Example 11 with Subject
use of org.apache.shiro.subject.Subject in project killbill by killbill.
the class TestKillBillJdbcRealm method testAuthorization.
@Test(groups = "slow")
public void testAuthorization() throws SecurityApiException {
final String username = "i like";
final String password = "c0ff33";
securityApi.addRoleDefinition("restricted", ImmutableList.of("account:*", "invoice", "tag:create_tag_definition"), callContext);
securityApi.addUserRoles(username, password, ImmutableList.of("restricted"), callContext);
final AuthenticationToken goodToken = new UsernamePasswordToken(username, password);
final Subject subject = securityManager.login(null, goodToken);
subject.checkPermission(Permission.ACCOUNT_CAN_CHARGE.toString());
subject.checkPermission(Permission.INVOICE_CAN_CREDIT.toString());
subject.checkPermission(Permission.TAG_CAN_CREATE_TAG_DEFINITION.toString());
try {
subject.checkPermission(Permission.TAG_CAN_DELETE_TAG_DEFINITION.toString());
Assert.fail("Subject should not have rights to delete tag definitions");
} catch (AuthorizationException e) {
}
subject.logout();
securityApi.addRoleDefinition("newRestricted", ImmutableList.of("account:*", "invoice", "tag:delete_tag_definition"), callContext);
securityApi.updateUserRoles(username, ImmutableList.of("newRestricted"), callContext);
final Subject newSubject = securityManager.login(null, goodToken);
newSubject.checkPermission(Permission.ACCOUNT_CAN_CHARGE.toString());
newSubject.checkPermission(Permission.INVOICE_CAN_CREDIT.toString());
newSubject.checkPermission(Permission.TAG_CAN_DELETE_TAG_DEFINITION.toString());
try {
newSubject.checkPermission(Permission.TAG_CAN_CREATE_TAG_DEFINITION.toString());
Assert.fail("Subject should not have rights to create tag definitions");
} catch (AuthorizationException e) {
}
}
Also used :
AuthenticationToken(org.apache.shiro.authc.AuthenticationToken)
AuthorizationException(org.apache.shiro.authz.AuthorizationException)
DelegatingSubject(org.apache.shiro.subject.support.DelegatingSubject)
Subject(org.apache.shiro.subject.Subject)
UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)
Test(org.testng.annotations.Test)
Example 12 with Subject
use of org.apache.shiro.subject.Subject in project killbill by killbill.
the class DefaultSecurityApi method getCurrentUserPermissions.
@Override
public Set<Permission> getCurrentUserPermissions(final TenantContext context) {
final Permission[] killbillPermissions = Permission.values();
final String[] killbillPermissionsString = getAllPermissionsAsStrings();
final Subject subject = SecurityUtils.getSubject();
// Bulk (optimized) call
final boolean[] permissions = subject.isPermitted(killbillPermissionsString);
final Set<Permission> userPermissions = new HashSet<Permission>();
for (int i = 0; i < permissions.length; i++) {
if (permissions[i]) {
userPermissions.add(killbillPermissions[i]);
}
}
return userPermissions;
}
Also used :
Permission(org.killbill.billing.security.Permission)
Subject(org.apache.shiro.subject.Subject)
HashSet(java.util.HashSet)
Example 13 with Subject
use of org.apache.shiro.subject.Subject in project atmosphere by Atmosphere.
the class ShiroInterceptor method inspect.
@Override
public Action inspect(AtmosphereResource r) {
if (Utils.webSocketMessage(r))
return Action.CONTINUE;
if (r.getRequest().localAttributes().containsKey(FrameworkConfig.SECURITY_SUBJECT) == false) {
try {
Subject currentUser = null;
if (r.transport().equals(TRANSPORT.WEBSOCKET)) {
WebEnvironment env = WebUtils.getRequiredWebEnvironment(r.getAtmosphereConfig().getServletContext());
currentUser = new WebSubject.Builder(env.getSecurityManager(), r.getRequest(), r.getResponse()).buildWebSubject();
} else {
currentUser = SecurityUtils.getSubject();
}
if (currentUser != null) {
r.getRequest().setAttribute(FrameworkConfig.SECURITY_SUBJECT, currentUser);
}
} catch (UnavailableSecurityManagerException ex) {
logger.info("Shiro Web Security : {}", ex.getMessage());
} catch (java.lang.IllegalStateException ex) {
logger.info("Shiro Web Environment : {}", ex.getMessage());
}
}
return Action.CONTINUE;
}
Also used :
WebEnvironment(org.apache.shiro.web.env.WebEnvironment)
UnavailableSecurityManagerException(org.apache.shiro.UnavailableSecurityManagerException)
WebSubject(org.apache.shiro.web.subject.WebSubject)
Subject(org.apache.shiro.subject.Subject)
Example 14 with Subject
use of org.apache.shiro.subject.Subject in project graylog2-server by Graylog2.
the class ShiroAuthenticationFilter method filter.
