Refine search
- Common ways to obtain Session
private void myMethod () {Session s =
SecurityUtils.getSubject().getSession()
- Smart code suggestions by Codota
}
Session session = subject.getSession(false); if (subject.isAuthenticated()) { session = subject.getSession(); session.setAttribute(DefaultSubjectContext.AUTHENTICATED_SESSION_KEY, Boolean.TRUE); Boolean existingAuthc = (Boolean) session.getAttribute(DefaultSubjectContext.AUTHENTICATED_SESSION_KEY); if (subject.isAuthenticated()) { if (existingAuthc == null || !existingAuthc) { session.setAttribute(DefaultSubjectContext.AUTHENTICATED_SESSION_KEY, Boolean.TRUE); if (existingAuthc != null) { session.removeAttribute(DefaultSubjectContext.AUTHENTICATED_SESSION_KEY);
public SessionModelDao(final Session session) { this.id = session.getId() == null ? null : session.getId().toString(); this.startTimestamp = new DateTime(session.getStartTimestamp(), DateTimeZone.UTC); this.lastAccessTime = new DateTime(session.getLastAccessTime(), DateTimeZone.UTC); this.timeout = session.getTimeout(); this.host = session.getHost(); try { this.sessionData = serializeSessionData(session); } catch (final IOException e) { this.sessionData = new byte[]{}; } }
private byte[] serializeSessionData(final Session session) throws IOException { final Map<Object, Object> sessionAttributes = new HashMap<Object, Object>(); for (final Object key : session.getAttributeKeys()) { sessionAttributes.put(key, session.getAttribute(key)); } return serializer.serialize(sessionAttributes); } }
SecurityUtils.setSecurityManager(securityManager); Subject currentUser = SecurityUtils.getSubject(); Session session = currentUser.getSession(); session.setAttribute("someKey", "aValue"); String value = (String) session.getAttribute("someKey"); if (value.equals("aValue")) { log.info("Retrieved the correct value! [" + value + "]"); if (!currentUser.isAuthenticated()) { UsernamePasswordToken token = new UsernamePasswordToken("lonestarr", "vespa"); token.setRememberMe(true); try { currentUser.login(token); } catch (UnknownAccountException uae) { log.info("There is no user with username of " + token.getPrincipal());
@Test public void testDefaultConfig() { Subject subject = SecurityUtils.getSubject(); AuthenticationToken token = new UsernamePasswordToken("guest", "guest"); subject.login(token); assertTrue(subject.isAuthenticated()); assertTrue("guest".equals(subject.getPrincipal())); assertTrue(subject.hasRole("guest")); Session session = subject.getSession(); session.setAttribute("key", "value"); assertEquals(session.getAttribute("key"), "value"); subject.logout(); assertNull(subject.getSession(false)); assertNull(subject.getPrincipal()); assertNull(subject.getPrincipals()); }
@Override public Object invoke(Object proxy, Method method, Object[] args) throws Throwable { if (SecurityUtils.getSubject().isAuthenticated()) { return method.invoke(copperMonitoringService, args); } else { final String text = "user not authenticated: " + SecurityUtils.getSubject().getPrincipal() + " session:" + SecurityUtils.getSubject().getSession().getHost(); logger.warn(text); throw new RemoteAccessException(text); } } }
@Test public void testVMSingleton() { DefaultSecurityManager sm = new DefaultSecurityManager(); Ini ini = new Ini(); Ini.Section section = ini.addSection(IniRealm.USERS_SECTION_NAME); section.put("guest", "guest"); sm.setRealm(new IniRealm(ini)); SecurityUtils.setSecurityManager(sm); try { Subject subject = SecurityUtils.getSubject(); AuthenticationToken token = new UsernamePasswordToken("guest", "guest"); subject.login(token); subject.getSession().setAttribute("key", "value"); assertTrue(subject.getSession().getAttribute("key").equals("value")); subject = SecurityUtils.getSubject(); assertTrue(subject.isAuthenticated()); assertTrue(subject.getSession().getAttribute("key").equals("value")); } finally { sm.destroy(); //SHIRO-270: SecurityUtils.setSecurityManager(null); } } }
