Examples with SessionIdToken org.graylog2.shared.security.SessionIdToken used on opensource projects

Search in sources :

Example 1 with SessionIdToken

use of org.graylog2.shared.security.SessionIdToken in project graylog2-server by Graylog2.

the class SessionAuthenticator method doGetAuthenticationInfo.

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    SessionIdToken sessionIdToken = (SessionIdToken) token;
    final Subject subject = new Subject.Builder().sessionId(sessionIdToken.getSessionId()).buildSubject();
    final Session session = subject.getSession(false);
    if (session == null) {
        LOG.debug("Invalid session {}. Either it has expired or did not exist.", sessionIdToken.getSessionId());
        return null;
    }
    final Object username = subject.getPrincipal();
    final User user = userService.load(String.valueOf(username));
    if (user == null) {
        LOG.debug("No user named {} found for session {}", username, sessionIdToken.getSessionId());
        return null;
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("Found session {} for user name {}", session.getId(), username);
    }
    @SuppressWarnings("unchecked") final MultivaluedMap<String, String> requestHeaders = (MultivaluedMap<String, String>) ThreadContext.get(ShiroSecurityContextFilter.REQUEST_HEADERS);
    // extend session unless the relevant header was passed.
    if (requestHeaders != null && !"true".equalsIgnoreCase(requestHeaders.getFirst(X_GRAYLOG_NO_SESSION_EXTENSION))) {
        session.touch();
    } else {
        LOG.debug("Not extending session because the request indicated not to.");
    }
    ThreadContext.bind(subject);
    return new SimpleAccount(user.getName(), null, "session authenticator");
}
Also used : SimpleAccount(org.apache.shiro.authc.SimpleAccount) User(org.graylog2.plugin.database.users.User) SessionIdToken(org.graylog2.shared.security.SessionIdToken) MultivaluedMap(javax.ws.rs.core.MultivaluedMap) Subject(org.apache.shiro.subject.Subject) Session(org.apache.shiro.session.Session)

Aggregations

MultivaluedMap (javax.ws.rs.core.MultivaluedMap)1 SimpleAccount (org.apache.shiro.authc.SimpleAccount)1 Session (org.apache.shiro.session.Session)1 Subject (org.apache.shiro.subject.Subject)1 User (org.graylog2.plugin.database.users.User)1 SessionIdToken (org.graylog2.shared.security.SessionIdToken)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial