Google Git
Sign in
apache / shiro-site / 01016f43374d9b054f3ea1e568b015d5d69428f9 / . / src / site / assets / static / 1.2.3 / apidocs / src-html / org / apache / shiro / subject / support / DelegatingSubject.html
blob: fe78f5dde7fea13af48aa9384df959fbea6316ff [file] [log] [blame]
<HTML>
<BODY BGCOLOR="white">
<PRE>
<FONT color="green">001</FONT> /*<a name="line.1"></a>
<FONT color="green">002</FONT> * Licensed to the Apache Software Foundation (ASF) under one<a name="line.2"></a>
<FONT color="green">003</FONT> * or more contributor license agreements. See the NOTICE file<a name="line.3"></a>
<FONT color="green">004</FONT> * distributed with this work for additional information<a name="line.4"></a>
<FONT color="green">005</FONT> * regarding copyright ownership. The ASF licenses this file<a name="line.5"></a>
<FONT color="green">006</FONT> * to you under the Apache License, Version 2.0 (the<a name="line.6"></a>
<FONT color="green">007</FONT> * "License"); you may not use this file except in compliance<a name="line.7"></a>
<FONT color="green">008</FONT> * with the License. You may obtain a copy of the License at<a name="line.8"></a>
<FONT color="green">009</FONT> *<a name="line.9"></a>
<FONT color="green">010</FONT> * http://www.apache.org/licenses/LICENSE-2.0<a name="line.10"></a>
<FONT color="green">011</FONT> *<a name="line.11"></a>
<FONT color="green">012</FONT> * Unless required by applicable law or agreed to in writing,<a name="line.12"></a>
<FONT color="green">013</FONT> * software distributed under the License is distributed on an<a name="line.13"></a>
<FONT color="green">014</FONT> * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY<a name="line.14"></a>
<FONT color="green">015</FONT> * KIND, either express or implied. See the License for the<a name="line.15"></a>
<FONT color="green">016</FONT> * specific language governing permissions and limitations<a name="line.16"></a>
<FONT color="green">017</FONT> * under the License.<a name="line.17"></a>
<FONT color="green">018</FONT> */<a name="line.18"></a>
<FONT color="green">019</FONT> package org.apache.shiro.subject.support;<a name="line.19"></a>
<FONT color="green">020</FONT> <a name="line.20"></a>
<FONT color="green">021</FONT> import org.apache.shiro.authc.AuthenticationException;<a name="line.21"></a>
<FONT color="green">022</FONT> import org.apache.shiro.authc.AuthenticationToken;<a name="line.22"></a>
<FONT color="green">023</FONT> import org.apache.shiro.authc.HostAuthenticationToken;<a name="line.23"></a>
<FONT color="green">024</FONT> import org.apache.shiro.authz.AuthorizationException;<a name="line.24"></a>
<FONT color="green">025</FONT> import org.apache.shiro.authz.Permission;<a name="line.25"></a>
<FONT color="green">026</FONT> import org.apache.shiro.authz.UnauthenticatedException;<a name="line.26"></a>
<FONT color="green">027</FONT> import org.apache.shiro.mgt.SecurityManager;<a name="line.27"></a>
<FONT color="green">028</FONT> import org.apache.shiro.session.InvalidSessionException;<a name="line.28"></a>
<FONT color="green">029</FONT> import org.apache.shiro.session.ProxiedSession;<a name="line.29"></a>
<FONT color="green">030</FONT> import org.apache.shiro.session.Session;<a name="line.30"></a>
<FONT color="green">031</FONT> import org.apache.shiro.session.SessionException;<a name="line.31"></a>
<FONT color="green">032</FONT> import org.apache.shiro.session.mgt.DefaultSessionContext;<a name="line.32"></a>
<FONT color="green">033</FONT> import org.apache.shiro.session.mgt.SessionContext;<a name="line.33"></a>
<FONT color="green">034</FONT> import org.apache.shiro.subject.ExecutionException;<a name="line.34"></a>
<FONT color="green">035</FONT> import org.apache.shiro.subject.PrincipalCollection;<a name="line.35"></a>
