use of org.apache.shiro.web.mgt.DefaultWebSecurityManager in project shiro by apache.
the class WebIniSecurityManagerFactoryTest method testDefaultFiltersPresent.
/**
* Test that ensures the WebIniSecurityManagerFactory will automatically add the default
* filters to the pool of beans before the INI configuration is interpreted.
*/
@Test
public void testDefaultFiltersPresent() {
Ini ini = new Ini();
// just a normal configuration line in the MAIN section for any of the default filtes should work
// out of the box. So, create the main section and just config one of them:
Ini.Section section = ini.addSection(IniSecurityManagerFactory.MAIN_SECTION_NAME);
section.put("authc.loginUrl", "/login.jsp");
WebIniSecurityManagerFactory factory = new WebIniSecurityManagerFactory(ini);
org.apache.shiro.mgt.SecurityManager sm = factory.getInstance();
assertNotNull(sm);
assertTrue(sm instanceof DefaultWebSecurityManager);
// now assert that all of the default filters exist:
Map<String, ?> beans = factory.getBeans();
for (DefaultFilter defaultFilter : DefaultFilter.values()) {
Filter filter = (Filter) beans.get(defaultFilter.name());
assertNotNull(filter);
assertTrue(defaultFilter.getFilterClass().isAssignableFrom(filter.getClass()));
}
}
use of org.apache.shiro.web.mgt.DefaultWebSecurityManager in project zeppelin by apache.
the class KnoxAuthenticationFilter method isAccessAllowed.
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
// Check with existing shiro authentication logic
// https://github.com/apache/shiro/blob/shiro-root-1.3.2/web/src/main/java/org/apache/shiro/
// web/filter/authc/AuthenticatingFilter.java#L123-L124
boolean accessAllowed = super.isAccessAllowed(request, response, mappedValue) || !isLoginRequest(request, response) && isPermissive(mappedValue);
if (accessAllowed) {
accessAllowed = false;
KnoxJwtRealm knoxJwtRealm = null;
// TODO(jl): Is this logic really useful?
DefaultWebSecurityManager defaultWebSecurityManager;
String key = ThreadContext.SECURITY_MANAGER_KEY;
defaultWebSecurityManager = (DefaultWebSecurityManager) ThreadContext.get(key);
Collection<Realm> realms = defaultWebSecurityManager.getRealms();
for (Object realm : realms) {
if (realm instanceof KnoxJwtRealm) {
knoxJwtRealm = (KnoxJwtRealm) realm;
break;
}
}
if (null != knoxJwtRealm) {
for (Cookie cookie : ((ShiroHttpServletRequest) request).getCookies()) {
if (cookie.getName().equals(knoxJwtRealm.getCookieName())) {
if (knoxJwtRealm.validateToken(cookie.getValue())) {
accessAllowed = true;
}
break;
}
}
} else {
LOGGER.error("Looks like this filter is enabled without enabling KnoxJwtRealm, please refer" + " to https://zeppelin.apache.org/docs/latest/security/shiroauthentication.html" + "#knox-sso");
}
}
return accessAllowed;
}
use of org.apache.shiro.web.mgt.DefaultWebSecurityManager in project zeppelin by apache.
the class KerberosAuthenticationFilter method doFilterInternal.
/**
* If the request has a valid authentication token it allows the request to continue to
* the target resource,
* otherwise it triggers an authentication sequence using the configured
* {@link AuthenticationHandler}.
*
* @param request the request object.
* @param response the response object.
* @param filterChain the filter chain object.
* @throws IOException thrown if an IO error occurred.
* @throws ServletException thrown if a processing error occurred.
*/
@Override
public void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
KerberosRealm kerberosRealm = null;
DefaultWebSecurityManager defaultWebSecurityManager;
String key = ThreadContext.SECURITY_MANAGER_KEY;
defaultWebSecurityManager = (DefaultWebSecurityManager) ThreadContext.get(key);
Collection<Realm> realms = defaultWebSecurityManager.getRealms();
for (Object realm : realms) {
if (realm instanceof KerberosRealm) {
kerberosRealm = (KerberosRealm) realm;
break;
}
}
if (kerberosRealm != null) {
kerberosRealm.doKerberosAuth(request, response, filterChain);
} else {
LOG.error("Looks like this filter is enabled without enabling KerberosRealm, please refer" + " to https://zeppelin.apache.org/docs/latest/security/shiroauthentication.html" + "#kerberos-auth");
}
}
use of org.apache.shiro.web.mgt.DefaultWebSecurityManager in project SSM by Intel-bigdata.
the class SecurityUtils method getRealmsList.
public static Collection getRealmsList() {
if (!isEnabled) {
return Collections.emptyList();
}
DefaultWebSecurityManager defaultWebSecurityManager;
String key = ThreadContext.SECURITY_MANAGER_KEY;
defaultWebSecurityManager = (DefaultWebSecurityManager) ThreadContext.get(key);
Collection<Realm> realms = defaultWebSecurityManager.getRealms();
return realms;
}
use of org.apache.shiro.web.mgt.DefaultWebSecurityManager in project zeppelin by apache.
the class SecurityUtils method getRealmsList.
public static Collection getRealmsList() {
if (!isEnabled) {
return Collections.emptyList();
}
DefaultWebSecurityManager defaultWebSecurityManager;
String key = ThreadContext.SECURITY_MANAGER_KEY;
defaultWebSecurityManager = (DefaultWebSecurityManager) ThreadContext.get(key);
Collection<Realm> realms = defaultWebSecurityManager.getRealms();
return realms;
}
Aggregations