use of org.apache.shiro.web.servlet.ShiroHttpServletRequest in project zeppelin by apache.
the class KnoxAuthenticationFilter method isAccessAllowed.
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
// Check with existing shiro authentication logic
// https://github.com/apache/shiro/blob/shiro-root-1.3.2/web/src/main/java/org/apache/shiro/
// web/filter/authc/AuthenticatingFilter.java#L123-L124
boolean accessAllowed = super.isAccessAllowed(request, response, mappedValue) || !isLoginRequest(request, response) && isPermissive(mappedValue);
if (accessAllowed) {
accessAllowed = false;
KnoxJwtRealm knoxJwtRealm = null;
// TODO(jl): Is this logic really useful?
DefaultWebSecurityManager defaultWebSecurityManager;
String key = ThreadContext.SECURITY_MANAGER_KEY;
defaultWebSecurityManager = (DefaultWebSecurityManager) ThreadContext.get(key);
Collection<Realm> realms = defaultWebSecurityManager.getRealms();
for (Object realm : realms) {
if (realm instanceof KnoxJwtRealm) {
knoxJwtRealm = (KnoxJwtRealm) realm;
break;
}
}
if (null != knoxJwtRealm) {
for (Cookie cookie : ((ShiroHttpServletRequest) request).getCookies()) {
if (cookie.getName().equals(knoxJwtRealm.getCookieName())) {
if (knoxJwtRealm.validateToken(cookie.getValue())) {
accessAllowed = true;
}
break;
}
}
} else {
LOGGER.error("Looks like this filter is enabled without enabling KnoxJwtRealm, please refer" + " to https://zeppelin.apache.org/docs/latest/security/shiroauthentication.html" + "#knox-sso");
}
}
return accessAllowed;
}
Aggregations