<FONT color="green">036</FONT> import org.apache.shiro.subject.Subject;<a name="line.36"></a>
<FONT color="green">037</FONT> import org.apache.shiro.util.CollectionUtils;<a name="line.37"></a>
<FONT color="green">038</FONT> import org.apache.shiro.util.StringUtils;<a name="line.38"></a>
<FONT color="green">039</FONT> import org.slf4j.Logger;<a name="line.39"></a>
<FONT color="green">040</FONT> import org.slf4j.LoggerFactory;<a name="line.40"></a>
<FONT color="green">041</FONT> <a name="line.41"></a>
<FONT color="green">042</FONT> import java.util.Collection;<a name="line.42"></a>
<FONT color="green">043</FONT> import java.util.List;<a name="line.43"></a>
<FONT color="green">044</FONT> import java.util.concurrent.Callable;<a name="line.44"></a>
<FONT color="green">045</FONT> import java.util.concurrent.CopyOnWriteArrayList;<a name="line.45"></a>
<FONT color="green">046</FONT> <a name="line.46"></a>
<FONT color="green">047</FONT> /**<a name="line.47"></a>
<FONT color="green">048</FONT> * Implementation of the {@code Subject} interface that delegates<a name="line.48"></a>
<FONT color="green">049</FONT> * method calls to an underlying {@link org.apache.shiro.mgt.SecurityManager SecurityManager} instance for security checks.<a name="line.49"></a>
<FONT color="green">050</FONT> * It is essentially a {@code SecurityManager} proxy.<a name="line.50"></a>
<FONT color="green">051</FONT> * &lt;p/&gt;<a name="line.51"></a>
<FONT color="green">052</FONT> * This implementation does not maintain state such as roles and permissions (only {@code Subject}<a name="line.52"></a>
<FONT color="green">053</FONT> * {@link #getPrincipals() principals}, such as usernames or user primary keys) for better performance in a stateless<a name="line.53"></a>
<FONT color="green">054</FONT> * architecture. It instead asks the underlying {@code SecurityManager} every time to perform<a name="line.54"></a>
<FONT color="green">055</FONT> * the authorization check.<a name="line.55"></a>
<FONT color="green">056</FONT> * &lt;p/&gt;<a name="line.56"></a>
<FONT color="green">057</FONT> * A common misconception in using this implementation is that an EIS resource (RDBMS, etc) would<a name="line.57"></a>
<FONT color="green">058</FONT> * be &amp;quot;hit&amp;quot; every time a method is called. This is not necessarily the case and is<a name="line.58"></a>
<FONT color="green">059</FONT> * up to the implementation of the underlying {@code SecurityManager} instance. If caching of authorization<a name="line.59"></a>
<FONT color="green">060</FONT> * data is desired (to eliminate EIS round trips and therefore improve database performance), it is considered<a name="line.60"></a>
<FONT color="green">061</FONT> * much more elegant to let the underlying {@code SecurityManager} implementation or its delegate components<a name="line.61"></a>
<FONT color="green">062</FONT> * manage caching, not this class. A {@code SecurityManager} is considered a business-tier component,<a name="line.62"></a>
<FONT color="green">063</FONT> * where caching strategies are better managed.<a name="line.63"></a>
<FONT color="green">064</FONT> * &lt;p/&gt;<a name="line.64"></a>
<FONT color="green">065</FONT> * Applications from large and clustered to simple and JVM-local all benefit from<a name="line.65"></a>
<FONT color="green">066</FONT> * stateless architectures. This implementation plays a part in the stateless programming<a name="line.66"></a>
<FONT color="green">067</FONT> * paradigm and should be used whenever possible.<a name="line.67"></a>
<FONT color="green">068</FONT> *<a name="line.68"></a>
<FONT color="green">069</FONT> * @since 0.1<a name="line.69"></a>
<FONT color="green">070</FONT> */<a name="line.70"></a>
<FONT color="green">071</FONT> public class DelegatingSubject implements Subject {<a name="line.71"></a>
