Search in sources :

Example 6 with DefaultWebSecurityManager

use of org.apache.shiro.web.mgt.DefaultWebSecurityManager in project shiro by apache.

the class WebIniSecurityManagerFactoryTest method testDefaultFiltersPresent.

/**
 * Test that ensures the WebIniSecurityManagerFactory will automatically add the default
 * filters to the pool of beans before the INI configuration is interpreted.
 */
@Test
public void testDefaultFiltersPresent() {
    Ini ini = new Ini();
    // just a normal configuration line in the MAIN section for any of the default filtes should work
    // out of the box.  So, create the main section and just config one of them:
    Ini.Section section = ini.addSection(IniSecurityManagerFactory.MAIN_SECTION_NAME);
    section.put("authc.loginUrl", "/login.jsp");
    WebIniSecurityManagerFactory factory = new WebIniSecurityManagerFactory(ini);
    org.apache.shiro.mgt.SecurityManager sm = factory.getInstance();
    assertNotNull(sm);
    assertTrue(sm instanceof DefaultWebSecurityManager);
    // now assert that all of the default filters exist:
    Map<String, ?> beans = factory.getBeans();
    for (DefaultFilter defaultFilter : DefaultFilter.values()) {
        Filter filter = (Filter) beans.get(defaultFilter.name());
        assertNotNull(filter);
        assertTrue(defaultFilter.getFilterClass().isAssignableFrom(filter.getClass()));
    }
}
Also used : DefaultFilter(org.apache.shiro.web.filter.mgt.DefaultFilter) Ini(org.apache.shiro.config.Ini) DefaultFilter(org.apache.shiro.web.filter.mgt.DefaultFilter) Filter(javax.servlet.Filter) DefaultWebSecurityManager(org.apache.shiro.web.mgt.DefaultWebSecurityManager) Test(org.junit.Test)

Example 7 with DefaultWebSecurityManager

use of org.apache.shiro.web.mgt.DefaultWebSecurityManager in project zeppelin by apache.

the class KnoxAuthenticationFilter method isAccessAllowed.

protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
    // Check with existing shiro authentication logic
    // https://github.com/apache/shiro/blob/shiro-root-1.3.2/web/src/main/java/org/apache/shiro/
    // web/filter/authc/AuthenticatingFilter.java#L123-L124
    boolean accessAllowed = super.isAccessAllowed(request, response, mappedValue) || !isLoginRequest(request, response) && isPermissive(mappedValue);
    if (accessAllowed) {
        accessAllowed = false;
        KnoxJwtRealm knoxJwtRealm = null;
        // TODO(jl): Is this logic really useful?
        DefaultWebSecurityManager defaultWebSecurityManager;
        String key = ThreadContext.SECURITY_MANAGER_KEY;
        defaultWebSecurityManager = (DefaultWebSecurityManager) ThreadContext.get(key);
        Collection<Realm> realms = defaultWebSecurityManager.getRealms();
        for (Object realm : realms) {
            if (realm instanceof KnoxJwtRealm) {
                knoxJwtRealm = (KnoxJwtRealm) realm;
                break;
            }
        }
        if (null != knoxJwtRealm) {
            for (Cookie cookie : ((ShiroHttpServletRequest) request).getCookies()) {
                if (cookie.getName().equals(knoxJwtRealm.getCookieName())) {
                    if (knoxJwtRealm.validateToken(cookie.getValue())) {
                        accessAllowed = true;
                    }
                    break;
                }
            }
        } else {
            LOGGER.error("Looks like this filter is enabled without enabling KnoxJwtRealm, please refer" + " to https://zeppelin.apache.org/docs/latest/security/shiroauthentication.html" + "#knox-sso");
        }
    }
    return accessAllowed;
}
Also used : Cookie(javax.servlet.http.Cookie) DefaultWebSecurityManager(org.apache.shiro.web.mgt.DefaultWebSecurityManager) ShiroHttpServletRequest(org.apache.shiro.web.servlet.ShiroHttpServletRequest) Realm(org.apache.shiro.realm.Realm)

Example 8 with DefaultWebSecurityManager

use of org.apache.shiro.web.mgt.DefaultWebSecurityManager in project zeppelin by apache.

the class KerberosAuthenticationFilter method doFilterInternal.

