Google Git
Sign in
apache / shiro-site / 01016f43374d9b054f3ea1e568b015d5d69428f9 / . / src / site / assets / static / 1.10.0 / cpd.html
blob: 81bd3420bc892892f295e7ec457c8c95c4cb05b3 [file] [log] [blame]
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia Site Renderer 1.11.1 at 2022-10-07
| Rendered using Apache Maven Fluido Skin 1.5
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20221007" />
<meta http-equiv="Content-Language" content="en" />
<title>shiro-root &#x2013; CPD Results</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.5.min.css" />
<link rel="stylesheet" href="./css/site.css" />
<link rel="stylesheet" href="./css/print.css" media="print" />
<script type="text/javascript" src="./js/apache-maven-fluido-1.5.min.js"></script>
</head>
<body class="topBarDisabled">
<div class="container-fluid">
<div id="banner">
<div class="pull-left">
<a href="http://shiro.apache.org" id="bannerLeft">
<img src="http://shiro.apache.org/images/apache-shiro-logo.png" alt="Shiro"/>
</a>
</div>
<div class="pull-right"> <div id="bannerRight">
<img src="http://shiro.apache.org/images/asf_logo.png" />
</div>
</div>
<div class="clear"><hr/></div>
</div>
<div id="breadcrumbs">
<ul class="breadcrumb">
<li class="">
<a href="index.html" title="Apache Shiro">
Apache Shiro</a>
<span class="divider">/</span>
</li>
<li class="active ">CPD Results</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2022-10-07</li>
<li id="projectVersion" class="pull-right">
Version: 1.10.0
</li>
</ul>
</div>
<div class="row-fluid">
<div id="leftColumn" class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Modules</li>
<li>
<a href="shiro-lang/index.html" title="Apache Shiro :: Lang">
<span class="none"></span>
Apache Shiro :: Lang</a>
</li>
<li>
<a href="shiro-crypto/index.html" title="Apache Shiro :: Cryptography">
<span class="none"></span>
Apache Shiro :: Cryptography</a>
</li>
<li>
<a href="shiro-event/index.html" title="Apache Shiro :: Event">
<span class="none"></span>
Apache Shiro :: Event</a>
</li>
<li>
<a href="shiro-cache/index.html" title="Apache Shiro :: Cache">
<span class="none"></span>
Apache Shiro :: Cache</a>
</li>
<li>
<a href="shiro-config/index.html" title="Apache Shiro :: Configuration">
<span class="none"></span>
Apache Shiro :: Configuration</a>
</li>
<li>
<a href="shiro-core/index.html" title="Apache Shiro :: Core">
<span class="none"></span>
Apache Shiro :: Core</a>
</li>
<li>
<a href="shiro-web/index.html" title="Apache Shiro :: Web">
<span class="none"></span>
Apache Shiro :: Web</a>
</li>
<li>
<a href="shiro-support/index.html" title="Apache Shiro :: Support">
<span class="none"></span>
Apache Shiro :: Support</a>
</li>
<li>
<a href="shiro-tools/index.html" title="Apache Shiro :: Tools">
<span class="none"></span>
Apache Shiro :: Tools</a>
</li>
<li>
<a href="shiro-all/index.html" title="Apache Shiro :: All (aggregate jar)">
<span class="none"></span>
Apache Shiro :: All (aggregate jar)</a>
</li>
<li>
<a href="shiro-samples/index.html" title="Apache Shiro :: Samples">
<span class="none"></span>
Apache Shiro :: Samples</a>
</li>
<li>
<a href="shiro-integration-tests/index.html" title="Apache Shiro :: Integration Tests">
<span class="none"></span>
Apache Shiro :: Integration Tests</a>
</li>
<li>
<a href="shiro-test-coverage/index.html" title="Apache Shiro :: Test Coverage">
<span class="none"></span>
Apache Shiro :: Test Coverage</a>
</li>
<li class="nav-header">Project Documentation</li>
<li>
<a href="project-info.html" title="Project Information">
<span class="icon-chevron-right"></span>
Project Information</a>
</li>
<li>
<a href="project-reports.html" title="Project Reports">
<span class="icon-chevron-down"></span>
Project Reports</a>
<ul class="nav nav-list">
<li>
<a href="apidocs/index.html" title="Javadoc">
<span class="none"></span>
Javadoc</a>
</li>
<li class="active">
<a href="#"><span class="none"></span>CPD</a>
</li>
<li>
<a href="pmd.html" title="PMD">
<span class="none"></span>
PMD</a>
</li>
<li>
<a href="rat-report.html" title="Rat Report">
<span class="none"></span>
Rat Report</a>
</li>
<li>
<a href="surefire-report.html" title="Surefire Report">
<span class="none"></span>
Surefire Report</a>
</li>
<li>