<FONT color="green">072</FONT> <a name="line.72"></a>
<FONT color="green">073</FONT> private static final Logger log = LoggerFactory.getLogger(DelegatingSubject.class);<a name="line.73"></a>
<FONT color="green">074</FONT> <a name="line.74"></a>
<FONT color="green">075</FONT> private static final String RUN_AS_PRINCIPALS_SESSION_KEY =<a name="line.75"></a>
<FONT color="green">076</FONT> DelegatingSubject.class.getName() + ".RUN_AS_PRINCIPALS_SESSION_KEY";<a name="line.76"></a>
<FONT color="green">077</FONT> <a name="line.77"></a>
<FONT color="green">078</FONT> protected PrincipalCollection principals;<a name="line.78"></a>
<FONT color="green">079</FONT> protected boolean authenticated;<a name="line.79"></a>
<FONT color="green">080</FONT> protected String host;<a name="line.80"></a>
<FONT color="green">081</FONT> protected Session session;<a name="line.81"></a>
<FONT color="green">082</FONT> /**<a name="line.82"></a>
<FONT color="green">083</FONT> * @since 1.2<a name="line.83"></a>
<FONT color="green">084</FONT> */<a name="line.84"></a>
<FONT color="green">085</FONT> protected boolean sessionCreationEnabled;<a name="line.85"></a>
<FONT color="green">086</FONT> <a name="line.86"></a>
<FONT color="green">087</FONT> protected transient SecurityManager securityManager;<a name="line.87"></a>
<FONT color="green">088</FONT> <a name="line.88"></a>
<FONT color="green">089</FONT> public DelegatingSubject(SecurityManager securityManager) {<a name="line.89"></a>
<FONT color="green">090</FONT> this(null, false, null, null, securityManager);<a name="line.90"></a>
<FONT color="green">091</FONT> }<a name="line.91"></a>
<FONT color="green">092</FONT> <a name="line.92"></a>
<FONT color="green">093</FONT> public DelegatingSubject(PrincipalCollection principals, boolean authenticated, String host,<a name="line.93"></a>
<FONT color="green">094</FONT> Session session, SecurityManager securityManager) {<a name="line.94"></a>
<FONT color="green">095</FONT> this(principals, authenticated, host, session, true, securityManager);<a name="line.95"></a>
<FONT color="green">096</FONT> }<a name="line.96"></a>
<FONT color="green">097</FONT> <a name="line.97"></a>
<FONT color="green">098</FONT> //since 1.2<a name="line.98"></a>
<FONT color="green">099</FONT> public DelegatingSubject(PrincipalCollection principals, boolean authenticated, String host,<a name="line.99"></a>
<FONT color="green">100</FONT> Session session, boolean sessionCreationEnabled, SecurityManager securityManager) {<a name="line.100"></a>
<FONT color="green">101</FONT> if (securityManager == null) {<a name="line.101"></a>
<FONT color="green">102</FONT> throw new IllegalArgumentException("SecurityManager argument cannot be null.");<a name="line.102"></a>
<FONT color="green">103</FONT> }<a name="line.103"></a>
<FONT color="green">104</FONT> this.securityManager = securityManager;<a name="line.104"></a>
<FONT color="green">105</FONT> this.principals = principals;<a name="line.105"></a>
<FONT color="green">106</FONT> this.authenticated = authenticated;<a name="line.106"></a>
<FONT color="green">107</FONT> this.host = host;<a name="line.107"></a>
<FONT color="green">108</FONT> if (session != null) {<a name="line.108"></a>
<FONT color="green">109</FONT> this.session = decorate(session);<a name="line.109"></a>
<FONT color="green">110</FONT> }<a name="line.110"></a>
<FONT color="green">111</FONT> this.sessionCreationEnabled = sessionCreationEnabled;<a name="line.111"></a>
<FONT color="green">112</FONT> }<a name="line.112"></a>
<FONT color="green">113</FONT> <a name="line.113"></a>
<FONT color="green">114</FONT> protected Session decorate(Session session) {<a name="line.114"></a>
<FONT color="green">115</FONT> if (session == null) {<a name="line.115"></a>
