Example 31 with Subject
use of org.apache.shiro.subject.Subject in project bamboobsc by billchen198318.
the class GreenStepHessianServiceExporter method handleRequest.
@Override
public void handleRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
/**
* 不用檢查checkValue模式
*/
if (!GreenStepHessianUtils.getConfigHessianHeaderCheckValueModeEnable()) {
super.handleRequest(request, response);
return;
}
/**
* 一般要檢查checkValue模式
*/
String checkValue = GreenStepHessianUtils.getHttpRequestHeaderCheckValue(request);
Map<String, String> dataMap = null;
try {
dataMap = GreenStepHessianUtils.getDecAuthValue(checkValue);
if (null == dataMap || !GreenStepHessianUtils.isCheckValue(dataMap)) {
logger.warn("fail check value hessian webService");
return;
}
String userId = GreenStepHessianUtils.getUserId(dataMap);
if (StringUtils.isBlank(userId)) {
logger.warn("no userId cannot access hessian webService");
return;
}
if (GreenStepHessianUtils.isProxyBlockedAccountId(userId)) {
logger.warn("blocked userId: " + userId + " cannot access hessian webService");
return;
}
} catch (Exception e) {
logger.error(e.getMessage().toString());
e.printStackTrace();
return;
}
Subject subject = null;
try {
ShiroLoginSupport loginSupport = new ShiroLoginSupport();
subject = loginSupport.forceCreateLoginSubject(request, response, GreenStepHessianUtils.getUserId(dataMap), "0123");
super.handleRequest(request, response);
} catch (Exception e) {
logger.error(e.getMessage().toString());
e.printStackTrace();
} finally {
if (null != subject) {
subject.logout();
}
}
}
Also used :
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
Subject(org.apache.shiro.subject.Subject)
Example 32 with Subject
use of org.apache.shiro.subject.Subject in project bamboobsc by billchen198318.
the class GreenStepMobileFormAuthenticationFilter method executeLogin.
protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception {
GreenStepBaseUsernamePasswordToken token = (GreenStepBaseUsernamePasswordToken) this.createToken(request, response);
try {
this.doCaptchaValidate((HttpServletRequest) request, token);
ShiroLoginSupport loginSupport = new ShiroLoginSupport();
AccountVO account = loginSupport.queryUserValidate(token.getUsername());
Subject subject = this.getSubject(request, response);
subject.login(token);
// set session
this.setUserSession((HttpServletRequest) request, (HttpServletResponse) response, account);
return this.onLoginSuccess(token, subject, request, response);
} catch (AuthenticationException e) {
// clear session
UserAccountHttpSessionSupport.remove((HttpServletRequest) request);
this.getSubject(request, response).logout();
return this.onLoginFailure(token, e, request, response);
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
AuthenticationException(org.apache.shiro.authc.AuthenticationException)
AccountVO(com.netsteadfast.greenstep.vo.AccountVO)
Subject(org.apache.shiro.subject.Subject)
Example 33 with Subject
use of org.apache.shiro.subject.Subject in project bamboobsc by billchen198318.
the class MenuSupportUtils method loadSysMenuData.
protected static List<SysMenuVO> loadSysMenuData(String system) throws ServiceException, Exception {
List<SysMenuVO> menuList = null;
TbSys sys = new TbSys();
sys.setSysId(system);
if (sysService.countByEntityUK(sys) != 1) {
// 必需要有 TB_SYS 資料
throw new ServiceException(SysMessageUtil.get(GreenStepSysMsgConstants.DATA_ERRORS));
}
Subject subject = SecurityUtils.getSubject();
String account = (String) subject.getPrincipal();
if (StringUtils.isBlank(account)) {
throw new ServiceException(SysMessageUtil.get(GreenStepSysMsgConstants.DATA_ERRORS));
}
if (subject.hasRole(Constants.SUPER_ROLE_ADMIN) || subject.hasRole(Constants.SUPER_ROLE_ALL)) {
account = null;
}
DefaultResult<List<SysMenuVO>> result = sysMenuService.findForMenuGenerator(system, account);
if (result.getValue() != null) {
menuList = result.getValue();
}
if (menuList == null) {
menuList = new ArrayList<SysMenuVO>();
}
return menuList;
}
Also used :
TbSys(com.netsteadfast.greenstep.po.hbm.TbSys)
ServiceException(com.netsteadfast.greenstep.base.exception.ServiceException)
SysMenuVO(com.netsteadfast.greenstep.vo.SysMenuVO)
ArrayList(java.util.ArrayList)
LinkedList(java.util.LinkedList)
List(java.util.List)
Subject(org.apache.shiro.subject.Subject)
Example 34 with Subject
use of org.apache.shiro.subject.Subject in project bamboobsc by billchen198318.
the class BaseSupportAction method isActionAuthorize.
