Examples with SubjectContext org.apache.shiro.subject.SubjectContext used on opensource projects

Example 1 with SubjectContext

use of org.apache.shiro.subject.SubjectContext in project shiro by apache.

the class DefaultSecurityManager method createSubject.

/**
 * Creates a {@code Subject} instance for the user represented by the given method arguments.
 *
 * @param token    the {@code AuthenticationToken} submitted for the successful authentication.
 * @param info     the {@code AuthenticationInfo} of a newly authenticated user.
 * @param existing the existing {@code Subject} instance that initiated the authentication attempt
 * @return the {@code Subject} instance that represents the context and session data for the newly
 *         authenticated subject.
 */
protected Subject createSubject(AuthenticationToken token, AuthenticationInfo info, Subject existing) {
    SubjectContext context = createSubjectContext();
    context.setAuthenticated(true);
    context.setAuthenticationToken(token);
    context.setAuthenticationInfo(info);
    if (existing != null) {
        context.setSubject(existing);
    }
    return createSubject(context);
}

Example 2 with SubjectContext

use of org.apache.shiro.subject.SubjectContext in project shiro by apache.

the class DefaultSecurityManager method createSubject.

/**
 * This implementation functions as follows:
 * <p/>
 * <ol>
 * <li>Ensures the {@code SubjectContext} is as populated as it can be, using heuristics to acquire
 * data that may not have already been available to it (such as a referenced session or remembered principals).</li>
 * <li>Calls {@link #doCreateSubject(org.apache.shiro.subject.SubjectContext)} to actually perform the
 * {@code Subject} instance creation.</li>
 * <li>calls {@link #save(org.apache.shiro.subject.Subject) save(subject)} to ensure the constructed
 * {@code Subject}'s state is accessible for future requests/invocations if necessary.</li>
 * <li>returns the constructed {@code Subject} instance.</li>
 * </ol>
 *
 * @param subjectContext any data needed to direct how the Subject should be constructed.
 * @return the {@code Subject} instance reflecting the specified contextual data.
 * @see #ensureSecurityManager(org.apache.shiro.subject.SubjectContext)
 * @see #resolveSession(org.apache.shiro.subject.SubjectContext)
 * @see #resolvePrincipals(org.apache.shiro.subject.SubjectContext)
 * @see #doCreateSubject(org.apache.shiro.subject.SubjectContext)
 * @see #save(org.apache.shiro.subject.Subject)
 * @since 1.0
 */
public Subject createSubject(SubjectContext subjectContext) {
    // create a copy so we don't modify the argument's backing map:
    SubjectContext context = copy(subjectContext);
    // ensure that the context has a SecurityManager instance, and if not, add one:
    context = ensureSecurityManager(context);
    // Resolve an associated Session (usually based on a referenced session ID), and place it in the context before
    // sending to the SubjectFactory.  The SubjectFactory should not need to know how to acquire sessions as the
    // process is often environment specific - better to shield the SF from these details:
    context = resolveSession(context);
    // Similarly, the SubjectFactory should not require any concept of RememberMe - translate that here first
    // if possible before handing off to the SubjectFactory:
    context = resolvePrincipals(context);
    Subject subject = doCreateSubject(context);
    // save this subject for future reference if necessary:
    // (this is needed here in case rememberMe principals were resolved and they need to be stored in the
    // session, so we don't constantly rehydrate the rememberMe PrincipalCollection on every operation).
    // Added in 1.2:
    save(subject);
    return subject;
}

Example 3 with SubjectContext

use of org.apache.shiro.subject.SubjectContext in project shiro by apache.

the class AbstractRememberMeManagerTest method testGetRememberedPrincipalsWithEmptySerializedBytes.

/**
 * Tests the {@link AbstractRememberMeManager#getRememberedPrincipals(SubjectContext)} method
 * implementation when the internal
 * {@link AbstractRememberMeManager#getRememberedSerializedIdentity(SubjectContext)} method
 * returns null or empty bytes.
 */
@Test
public void testGetRememberedPrincipalsWithEmptySerializedBytes() {
    AbstractRememberMeManager rmm = new DummyRememberMeManager();
    // Since the dummy's getRememberedSerializedIdentity implementation returns an empty byte
    // array, we should be ok:
    PrincipalCollection principals = rmm.getRememberedPrincipals(new DefaultSubjectContext());
    assertNull(principals);
    // try with a null return value too:
    rmm = new DummyRememberMeManager() {

        @Override
        protected byte[] getRememberedSerializedIdentity(SubjectContext subjectContext) {
            return null;
        }
    };
    principals = rmm.getRememberedPrincipals(new DefaultSubjectContext());
    assertNull(principals);
}

Example 4 with SubjectContext

use of org.apache.shiro.subject.SubjectContext in project vertx-auth by vert-x3.

the class ShiroAuthProviderImpl method authenticate.

@Override
public void authenticate(JsonObject authInfo, Handler<AsyncResult<User>> resultHandler) {
    vertx.executeBlocking(fut -> {
        // before doing any shiro operations set the context
        SecurityUtils.setSecurityManager(securityManager);
        // proceed
        SubjectContext subjectContext = new DefaultSubjectContext();
        Subject subject = securityManager.createSubject(subjectContext);
        String username = authInfo.getString("username");
        String password = authInfo.getString("password");
        AuthenticationToken token = new UsernamePasswordToken(username, password);
        try {
            subject.login(token);
            fut.complete(new ShiroUser(vertx, securityManager, subject, rolePrefix));
        } catch (AuthenticationException e) {
            fut.fail(e);
        }
    }, resultHandler);
}

Example 5 with SubjectContext

use of org.apache.shiro.subject.SubjectContext in project vertx-auth by vert-x3.

the class ShiroUser method setAuthProvider.

@Override
public void setAuthProvider(AuthProvider authProvider) {
    if (authProvider instanceof ShiroAuthProviderImpl) {
        ShiroAuthProviderImpl shiroAuthProvider = (ShiroAuthProviderImpl) authProvider;
        this.vertx = shiroAuthProvider.getVertx();
        this.securityManager = shiroAuthProvider.getSecurityManager();
        // before doing any shiro operations set the context
        SecurityUtils.setSecurityManager(securityManager);
        // generate the subject back from the provider
        SubjectContext subjectContext = new DefaultSubjectContext();
        PrincipalCollection coll = new SimplePrincipalCollection(username, shiroAuthProvider.getRealmName());
        subjectContext.setPrincipals(coll);
        subject = securityManager.createSubject(subjectContext);
    } else {
        throw new IllegalArgumentException("Not a ShiroAuthProviderImpl");
    }
}