<FONT color="green">116</FONT> throw new IllegalArgumentException("session cannot be null");<a name="line.116"></a>
<FONT color="green">117</FONT> }<a name="line.117"></a>
<FONT color="green">118</FONT> return new StoppingAwareProxiedSession(session, this);<a name="line.118"></a>
<FONT color="green">119</FONT> }<a name="line.119"></a>
<FONT color="green">120</FONT> <a name="line.120"></a>
<FONT color="green">121</FONT> public SecurityManager getSecurityManager() {<a name="line.121"></a>
<FONT color="green">122</FONT> return securityManager;<a name="line.122"></a>
<FONT color="green">123</FONT> }<a name="line.123"></a>
<FONT color="green">124</FONT> <a name="line.124"></a>
<FONT color="green">125</FONT> protected boolean hasPrincipals() {<a name="line.125"></a>
<FONT color="green">126</FONT> return !CollectionUtils.isEmpty(getPrincipals());<a name="line.126"></a>
<FONT color="green">127</FONT> }<a name="line.127"></a>
<FONT color="green">128</FONT> <a name="line.128"></a>
<FONT color="green">129</FONT> /**<a name="line.129"></a>
<FONT color="green">130</FONT> * Returns the host name or IP associated with the client who created/is interacting with this Subject.<a name="line.130"></a>
<FONT color="green">131</FONT> *<a name="line.131"></a>
<FONT color="green">132</FONT> * @return the host name or IP associated with the client who created/is interacting with this Subject.<a name="line.132"></a>
<FONT color="green">133</FONT> */<a name="line.133"></a>
<FONT color="green">134</FONT> public String getHost() {<a name="line.134"></a>
<FONT color="green">135</FONT> return this.host;<a name="line.135"></a>
<FONT color="green">136</FONT> }<a name="line.136"></a>
<FONT color="green">137</FONT> <a name="line.137"></a>
<FONT color="green">138</FONT> private Object getPrimaryPrincipal(PrincipalCollection principals) {<a name="line.138"></a>
<FONT color="green">139</FONT> if (!CollectionUtils.isEmpty(principals)) {<a name="line.139"></a>
<FONT color="green">140</FONT> return principals.getPrimaryPrincipal();<a name="line.140"></a>
<FONT color="green">141</FONT> }<a name="line.141"></a>
<FONT color="green">142</FONT> return null;<a name="line.142"></a>
<FONT color="green">143</FONT> }<a name="line.143"></a>
<FONT color="green">144</FONT> <a name="line.144"></a>
<FONT color="green">145</FONT> /**<a name="line.145"></a>
<FONT color="green">146</FONT> * @see Subject#getPrincipal()<a name="line.146"></a>
<FONT color="green">147</FONT> */<a name="line.147"></a>
<FONT color="green">148</FONT> public Object getPrincipal() {<a name="line.148"></a>
<FONT color="green">149</FONT> return getPrimaryPrincipal(getPrincipals());<a name="line.149"></a>
<FONT color="green">150</FONT> }<a name="line.150"></a>
<FONT color="green">151</FONT> <a name="line.151"></a>
<FONT color="green">152</FONT> public PrincipalCollection getPrincipals() {<a name="line.152"></a>
<FONT color="green">153</FONT> List&lt;PrincipalCollection&gt; runAsPrincipals = getRunAsPrincipalsStack();<a name="line.153"></a>
<FONT color="green">154</FONT> return CollectionUtils.isEmpty(runAsPrincipals) ? this.principals : runAsPrincipals.get(0);<a name="line.154"></a>
<FONT color="green">155</FONT> }<a name="line.155"></a>
<FONT color="green">156</FONT> <a name="line.156"></a>
<FONT color="green">157</FONT> public boolean isPermitted(String permission) {<a name="line.157"></a>
<FONT color="green">158</FONT> return hasPrincipals() &amp;&amp; securityManager.isPermitted(getPrincipals(), permission);<a name="line.158"></a>
<FONT color="green">159</FONT> }<a name="line.159"></a>
<FONT color="green">160</FONT> <a name="line.160"></a>
<FONT color="green">161</FONT> public boolean isPermitted(Permission permission) {<a name="line.161"></a>
<FONT color="green">162</FONT> return hasPrincipals() &amp;&amp; securityManager.isPermitted(getPrincipals(), permission);<a name="line.162"></a>
