Examples with Subject - org.apache.shiro.subject.Subject

Example 21 with Subject

use of org.apache.shiro.subject.Subject in project geode by apache.

the class IntegratedSecurityService method logout.

public void logout() {
    Subject currentUser = getSubject();
    if (currentUser == null) {
        return;
    }
    try {
        logger.debug("Logging out " + currentUser.getPrincipal());
        currentUser.logout();
    } catch (ShiroException e) {
        logger.info(e.getMessage(), e);
        throw new GemFireSecurityException(e.getMessage(), e);
    }
    // clean out Shiro's thread local content
    ThreadContext.remove();
}

Also used : GemFireSecurityException(org.apache.geode.security.GemFireSecurityException) Subject(org.apache.shiro.subject.Subject) ShiroException(org.apache.shiro.ShiroException)

Example 22 with Subject

use of org.apache.shiro.subject.Subject in project geode by apache.

the class IntegratedSecurityService method postProcess.

public Object postProcess(Object principal, String regionPath, Object key, Object value, boolean valueIsSerialized) {
    if (!needPostProcess())
        return value;
    if (principal == null) {
        Subject subject = getSubject();
        if (subject == null)
            return value;
        principal = (Serializable) subject.getPrincipal();
    }
    String regionName = StringUtils.stripStart(regionPath, "/");
    Object newValue = null;
    // it to the callback.
    if (valueIsSerialized && value instanceof byte[]) {
        try {
            Object oldObj = EntryEventImpl.deserialize((byte[]) value);
            Object newObj = postProcessor.processRegionValue(principal, regionName, key, oldObj);
            newValue = BlobHelper.serializeToBlob(newObj);
        } catch (IOException | SerializationException e) {
            throw new GemFireIOException("Exception de/serializing entry value", e);
        }
    } else {
        newValue = postProcessor.processRegionValue(principal, regionName, key, value);
    }
    return newValue;
}

Also used : SerializationException(org.apache.commons.lang.SerializationException) GemFireIOException(org.apache.geode.GemFireIOException) GemFireIOException(org.apache.geode.GemFireIOException) IOException(java.io.IOException) Subject(org.apache.shiro.subject.Subject)

Example 23 with Subject

use of org.apache.shiro.subject.Subject in project geode by apache.

the class ClientUserAuths method removeSubject.

public boolean removeSubject(long userId) {
    Subject subject = uniqueIdVsSubject.remove(userId);
    if (subject == null)
        return false;
    subject.logout();
    return true;
}

Also used : Subject(org.apache.shiro.subject.Subject)

Example 24 with Subject

use of org.apache.shiro.subject.Subject in project geode by apache.

the class CacheClientNotifier method registerGFEClient.