<a href="dashboard-report.html" title="Global DashBoard Report">
<span class="none"></span>
Global DashBoard Report</a>
</li>
</ul>
</li>
</ul>
<hr />
<div id="poweredBy">
<div class="clear"></div>
<div class="clear"></div>
<div class="clear"></div>
<div class="clear"></div>
<a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
<img class="builtBy" alt="Built by Maven" src="./images/logos/maven-feather.png" />
</a>
</div>
</div>
</div>
<div id="bodyColumn" class="span10" >
<section>
<h2><a name="CPD_Results"></a>CPD Results</h2>
<p>The following document contains the results of PMD's <a class="externalLink" href="https://pmd.github.io/latest/pmd_userdocs_cpd.html">CPD</a> 6.49.0.</p></section><section>
<h2><a name="Duplications"></a>Duplications</h2>
<table border="0" class="table table-striped">
<tr class="a">
<th>File</th>
<th>Project</th>
<th>Line</th></tr>
<tr class="b">
<td>org/apache/shiro/samples/guice/SampleShiroServletModule.java</td>
<td>Apache Shiro :: ITs :: Guice 4</td>
<td><a href="./xref/org/apache/shiro/samples/guice/SampleShiroServletModule.html#L38">38</a></td></tr>
<tr class="a">
<td>org/apache/shiro/samples/guice/SampleShiroServletModule.java</td>
<td>Apache Shiro :: Samples :: Guice Web</td>
<td><a href="./xref/org/apache/shiro/samples/guice/SampleShiroServletModule.html#L39">39</a></td></tr>
<tr class="b"><td colspan='3'>
<div>
<pre>public class SampleShiroServletModule extends ShiroWebModule {
private final ServletContext servletContext;
public SampleShiroServletModule(ServletContext servletContext) {
super(servletContext);
this.servletContext = servletContext;
}
@Override
protected void configureShiroWeb() {
bindConstant().annotatedWith(Names.named(&quot;shiro.loginUrl&quot;)).to(&quot;/login.jsp&quot;);
try {
this.bindRealm().toConstructor(IniRealm.class.getConstructor(Ini.class));
} catch (NoSuchMethodException e) {
addError(&quot;Could not locate proper constructor for IniRealm.&quot;, e);
}
this.addFilterChain(&quot;/login.jsp&quot;, AUTHC);
this.addFilterChain(&quot;/logout&quot;, LOGOUT);
this.addFilterChain(&quot;/account/**&quot;, AUTHC);
this.addFilterChain(&quot;/remoting/**&quot;, filterConfig(AUTHC), filterConfig(ROLES, &quot;b2bClient&quot;), filterConfig(PERMS, &quot;remote:invoke:lan,wan&quot;));
}
@Provides
@Singleton
Ini loadShiroIni() throws MalformedURLException {
URL iniUrl = servletContext.getResource(&quot;/WEB-INF/shiro.ini&quot;);
return Ini.fromResourcePath(&quot;url:&quot; + iniUrl.toExternalForm());
}
@Override
protected void bindWebSecurityManager(AnnotatedBindingBuilder&lt;? super WebSecurityManager&gt; bind)
{
try
{
String cipherKey = loadShiroIni().getSectionProperty( &quot;main&quot;, &quot;securityManager.rememberMeManager.cipherKey&quot; );
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
CookieRememberMeManager rememberMeManager = new CookieRememberMeManager();
rememberMeManager.setCipherKey( Base64.decode( cipherKey ) );
securityManager.setRememberMeManager(rememberMeManager);
bind.toInstance(securityManager);
}
catch ( MalformedURLException e )
{
// for now just throw, you could just call
// super.bindWebSecurityManager(bind) if you do not need rememberMe functionality
throw new ConfigurationException( &quot;securityManager.rememberMeManager.cipherKey must be set in shiro.ini.&quot; );
}
}
}</pre></div></td></tr></table>
<table border="0" class="table table-striped">
<tr class="a">
<th>File</th>
<th>Project</th>
<th>Line</th></tr>
<tr class="b">
<td>QuickstartGuice.java</td>
<td>Apache Shiro :: Samples :: Quick Start Guice</td>
<td><a href="./xref/QuickstartGuice.html#L44">44</a></td></tr>
<tr class="a">
<td>Quickstart.java</td>
<td>Apache Shiro :: Samples :: Quick Start</td>
<td><a href="./xref/Quickstart.html#L51">51</a></td></tr>
<tr class="b"><td colspan='3'>
<div>
<pre>SecurityManager securityManager = injector.getInstance(SecurityManager.class);
// for this simple example quickstart, make the SecurityManager
// accessible as a JVM singleton. Most applications wouldn't do this
// and instead rely on their container configuration or web.xml for
// webapps. That is outside the scope of this simple quickstart, so
// we'll just do the bare minimum so you can continue to get a feel
// for things.
