Example 6 with DefaultWebSecurityManager
use of org.apache.shiro.web.mgt.DefaultWebSecurityManager in project shiro by apache.
the class WebIniSecurityManagerFactoryTest method testDefaultFiltersPresent.
/**
* Test that ensures the WebIniSecurityManagerFactory will automatically add the default
* filters to the pool of beans before the INI configuration is interpreted.
*/
@Test
public void testDefaultFiltersPresent() {
Ini ini = new Ini();
// just a normal configuration line in the MAIN section for any of the default filtes should work
// out of the box. So, create the main section and just config one of them:
Ini.Section section = ini.addSection(IniSecurityManagerFactory.MAIN_SECTION_NAME);
section.put("authc.loginUrl", "/login.jsp");
WebIniSecurityManagerFactory factory = new WebIniSecurityManagerFactory(ini);
org.apache.shiro.mgt.SecurityManager sm = factory.getInstance();
assertNotNull(sm);
assertTrue(sm instanceof DefaultWebSecurityManager);
// now assert that all of the default filters exist:
Map<String, ?> beans = factory.getBeans();
for (DefaultFilter defaultFilter : DefaultFilter.values()) {
Filter filter = (Filter) beans.get(defaultFilter.name());
assertNotNull(filter);
assertTrue(defaultFilter.getFilterClass().isAssignableFrom(filter.getClass()));
}
}
Also used :
DefaultFilter(org.apache.shiro.web.filter.mgt.DefaultFilter)
Ini(org.apache.shiro.config.Ini)
DefaultFilter(org.apache.shiro.web.filter.mgt.DefaultFilter)
Filter(javax.servlet.Filter)
DefaultWebSecurityManager(org.apache.shiro.web.mgt.DefaultWebSecurityManager)
Test(org.junit.Test)
Example 7 with DefaultWebSecurityManager
use of org.apache.shiro.web.mgt.DefaultWebSecurityManager in project zeppelin by apache.
the class KnoxAuthenticationFilter method isAccessAllowed.
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
// Check with existing shiro authentication logic
// https://github.com/apache/shiro/blob/shiro-root-1.3.2/web/src/main/java/org/apache/shiro/
// web/filter/authc/AuthenticatingFilter.java#L123-L124
boolean accessAllowed = super.isAccessAllowed(request, response, mappedValue) || !isLoginRequest(request, response) && isPermissive(mappedValue);
if (accessAllowed) {
accessAllowed = false;
KnoxJwtRealm knoxJwtRealm = null;
// TODO(jl): Is this logic really useful?
DefaultWebSecurityManager defaultWebSecurityManager;
String key = ThreadContext.SECURITY_MANAGER_KEY;
defaultWebSecurityManager = (DefaultWebSecurityManager) ThreadContext.get(key);
Collection<Realm> realms = defaultWebSecurityManager.getRealms();
for (Object realm : realms) {
if (realm instanceof KnoxJwtRealm) {
knoxJwtRealm = (KnoxJwtRealm) realm;
break;
}
}
if (null != knoxJwtRealm) {
for (Cookie cookie : ((ShiroHttpServletRequest) request).getCookies()) {
if (cookie.getName().equals(knoxJwtRealm.getCookieName())) {
if (knoxJwtRealm.validateToken(cookie.getValue())) {
accessAllowed = true;
}
break;
}
}
} else {
LOGGER.error("Looks like this filter is enabled without enabling KnoxJwtRealm, please refer" + " to https://zeppelin.apache.org/docs/latest/security/shiroauthentication.html" + "#knox-sso");
}
}
return accessAllowed;
}
Also used :
Cookie(javax.servlet.http.Cookie)
DefaultWebSecurityManager(org.apache.shiro.web.mgt.DefaultWebSecurityManager)
ShiroHttpServletRequest(org.apache.shiro.web.servlet.ShiroHttpServletRequest)
Realm(org.apache.shiro.realm.Realm)
Example 8 with DefaultWebSecurityManager
use of org.apache.shiro.web.mgt.DefaultWebSecurityManager in project zeppelin by apache.
the class KerberosAuthenticationFilter method doFilterInternal.
/**
* If the request has a valid authentication token it allows the request to continue to
* the target resource,
* otherwise it triggers an authentication sequence using the configured
* {@link AuthenticationHandler}.
*
* @param request the request object.
* @param response the response object.
* @param filterChain the filter chain object.
