Search in sources :

Example 1 with WebSubjectContext

use of org.apache.shiro.web.subject.WebSubjectContext in project shiro by apache.

the class CookieRememberMeManagerTest method getRememberedSerializedIdentityReturnsNullForDeletedCookie.

// SHIRO-183
@Test
public void getRememberedSerializedIdentityReturnsNullForDeletedCookie() {
    HttpServletRequest mockRequest = createMock(HttpServletRequest.class);
    HttpServletResponse mockResponse = createMock(HttpServletResponse.class);
    WebSubjectContext context = new DefaultWebSubjectContext();
    context.setServletRequest(mockRequest);
    context.setServletResponse(mockResponse);
    expect(mockRequest.getAttribute(ShiroHttpServletRequest.IDENTITY_REMOVED_KEY)).andReturn(null);
    Cookie[] cookies = new Cookie[] { new Cookie(CookieRememberMeManager.DEFAULT_REMEMBER_ME_COOKIE_NAME, org.apache.shiro.web.servlet.Cookie.DELETED_COOKIE_VALUE) };
    expect(mockRequest.getCookies()).andReturn(cookies);
    replay(mockRequest);
    CookieRememberMeManager mgr = new CookieRememberMeManager();
    assertNull(mgr.getRememberedSerializedIdentity(context));
}
Also used : ShiroHttpServletRequest(org.apache.shiro.web.servlet.ShiroHttpServletRequest) HttpServletRequest(javax.servlet.http.HttpServletRequest) Cookie(javax.servlet.http.Cookie) SimpleCookie(org.apache.shiro.web.servlet.SimpleCookie) DefaultWebSubjectContext(org.apache.shiro.web.subject.support.DefaultWebSubjectContext) HttpServletResponse(javax.servlet.http.HttpServletResponse) WebSubjectContext(org.apache.shiro.web.subject.WebSubjectContext) DefaultWebSubjectContext(org.apache.shiro.web.subject.support.DefaultWebSubjectContext) Test(org.junit.Test)

Example 2 with WebSubjectContext

use of org.apache.shiro.web.subject.WebSubjectContext in project shiro by apache.

the class DefaultWebSecurityManager method createSessionContext.

@Override
protected SessionContext createSessionContext(SubjectContext subjectContext) {
    SessionContext sessionContext = super.createSessionContext(subjectContext);
    if (subjectContext instanceof WebSubjectContext) {
        WebSubjectContext wsc = (WebSubjectContext) subjectContext;
        ServletRequest request = wsc.resolveServletRequest();
        ServletResponse response = wsc.resolveServletResponse();
        DefaultWebSessionContext webSessionContext = new DefaultWebSessionContext(sessionContext);
        if (request != null) {
            webSessionContext.setServletRequest(request);
        }
        if (response != null) {
            webSessionContext.setServletResponse(response);
        }
        sessionContext = webSessionContext;
    }
    return sessionContext;
}
Also used : ServletRequest(javax.servlet.ServletRequest) ShiroHttpServletRequest(org.apache.shiro.web.servlet.ShiroHttpServletRequest) ServletResponse(javax.servlet.ServletResponse) SessionContext(org.apache.shiro.session.mgt.SessionContext) WebSubjectContext(org.apache.shiro.web.subject.WebSubjectContext) DefaultWebSubjectContext(org.apache.shiro.web.subject.support.DefaultWebSubjectContext)

Example 3 with WebSubjectContext

use of org.apache.shiro.web.subject.WebSubjectContext in project shiro by apache.

the class CookieRememberMeManagerTest method getRememberedPrincipalsDecryptionError.