SecurityUtils.setSecurityManager(securityManager);
// Now that a simple Shiro environment is set up, let's see what you can do:
// get the currently executing user:
Subject currentUser = SecurityUtils.getSubject();
// Do some stuff with a Session (no need for a web or EJB container!!!)
Session session = currentUser.getSession();
session.setAttribute(&quot;someKey&quot;, &quot;aValue&quot;);
String value = (String) session.getAttribute(&quot;someKey&quot;);
if (value.equals(&quot;aValue&quot;)) {
log.info(&quot;Retrieved the correct value! [&quot; + value + &quot;]&quot;);
}
// let's login the current user so we can check against roles and permissions:
if (!currentUser.isAuthenticated()) {
UsernamePasswordToken token = new UsernamePasswordToken(&quot;lonestarr&quot;, &quot;vespa&quot;);
token.setRememberMe(true);
try {
currentUser.login(token);
} catch (UnknownAccountException uae) {
log.info(&quot;There is no user with username of &quot; + token.getPrincipal());
} catch (IncorrectCredentialsException ice) {
log.info(&quot;Password for account &quot; + token.getPrincipal() + &quot; was incorrect!&quot;);
} catch (LockedAccountException lae) {
log.info(&quot;The account for username &quot; + token.getPrincipal() + &quot; is locked. &quot; +
&quot;Please contact your administrator to unlock it.&quot;);
}
// ... catch more exceptions here (maybe custom ones specific to your application?
catch (AuthenticationException ae) {
//unexpected condition? error?
}
}
//say who they are:
//print their identifying principal (in this case, a username):
log.info(&quot;User [&quot; + currentUser.getPrincipal() + &quot;] logged in successfully.&quot;);
//test a role:
if (currentUser.hasRole(&quot;schwartz&quot;)) {
log.info(&quot;May the Schwartz be with you!&quot;);
} else {
log.info(&quot;Hello, mere mortal.&quot;);
}
//test a typed permission (not instance-level)
if (currentUser.isPermitted(&quot;lightsaber:weild&quot;)) {</pre></div></td></tr></table>
<table border="0" class="table table-striped">
<tr class="a">
<th>File</th>
<th>Project</th>
<th>Line</th></tr>
<tr class="b">
<td>org/apache/shiro/spring/boot/autoconfigure/ShiroAutoConfiguration.java</td>
<td>Apache Shiro :: Support :: Spring Boot</td>
<td><a href="./xref/org/apache/shiro/spring/boot/autoconfigure/ShiroAutoConfiguration.html#L48">48</a></td></tr>
<tr class="a">
<td>org/apache/shiro/spring/config/web/autoconfigure/ShiroWebAutoConfiguration.java</td>
<td>Apache Shiro :: Support :: Spring Boot</td>
<td><a href="./xref/org/apache/shiro/spring/config/web/autoconfigure/ShiroWebAutoConfiguration.html#L56">56</a></td></tr>
<tr class="b"><td colspan='3'>
<div>
<pre>public class ShiroAutoConfiguration extends AbstractShiroConfiguration {
@Bean
@ConditionalOnMissingBean
@Override
protected AuthenticationStrategy authenticationStrategy() {
return super.authenticationStrategy();
}
@Bean
@ConditionalOnMissingBean
@Override
protected Authenticator authenticator() {
return super.authenticator();
}
@Bean
@ConditionalOnMissingBean
@Override
protected Authorizer authorizer() {
return super.authorizer();
}
@Bean
@ConditionalOnMissingBean
@Override
protected SubjectDAO subjectDAO() {
return super.subjectDAO();
}
@Bean
@ConditionalOnMissingBean
@Override
protected SessionStorageEvaluator sessionStorageEvaluator() {
return super.sessionStorageEvaluator();
}
@Bean
@ConditionalOnMissingBean
@Override
protected SubjectFactory subjectFactory() {
return super.subjectFactory();
}
@Bean
@ConditionalOnMissingBean
@Override
protected SessionFactory sessionFactory() {
return super.sessionFactory();
}
@Bean
@ConditionalOnMissingBean
@Override
protected SessionDAO sessionDAO() {
return super.sessionDAO();
}
@Bean
@ConditionalOnMissingBean
@Override
protected SessionManager sessionManager() {
return super.sessionManager();
}
@Bean
@ConditionalOnMissingBean
@Override
protected SessionsSecurityManager securityManager(List&lt;Realm&gt; realms) {
return super.securityManager(realms);
}
@Bean