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
final SecurityContext securityContext = requestContext.getSecurityContext();
if (securityContext instanceof ShiroSecurityContext) {
final ShiroSecurityContext context = (ShiroSecurityContext) securityContext;
final Subject subject = context.getSubject();
LOG.trace("Authenticating... {}", subject);
if (!subject.isAuthenticated()) {
try {
LOG.trace("Logging in {}", subject);
context.loginSubject();
} catch (LockedAccountException e) {
LOG.debug("Unable to authenticate user, account is locked.", e);
throw new NotAuthorizedException(e, "Basic realm=\"Graylog Server\"");
} catch (AuthenticationException e) {
LOG.debug("Unable to authenticate user.", e);
throw new NotAuthorizedException(e, "Basic realm=\"Graylog Server\"");
}
}
} else {
throw new NotAuthorizedException("Basic realm=\"Graylog Server\"");
}
}
Also used :
AuthenticationException(org.apache.shiro.authc.AuthenticationException)
SecurityContext(javax.ws.rs.core.SecurityContext)
NotAuthorizedException(javax.ws.rs.NotAuthorizedException)
Subject(org.apache.shiro.subject.Subject)
LockedAccountException(org.apache.shiro.authc.LockedAccountException)
Example 15 with Subject
use of org.apache.shiro.subject.Subject in project graylog2-server by Graylog2.
the class ShiroSecurityContextFilter method createSecurityContext.
private SecurityContext createSecurityContext(String userName, String credential, boolean isSecure, String authcScheme, String host, String remoteAddr, MultivaluedMap<String, String> headers) {
final AuthenticationToken authToken;
if ("session".equalsIgnoreCase(credential)) {
// we don't want to create a SessionIdToken in that case but fall back to looking at the headers instead
if ("undefined".equalsIgnoreCase(userName)) {
authToken = new HttpHeadersToken(headers, host, remoteAddr);
} else {
authToken = new SessionIdToken(userName, host);
}
} else if ("token".equalsIgnoreCase(credential)) {
authToken = new AccessTokenAuthToken(userName, host);
} else if (userName == null) {
// without a username we default to using the header environment as potentially containing tokens used by plugins
authToken = new HttpHeadersToken(headers, host, remoteAddr);
} else {
// otherwise we use the "standard" username/password combination
authToken = new UsernamePasswordToken(userName, credential, host);
}
final Subject subject = new Subject.Builder(securityManager).host(host).sessionCreationEnabled(true).buildSubject();
return new ShiroSecurityContext(subject, authToken, isSecure, authcScheme, headers);
}
Also used :
AuthenticationToken(org.apache.shiro.authc.AuthenticationToken)
Subject(org.apache.shiro.subject.Subject)
UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)
Aggregations
Subject (org.apache.shiro.subject.Subject)78
UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)11
Test (org.junit.Test)9
IOException (java.io.IOException)8
Map (java.util.Map)8
Path (javax.ws.rs.Path)8
StopProcessingException (ddf.catalog.plugin.StopProcessingException)7
ArrayList (java.util.ArrayList)7
HashMap (java.util.HashMap)7
HttpServletRequest (javax.servlet.http.HttpServletRequest)7
AccountVO (com.netsteadfast.greenstep.vo.AccountVO)5
Attribute (ddf.catalog.data.Attribute)5
KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)5
GET (javax.ws.rs.GET)5
AuthenticationException (org.apache.shiro.authc.AuthenticationException)5
ServiceException (com.netsteadfast.greenstep.base.exception.ServiceException)4
Metacard (ddf.catalog.data.Metacard)4
ApiOperation (io.swagger.annotations.ApiOperation)4
POST (javax.ws.rs.POST)4
PersistenceException (org.codice.ddf.persistence.PersistenceException)4