// SHIRO-69
@Test
public void getRememberedPrincipalsDecryptionError() {
    HttpServletRequest mockRequest = createNiceMock(HttpServletRequest.class);
    HttpServletResponse mockResponse = createNiceMock(HttpServletResponse.class);
    WebSubjectContext context = new DefaultWebSubjectContext();
    context.setServletRequest(mockRequest);
    context.setServletResponse(mockResponse);
    expect(mockRequest.getAttribute(ShiroHttpServletRequest.IDENTITY_REMOVED_KEY)).andReturn(null);
    // Simulate a bad return value here (for example if this was encrypted with a different key
    final String userPCAesBase64 = "garbage";
    Cookie[] cookies = new Cookie[] { new Cookie(CookieRememberMeManager.DEFAULT_REMEMBER_ME_COOKIE_NAME, userPCAesBase64) };
    expect(mockRequest.getCookies()).andReturn(cookies).anyTimes();
    replay(mockRequest);
    CookieRememberMeManager mgr = new CookieRememberMeManager();
    try {
        mgr.getRememberedPrincipals(context);
    } catch (CryptoException expected) {
        return;
    }
    fail("CryptoException was expected to be thrown");
}
Also used : ShiroHttpServletRequest(org.apache.shiro.web.servlet.ShiroHttpServletRequest) HttpServletRequest(javax.servlet.http.HttpServletRequest) Cookie(javax.servlet.http.Cookie) SimpleCookie(org.apache.shiro.web.servlet.SimpleCookie) DefaultWebSubjectContext(org.apache.shiro.web.subject.support.DefaultWebSubjectContext) HttpServletResponse(javax.servlet.http.HttpServletResponse) WebSubjectContext(org.apache.shiro.web.subject.WebSubjectContext) DefaultWebSubjectContext(org.apache.shiro.web.subject.support.DefaultWebSubjectContext) CryptoException(org.apache.shiro.crypto.CryptoException) Test(org.junit.Test)

Example 4 with WebSubjectContext

use of org.apache.shiro.web.subject.WebSubjectContext in project shiro by apache.

the class CookieRememberMeManagerTest method getRememberedPrincipalsNoMoreDefaultCipher.

@Test(expected = CryptoException.class)
public void getRememberedPrincipalsNoMoreDefaultCipher() {
    HttpServletRequest mockRequest = createMock(HttpServletRequest.class);
    HttpServletResponse mockResponse = createMock(HttpServletResponse.class);
    WebSubjectContext context = new DefaultWebSubjectContext();
    context.setServletRequest(mockRequest);
    context.setServletResponse(mockResponse);
    expect(mockRequest.getAttribute(ShiroHttpServletRequest.IDENTITY_REMOVED_KEY)).andReturn(null);
    expect(mockRequest.getContextPath()).andReturn("/test");
    // The following base64 string was determined from the log output of the above 'onSuccessfulLogin' test.
    // This will have to change any time the PrincipalCollection implementation changes:
    final String userPCAesBase64 = "WlD5MLzzZznN3dQ1lPJO/eScSuY245k29aECNmjUs31o7Yu478hWhaM5Sj" + "jmoe900/72JNu3hcJaPG6Q17Vuz4F8x0kBjbFnPVx4PqzsZYT6yreeS2jwO6OwfI+efqXOKyB2a5KPtnr" + "7jt5kZsyH38XJISb81cf6xqTGUru8zC+kNqJFz7E5RpO0kraBofS5jhMm45gDVjDRkjgPJAzocVWMtrza" + "zy67P8eb+kMSBCqGI251JTNAGboVgQ28KjfaAJ/6LXRJUj7kB7CGia7mgRk+hxzEJGDs81at5VOPqODJr" + "xb8tcIdemFUFIkiYVP9bGs4dP3ECtmw7aNrCzv+84sx3vRFUrd5DbDYpEuE12hF2Y9owDK9sxStbXoF0y" + "A32dhfGDIqS+agsass0sWn8WX2TM9i8SxrUjiFbxqyIG49HbqGrZp5QLM9IuIwO+TzGfF1FzumQGdwmWT" + "xkVapw5UESl34YvA615cb+82ue1I=";
    Cookie[] cookies = new Cookie[] { new Cookie(CookieRememberMeManager.DEFAULT_REMEMBER_ME_COOKIE_NAME, userPCAesBase64) };
    expect(mockRequest.getCookies()).andReturn(cookies);
    replay(mockRequest);
    CookieRememberMeManager mgr = new CookieRememberMeManager();
    // without the old default cipher set, this will fail (expected)
    // mgr.setCipherKey( Base64.decode("kPH+bIxk5D2deZiIxcaaaA=="));
    // this will throw a CryptoException
    mgr.getRememberedPrincipals(context);
}
Also used : ShiroHttpServletRequest(org.apache.shiro.web.servlet.ShiroHttpServletRequest) HttpServletRequest(javax.servlet.http.HttpServletRequest) Cookie(javax.servlet.http.Cookie) SimpleCookie(org.apache.shiro.web.servlet.SimpleCookie) DefaultWebSubjectContext(org.apache.shiro.web.subject.support.DefaultWebSubjectContext) HttpServletResponse(javax.servlet.http.HttpServletResponse) WebSubjectContext(org.apache.shiro.web.subject.WebSubjectContext) DefaultWebSubjectContext(org.apache.shiro.web.subject.support.DefaultWebSubjectContext) Test(org.junit.Test)

Example 5 with WebSubjectContext

use of org.apache.shiro.web.subject.WebSubjectContext in project shiro by apache.

the class CookieRememberMeManagerTest method getRememberedPrincipals.