@ConditionalOnResource(resources = &quot;classpath:shiro.ini&quot;)</pre></div></td></tr></table>
<table border="0" class="table table-striped">
<tr class="a">
<th>File</th>
<th>Project</th>
<th>Line</th></tr>
<tr class="b">
<td>org/apache/shiro/realm/ldap/DefaultLdapContextFactory.java</td>
<td>Apache Shiro :: Core</td>
<td><a href="./xref/org/apache/shiro/realm/ldap/DefaultLdapContextFactory.html#L291">291</a></td></tr>
<tr class="a">
<td>org/apache/shiro/realm/ldap/JndiLdapContextFactory.java</td>
<td>Apache Shiro :: Core</td>
<td><a href="./xref/org/apache/shiro/realm/ldap/JndiLdapContextFactory.html#L523">523</a></td></tr>
<tr class="b"><td colspan='3'>
<div>
<pre>private void validateAuthenticationInfo(Hashtable&lt;String, Object&gt; environment)
throws AuthenticationException
{
// validate when using Simple auth both principal and credentials are set
if(SIMPLE_AUTHENTICATION_MECHANISM_NAME.equals(environment.get(Context.SECURITY_AUTHENTICATION))) {
// only validate credentials if we have a non-empty principal
if( environment.get(Context.SECURITY_PRINCIPAL) != null &amp;&amp;
StringUtils.hasText( String.valueOf( environment.get(Context.SECURITY_PRINCIPAL) ))) {
Object credentials = environment.get(Context.SECURITY_CREDENTIALS);
// from the FAQ, we need to check for empty credentials:
// http://docs.oracle.com/javase/tutorial/jndi/ldap/faq.html
if( credentials == null ||
(credentials instanceof byte[] &amp;&amp; ((byte[])credentials).length &lt;= 0) || // empty byte[]
(credentials instanceof char[] &amp;&amp; ((char[])credentials).length &lt;= 0) || // empty char[]
(String.class.isInstance(credentials) &amp;&amp; !StringUtils.hasText(String.valueOf(credentials)))) {
throw new javax.naming.AuthenticationException(&quot;LDAP Simple authentication requires both a &quot;
+ &quot;principal and credentials.&quot;);
}
}
}
}
}</pre></div></td></tr></table>
<table border="0" class="table table-striped">
<tr class="a">
<th>File</th>
<th>Project</th>
<th>Line</th></tr>
<tr class="b">
<td>org/apache/shiro/samples/guice/SampleShiroServletModule.java</td>
<td>Apache Shiro :: ITs :: Guice 4</td>
<td><a href="./xref/org/apache/shiro/samples/guice/SampleShiroServletModule.html#L41">41</a></td></tr>
<tr class="a">
<td>org/apache/shiro/samples/guice/SampleShiroNativeSessionsServletModule.java</td>
<td>Apache Shiro :: Samples :: Guice Web</td>
<td><a href="./xref/org/apache/shiro/samples/guice/SampleShiroNativeSessionsServletModule.html#L45">45</a></td></tr>
<tr class="b">
<td>org/apache/shiro/samples/guice/SampleShiroServletModule.java</td>
<td>Apache Shiro :: Samples :: Guice Web</td>
<td><a href="./xref/org/apache/shiro/samples/guice/SampleShiroServletModule.html#L42">42</a></td></tr>
<tr class="a"><td colspan='3'>
<div>
<pre>public SampleShiroServletModule(ServletContext servletContext) {
super(servletContext);
this.servletContext = servletContext;
}
@Override
protected void configureShiroWeb() {
bindConstant().annotatedWith(Names.named(&quot;shiro.loginUrl&quot;)).to(&quot;/login.jsp&quot;);
try {
this.bindRealm().toConstructor(IniRealm.class.getConstructor(Ini.class));
} catch (NoSuchMethodException e) {
addError(&quot;Could not locate proper constructor for IniRealm.&quot;, e);
}
this.addFilterChain(&quot;/login.jsp&quot;, AUTHC);
this.addFilterChain(&quot;/logout&quot;, LOGOUT);
this.addFilterChain(&quot;/account/**&quot;, AUTHC);
this.addFilterChain(&quot;/remoting/**&quot;, filterConfig(AUTHC), filterConfig(ROLES, &quot;b2bClient&quot;), filterConfig(PERMS, &quot;remote:invoke:lan,wan&quot;));
}
@Provides
@Singleton
Ini loadShiroIni() throws MalformedURLException {
URL iniUrl = servletContext.getResource(&quot;/WEB-INF/shiro.ini&quot;);
return Ini.fromResourcePath(&quot;url:&quot; + iniUrl.toExternalForm());
}
@Override
protected void bindWebSecurityManager(AnnotatedBindingBuilder&lt;? super WebSecurityManager&gt; bind)</pre></div></td></tr></table>
<table border="0" class="table table-striped">
<tr class="b">
<th>File</th>
<th>Project</th>
<th>Line</th></tr>
<tr class="a">
