Examples with ByteSource org.apache.shiro.util.ByteSource used on opensource projects

Example 1 with ByteSource

use of org.apache.shiro.util.ByteSource in project killbill by killbill.

the class KillbillJdbcTenantRealm method doGetAuthenticationInfo.

@Override
protected AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken token) throws AuthenticationException {
    final SimpleAuthenticationInfo authenticationInfo = (SimpleAuthenticationInfo) super.doGetAuthenticationInfo(token);
    // We store the salt bytes in Base64 (because the JdbcRealm retrieves it as a String)
    final ByteSource base64Salt = authenticationInfo.getCredentialsSalt();
    authenticationInfo.setCredentialsSalt(ByteSource.Util.bytes(Base64.decode(base64Salt.getBytes())));
    return authenticationInfo;
}

Example 2 with ByteSource

use of org.apache.shiro.util.ByteSource in project camel by apache.

the class ShiroSecurityProcessor method applySecurityPolicy.

private void applySecurityPolicy(Exchange exchange) throws Exception {
    ByteSource encryptedToken;
    // if we have username and password as headers then use them to create a token
    String username = exchange.getIn().getHeader(ShiroSecurityConstants.SHIRO_SECURITY_USERNAME, String.class);
    String password = exchange.getIn().getHeader(ShiroSecurityConstants.SHIRO_SECURITY_PASSWORD, String.class);
    if (username != null && password != null) {
        ShiroSecurityToken token = new ShiroSecurityToken(username, password);
        // store the token as header, either as base64 or as the object as-is
        if (policy.isBase64()) {
            ByteSource bytes = ShiroSecurityHelper.encrypt(token, policy.getPassPhrase(), policy.getCipherService());
            String base64 = bytes.toBase64();
            exchange.getIn().setHeader(ShiroSecurityConstants.SHIRO_SECURITY_TOKEN, base64);
        } else {
            exchange.getIn().setHeader(ShiroSecurityConstants.SHIRO_SECURITY_TOKEN, token);
        }
        // and now remove the headers as we turned those into the token instead
        exchange.getIn().removeHeader(ShiroSecurityConstants.SHIRO_SECURITY_USERNAME);
        exchange.getIn().removeHeader(ShiroSecurityConstants.SHIRO_SECURITY_PASSWORD);
    }
    Object token = ExchangeHelper.getMandatoryHeader(exchange, ShiroSecurityConstants.SHIRO_SECURITY_TOKEN, Object.class);
    // we support the token in a number of ways
    if (token instanceof ShiroSecurityToken) {
        ShiroSecurityToken sst = (ShiroSecurityToken) token;
        encryptedToken = ShiroSecurityHelper.encrypt(sst, policy.getPassPhrase(), policy.getCipherService());
        // Remove unencrypted token + replace with an encrypted token
        exchange.getIn().removeHeader(ShiroSecurityConstants.SHIRO_SECURITY_TOKEN);
        exchange.getIn().setHeader(ShiroSecurityConstants.SHIRO_SECURITY_TOKEN, encryptedToken);
    } else if (token instanceof String) {
        String data = (String) token;
        if (policy.isBase64()) {
            byte[] bytes = Base64.decode(data);
            encryptedToken = ByteSource.Util.bytes(bytes);
        } else {
            encryptedToken = ByteSource.Util.bytes(data);
        }
    } else if (token instanceof ByteSource) {
        encryptedToken = (ByteSource) token;
    } else {
        throw new CamelExchangeException("Shiro security header " + ShiroSecurityConstants.SHIRO_SECURITY_TOKEN + " is unsupported type: " + ObjectHelper.classCanonicalName(token), exchange);
    }
    ByteSource decryptedToken = policy.getCipherService().decrypt(encryptedToken.getBytes(), policy.getPassPhrase());
    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decryptedToken.getBytes());
    ObjectInputStream objectInputStream = new ObjectInputStream(byteArrayInputStream);
    ShiroSecurityToken securityToken;
    try {
        securityToken = (ShiroSecurityToken) objectInputStream.readObject();
    } finally {
        IOHelper.close(objectInputStream, byteArrayInputStream);
    }
    Subject currentUser = SecurityUtils.getSubject();
    // Authenticate user if not authenticated
    try {
        authenticateUser(currentUser, securityToken);
        // Test whether user's role is authorized to perform functions in the permissions list
        authorizeUser(currentUser, exchange);
    } finally {
        if (policy.isAlwaysReauthenticate()) {
            currentUser.logout();
        }
    }
}

Example 3 with ByteSource

use of org.apache.shiro.util.ByteSource in project camel by apache.

the class ShiroSecurityTokenInjector method process.

public void process(Exchange exchange) throws Exception {
    ByteSource bytes = encrypt();
    Object token;
    if (isBase64()) {
        token = bytes.toBase64();
    } else {
        token = bytes;
    }
    exchange.getIn().setHeader(ShiroSecurityConstants.SHIRO_SECURITY_TOKEN, token);
}

Example 4 with ByteSource

use of org.apache.shiro.util.ByteSource in project killbill by killbill.

the class DefaultUserDao method insertUser.

@Override
public void insertUser(final String username, final String password, final List<String> roles, final String createdBy) throws SecurityApiException {
    final ByteSource salt = rng.nextBytes();
    final String hashedPasswordBase64 = new SimpleHash(KillbillCredentialsMatcher.HASH_ALGORITHM_NAME, password, salt.toBase64(), securityConfig.getShiroNbHashIterations()).toBase64();
    final DateTime createdDate = clock.getUTCNow();
    inTransactionWithExceptionHandling(new TransactionCallback<Void>() {

        @Override
        public Void inTransaction(final Handle handle, final TransactionStatus status) throws Exception {
            final UserRolesSqlDao userRolesSqlDao = handle.attach(UserRolesSqlDao.class);
            for (final String role : roles) {
                userRolesSqlDao.create(new UserRolesModelDao(username, role, createdDate, createdBy));
            }
            final UsersSqlDao usersSqlDao = handle.attach(UsersSqlDao.class);
            final UserModelDao userModelDao = usersSqlDao.getByUsername(username);
            if (userModelDao != null) {
                throw new SecurityApiException(ErrorCode.SECURITY_USER_ALREADY_EXISTS, username);
            }
            usersSqlDao.create(new UserModelDao(username, hashedPasswordBase64, salt.toBase64(), createdDate, createdBy));
            return null;
        }
    });
}

Example 5 with ByteSource

use of org.apache.shiro.util.ByteSource in project killbill by killbill.

the class DefaultUserDao method updateUserPassword.

@Override
public void updateUserPassword(final String username, final String password, final String updatedBy) throws SecurityApiException {
    final ByteSource salt = rng.nextBytes();
    final String hashedPasswordBase64 = new SimpleHash(KillbillCredentialsMatcher.HASH_ALGORITHM_NAME, password, salt.toBase64(), securityConfig.getShiroNbHashIterations()).toBase64();
    inTransactionWithExceptionHandling(new TransactionCallback<Void>() {

        @Override
        public Void inTransaction(final Handle handle, final TransactionStatus status) throws Exception {
            final DateTime updatedDate = clock.getUTCNow();
            final UsersSqlDao usersSqlDao = handle.attach(UsersSqlDao.class);
            final UserModelDao userModelDao = usersSqlDao.getByUsername(username);
            if (userModelDao == null) {
                throw new SecurityApiException(ErrorCode.SECURITY_INVALID_USER, username);
            }
            usersSqlDao.updatePassword(username, hashedPasswordBase64, salt.toBase64(), updatedDate.toDate(), updatedBy);
            return null;
        }
    });
}