<FONT color="green">163</FONT> }<a name="line.163"></a>
<FONT color="green">164</FONT> <a name="line.164"></a>
<FONT color="green">165</FONT> public boolean[] isPermitted(String... permissions) {<a name="line.165"></a>
<FONT color="green">166</FONT> if (hasPrincipals()) {<a name="line.166"></a>
<FONT color="green">167</FONT> return securityManager.isPermitted(getPrincipals(), permissions);<a name="line.167"></a>
<FONT color="green">168</FONT> } else {<a name="line.168"></a>
<FONT color="green">169</FONT> return new boolean[permissions.length];<a name="line.169"></a>
<FONT color="green">170</FONT> }<a name="line.170"></a>
<FONT color="green">171</FONT> }<a name="line.171"></a>
<FONT color="green">172</FONT> <a name="line.172"></a>
<FONT color="green">173</FONT> public boolean[] isPermitted(List&lt;Permission&gt; permissions) {<a name="line.173"></a>
<FONT color="green">174</FONT> if (hasPrincipals()) {<a name="line.174"></a>
<FONT color="green">175</FONT> return securityManager.isPermitted(getPrincipals(), permissions);<a name="line.175"></a>
<FONT color="green">176</FONT> } else {<a name="line.176"></a>
<FONT color="green">177</FONT> return new boolean[permissions.size()];<a name="line.177"></a>
<FONT color="green">178</FONT> }<a name="line.178"></a>
<FONT color="green">179</FONT> }<a name="line.179"></a>
<FONT color="green">180</FONT> <a name="line.180"></a>
<FONT color="green">181</FONT> public boolean isPermittedAll(String... permissions) {<a name="line.181"></a>
<FONT color="green">182</FONT> return hasPrincipals() &amp;&amp; securityManager.isPermittedAll(getPrincipals(), permissions);<a name="line.182"></a>
<FONT color="green">183</FONT> }<a name="line.183"></a>
<FONT color="green">184</FONT> <a name="line.184"></a>
<FONT color="green">185</FONT> public boolean isPermittedAll(Collection&lt;Permission&gt; permissions) {<a name="line.185"></a>
<FONT color="green">186</FONT> return hasPrincipals() &amp;&amp; securityManager.isPermittedAll(getPrincipals(), permissions);<a name="line.186"></a>
<FONT color="green">187</FONT> }<a name="line.187"></a>
<FONT color="green">188</FONT> <a name="line.188"></a>
<FONT color="green">189</FONT> protected void assertAuthzCheckPossible() throws AuthorizationException {<a name="line.189"></a>
<FONT color="green">190</FONT> if (!hasPrincipals()) {<a name="line.190"></a>
<FONT color="green">191</FONT> String msg = "This subject is anonymous - it does not have any identifying principals and " +<a name="line.191"></a>
<FONT color="green">192</FONT> "authorization operations require an identity to check against. A Subject instance will " +<a name="line.192"></a>
<FONT color="green">193</FONT> "acquire these identifying principals automatically after a successful login is performed " +<a name="line.193"></a>
<FONT color="green">194</FONT> "be executing " + Subject.class.getName() + ".login(AuthenticationToken) or when 'Remember Me' " +<a name="line.194"></a>
<FONT color="green">195</FONT> "functionality is enabled by the SecurityManager. This exception can also occur when a " +<a name="line.195"></a>
<FONT color="green">196</FONT> "previously logged-in Subject has logged out which " +<a name="line.196"></a>
<FONT color="green">197</FONT> "makes it anonymous again. Because an identity is currently not known due to any of these " +<a name="line.197"></a>
<FONT color="green">198</FONT> "conditions, authorization is denied.";<a name="line.198"></a>
<FONT color="green">199</FONT> throw new UnauthenticatedException(msg);<a name="line.199"></a>
<FONT color="green">200</FONT> }<a name="line.200"></a>
<FONT color="green">201</FONT> }<a name="line.201"></a>
<FONT color="green">202</FONT> <a name="line.202"></a>
<FONT color="green">203</FONT> public void checkPermission(String permission) throws AuthorizationException {<a name="line.203"></a>
<FONT color="green">204</FONT> assertAuthzCheckPossible();<a name="line.204"></a>
<FONT color="green">205</FONT> securityManager.checkPermission(getPrincipals(), permission);<a name="line.205"></a>
<FONT color="green">206</FONT> }<a name="line.206"></a>
<FONT color="green">207</FONT> <a name="line.207"></a>
<FONT color="green">208</FONT> public void checkPermission(Permission permission) throws AuthorizationException {<a name="line.208"></a>
<FONT color="green">209</FONT> assertAuthzCheckPossible();<a name="line.209"></a>
<FONT color="green">210</FONT> securityManager.checkPermission(getPrincipals(), permission);<a name="line.210"></a>
<FONT color="green">211</FONT> }<a name="line.211"></a>
<FONT color="green">212</FONT> <a name="line.212"></a>
<FONT color="green">213</FONT> public void checkPermissions(String... permissions) throws AuthorizationException {<a name="line.213"></a>
<FONT color="green">214</FONT> assertAuthzCheckPossible();<a name="line.214"></a>
<FONT color="green">215</FONT> securityManager.checkPermissions(getPrincipals(), permissions);<a name="line.215"></a>
<FONT color="green">216</FONT> }<a name="line.216"></a>
<FONT color="green">217</FONT> <a name="line.217"></a>
<FONT color="green">218</FONT> public void checkPermissions(Collection&lt;Permission&gt; permissions) throws AuthorizationException {<a name="line.218"></a>
<FONT color="green">219</FONT> assertAuthzCheckPossible();<a name="line.219"></a>
<FONT color="green">220</FONT> securityManager.checkPermissions(getPrincipals(), permissions);<a name="line.220"></a>
<FONT color="green">221</FONT> }<a name="line.221"></a>
<FONT color="green">222</FONT> <a name="line.222"></a>
<FONT color="green">223</FONT> public boolean hasRole(String roleIdentifier) {<a name="line.223"></a>
<FONT color="green">224</FONT> return hasPrincipals() &amp;&amp; securityManager.hasRole(getPrincipals(), roleIdentifier);<a name="line.224"></a>
<FONT color="green">225</FONT> }<a name="line.225"></a>
<FONT color="green">226</FONT> <a name="line.226"></a>
<FONT color="green">227</FONT> public boolean[] hasRoles(List&lt;String&gt; roleIdentifiers) {<a name="line.227"></a>
<FONT color="green">228</FONT> if (hasPrincipals()) {<a name="line.228"></a>
<FONT color="green">229</FONT> return securityManager.hasRoles(getPrincipals(), roleIdentifiers);<a name="line.229"></a>
<FONT color="green">230</FONT> } else {<a name="line.230"></a>
<FONT color="green">231</FONT> return new boolean[roleIdentifiers.size()];<a name="line.231"></a>
<FONT color="green">232</FONT> }<a name="line.232"></a>
<FONT color="green">233</FONT> }<a name="line.233"></a>
<FONT color="green">234</FONT> <a name="line.234"></a>
<FONT color="green">235</FONT> public boolean hasAllRoles(Collection&lt;String&gt; roleIdentifiers) {<a name="line.235"></a>
<FONT color="green">236</FONT> return hasPrincipals() &amp;&amp; securityManager.hasAllRoles(getPrincipals(), roleIdentifiers);<a name="line.236"></a>
<FONT color="green">237</FONT> }<a name="line.237"></a>
<FONT color="green">238</FONT> <a name="line.238"></a>
<FONT color="green">239</FONT> public void checkRole(String role) throws AuthorizationException {<a name="line.239"></a>
<FONT color="green">240</FONT> assertAuthzCheckPossible();<a name="line.240"></a>
<FONT color="green">241</FONT> securityManager.checkRole(getPrincipals(), role);<a name="line.241"></a>
<FONT color="green">242</FONT> }<a name="line.242"></a>
<FONT color="green">243</FONT> <a name="line.243"></a>
<FONT color="green">244</FONT> public void checkRoles(String... roleIdentifiers) throws AuthorizationException {<a name="line.244"></a>
<FONT color="green">245</FONT> assertAuthzCheckPossible();<a name="line.245"></a>
