/** * Constructs a new {@link Subject.Builder} instance, using the {@code SecurityManager} instance available * to the calling code as determined by a call to {@link org.apache.shiro.SecurityUtils#getSecurityManager()} * to build the {@code Subject} instance. */ public Builder() { this(SecurityUtils.getSecurityManager()); }
/** * Constructs a new {@code Web.Builder} instance using the {@link SecurityManager SecurityManager} obtained by * calling {@code SecurityUtils.}{@link SecurityUtils#getSecurityManager() getSecurityManager()}. If you want * to specify your own SecurityManager instance, use the * {@link #Builder(SecurityManager, ServletRequest, ServletResponse)} constructor instead. * * @param request the incoming ServletRequest that will be associated with the built {@code WebSubject} instance. * @param response the outgoing ServletRequest paired with the ServletRequest that will be associated with the * built {@code WebSubject} instance. */ public Builder(ServletRequest request, ServletResponse response) { this(SecurityUtils.getSecurityManager(), request, response); }
public SecurityManagerProvider() { shiroManager = SecurityUtils.getSecurityManager(); }
protected static SecurityManager getSecurityManager() { return SecurityUtils.getSecurityManager(); }
public SecurityManager resolveSecurityManager() { SecurityManager securityManager = getSecurityManager(); if (securityManager == null) { if (log.isDebugEnabled()) { log.debug("No SecurityManager available in subject context map. " + "Falling back to SecurityUtils.getSecurityManager() lookup."); } try { securityManager = SecurityUtils.getSecurityManager(); } catch (UnavailableSecurityManagerException e) { if (log.isDebugEnabled()) { log.debug("No SecurityManager available via SecurityUtils. Heuristics exhausted.", e); } } } return securityManager; }
private void invalidateJDBCAuthorizationCache(final String username) { final Collection<Realm> realms = ((DefaultSecurityManager) SecurityUtils.getSecurityManager()).getRealms(); final KillBillJdbcRealm killBillJdbcRealm = (KillBillJdbcRealm) Iterables.tryFind(realms, new Predicate<Realm>() { @Override public boolean apply(@Nullable final Realm input) { return (input instanceof KillBillJdbcRealm); } }).orNull(); if (killBillJdbcRealm != null) { final SimplePrincipalCollection principals = new SimplePrincipalCollection(); principals.add(username, killBillJdbcRealm.getName()); killBillJdbcRealm.clearCachedAuthorizationInfo(principals); } } }
try { SecurityUtils.getSecurityManager(); if (!sessionManagerMethodInvocation) { Subject subject = SecurityUtils.getSubject();
public void run() { Subject callingSubject = SecurityUtils.getSubject(); assertNotNull(callingSubject); assertNotNull(SecurityUtils.getSecurityManager()); assertEquals(callingSubject, sourceSubject); } };
this.securityManager != null ? this.securityManager : SecurityUtils.getSecurityManager();
@GET @ApiOperation(value = "Validate an existing session", notes = "Checks the session with the given ID: returns http status 204 (No Content) if session is valid.", code = 204 ) public SessionValidationResponse validateSession(@Context ContainerRequestContext requestContext) { try { this.authenticationFilter.filter(requestContext); } catch (NotAuthorizedException | LockedAccountException | IOException e) { return SessionValidationResponse.invalid(); } final Subject subject = getSubject(); if (!subject.isAuthenticated()) { return SessionValidationResponse.invalid(); } // there's no valid session, but the authenticator would like us to create one if (subject.getSession(false) == null && ShiroSecurityContext.isSessionCreationRequested()) { final Session session = subject.getSession(); LOG.debug("Session created {}", session.getId()); session.touch(); // save subject in session, otherwise we can't get the username back in subsequent requests. ((DefaultSecurityManager) SecurityUtils.getSecurityManager()).getSubjectDAO().save(subject); return SessionValidationResponse.validWithNewSession(String.valueOf(session.getId()), String.valueOf(subject.getPrincipal())); } return SessionValidationResponse.valid(); }
