject.SimplePrincipalCollection in project shiro by apache.

the class HashedCredentialsMatcherTest method testBackwardsCompatibleUnsaltedAuthenticationInfo.

/**
 * Test backwards compatibility of unsalted credentials before
 * <a href="https://issues.apache.org/jira/browse/SHIRO-186">SHIRO-186</a> edits.
 */
@Test
public void testBackwardsCompatibleUnsaltedAuthenticationInfo() {
    HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(Sha1Hash.ALGORITHM_NAME);
    // simulate an account with SHA-1 hashed password (no salt)
    final String username = "username";
    final String password = "password";
    final Object hashedPassword = new Sha1Hash(password).getBytes();
    AuthenticationInfo account = new AuthenticationInfo() {

        public PrincipalCollection getPrincipals() {
            return new SimplePrincipalCollection(username, "realmName");
        }

        public Object getCredentials() {
            return hashedPassword;
        }
    };
    // simulate a username/password (plaintext) token created in response to a login attempt:
    AuthenticationToken token = new UsernamePasswordToken("username", "password");
    // verify the hashed token matches what is in the account:
    assertTrue(matcher.doCredentialsMatch(token, account));
}

Example 17 with SimplePrincipalCollection

use of org.apache.shiro.subject.SimplePrincipalCollection in project shiro by apache.

the class AbstractAuthorizationAnnotationTest method bindUser.

protected void bindUser() {
    PrincipalCollection principals = new SimplePrincipalCollection("test", realm.getName());
    bind(new Subject.Builder(securityManager).principals(principals).buildSubject());
}

Example 18 with SimplePrincipalCollection

use of org.apache.shiro.subject.SimplePrincipalCollection in project shiro by apache.

the class AbstractAuthorizationAnnotationTest method bindAuthenticatedUser.

protected void bindAuthenticatedUser() {
    PrincipalCollection principals = new SimplePrincipalCollection("test", realm.getName());
    bind(new Subject.Builder(securityManager).principals(principals).authenticated(true).buildSubject());
}

Example 19 with SimplePrincipalCollection

use of org.apache.shiro.subject.SimplePrincipalCollection in project pac4j by pac4j.

the class JavaSerializationHelperTests method testBytesSerializationMadeSecure.

@Test
public void testBytesSerializationMadeSecure() {
    JavaSerializationHelper h = new JavaSerializationHelper();
    h.getTrustedPackages().add("org.apache");
    final SimplePrincipalCollection spc = new SimplePrincipalCollection();
    final byte[] serialized = h.serializeToBytes(spc);
    assertNotNull(h.unserializeFromBytes(serialized));
}

Example 20 with SimplePrincipalCollection

use of org.apache.shiro.subject.SimplePrincipalCollection in project killbill by killbill.

the class KillBillAuth0Realm method doGetAuthenticationInfo.

@Override
protected AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken token) throws AuthenticationException {
    if (token instanceof UsernamePasswordToken) {
        final UsernamePasswordToken upToken = (UsernamePasswordToken) token;
        if (doAuthenticate(upToken)) {
            // Credentials are valid
            return new SimpleAuthenticationInfo(token.getPrincipal(), token.getCredentials(), getName());
        }
    } else {
        final String bearerToken = (String) token.getPrincipal();
        final Claims claims = verifyJWT(bearerToken);
        // Credentials are valid
        // This config must match the one in Kaui
        final Object principal = claims.get(securityConfig.getShiroAuth0UsernameClaim());
        // For the JWT to contains the permissions, the `Add Permissions in the Access Token` setting must be turned on in Auth0
        if (claims.containsKey("permissions") && claims.get("permissions") instanceof Iterable) {
            // In order to use the permissions from the JWT (and avoid calling Auth0 later on), we need to eagerly cache them,
            // as doGetAuthorizationInfo won't have access to the token
            final org.apache.shiro.cache.Cache<Object, AuthorizationInfo> authorizationCache = getAuthorizationCache();
            // Should never be null (initialized via init())
            if (authorizationCache != null) {
                final SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo(null);
                final Set<String> permissions = new HashSet<String>();
                for (final Object permission : (Iterable) claims.get("permissions")) {
                    permissions.add(permission.toString());
                }
                simpleAuthorizationInfo.setStringPermissions(permissions);
                final MutablePrincipalCollection principals = new SimplePrincipalCollection();
                principals.add(principal, getName());
                final Object authorizationCacheKey = getAuthorizationCacheKey(principals);
                authorizationCache.put(authorizationCacheKey, simpleAuthorizationInfo);
            }
        }
        return new SimpleAuthenticationInfo(principal, token.getCredentials(), getName());
    }
    throw new AuthenticationException("Auth0 authentication failed");
}