protected void registerGFEClient(DataInputStream dis, DataOutputStream dos, Socket socket, boolean isPrimary, long startTime, Version clientVersion, long acceptorId, boolean notifyBySubscription) throws IOException {
    // Read the ports and throw them away. We no longer need them
    int numberOfPorts = dis.readInt();
    for (int i = 0; i < numberOfPorts; i++) {
        dis.readInt();
    }
    // Read the handshake identifier and convert it to a string member id
    ClientProxyMembershipID proxyID = null;
    CacheClientProxy proxy;
    AccessControl authzCallback = null;
    byte clientConflation = HandShake.CONFLATION_DEFAULT;
    try {
        proxyID = ClientProxyMembershipID.readCanonicalized(dis);
        if (getBlacklistedClient().contains(proxyID)) {
            writeException(dos, HandShake.REPLY_INVALID, new Exception("This client is blacklisted by server"), clientVersion);
            return;
        }
        proxy = getClientProxy(proxyID);
        DistributedMember member = proxyID.getDistributedMember();
        DistributedSystem system = this.getCache().getDistributedSystem();
        Properties sysProps = system.getProperties();
        String authenticator = sysProps.getProperty(SECURITY_CLIENT_AUTHENTICATOR);
        if (clientVersion.compareTo(Version.GFE_603) >= 0) {
            byte[] overrides = HandShake.extractOverrides(new byte[] { (byte) dis.read() });
            clientConflation = overrides[0];
        } else {
            clientConflation = (byte) dis.read();
        }
        switch(clientConflation) {
            case HandShake.CONFLATION_DEFAULT:
            case HandShake.CONFLATION_OFF:
            case HandShake.CONFLATION_ON:
                break;
            default:
                writeException(dos, HandShake.REPLY_INVALID, new IllegalArgumentException("Invalid conflation byte"), clientVersion);
                return;
        }
        proxy = registerClient(socket, proxyID, proxy, isPrimary, clientConflation, clientVersion, acceptorId, notifyBySubscription);
        Properties credentials = HandShake.readCredentials(dis, dos, system);
        if (credentials != null && proxy != null) {
            if (securityLogWriter.fineEnabled()) {
                securityLogWriter.fine("CacheClientNotifier: verifying credentials for proxyID: " + proxyID);
            }
            Object subject = HandShake.verifyCredentials(authenticator, credentials, system.getSecurityProperties(), this.logWriter, this.securityLogWriter, member);
            if (subject instanceof Principal) {
                Principal principal = (Principal) subject;
                if (securityLogWriter.fineEnabled()) {
                    securityLogWriter.fine("CacheClientNotifier: successfully verified credentials for proxyID: " + proxyID + " having principal: " + principal.getName());
                }
                String postAuthzFactoryName = sysProps.getProperty(SECURITY_CLIENT_ACCESSOR_PP);
                if (postAuthzFactoryName != null && postAuthzFactoryName.length() > 0) {
                    if (principal == null) {
                        securityLogWriter.warning(LocalizedStrings.CacheClientNotifier_CACHECLIENTNOTIFIER_POST_PROCESS_AUTHORIZATION_CALLBACK_ENABLED_BUT_AUTHENTICATION_CALLBACK_0_RETURNED_WITH_NULL_CREDENTIALS_FOR_PROXYID_1, new Object[] { SECURITY_CLIENT_AUTHENTICATOR, proxyID });
                    }
                    Method authzMethod = ClassLoadUtil.methodFromName(postAuthzFactoryName);
                    authzCallback = (AccessControl) authzMethod.invoke(null, (Object[]) null);
                    authzCallback.init(principal, member, this.getCache());
                }
                proxy.setPostAuthzCallback(authzCallback);
            } else if (subject instanceof Subject) {
                proxy.setSubject((Subject) subject);
            }
        }
    } catch (ClassNotFoundException e) {
        throw new IOException(LocalizedStrings.CacheClientNotifier_CLIENTPROXYMEMBERSHIPID_OBJECT_COULD_NOT_BE_CREATED_EXCEPTION_OCCURRED_WAS_0.toLocalizedString(e));
    } catch (AuthenticationRequiredException ex) {
        securityLogWriter.warning(LocalizedStrings.CacheClientNotifier_AN_EXCEPTION_WAS_THROWN_FOR_CLIENT_0_1, new Object[] { proxyID, ex });
        writeException(dos, HandShake.REPLY_EXCEPTION_AUTHENTICATION_REQUIRED, ex, clientVersion);
        return;
    } catch (AuthenticationFailedException ex) {
        securityLogWriter.warning(LocalizedStrings.CacheClientNotifier_AN_EXCEPTION_WAS_THROWN_FOR_CLIENT_0_1, new Object[] { proxyID, ex });
        writeException(dos, HandShake.REPLY_EXCEPTION_AUTHENTICATION_FAILED, ex, clientVersion);
        return;
    } catch (CacheException e) {
        logger.warn(LocalizedMessage.create(LocalizedStrings.CacheClientNotifier_0_REGISTERCLIENT_EXCEPTION_ENCOUNTERED_IN_REGISTRATION_1, new Object[] { this, e }), e);
        IOException io = new IOException(LocalizedStrings.CacheClientNotifier_EXCEPTION_OCCURRED_WHILE_TRYING_TO_REGISTER_INTEREST_DUE_TO_0.toLocalizedString(e.getMessage()));
        io.initCause(e);
        throw io;
    } catch (Exception ex) {
        logger.warn(LocalizedMessage.create(LocalizedStrings.CacheClientNotifier_AN_EXCEPTION_WAS_THROWN_FOR_CLIENT_0_1, new Object[] { proxyID, "" }), ex);
        writeException(dos, Acceptor.UNSUCCESSFUL_SERVER_TO_CLIENT, ex, clientVersion);
        return;
    }
    this.statistics.endClientRegistration(startTime);
}

Also used : AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) CacheException(org.apache.geode.cache.CacheException) Method(java.lang.reflect.Method) IOException(java.io.IOException) AuthenticationRequiredException(org.apache.geode.security.AuthenticationRequiredException) ConfigurationProperties(org.apache.geode.distributed.ConfigurationProperties) Properties(java.util.Properties) InternalDistributedSystem(org.apache.geode.distributed.internal.InternalDistributedSystem) DistributedSystem(org.apache.geode.distributed.DistributedSystem) AccessControl(org.apache.geode.security.AccessControl) CqException(org.apache.geode.cache.query.CqException) RegionDestroyedException(org.apache.geode.cache.RegionDestroyedException) AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) IOException(java.io.IOException) CacheException(org.apache.geode.cache.CacheException) UnsupportedVersionException(org.apache.geode.cache.UnsupportedVersionException) RegionExistsException(org.apache.geode.cache.RegionExistsException) CancelException(org.apache.geode.CancelException) AuthenticationRequiredException(org.apache.geode.security.AuthenticationRequiredException) Subject(org.apache.shiro.subject.Subject) DistributedMember(org.apache.geode.distributed.DistributedMember) Principal(java.security.Principal)

Example 25 with Subject

use of org.apache.shiro.subject.Subject in project geode by apache.

the class DataCommands method get.