final Subject subject = new Subject.Builder().sessionId(id).host(remoteAddrFromRequest).buildSubject(); ThreadContext.bind(subject); final Session s = subject.getSession(); try { subject.login(new UsernamePasswordToken(createRequest.username(), createRequest.password())); final User user = userService.load(createRequest.username()); if (user != null) { long timeoutInMillis = user.getSessionTimeoutMs(); s.setTimeout(timeoutInMillis); } else { s.setTimeout(TimeUnit.HOURS.toMillis(8)); s.touch(); ((DefaultSecurityManager) SecurityUtils.getSecurityManager()).getSubjectDAO().save(subject); subject.logout(); if (subject.isAuthenticated()) { id = s.getId(); return SessionResponse.create(new DateTime(s.getLastAccessTime(), DateTimeZone.UTC).plus(s.getTimeout()).toDate(), id.toString()); } else {
public static void saveRequest(ServletRequest request) { Subject subject = SecurityUtils.getSubject(); Session session = subject.getSession(); HttpServletRequest httpRequest = toHttp(request); SavedRequest savedRequest = new SavedRequest(httpRequest); session.setAttribute(SAVED_REQUEST_KEY, savedRequest); }
/** * Test that validates functionality for issue * <a href="https://issues.apache.org/jira/browse/JSEC-46">JSEC-46</a> */ @Test public void testAutoCreateSessionAfterInvalidation() { Subject subject = SecurityUtils.getSubject(); Session session = subject.getSession(); Serializable origSessionId = session.getId(); String key = "foo"; String value1 = "bar"; session.setAttribute(key, value1); assertEquals(value1, session.getAttribute(key)); //now test auto creation: session.setTimeout(50); try { Thread.sleep(150); } catch (InterruptedException e) { //ignored } try { session.setTimeout(AbstractValidatingSessionManager.DEFAULT_GLOBAL_SESSION_TIMEOUT); fail("Session should have expired."); } catch (ExpiredSessionException expected) { } }
/** * @return return a shiro subject */ @Override public Subject login(final Properties credentials) { if (credentials == null) { throw new AuthenticationRequiredException("credentials are null"); } // this makes sure it starts with a clean user object ThreadContext.remove(); Subject currentUser = SecurityUtils.getSubject(); GeodeAuthenticationToken token = new GeodeAuthenticationToken(credentials); try { logger.debug("Logging in " + token.getPrincipal()); currentUser.login(token); } catch (ShiroException e) { logger.info("error logging in: " + token.getPrincipal()); throw new AuthenticationFailedException( "Authentication error. Please check your credentials.", e); } Session currentSession = currentUser.getSession(); currentSession.setAttribute(CREDENTIALS_SESSION_ATTRIBUTE, credentials); return currentUser; }
@PostMapping("/login") public Object login(@RequestBody String body) { String username = JacksonUtil.parseString(body, "username"); String password = JacksonUtil.parseString(body, "password"); if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) { return ResponseUtil.badArgument(); } Subject currentUser = SecurityUtils.getSubject(); try { currentUser.login(new UsernamePasswordToken(username, password)); } catch (UnknownAccountException uae) { return ResponseUtil.fail(ADMIN_INVALID_ACCOUNT, "用户帐号或密码不正确"); } catch (LockedAccountException lae) { return ResponseUtil.fail(ADMIN_INVALID_ACCOUNT, "用户帐号已锁定不可用"); } catch (AuthenticationException ae) { return ResponseUtil.fail(ADMIN_INVALID_ACCOUNT, ae.getMessage()); } return ResponseUtil.ok(currentUser.getSession().getId()); }