/**
 * If the request has a valid authentication token it allows the request to continue to
 * the target resource,
 * otherwise it triggers an authentication sequence using the configured
 * {@link AuthenticationHandler}.
 *
 * @param request     the request object.
 * @param response    the response object.
 * @param filterChain the filter chain object.
 * @throws IOException      thrown if an IO error occurred.
 * @throws ServletException thrown if a processing error occurred.
 */
@Override
public void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
    KerberosRealm kerberosRealm = null;
    DefaultWebSecurityManager defaultWebSecurityManager;
    String key = ThreadContext.SECURITY_MANAGER_KEY;
    defaultWebSecurityManager = (DefaultWebSecurityManager) ThreadContext.get(key);
    Collection<Realm> realms = defaultWebSecurityManager.getRealms();
    for (Object realm : realms) {
        if (realm instanceof KerberosRealm) {
            kerberosRealm = (KerberosRealm) realm;
            break;
        }
    }
    if (kerberosRealm != null) {
        kerberosRealm.doKerberosAuth(request, response, filterChain);
    } else {
        LOG.error("Looks like this filter is enabled without enabling KerberosRealm, please refer" + " to https://zeppelin.apache.org/docs/latest/security/shiroauthentication.html" + "#kerberos-auth");
    }
}
Also used : DefaultWebSecurityManager(org.apache.shiro.web.mgt.DefaultWebSecurityManager) Realm(org.apache.shiro.realm.Realm)

Example 9 with DefaultWebSecurityManager

use of org.apache.shiro.web.mgt.DefaultWebSecurityManager in project SSM by Intel-bigdata.

the class SecurityUtils method getRealmsList.

public static Collection getRealmsList() {
    if (!isEnabled) {
        return Collections.emptyList();
    }
    DefaultWebSecurityManager defaultWebSecurityManager;
    String key = ThreadContext.SECURITY_MANAGER_KEY;
    defaultWebSecurityManager = (DefaultWebSecurityManager) ThreadContext.get(key);
    Collection<Realm> realms = defaultWebSecurityManager.getRealms();
    return realms;
}
Also used : DefaultWebSecurityManager(org.apache.shiro.web.mgt.DefaultWebSecurityManager) IniRealm(org.apache.shiro.realm.text.IniRealm) LdapRealm(org.apache.zeppelin.realm.LdapRealm) Realm(org.apache.shiro.realm.Realm)

Example 10 with DefaultWebSecurityManager

use of org.apache.shiro.web.mgt.DefaultWebSecurityManager in project zeppelin by apache.

the class SecurityUtils method getRealmsList.

public static Collection getRealmsList() {
    if (!isEnabled) {
        return Collections.emptyList();
    }
    DefaultWebSecurityManager defaultWebSecurityManager;
    String key = ThreadContext.SECURITY_MANAGER_KEY;
    defaultWebSecurityManager = (DefaultWebSecurityManager) ThreadContext.get(key);
    Collection<Realm> realms = defaultWebSecurityManager.getRealms();
    return realms;
}
Also used : DefaultWebSecurityManager(org.apache.shiro.web.mgt.DefaultWebSecurityManager) IniRealm(org.apache.shiro.realm.text.IniRealm) LdapRealm(org.apache.zeppelin.realm.LdapRealm) Realm(org.apache.shiro.realm.Realm)

Aggregations

DefaultWebSecurityManager (org.apache.shiro.web.mgt.DefaultWebSecurityManager)21 ShiroFilterFactoryBean (org.apache.shiro.spring.web.ShiroFilterFactoryBean)9 Bean (org.springframework.context.annotation.Bean)9 Realm (org.apache.shiro.realm.Realm)6 CookieRememberMeManager (org.apache.shiro.web.mgt.CookieRememberMeManager)3 MalformedURLException (java.net.MalformedURLException)2 ConfigurationException (org.apache.shiro.config.ConfigurationException)2 IniRealm (org.apache.shiro.realm.text.IniRealm)2 WebSecurityManager (org.apache.shiro.web.mgt.WebSecurityManager)2 DefaultWebSessionManager (org.apache.shiro.web.session.mgt.DefaultWebSessionManager)2 LdapRealm (org.apache.zeppelin.realm.LdapRealm)2 Test (org.junit.Test)2 Injector (com.google.inject.Injector)1 Provides (com.google.inject.Provides)1 ArrayList (java.util.ArrayList)1 Filter (javax.servlet.Filter)1 ServletContext (javax.servlet.ServletContext)1 Cookie (javax.servlet.http.Cookie)1 AuthenticationStrategy (org.apache.shiro.authc.pam.AuthenticationStrategy)1 ModularRealmAuthenticator (org.apache.shiro.authc.pam.ModularRealmAuthenticator)1