<td>org/apache/shiro/crypto/hash/AbstractHash.java</td>
<td>Apache Shiro :: Cryptography :: Hashing</td>
<td><a href="./xref/org/apache/shiro/crypto/hash/AbstractHash.html#L225">225</a></td></tr>
<tr class="b">
<td>org/apache/shiro/crypto/hash/SimpleHash.java</td>
<td>Apache Shiro :: Cryptography :: Hashing</td>
<td><a href="./xref/org/apache/shiro/crypto/hash/SimpleHash.html#L360">360</a></td></tr>
<tr class="a"><td colspan='3'>
<div>
<pre>}
/**
* Returns a hex-encoded string of the underlying {@link #getBytes byte array}.
* &lt;p/&gt;
* This implementation caches the resulting hex string so multiple calls to this method remain efficient.
* However, calling {@link #setBytes setBytes} will null the cached value, forcing it to be recalculated the
* next time this method is called.
*
* @return a hex-encoded string of the underlying {@link #getBytes byte array}.
*/
public String toHex() {
if (this.hexEncoded == null) {
this.hexEncoded = Hex.encodeToString(getBytes());
}
return this.hexEncoded;
}
/**
* Returns a Base64-encoded string of the underlying {@link #getBytes byte array}.
* &lt;p/&gt;
* This implementation caches the resulting Base64 string so multiple calls to this method remain efficient.
* However, calling {@link #setBytes setBytes} will null the cached value, forcing it to be recalculated the
* next time this method is called.
*
* @return a Base64-encoded string of the underlying {@link #getBytes byte array}.
*/
public String toBase64() {
if (this.base64Encoded == null) {
//cache result in case this method is called multiple times.
this.base64Encoded = Base64.encodeToString(getBytes());
}
return this.base64Encoded;
}
/**
* Simple implementation that merely returns {@link #toHex() toHex()}.
*
* @return the {@link #toHex() toHex()} value.
*/
public String toString() {
return toHex();
}
/**
* Returns {@code true} if the specified object is a Hash and its {@link #getBytes byte array} is identical to
* this Hash's byte array, {@code false} otherwise.
*
* @param o the object (Hash) to check for equality.
* @return {@code true} if the specified object is a Hash and its {@link #getBytes byte array} is identical to
* this Hash's byte array, {@code false} otherwise.
*/
public boolean equals(Object o) {
if (o instanceof Hash) {
Hash other = (Hash) o;
return MessageDigest.isEqual(getBytes(), other.getBytes());
}
return false;
}
/**
* Simply returns toHex().hashCode();
*
* @return toHex().hashCode()
*/
public int hashCode() {
if (this.bytes == null || this.bytes.length == 0) {
return 0;
}
return Arrays.hashCode(this.bytes);
}</pre></div></td></tr></table>
<table border="0" class="table table-striped">
<tr class="b">
<th>File</th>
<th>Project</th>
<th>Line</th></tr>
<tr class="a">
<td>org/apache/shiro/samples/QuickStart.java</td>
<td>Apache Shiro :: Samples :: Spring Boot</td>
<td><a href="./xref/org/apache/shiro/samples/QuickStart.html#L37">37</a></td></tr>
<tr class="b">
<td>org/apache/shiro/samples/spring/QuickStart.java</td>
<td>Apache Shiro :: Samples :: Spring Quickstart</td>
<td><a href="./xref/org/apache/shiro/samples/spring/QuickStart.html#L37">37</a></td></tr>
<tr class="a"><td colspan='3'>
<div>
<pre>@Component
public class QuickStart {
private static Logger log = LoggerFactory.getLogger(QuickStart.class);
@Autowired
private SecurityManager securityManager;
@Autowired
private SimpleService simpleService;
public void run() {
// get the current subject
Subject subject = SecurityUtils.getSubject();
// Subject is not authenticated yet
Assert.isTrue(!subject.isAuthenticated());
// login the subject with a username / password
UsernamePasswordToken token = new UsernamePasswordToken(&quot;joe.coder&quot;, &quot;password&quot;);
subject.login(token);
// joe.coder has the &quot;user&quot; role
subject.checkRole(&quot;user&quot;);
// joe.coder does NOT have the admin role
Assert.isTrue(!subject.hasRole(&quot;admin&quot;));
// joe.coder has the &quot;read&quot; permission
subject.checkPermission(&quot;read&quot;);
// current user is allowed to execute this method.
