Example 26 with Subject
use of org.apache.shiro.subject.Subject in project bamboobsc by billchen198318.
the class ManualJobServiceImpl method execute.
@WebMethod
@POST
@Path("/executeJob/{uploadOid}")
@Override
public String execute(@WebParam(name = "uploadOid") @PathParam("uploadOid") String uploadOid) throws Exception {
SysExprJobLogVO result = null;
Subject subject = null;
ObjectMapper objectMapper = new ObjectMapper();
String exceptionMessage = "";
try {
Map<String, Object> dataMap = SystemExpressionJobUtils.getDecUploadOid(uploadOid);
if (dataMap == null || StringUtils.isBlank((String) dataMap.get("accountId")) || StringUtils.isBlank((String) dataMap.get("sysExprJobOid"))) {
log.error("no data accountId / sysExprJobOid");
result = new SysExprJobLogVO();
result.setFaultMsg("no data accountId / sysExprJobOid");
return objectMapper.writeValueAsString(result);
}
String accountId = (String) dataMap.get("accountId");
String sysExprJobOid = (String) dataMap.get("sysExprJobOid");
ShiroLoginSupport loginSupport = new ShiroLoginSupport();
subject = loginSupport.forceCreateLoginSubject(accountId);
result = SystemExpressionJobUtils.executeJobForManual(sysExprJobOid);
} catch (ServiceException se) {
se.printStackTrace();
exceptionMessage = se.getMessage().toString();
} catch (Exception e) {
e.printStackTrace();
if (e.getMessage() == null) {
exceptionMessage = e.toString();
} else {
exceptionMessage = e.getMessage().toString();
}
} finally {
if (result == null) {
result = new SysExprJobLogVO();
}
if (subject != null) {
subject.logout();
}
if (!StringUtils.isBlank(exceptionMessage) && StringUtils.isBlank(result.getFaultMsg())) {
result.setFaultMsg(exceptionMessage);
}
}
return objectMapper.writeValueAsString(result);
}
Also used :
ServiceException(com.netsteadfast.greenstep.base.exception.ServiceException)
SysExprJobLogVO(com.netsteadfast.greenstep.vo.SysExprJobLogVO)
Subject(org.apache.shiro.subject.Subject)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
ServiceException(com.netsteadfast.greenstep.base.exception.ServiceException)
ShiroLoginSupport(com.netsteadfast.greenstep.sys.ShiroLoginSupport)
WebMethod(javax.jws.WebMethod)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Example 27 with Subject
use of org.apache.shiro.subject.Subject in project bamboobsc by billchen198318.
the class ControllerAuthorityCheckInterceptor method intercept.
@Override
public String intercept(ActionInvocation actionInvocation) throws Exception {
String actionName = actionInvocation.getProxy().getActionName();
String url = actionName + Constants._S2_ACTION_EXTENSION;
Subject subject = SecurityUtils.getSubject();
if (!Constants.getSystem().equals(Constants.getMainSystem())) {
SecurityUtils.setSecurityManager((DefaultSecurityManager) AppContext.getBean("securityManager"));
subject = SecurityUtils.getSubject();
}
if (subject.hasRole(Constants.SUPER_ROLE_ALL) || subject.hasRole(Constants.SUPER_ROLE_ADMIN)) {
SysEventLogSupport.log((String) subject.getPrincipal(), Constants.getSystem(), url, true);
return actionInvocation.invoke();
}
Annotation[] annotations = actionInvocation.getAction().getClass().getAnnotations();
Annotation[] actionMethodAnnotations = null;
Method[] methods = actionInvocation.getAction().getClass().getMethods();
for (Method method : methods) {
if (actionInvocation.getProxy().getMethod().equals(method.getName())) {
actionMethodAnnotations = method.getAnnotations();
}
}
if (this.isControllerAuthority(annotations, actionMethodAnnotations, subject)) {
SysEventLogSupport.log((String) subject.getPrincipal(), Constants.getSystem(), url, true);
return actionInvocation.invoke();
}
if (subject.isPermitted(url) || subject.isPermitted("/" + url)) {
SysEventLogSupport.log((String) subject.getPrincipal(), Constants.getSystem(), url, true);
return actionInvocation.invoke();
}
logger.warn("[decline] user=" + subject.getPrincipal() + " url=" + url);
String isDojoxContentPane = ServletActionContext.getRequest().getParameter(Constants.IS_DOJOX_CONTENT_PANE_XHR_LOAD);