public String call() throws Exception { Subject callingSubject = SecurityUtils.getSubject(); assertNotNull(callingSubject); assertNotNull(SecurityUtils.getSecurityManager()); assertEquals(callingSubject, sourceSubject); return "Hello " + callingSubject.getPrincipal(); } };
((DefaultSecurityManager) SecurityUtils.getSecurityManager()).getSubjectDAO().save(subject);
/** * Constructs a new {@link Subject.Builder} instance, using the {@code SecurityManager} instance available * to the calling code as determined by a call to {@link org.apache.shiro.SecurityUtils#getSecurityManager()} * to build the {@code Subject} instance. */ public Builder() { this(SecurityUtils.getSecurityManager()); }
@AfterClass public static void tearDownShiro() { doClearSubject(); try { org.apache.shiro.mgt.SecurityManager securityManager = SecurityUtils.getSecurityManager(); LifecycleUtils.destroy( securityManager ); } catch ( UnavailableSecurityManagerException e ) { // we don't care about this when cleaning up the test environment // (for example, maybe the subclass is a unit test and it didn't // need a SecurityManager instance because it was using only // mock Subject instances) } SecurityUtils.setSecurityManager( null ); }
/** * Test ensures that a {@link Subject#login(AuthenticationToken)} first uses * the {@link SecurityManager} passed to its {@link Subject.Builder} * (if one was) instead of the one found in either the {@link ThreadContext} * or statically in {@link SecurityUtils}, either of which may not exist. * <a href="https://issues.apache.org/jira/browse/SHIRO-457">SHIRO-457</a> */ @Test public void testNewSubjectWithoutThreadSecurityManager() { // Ensure no fallback sm exists in thread context or statically SecurityUtils.setSecurityManager(null); try { SecurityUtils.getSecurityManager(); } catch (UnavailableSecurityManagerException e) { assertTrue(e.getMessage().startsWith("No SecurityManager accessible")); } // Specify sm to use and build subject with DelegatingSubject subject = (DelegatingSubject)(new Subject.Builder(sm)).buildSubject(); // Login and verify specified sm is used and no error thrown AuthenticationToken token = new UsernamePasswordToken("guest", "guest"); subject.login(token); assertEquals(sm, subject.getSecurityManager()); } }
public SecurityManager resolveSecurityManager() { SecurityManager securityManager = getSecurityManager(); if (securityManager == null) { if (log.isDebugEnabled()) { log.debug("No SecurityManager available in subject context map. " + "Falling back to SecurityUtils.getSecurityManager() lookup."); } try { securityManager = SecurityUtils.getSecurityManager(); } catch (UnavailableSecurityManagerException e) { if (log.isDebugEnabled()) { log.debug("No SecurityManager available via SecurityUtils. Heuristics exhausted.", e); } } } return securityManager; }
@Test public void userMeSubstitution() { User fakeUser = new User(); fakeUser.setUuid( UUIDUtils.newTimeUUID() ); fakeUser.setUsername( "testusername" ); UUID appId = UUIDUtils.newTimeUUID(); UserInfo info = new UserInfo( appId, fakeUser.getProperties() ); ApplicationUserPrincipal principal = new ApplicationUserPrincipal( appId, info ); Subject subject = new Subject.Builder( SecurityUtils.getSecurityManager() ) .principals( new SimplePrincipalCollection( principal, "usergrid" ) ).buildSubject(); setSubject( subject ); testImplies( true, "/users/mefake@usergrid.org/**", "/users/mefake@usergrid.org/permissions" ); //test substitution testImplies( true, "/users/me/**", String.format( "/users/%s/permissions", fakeUser.getUsername() ) ); testImplies( true, "/users/me/**", String.format( "/users/%s/permissions", fakeUser.getUuid() ) ); }
/** * Returns current security manager. */ public SecurityManager getSecurityManager() { return SecurityUtils.getSecurityManager(); }
/** * Constructs a new {@link Subject.Builder} instance, using the {@code SecurityManager} instance available * to the calling code as determined by a call to {@link org.apache.shiro.SecurityUtils#getSecurityManager()} * to build the {@code Subject} instance. */ public Builder() { this(SecurityUtils.getSecurityManager()); }
public static SecurityManager getSecurityManager() { try { return SecurityUtils.getSecurityManager(); } catch (Throwable e) { log.info("RequestURI:{}", getRequestURI()); log.info(e.getMessage()); return null; } }