/** * Saves the subject's state to a persistent location for future reference if necessary. * <p/> * This implementation merely delegates to the internal {@link #setSubjectDAO(SubjectDAO) subjectDAO} and calls * {@link SubjectDAO#save(org.apache.shiro.subject.Subject) subjectDAO.save(subject)}. * * @param subject the subject for which state will potentially be persisted * @see SubjectDAO#save(org.apache.shiro.subject.Subject) * @since 1.2 */ protected void save(Subject subject) { this.subjectDAO.save(subject); }
/** * Removes (or 'unbinds') the Subject's state from the application, typically called during {@link #logout}.. * <p/> * This implementation merely delegates to the internal {@link #setSubjectDAO(SubjectDAO) subjectDAO} and calls * {@link SubjectDAO#delete(org.apache.shiro.subject.Subject) delete(subject)}. * * @param subject the subject for which state will be removed * @see SubjectDAO#delete(org.apache.shiro.subject.Subject) * @since 1.2 */ protected void delete(Subject subject) { this.subjectDAO.delete(subject); }
@GET @ApiOperation(value = "Validate an existing session", notes = "Checks the session with the given ID: returns http status 204 (No Content) if session is valid.", code = 204 ) public SessionValidationResponse validateSession(@Context ContainerRequestContext requestContext) { try { this.authenticationFilter.filter(requestContext); } catch (NotAuthorizedException | LockedAccountException | IOException e) { return SessionValidationResponse.invalid(); } final Subject subject = getSubject(); if (!subject.isAuthenticated()) { return SessionValidationResponse.invalid(); } // there's no valid session, but the authenticator would like us to create one if (subject.getSession(false) == null && ShiroSecurityContext.isSessionCreationRequested()) { final Session session = subject.getSession(); LOG.debug("Session created {}", session.getId()); session.touch(); // save subject in session, otherwise we can't get the username back in subsequent requests. ((DefaultSecurityManager) SecurityUtils.getSecurityManager()).getSubjectDAO().save(subject); return SessionValidationResponse.validWithNewSession(String.valueOf(session.getId()), String.valueOf(subject.getPrincipal())); } return SessionValidationResponse.valid(); }
/** * Removes (or 'unbinds') the Subject's state from the application, typically called during {@link #logout}.. * <p/> * This implementation merely delegates to the internal {@link #setSubjectDAO(SubjectDAO) subjectDAO} and calls * {@link SubjectDAO#delete(org.apache.shiro.subject.Subject) delete(subject)}. * * @param subject the subject for which state will be removed * @see SubjectDAO#delete(org.apache.shiro.subject.Subject) * @since 1.2 */ protected void delete(Subject subject) { this.subjectDAO.delete(subject); }
((DefaultSecurityManager) SecurityUtils.getSecurityManager()).getSubjectDAO().save(subject);
/** * Saves the subject's state to a persistent location for future reference if necessary. * <p/> * This implementation merely delegates to the internal {@link #setSubjectDAO(SubjectDAO) subjectDAO} and calls * {@link SubjectDAO#save(org.apache.shiro.subject.Subject) subjectDAO.save(subject)}. * * @param subject the subject for which state will potentially be persisted * @see SubjectDAO#save(org.apache.shiro.subject.Subject) * @since 1.2 */ protected void save(Subject subject) { this.subjectDAO.save(subject); }
@GET @ApiOperation(value = "Validate an existing session", notes = "Checks the session with the given ID: returns http status 204 (No Content) if session is valid.", code = 204 ) public SessionValidationResponse validateSession(@Context ContainerRequestContext requestContext) { try { this.authenticationFilter.filter(requestContext); } catch (NotAuthorizedException | LockedAccountException | IOException e) { return SessionValidationResponse.invalid(); } final Subject subject = getSubject(); if (!subject.isAuthenticated()) { return SessionValidationResponse.invalid(); } // there's no valid session, but the authenticator would like us to create one if (subject.getSession(false) == null && ShiroSecurityContext.isSessionCreationRequested()) { final Session session = subject.getSession(); LOG.debug("Session created {}", session.getId()); session.touch(); // save subject in session, otherwise we can't get the username back in subsequent requests. ((DefaultSecurityManager) SecurityUtils.getSecurityManager()).getSubjectDAO().save(subject); return SessionValidationResponse.validWithNewSession(String.valueOf(session.getId()), String.valueOf(subject.getPrincipal())); } return SessionValidationResponse.valid(); }
((DefaultSecurityManager) SecurityUtils.getSecurityManager()).getSubjectDAO().save(subject);