* @throws IOException thrown if an IO error occurred.
* @throws ServletException thrown if a processing error occurred.
*/
@Override
public void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
KerberosRealm kerberosRealm = null;
DefaultWebSecurityManager defaultWebSecurityManager;
String key = ThreadContext.SECURITY_MANAGER_KEY;
defaultWebSecurityManager = (DefaultWebSecurityManager) ThreadContext.get(key);
Collection<Realm> realms = defaultWebSecurityManager.getRealms();
for (Object realm : realms) {
if (realm instanceof KerberosRealm) {
kerberosRealm = (KerberosRealm) realm;
break;
}
}
if (kerberosRealm != null) {
kerberosRealm.doKerberosAuth(request, response, filterChain);
} else {
LOG.error("Looks like this filter is enabled without enabling KerberosRealm, please refer" + " to https://zeppelin.apache.org/docs/latest/security/shiroauthentication.html" + "#kerberos-auth");
}
}
Also used :
DefaultWebSecurityManager(org.apache.shiro.web.mgt.DefaultWebSecurityManager)
Realm(org.apache.shiro.realm.Realm)
Example 9 with DefaultWebSecurityManager
use of org.apache.shiro.web.mgt.DefaultWebSecurityManager in project SSM by Intel-bigdata.
the class SecurityUtils method getRealmsList.
public static Collection getRealmsList() {
if (!isEnabled) {
return Collections.emptyList();
}
DefaultWebSecurityManager defaultWebSecurityManager;
String key = ThreadContext.SECURITY_MANAGER_KEY;
defaultWebSecurityManager = (DefaultWebSecurityManager) ThreadContext.get(key);
Collection<Realm> realms = defaultWebSecurityManager.getRealms();
return realms;
}
Also used :
DefaultWebSecurityManager(org.apache.shiro.web.mgt.DefaultWebSecurityManager)
IniRealm(org.apache.shiro.realm.text.IniRealm)
LdapRealm(org.apache.zeppelin.realm.LdapRealm)
Realm(org.apache.shiro.realm.Realm)
Example 10 with DefaultWebSecurityManager
use of org.apache.shiro.web.mgt.DefaultWebSecurityManager in project zeppelin by apache.
the class SecurityUtils method getRealmsList.
public static Collection getRealmsList() {
if (!isEnabled) {
return Collections.emptyList();
}
DefaultWebSecurityManager defaultWebSecurityManager;
String key = ThreadContext.SECURITY_MANAGER_KEY;
defaultWebSecurityManager = (DefaultWebSecurityManager) ThreadContext.get(key);
Collection<Realm> realms = defaultWebSecurityManager.getRealms();
return realms;
}
Also used :
DefaultWebSecurityManager(org.apache.shiro.web.mgt.DefaultWebSecurityManager)
IniRealm(org.apache.shiro.realm.text.IniRealm)
LdapRealm(org.apache.zeppelin.realm.LdapRealm)
Realm(org.apache.shiro.realm.Realm)
Aggregations
DefaultWebSecurityManager (org.apache.shiro.web.mgt.DefaultWebSecurityManager)21
ShiroFilterFactoryBean (org.apache.shiro.spring.web.ShiroFilterFactoryBean)9
Bean (org.springframework.context.annotation.Bean)9
Realm (org.apache.shiro.realm.Realm)6
CookieRememberMeManager (org.apache.shiro.web.mgt.CookieRememberMeManager)3
MalformedURLException (java.net.MalformedURLException)2
ConfigurationException (org.apache.shiro.config.ConfigurationException)2
IniRealm (org.apache.shiro.realm.text.IniRealm)2
WebSecurityManager (org.apache.shiro.web.mgt.WebSecurityManager)2
DefaultWebSessionManager (org.apache.shiro.web.session.mgt.DefaultWebSessionManager)2
LdapRealm (org.apache.zeppelin.realm.LdapRealm)2
Test (org.junit.Test)2
Injector (com.google.inject.Injector)1
Provides (com.google.inject.Provides)1
ArrayList (java.util.ArrayList)1
Filter (javax.servlet.Filter)1
ServletContext (javax.servlet.ServletContext)1
Cookie (javax.servlet.http.Cookie)1
AuthenticationStrategy (org.apache.shiro.authc.pam.AuthenticationStrategy)1
ModularRealmAuthenticator (org.apache.shiro.authc.pam.ModularRealmAuthenticator)1