@CliMetaData(relatedTopic = { CliStrings.TOPIC_GEODE_DATA, CliStrings.TOPIC_GEODE_REGION })
@CliCommand(value = { CliStrings.GET }, help = CliStrings.GET__HELP)
public Result get(@CliOption(key = { CliStrings.GET__KEY }, mandatory = true, help = CliStrings.GET__KEY__HELP) String key, @CliOption(key = { CliStrings.GET__REGIONNAME }, mandatory = true, help = CliStrings.GET__REGIONNAME__HELP, optionContext = ConverterHint.REGION_PATH) String regionPath, @CliOption(key = { CliStrings.GET__KEYCLASS }, help = CliStrings.GET__KEYCLASS__HELP) String keyClass, @CliOption(key = { CliStrings.GET__VALUEKLASS }, help = CliStrings.GET__VALUEKLASS__HELP) String valueClass, @CliOption(key = CliStrings.GET__LOAD, unspecifiedDefaultValue = "true", specifiedDefaultValue = "true", help = CliStrings.GET__LOAD__HELP) Boolean loadOnCacheMiss) {
    this.securityService.authorizeRegionRead(regionPath, key);
    InternalCache cache = getCache();
    DataCommandResult dataResult;
    if (StringUtils.isEmpty(regionPath)) {
        return makePresentationResult(DataCommandResult.createGetResult(key, null, null, CliStrings.GET__MSG__REGIONNAME_EMPTY, false));
    }
    if (StringUtils.isEmpty(key)) {
        return makePresentationResult(DataCommandResult.createGetResult(key, null, null, CliStrings.GET__MSG__KEY_EMPTY, false));
    }
    @SuppressWarnings("rawtypes") Region region = cache.getRegion(regionPath);
    DataCommandFunction getfn = new DataCommandFunction();
    if (region == null) {
        Set<DistributedMember> memberList = getRegionAssociatedMembers(regionPath, getCache(), false);
        if (CollectionUtils.isNotEmpty(memberList)) {
            DataCommandRequest request = new DataCommandRequest();
            request.setCommand(CliStrings.GET);
            request.setKey(key);
            request.setKeyClass(keyClass);
            request.setRegionName(regionPath);
            request.setValueClass(valueClass);
            request.setLoadOnCacheMiss(loadOnCacheMiss);
            Subject subject = this.securityService.getSubject();
            if (subject != null) {
                request.setPrincipal(subject.getPrincipal());
            }
            dataResult = callFunctionForRegion(request, getfn, memberList);
        } else {
            dataResult = DataCommandResult.createGetInfoResult(key, null, null, CliStrings.format(CliStrings.GET__MSG__REGION_NOT_FOUND_ON_ALL_MEMBERS, regionPath), false);
        }
    } else {
        dataResult = getfn.get(null, key, keyClass, valueClass, regionPath, loadOnCacheMiss);
    }
    dataResult.setKeyClass(keyClass);
    if (valueClass != null) {
        dataResult.setValueClass(valueClass);
    }
    return makePresentationResult(dataResult);
}

Also used : DistributedMember(org.apache.geode.distributed.DistributedMember) InternalCache(org.apache.geode.internal.cache.InternalCache) Region(org.apache.geode.cache.Region) DataCommandRequest(org.apache.geode.management.internal.cli.domain.DataCommandRequest) Subject(org.apache.shiro.subject.Subject) DataCommandResult(org.apache.geode.management.internal.cli.domain.DataCommandResult) DataCommandFunction(org.apache.geode.management.internal.cli.functions.DataCommandFunction) CliCommand(org.springframework.shell.core.annotation.CliCommand) CliMetaData(org.apache.geode.management.cli.CliMetaData)

Aggregations

Subject (org.apache.shiro.subject.Subject)78 UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)11 Test (org.junit.Test)9 IOException (java.io.IOException)8 Map (java.util.Map)8 Path (javax.ws.rs.Path)8 StopProcessingException (ddf.catalog.plugin.StopProcessingException)7 ArrayList (java.util.ArrayList)7 HashMap (java.util.HashMap)7 HttpServletRequest (javax.servlet.http.HttpServletRequest)7 AccountVO (com.netsteadfast.greenstep.vo.AccountVO)5 Attribute (ddf.catalog.data.Attribute)5 KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)5 GET (javax.ws.rs.GET)5 AuthenticationException (org.apache.shiro.authc.AuthenticationException)5 ServiceException (com.netsteadfast.greenstep.base.exception.ServiceException)4 Metacard (ddf.catalog.data.Metacard)4 ApiOperation (io.swagger.annotations.ApiOperation)4 POST (javax.ws.rs.POST)4 PersistenceException (org.codice.ddf.persistence.PersistenceException)4