// SHIRO-69
@Test
public void getRememberedPrincipals() {
    HttpServletRequest mockRequest = createMock(HttpServletRequest.class);
    HttpServletResponse mockResponse = createMock(HttpServletResponse.class);
    WebSubjectContext context = new DefaultWebSubjectContext();
    context.setServletRequest(mockRequest);
    context.setServletResponse(mockResponse);
    expect(mockRequest.getAttribute(ShiroHttpServletRequest.IDENTITY_REMOVED_KEY)).andReturn(null);
    // The following base64 string was determined from the log output of the above 'onSuccessfulLogin' test.
    // This will have to change any time the PrincipalCollection implementation changes:
    final String userPCAesBase64 = "WlD5MLzzZznN3dQ1lPJO/eScSuY245k29aECNmjUs31o7Yu478hWhaM5Sj" + "jmoe900/72JNu3hcJaPG6Q17Vuz4F8x0kBjbFnPVx4PqzsZYT6yreeS2jwO6OwfI+efqXOKyB2a5KPtnr" + "7jt5kZsyH38XJISb81cf6xqTGUru8zC+kNqJFz7E5RpO0kraBofS5jhMm45gDVjDRkjgPJAzocVWMtrza" + "zy67P8eb+kMSBCqGI251JTNAGboVgQ28KjfaAJ/6LXRJUj7kB7CGia7mgRk+hxzEJGDs81at5VOPqODJr" + "xb8tcIdemFUFIkiYVP9bGs4dP3ECtmw7aNrCzv+84sx3vRFUrd5DbDYpEuE12hF2Y9owDK9sxStbXoF0y" + "A32dhfGDIqS+agsass0sWn8WX2TM9i8SxrUjiFbxqyIG49HbqGrZp5QLM9IuIwO+TzGfF1FzumQGdwmWT" + "xkVapw5UESl34YvA615cb+82ue1I=";
    Cookie[] cookies = new Cookie[] { new Cookie(CookieRememberMeManager.DEFAULT_REMEMBER_ME_COOKIE_NAME, userPCAesBase64) };
    expect(mockRequest.getCookies()).andReturn(cookies);
    replay(mockRequest);
    CookieRememberMeManager mgr = new CookieRememberMeManager();
    mgr.setCipherKey(Base64.decode("kPH+bIxk5D2deZiIxcaaaA=="));
    PrincipalCollection collection = mgr.getRememberedPrincipals(context);
    verify(mockRequest);
    assertTrue(collection != null);
    // noinspection ConstantConditions
    assertTrue(collection.iterator().next().equals("user"));
}
Also used : ShiroHttpServletRequest(org.apache.shiro.web.servlet.ShiroHttpServletRequest) HttpServletRequest(javax.servlet.http.HttpServletRequest) Cookie(javax.servlet.http.Cookie) SimpleCookie(org.apache.shiro.web.servlet.SimpleCookie) DefaultWebSubjectContext(org.apache.shiro.web.subject.support.DefaultWebSubjectContext) HttpServletResponse(javax.servlet.http.HttpServletResponse) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) WebSubjectContext(org.apache.shiro.web.subject.WebSubjectContext) DefaultWebSubjectContext(org.apache.shiro.web.subject.support.DefaultWebSubjectContext) Test(org.junit.Test)

Aggregations

WebSubjectContext (org.apache.shiro.web.subject.WebSubjectContext)7 ShiroHttpServletRequest (org.apache.shiro.web.servlet.ShiroHttpServletRequest)6 HttpServletRequest (javax.servlet.http.HttpServletRequest)5 HttpServletResponse (javax.servlet.http.HttpServletResponse)5 DefaultWebSubjectContext (org.apache.shiro.web.subject.support.DefaultWebSubjectContext)5 Cookie (javax.servlet.http.Cookie)4 SimpleCookie (org.apache.shiro.web.servlet.SimpleCookie)4 Test (org.junit.Test)4 ServletRequest (javax.servlet.ServletRequest)2 ServletResponse (javax.servlet.ServletResponse)2 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)2 CryptoException (org.apache.shiro.crypto.CryptoException)1 SecurityManager (org.apache.shiro.mgt.SecurityManager)1 Session (org.apache.shiro.session.Session)1 SessionContext (org.apache.shiro.session.mgt.SessionContext)1 WebDelegatingSubject (org.apache.shiro.web.subject.support.WebDelegatingSubject)1