if (YesNo.YES.equals(isDojoxContentPane)) {
// dojox.layout.ContentPane 它的 X-Requested-With 是 XMLHttpRequest
SysEventLogSupport.log((String) subject.getPrincipal(), Constants.getSystem(), url, false);
return Constants._S2_RESULT_NO_AUTHORITH;
}
String header = ServletActionContext.getRequest().getHeader("X-Requested-With");
if ("XMLHttpRequest".equalsIgnoreCase(header)) {
PrintWriter printWriter = ServletActionContext.getResponse().getWriter();
printWriter.print(Constants.NO_AUTHZ_JSON_DATA);
printWriter.flush();
printWriter.close();
SysEventLogSupport.log((String) subject.getPrincipal(), Constants.getSystem(), url, false);
return null;
}
SysEventLogSupport.log((String) subject.getPrincipal(), Constants.getSystem(), url, false);
return Constants._S2_RESULT_NO_AUTHORITH;
}
Also used :
Method(java.lang.reflect.Method)
Subject(org.apache.shiro.subject.Subject)
Annotation(java.lang.annotation.Annotation)
PrintWriter(java.io.PrintWriter)
Example 28 with Subject
use of org.apache.shiro.subject.Subject in project bamboobsc by billchen198318.
the class UserLoginInterceptor method intercept.
@Override
public String intercept(ActionInvocation actionInvocation) throws Exception {
ActionContext actionContext = actionInvocation.getInvocationContext();
Map<String, Object> session = actionContext.getSession();
this.accountObj = (AccountObj) session.get(Constants.SESS_ACCOUNT);
boolean fromCookieCheckOrRetySubjectLogin = false;
// 有 sysCurrentId 的 cookie, 但用這個cookie資料count tb_sys_usess 又與 core-web 的資料不符
boolean getUserCurrentCookieFail = false;
String contextPath = ServletActionContext.getServletContext().getContextPath();
if (!contextPath.endsWith(ApplicationSiteUtils.getContextPathFromMap(Constants.getMainSystem()))) {
/**
* 1. 先用admin登入
* 2. 登出admin 改用 tester登入
* 這樣的話 gsbsc-web 的 http-session 還是admin , 所以非core-web 要檢查當前CURRENT cookie 中的帳戶是否與 gsbsc-web 一樣
* 要是不同的話就讓這個 http-session 失效掉
*/
this.invalidCurrentSessionForDifferentAccount(actionContext);
SecurityUtils.setSecurityManager((DefaultSecurityManager) AppContext.getBean("securityManager"));
Subject subject = SecurityUtils.getSubject();
if (accountObj == null) {
fromCookieCheckOrRetySubjectLogin = getUserCurrentCookie(actionContext);
if (!fromCookieCheckOrRetySubjectLogin && UserCurrentCookie.foundCurrent((HttpServletRequest) actionContext.get(StrutsStatics.HTTP_REQUEST))) {
// 有 sysCurrentId 的 cookie, 但用這個cookie資料count tb_sys_usess 又與 core-web 的資料不符
getUserCurrentCookieFail = true;
}
}
if (accountObj != null && !subject.isAuthenticated()) {
fromCookieCheckOrRetySubjectLogin = true;
}
}
if (accountObj != null && !StringUtils.isBlank(accountObj.getAccount())) {
if (uSessLogHelper.countByAccount(accountObj.getAccount()) < 1) {
return this.redirectLogin(session, getUserCurrentCookieFail);
}
if (fromCookieCheckOrRetySubjectLogin) {
// core-web 有 session了, 但gsbsc-web 沒有session, 所以產生gsbsc-web 的 http session
SecurityUtils.setSecurityManager((DefaultSecurityManager) AppContext.getBean("securityManager"));
Subject subject = SecurityUtils.getSubject();
GreenStepBaseUsernamePasswordToken token = new GreenStepBaseUsernamePasswordToken();
token.setRememberMe(false);
token.setCaptcha("");
token.setUsername(accountObj.getAccount());
token.setPassword(((AccountVO) accountObj).getPassword().toCharArray());
if (!subject.isAuthenticated()) {
subject.login(token);
}
UserAccountHttpSessionSupport.create(actionContext, accountObj);
}
return actionInvocation.invoke();
}
return this.redirectLogin(session, getUserCurrentCookieFail);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
GreenStepBaseUsernamePasswordToken(com.netsteadfast.greenstep.sys.GreenStepBaseUsernamePasswordToken)
ActionContext(com.opensymphony.xwork2.ActionContext)
ServletActionContext(org.apache.struts2.ServletActionContext)
AccountVO(com.netsteadfast.greenstep.vo.AccountVO)
Subject(org.apache.shiro.subject.Subject)
Example 29 with Subject
use of org.apache.shiro.subject.Subject in project bamboobsc by billchen198318.