@GET @ApiOperation(value = "Validate an existing session", notes = "Checks the session with the given ID: returns http status 204 (No Content) if session is valid.", code = 204 ) public SessionValidationResponse validateSession(@Context ContainerRequestContext requestContext) { try { this.authenticationFilter.filter(requestContext); } catch (NotAuthorizedException | LockedAccountException | IOException e) { return SessionValidationResponse.invalid(); } final Subject subject = getSubject(); if (!subject.isAuthenticated()) { return SessionValidationResponse.invalid(); } // there's no valid session, but the authenticator would like us to create one if (subject.getSession(false) == null && ShiroSecurityContext.isSessionCreationRequested()) { final Session session = subject.getSession(); LOG.debug("Session created {}", session.getId()); session.touch(); // save subject in session, otherwise we can't get the username back in subsequent requests. ((DefaultSecurityManager) SecurityUtils.getSecurityManager()).getSubjectDAO().save(subject); return SessionValidationResponse.validWithNewSession(String.valueOf(session.getId()), String.valueOf(subject.getPrincipal())); } return SessionValidationResponse.valid(); }
public static SavedRequest getSavedRequest(ServletRequest request) { SavedRequest savedRequest = null; Subject subject = SecurityUtils.getSubject(); Session session = subject.getSession(false); if (session != null) { savedRequest = (SavedRequest) session.getAttribute(SAVED_REQUEST_KEY); } return savedRequest; }
public static OrganizationInfo getOrganization() { Subject currentUser = getSubject(); if ( currentUser == null ) { return null; } if ( !currentUser.hasRole( ROLE_ORGANIZATION_ADMIN ) ) { return null; } Session session = currentUser.getSession(); OrganizationInfo organization = ( OrganizationInfo ) session.getAttribute( "organization" ); return organization; }
@Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { logger.info("doGetAuthorizationInfo+"+principalCollection.toString()); User user = userService.getByUserName((String) principalCollection.getPrimaryPrincipal()); //把principals放session中 key=userId value=principals SecurityUtils.getSubject().getSession().setAttribute(String.valueOf(user.getId()),SecurityUtils.getSubject().getPrincipals()); SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); //赋予角色 for(Role userRole:user.getRoles()){ info.addRole(userRole.getName()); } //赋予权限 for(Permission permission:permissionService.getByUserId(user.getId())){ // if(StringUtils.isNotBlank(permission.getPermCode())) info.addStringPermission(permission.getName()); } //设置登录次数、时间 // userService.updateUserLogin(user); return info; }
if (subject.isRunAs() && subject instanceof DelegatingSubject) { try { Field field = DelegatingSubject.class.getDeclaredField("principals"); currentPrincipals = subject.getPrincipals(); Session session = subject.getSession(false); session = subject.getSession(); session.setAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY, currentPrincipals); (PrincipalCollection) session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY); session.removeAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY); session.setAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY, currentPrincipals);
try { SecurityUtils.getSecurityManager(); if (!sessionManagerMethodInvocation) { Subject subject = SecurityUtils.getSubject(); Session session = subject.getSession(false); if (session != null) { sessionId = session.getId(); host = session.getHost();
public static SavedRequest getAndClearSavedRequest(ServletRequest request) { SavedRequest savedRequest = getSavedRequest(request); if (savedRequest != null) { Subject subject = SecurityUtils.getSubject(); Session session = subject.getSession(); session.removeAttribute(SAVED_REQUEST_KEY); } return savedRequest; }
/** Session已修改, 触发Shiro框架保存到缓存, 如果不这样做分布式Session的属性不会更新 **/ public static void sessionChanged() { Session session = SecurityUtils.getSubject().getSession(); // 随机修改一个属性, 触发NativeSessionManager的onChange(session) session.setAttribute("<<NULL>>", RandomTools.generateNumber(6)); session.removeAttribute("<<NULL>>"); } }