/**
* ControllerAuthorityCheckInterceptor 會去掉沒有權限的action, 只是配合 json 通一變數 "isAuthorize" 要用到
*
* @return
*/
protected String isActionAuthorize() {
((BaseSimpleActionInfo) this.baseActionInfoProvide).handlerActionAnnotations();
Subject subject = SecurityUtils.getSubject();
if (subject.hasRole(Constants.SUPER_ROLE_ALL) || subject.hasRole(Constants.SUPER_ROLE_ADMIN)) {
return YesNo.YES;
}
if (this.isControllerAuthority(((BaseSimpleActionInfo) this.baseActionInfoProvide).getActionAnnotations(), ((BaseSimpleActionInfo) this.baseActionInfoProvide).getActionMethodAnnotations(), subject)) {
return YesNo.YES;
}
if (subject.isPermitted(this.baseActionInfoProvide.getPageInfoActionName() + Constants._S2_ACTION_EXTENSION)) {
return YesNo.YES;
}
return YesNo.NO;
}
Also used :
BaseSimpleActionInfo(com.netsteadfast.greenstep.base.model.BaseSimpleActionInfo)
Subject(org.apache.shiro.subject.Subject)
Example 35 with Subject
use of org.apache.shiro.subject.Subject in project ddf by codice.
the class NotificationController method getPersistedNotifications.
@Listener('/' + Notification.NOTIFICATION_TOPIC_ROOT)
public void getPersistedNotifications(final ServerSession remote, Message message) {
Subject subject = null;
try {
subject = SecurityUtils.getSubject();
} catch (Exception e) {
LOGGER.debug("Couldn't grab user subject from Shiro.", e);
}
String userId = getUserId(remote, subject);
if (null == userId) {
throw new IllegalArgumentException("User ID is null");
}
Map<String, Object> data = message.getDataAsMap();
if (MapUtils.isEmpty(data)) {
List<Map<String, Object>> notifications = getNotificationsForUser(userId);
if (CollectionUtils.isNotEmpty(notifications)) {
queuePersistedMessages(remote, notifications, "/" + Notification.NOTIFICATION_TOPIC_BROADCAST);
}
} else {
String id = UUID.randomUUID().toString().replaceAll("-", "");
String sessionId = remote.getId();
Notification notification = new Notification(id, sessionId, (String) data.get(Notification.NOTIFICATION_KEY_APPLICATION), (String) data.get(Notification.NOTIFICATION_KEY_TITLE), (String) data.get(Notification.NOTIFICATION_KEY_MESSAGE), (Long) data.get(Notification.NOTIFICATION_KEY_TIMESTAMP), userId);
Event event = new Event(Notification.NOTIFICATION_TOPIC_PUBLISH, notification);
eventAdmin.postEvent(event);
}
}
Also used :
Event(org.osgi.service.event.Event)
HashMap(java.util.HashMap)
Map(java.util.Map)
Subject(org.apache.shiro.subject.Subject)
PersistenceException(org.codice.ddf.persistence.PersistenceException)
Notification(org.codice.ddf.notifications.Notification)
Listener(org.cometd.annotation.Listener)
Aggregations
Subject (org.apache.shiro.subject.Subject)78
UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)11
Test (org.junit.Test)9
IOException (java.io.IOException)8
Map (java.util.Map)8
Path (javax.ws.rs.Path)8
StopProcessingException (ddf.catalog.plugin.StopProcessingException)7
ArrayList (java.util.ArrayList)7
HashMap (java.util.HashMap)7
HttpServletRequest (javax.servlet.http.HttpServletRequest)7
AccountVO (com.netsteadfast.greenstep.vo.AccountVO)5
Attribute (ddf.catalog.data.Attribute)5
KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)5
GET (javax.ws.rs.GET)5
AuthenticationException (org.apache.shiro.authc.AuthenticationException)5
ServiceException (com.netsteadfast.greenstep.base.exception.ServiceException)4
Metacard (ddf.catalog.data.Metacard)4
ApiOperation (io.swagger.annotations.ApiOperation)4
POST (javax.ws.rs.POST)4
PersistenceException (org.codice.ddf.persistence.PersistenceException)4
