public boolean[] isPermitted(List<Permission> permissions) { if (hasPrincipals()) { return securityManager.isPermitted(getPrincipals(), permissions); } else { return new boolean[permissions.size()]; } }
/** * Creates and returns a new {@code Subject} instance reflecting the cumulative state acquired by the * other methods in this class. * <p/> * This {@code Builder} instance will still retain the underlying state after this method is called - it * will not clear it; repeated calls to this method will return multiple {@link Subject} instances, all * reflecting the exact same state. If a new (different) {@code Subject} is to be constructed, a new * {@code Builder} instance must be created. * <p/> * <b>Note</b> that the returned {@code Subject} instance is <b>not</b> automatically bound to the application * (thread) for further use. That is, * {@link org.apache.shiro.SecurityUtils SecurityUtils}.{@link org.apache.shiro.SecurityUtils#getSubject() getSubject()} * will not automatically return the same instance as what is returned by the builder. It is up to the * framework developer to bind the returned {@code Subject} for continued use if desired. * * @return a new {@code Subject} instance reflecting the cumulative state acquired by the * other methods in this class. */ public Subject buildSubject() { return this.securityManager.createSubject(this.subjectContext); } }
public void login(AuthenticationToken token) throws AuthenticationException { clearRunAsIdentitiesInternal(); Subject subject = securityManager.login(this, token);
securityManager.login(subject, goodToken); Assert.assertTrue(true); securityManager.login(subject, badToken); Assert.assertTrue(true); securityManager.logout(subject); securityManager.login(subject, badToken); Assert.fail("Should not succeed to login with an incorrect password"); } catch (final AuthenticationException e) { securityManager.login(subject, notGoodTokenAnyLonger); Assert.fail("Should not succeed to login with an incorrect password"); } catch (final AuthenticationException e) { securityManager.login(subject, newGoodToken); Assert.assertTrue(true); securityManager.logout(subject); securityApi.invalidateUser(username, callContext); securityManager.login(subject, notGoodTokenAnyLonger); Assert.fail("Should not succeed to login with an incorrect password"); } catch (final AuthenticationException e) {
if (!sm.hasRole(subject.getPrincipals(), constraint.value())) return constraint; break; if (!sm.isPermitted(subject.getPrincipals(), constraint.value())) return constraint; break;
session = config.getSecurityManager().getSession(sessionKey); } catch (SessionException se) { session = null; session = config.getSecurityManager().start(sessionCtx); subject = config.getSecurityManager().createSubject(subjectCtx);
public boolean isPermittedAll(String... permissions) { return hasPrincipals() && securityManager.isPermittedAll(getPrincipals(), permissions); }
public boolean hasRole(String roleIdentifier) { return hasPrincipals() && securityManager.hasRole(getPrincipals(), roleIdentifier); }
@Override public AuthenticationInfo authenticate(AuthenticationToken authenticationToken) { return delegate.authenticate(authenticationToken); }
public void checkPermission(Permission permission) throws AuthorizationException { assertAuthzCheckPossible(); securityManager.checkPermission(getPrincipals(), permission); }
public void checkPermissions(String... permissions) throws AuthorizationException { assertAuthzCheckPossible(); securityManager.checkPermissions(getPrincipals(), permissions); }
public void logout() { try { clearRunAsIdentitiesInternal(); this.securityManager.logout(this); } finally { this.session = null; this.principals = null; this.authenticated = false; //Don't set securityManager to null here - the Subject can still be //used, it is just considered anonymous at this point. The SecurityManager instance is //necessary if the subject would log in again or acquire a new session. This is in response to //https://issues.apache.org/jira/browse/JSEC-22 //this.securityManager = null; } }
public void checkRole(String role) throws AuthorizationException { assertAuthzCheckPossible(); securityManager.checkRole(getPrincipals(), role); }
securityManager.login(subject, goodToken); Assert.assertTrue(true); securityManager.login(subject, badToken); Assert.assertTrue(true); securityManager.logout(subject); securityManager.login(subject, badToken); Assert.fail("Should not succeed to login with an incorrect password"); } catch (final AuthenticationException e) { securityManager.login(subject, notGoodTokenAnyLonger); Assert.fail("Should not succeed to login with an incorrect password"); } catch (final AuthenticationException e) { securityManager.login(subject, newGoodToken); Assert.assertTrue(true); securityManager.logout(subject); securityApi.invalidateUser(username, callContext); securityManager.login(subject, notGoodTokenAnyLonger); Assert.fail("Should not succeed to login with an incorrect password"); } catch (final AuthenticationException e) {
public boolean isPermittedAll(Collection<Permission> permissions) { return hasPrincipals() && securityManager.isPermittedAll(getPrincipals(), permissions); }
public boolean hasRole(String roleIdentifier) { return hasPrincipals() && securityManager.hasRole(getPrincipals(), roleIdentifier); }
/** * Verifies passed in principal/credentials combo, and creates (if not already exists) a npm token mapped to given * principal and returns the newly created token. */ public String login(final String username, final String password) { checkNotNull(username); checkNotNull(password); try { AuthenticationInfo authenticationInfo = securityHelper.getSecurityManager().authenticate( new UsernamePasswordToken(username, password)); return super.createToken(authenticationInfo.getPrincipals()); } catch (AuthenticationException e) { log.debug("Bad credentials provided for npm token creation", e); return null; } }
public void checkPermission(String permission) throws AuthorizationException { assertAuthzCheckPossible(); securityManager.checkPermission(getPrincipals(), permission); }
public void checkPermissions(Collection<Permission> permissions) throws AuthorizationException { assertAuthzCheckPossible(); securityManager.checkPermissions(getPrincipals(), permissions); }
public void logout() { try { clearRunAsIdentitiesInternal(); this.securityManager.logout(this); } finally { this.session = null; this.principals = null; this.authenticated = false; //Don't set securityManager to null here - the Subject can still be //used, it is just considered anonymous at this point. The SecurityManager instance is //necessary if the subject would log in again or acquire a new session. This is in response to //https://issues.apache.org/jira/browse/JSEC-22 //this.securityManager = null; } }