the class GreenStepBaseFormAuthenticationFilter method executeLogin.
protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception {
GreenStepBaseUsernamePasswordToken token = (GreenStepBaseUsernamePasswordToken) this.createToken(request, response);
try {
this.doCaptchaValidate((HttpServletRequest) request, token);
AccountVO account = this.queryUser(token.getUsername());
this.userValidate(account);
Subject subject = this.getSubject(request, response);
subject.login(token);
// set session
this.setUserSession((HttpServletRequest) request, (HttpServletResponse) response, account);
return this.onLoginSuccess(token, subject, request, response);
} catch (AuthenticationException e) {
// clear session
UserAccountHttpSessionSupport.remove((HttpServletRequest) request);
this.getSubject(request, response).logout();
return this.onLoginFailure(token, e, request, response);
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
AuthenticationException(org.apache.shiro.authc.AuthenticationException)
AccountVO(com.netsteadfast.greenstep.vo.AccountVO)
Subject(org.apache.shiro.subject.Subject)
Example 30 with Subject
use of org.apache.shiro.subject.Subject in project bamboobsc by billchen198318.
the class UserLoginInterceptor method invalidCurrentSessionForDifferentAccount.
/**
* 1. 先用admin登入
* 2. 登出admin 改用 tester登入
* 這樣的話 gsbsc-web 的 http-session 還是admin , 所以非core-web用tester登入的session , 要檢查當前CURRENT cookie 中的帳戶是否與 gsbsc-web 一樣
* 要是不同的話就讓這個 http-session 失效掉
*
* @param actionContext
* @throws Exception
*/
private void invalidCurrentSessionForDifferentAccount(ActionContext actionContext) throws Exception {
if (this.accountObj == null) {
return;
}
Map<String, String> dataMap = UserCurrentCookie.getCurrentData((HttpServletRequest) actionContext.get(StrutsStatics.HTTP_REQUEST));
String account = StringUtils.defaultString(dataMap.get("account"));
if (StringUtils.isBlank(account)) {
return;
}
if (this.accountObj.getAccount().equals(account)) {
return;
}
this.accountObj = null;
UserAccountHttpSessionSupport.remove(actionContext.getSession());
Subject subject = SecurityUtils.getSubject();
if (subject.isAuthenticated() && !account.equals(subject.getPrincipal())) {
subject.logout();
}
}
Also used :
Subject(org.apache.shiro.subject.Subject)
Aggregations
Subject (org.apache.shiro.subject.Subject)78
UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)11
Test (org.junit.Test)9
IOException (java.io.IOException)8
Map (java.util.Map)8
Path (javax.ws.rs.Path)8
StopProcessingException (ddf.catalog.plugin.StopProcessingException)7
ArrayList (java.util.ArrayList)7
HashMap (java.util.HashMap)7
HttpServletRequest (javax.servlet.http.HttpServletRequest)7
AccountVO (com.netsteadfast.greenstep.vo.AccountVO)5
Attribute (ddf.catalog.data.Attribute)5
KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)5
GET (javax.ws.rs.GET)5
AuthenticationException (org.apache.shiro.authc.AuthenticationException)5
ServiceException (com.netsteadfast.greenstep.base.exception.ServiceException)4
Metacard (ddf.catalog.data.Metacard)4
ApiOperation (io.swagger.annotations.ApiOperation)4
POST (javax.ws.rs.POST)4
PersistenceException (org.codice.ddf.persistence.PersistenceException)4