simpleService.readRestrictedCall();
try {
// but not this one!
simpleService.writeRestrictedCall();
}
catch (AuthorizationException e) {
log.info(&quot;Subject was NOT allowed to execute method 'writeRestrictedCall'&quot;);
}
// logout
subject.logout();
Assert.isTrue(!subject.isAuthenticated());
}
/**
* Sets the static instance of SecurityManager. This is NOT needed for web applications.
*/
@PostConstruct
private void initStaticSecurityManager() {
SecurityUtils.setSecurityManager(securityManager);
}
}</pre></div></td></tr></table>
<table border="0" class="table table-striped">
<tr class="b">
<th>File</th>
<th>Project</th>
<th>Line</th></tr>
<tr class="a">
<td>org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java</td>
<td>Apache Shiro :: Web</td>
<td><a href="./xref/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.html#L75">75</a></td></tr>
<tr class="b">
<td>org/apache/shiro/web/filter/authc/HttpAuthenticationFilter.java</td>
<td>Apache Shiro :: Web</td>
<td><a href="./xref/org/apache/shiro/web/filter/authc/HttpAuthenticationFilter.html#L320">320</a></td></tr>
<tr class="a"><td colspan='3'>
<div>
<pre>}
/**
* Creates an AuthenticationToken for use during login attempt with the provided credentials in the http header.
* &lt;p/&gt;
* This implementation:
* &lt;ol&gt;&lt;li&gt;acquires the username and password based on the request's
* {@link #getAuthzHeader(javax.servlet.ServletRequest) authorization header} via the
* {@link #getPrincipalsAndCredentials(String, javax.servlet.ServletRequest) getPrincipalsAndCredentials} method&lt;/li&gt;
* &lt;li&gt;The return value of that method is converted to an &lt;code&gt;AuthenticationToken&lt;/code&gt; via the
* {@link #createToken(String, String, javax.servlet.ServletRequest, javax.servlet.ServletResponse) createToken} method&lt;/li&gt;
* &lt;li&gt;The created &lt;code&gt;AuthenticationToken&lt;/code&gt; is returned.&lt;/li&gt;
* &lt;/ol&gt;
*
* @param request incoming ServletRequest
* @param response outgoing ServletResponse
* @return the AuthenticationToken used to execute the login attempt
*/
protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) {
String authorizationHeader = getAuthzHeader(request);
if (authorizationHeader == null || authorizationHeader.length() == 0) {
// Create an empty authentication token since there is no
// Authorization header.
return createToken(&quot;&quot;, &quot;&quot;, request, response);
}
log.debug(&quot;Attempting to execute login with auth header&quot;);
String[] prinCred = getPrincipalsAndCredentials(authorizationHeader, request);
if (prinCred == null || prinCred.length &lt; 2) {
// Create an authentication token with an empty password,
// since one hasn't been provided in the request.
String username = prinCred == null || prinCred.length == 0 ? &quot;&quot; : prinCred[0];
return createToken(username, &quot;&quot;, request, response);
}
String username = prinCred[0];
String password = prinCred[1];
return createToken(username, password, request, response);
}
/**
* Returns the username and password pair based on the specified &lt;code&gt;encoded&lt;/code&gt; String obtained from
* the request's authorization header.
* &lt;p/&gt;
* Per RFC 2617, the default implementation first Base64 decodes the string and then splits the resulting decoded
* string into two based on the &quot;:&quot; character. That is:
* &lt;p/&gt;
* &lt;code&gt;String decoded = Base64.decodeToString(encoded);&lt;br/&gt;
* return decoded.split(&quot;:&quot;);&lt;/code&gt;
*
* @param scheme the {@link #getAuthcScheme() authcScheme} found in the request
* {@link #getAuthzHeader(javax.servlet.ServletRequest) authzHeader}. It is ignored by this implementation,
* but available to overriding implementations should they find it useful.
* @param encoded the Base64-encoded username:password value found after the scheme in the header
* @return the username (index 0)/password (index 1) pair obtained from the encoded header data.
*/
protected String[] getPrincipalsAndCredentials(String scheme, String encoded) {</pre></div></td></tr></table>
<table border="0" class="table table-striped">
<tr class="b">
<th>File</th>
<th>Project</th>
<th>Line</th></tr>
<tr class="a">
<td>org/apache/shiro/samples/guice/SampleShiroServletModule.java</td>
<td>Apache Shiro :: ITs :: Guice 3</td>
<td><a href="./xref/org/apache/shiro/samples/guice/SampleShiroServletModule.html#L60">60</a></td></tr>
<tr class="b">
<td>org/apache/shiro/samples/guice/SampleShiroServletModule.java</td>
<td>Apache Shiro :: ITs :: Guice 4</td>
<td><a href="./xref/org/apache/shiro/samples/guice/SampleShiroServletModule.html#L60">60</a></td></tr>
<tr class="a">
<td>org/apache/shiro/samples/guice/SampleShiroServletModule.java</td>
<td>Apache Shiro :: Samples :: Guice Web</td>
<td><a href="./xref/org/apache/shiro/samples/guice/SampleShiroServletModule.html#L61">61</a></td></tr>
<tr class="b"><td colspan='3'>
<div>
<pre>this.addFilterChain(&quot;/remoting/**&quot;, AUTHC, config(ROLES, &quot;b2bClient&quot;), config(PERMS, &quot;remote:invoke:lan,wan&quot;));
}
@Provides
@Singleton
Ini loadShiroIni() throws MalformedURLException {
URL iniUrl = servletContext.getResource(&quot;/WEB-INF/shiro.ini&quot;);
return Ini.fromResourcePath(&quot;url:&quot; + iniUrl.toExternalForm());
}
@Override
protected void bindWebSecurityManager(AnnotatedBindingBuilder&lt;? super WebSecurityManager&gt; bind)
{
try
{
String cipherKey = loadShiroIni().getSectionProperty( &quot;main&quot;, &quot;securityManager.rememberMeManager.cipherKey&quot; );
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
CookieRememberMeManager rememberMeManager = new CookieRememberMeManager();
rememberMeManager.setCipherKey( Base64.decode( cipherKey ) );
securityManager.setRememberMeManager(rememberMeManager);
bind.toInstance(securityManager);
}
catch ( MalformedURLException e )
{
// for now just throw, you could just call
// super.bindWebSecurityManager(bind) if you do not need rememberMe functionality
throw new ConfigurationException( &quot;securityManager.rememberMeManager.cipherKey must be set in shiro.ini.&quot; );
}
}
}</pre></div></td></tr></table>
<table border="0" class="table table-striped">
<tr class="a">
<th>File</th>
<th>Project</th>
<th>Line</th></tr>
<tr class="b">
<td>org/apache/shiro/samples/guice/SampleShiroServletModule.java</td>
<td>Apache Shiro :: ITs :: Guice 3</td>
<td><a href="./xref/org/apache/shiro/samples/guice/SampleShiroServletModule.html#L38">38</a></td></tr>
<tr class="a">
<td>org/apache/shiro/samples/guice/SampleShiroServletModule.java</td>
<td>Apache Shiro :: ITs :: Guice 4</td>
<td><a href="./xref/org/apache/shiro/samples/guice/SampleShiroServletModule.html#L38">38</a></td></tr>
<tr class="b">
<td>org/apache/shiro/samples/guice/SampleShiroServletModule.java</td>
<td>Apache Shiro :: Samples :: Guice Web</td>
<td><a href="./xref/org/apache/shiro/samples/guice/SampleShiroServletModule.html#L39">39</a></td></tr>
<tr class="a"><td colspan='3'>
<div>
<pre>public class SampleShiroServletModule extends ShiroWebModule {
private final ServletContext servletContext;
public SampleShiroServletModule(ServletContext servletContext) {
super(servletContext);
this.servletContext = servletContext;
}
@Override
protected void configureShiroWeb() {
bindConstant().annotatedWith(Names.named(&quot;shiro.loginUrl&quot;)).to(&quot;/login.jsp&quot;);
try {
this.bindRealm().toConstructor(IniRealm.class.getConstructor(Ini.class));
} catch (NoSuchMethodException e) {
addError(&quot;Could not locate proper constructor for IniRealm.&quot;, e);
}
this.addFilterChain(&quot;/login.jsp&quot;, AUTHC);
this.addFilterChain(&quot;/logout&quot;, LOGOUT);
this.addFilterChain(&quot;/account/**&quot;, AUTHC);
this.addFilterChain(&quot;/remoting/**&quot;, AUTHC, config(ROLES, &quot;b2bClient&quot;), config(PERMS, &quot;remote:invoke:lan,wan&quot;));</pre></div></td></tr></table>
<table border="0" class="table table-striped">
<tr class="b">
<th>File</th>
<th>Project</th>
<th>Line</th></tr>
<tr class="a">
<td>org/apache/shiro/samples/guice/SampleShiroServletModule.java</td>
<td>Apache Shiro :: ITs :: Guice 3</td>
<td><a href="./xref/org/apache/shiro/samples/guice/SampleShiroServletModule.html#L41">41</a></td></tr>
<tr class="b">
<td>org/apache/shiro/samples/guice/SampleShiroNativeSessionsServletModule.java</td>
<td>Apache Shiro :: Samples :: Guice Web</td>
<td><a href="./xref/org/apache/shiro/samples/guice/SampleShiroNativeSessionsServletModule.html#L45">45</a></td></tr>
<tr class="a"><td colspan='3'>
<div>
<pre>public SampleShiroServletModule(ServletContext servletContext) {
super(servletContext);
this.servletContext = servletContext;
}
@Override
protected void configureShiroWeb() {
bindConstant().annotatedWith(Names.named(&quot;shiro.loginUrl&quot;)).to(&quot;/login.jsp&quot;);
try {
this.bindRealm().toConstructor(IniRealm.class.getConstructor(Ini.class));
} catch (NoSuchMethodException e) {
addError(&quot;Could not locate proper constructor for IniRealm.&quot;, e);
}
this.addFilterChain(&quot;/login.jsp&quot;, AUTHC);
this.addFilterChain(&quot;/logout&quot;, LOGOUT);
this.addFilterChain(&quot;/account/**&quot;, AUTHC);
this.addFilterChain(&quot;/remoting/**&quot;, AUTHC, config(ROLES, &quot;b2bClient&quot;), config(PERMS, &quot;remote:invoke:lan,wan&quot;));</pre></div></td></tr></table>
<table border="0" class="table table-striped">
<tr class="b">
<th>File</th>
<th>Project</th>
<th>Line</th></tr>
<tr class="a">
<td>org/apache/shiro/crypto/hash/AbstractHash.java</td>
<td>Apache Shiro :: Cryptography :: Hashing</td>
<td><a href="./xref/org/apache/shiro/crypto/hash/AbstractHash.html#L199">199</a></td></tr>
<tr class="b">
<td>org/apache/shiro/crypto/hash/SimpleHash.java</td>
<td>Apache Shiro :: Cryptography :: Hashing</td>
<td><a href="./xref/org/apache/shiro/crypto/hash/SimpleHash.html#L330">330</a></td></tr>
<tr class="a"><td colspan='3'>
<div>
<pre>return hash(bytes, salt, 1);
}
/**
* Hashes the specified byte array using the given {@code salt} for the specified number of iterations.
*
* @param bytes the bytes to hash
* @param salt the salt to use for the initial hash
* @param hashIterations the number of times the the {@code bytes} will be hashed (for attack resiliency).
* @return the hashed bytes.
* @throws UnknownAlgorithmException if the {@link #getAlgorithmName() algorithmName} is not available.
*/
protected byte[] hash(byte[] bytes, byte[] salt, int hashIterations) throws UnknownAlgorithmException {
MessageDigest digest = getDigest(getAlgorithmName());
if (salt != null) {
digest.reset();
digest.update(salt);
}
byte[] hashed = digest.digest(bytes);
int iterations = hashIterations - 1; //already hashed once above
//iterate remaining number:
for (int i = 0; i &lt; iterations; i++) {
digest.reset();
hashed = digest.digest(hashed);
}
return hashed;
}
/**
* Returns a hex-encoded string of the underlying {@link #getBytes byte array}.
* &lt;p/&gt;
* This implementation caches the resulting hex string so multiple calls to this method remain efficient.
* However, calling {@link #setBytes setBytes} will null the cached value, forcing it to be recalculated the
* next time this method is called.
*
* @return a hex-encoded string of the underlying {@link #getBytes byte array}.
*/
public String toHex() {</pre></div></td></tr></table></section>
</div>
</div>
</div>
<hr/>
<footer>
<div class="container-fluid">
<div class="row-fluid">
<p >Copyright &copy; 2004&#x2013;2022
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
</p>
</div>
</div>
</footer>
</body>
</html>