<FONT color="green">246</FONT> securityManager.checkRoles(getPrincipals(), roleIdentifiers);<a name="line.246"></a>
<FONT color="green">247</FONT> }<a name="line.247"></a>
<FONT color="green">248</FONT> <a name="line.248"></a>
<FONT color="green">249</FONT> public void checkRoles(Collection&lt;String&gt; roles) throws AuthorizationException {<a name="line.249"></a>
<FONT color="green">250</FONT> assertAuthzCheckPossible();<a name="line.250"></a>
<FONT color="green">251</FONT> securityManager.checkRoles(getPrincipals(), roles);<a name="line.251"></a>
<FONT color="green">252</FONT> }<a name="line.252"></a>
<FONT color="green">253</FONT> <a name="line.253"></a>
<FONT color="green">254</FONT> public void login(AuthenticationToken token) throws AuthenticationException {<a name="line.254"></a>
<FONT color="green">255</FONT> clearRunAsIdentitiesInternal();<a name="line.255"></a>
<FONT color="green">256</FONT> Subject subject = securityManager.login(this, token);<a name="line.256"></a>
<FONT color="green">257</FONT> <a name="line.257"></a>
<FONT color="green">258</FONT> PrincipalCollection principals;<a name="line.258"></a>
<FONT color="green">259</FONT> <a name="line.259"></a>
<FONT color="green">260</FONT> String host = null;<a name="line.260"></a>
<FONT color="green">261</FONT> <a name="line.261"></a>
<FONT color="green">262</FONT> if (subject instanceof DelegatingSubject) {<a name="line.262"></a>
<FONT color="green">263</FONT> DelegatingSubject delegating = (DelegatingSubject) subject;<a name="line.263"></a>
<FONT color="green">264</FONT> //we have to do this in case there are assumed identities - we don't want to lose the 'real' principals:<a name="line.264"></a>
<FONT color="green">265</FONT> principals = delegating.principals;<a name="line.265"></a>
<FONT color="green">266</FONT> host = delegating.host;<a name="line.266"></a>
<FONT color="green">267</FONT> } else {<a name="line.267"></a>
<FONT color="green">268</FONT> principals = subject.getPrincipals();<a name="line.268"></a>
<FONT color="green">269</FONT> }<a name="line.269"></a>
<FONT color="green">270</FONT> <a name="line.270"></a>
<FONT color="green">271</FONT> if (principals == null || principals.isEmpty()) {<a name="line.271"></a>
<FONT color="green">272</FONT> String msg = "Principals returned from securityManager.login( token ) returned a null or " +<a name="line.272"></a>
<FONT color="green">273</FONT> "empty value. This value must be non null and populated with one or more elements.";<a name="line.273"></a>
<FONT color="green">274</FONT> throw new IllegalStateException(msg);<a name="line.274"></a>
<FONT color="green">275</FONT> }<a name="line.275"></a>
<FONT color="green">276</FONT> this.principals = principals;<a name="line.276"></a>
<FONT color="green">277</FONT> this.authenticated = true;<a name="line.277"></a>
<FONT color="green">278</FONT> if (token instanceof HostAuthenticationToken) {<a name="line.278"></a>
<FONT color="green">279</FONT> host = ((HostAuthenticationToken) token).getHost();<a name="line.279"></a>
<FONT color="green">280</FONT> }<a name="line.280"></a>
<FONT color="green">281</FONT> if (host != null) {<a name="line.281"></a>
<FONT color="green">282</FONT> this.host = host;<a name="line.282"></a>
<FONT color="green">283</FONT> }<a name="line.283"></a>
<FONT color="green">284</FONT> Session session = subject.getSession(false);<a name="line.284"></a>
<FONT color="green">285</FONT> if (session != null) {<a name="line.285"></a>
<FONT color="green">286</FONT> this.session = decorate(session);<a name="line.286"></a>
<FONT color="green">287</FONT> } else {<a name="line.287"></a>
<FONT color="green">288</FONT> this.session = null;<a name="line.288"></a>
<FONT color="green">289</FONT> }<a name="line.289"></a>
<FONT color="green">290</FONT> }<a name="line.290"></a>
<FONT color="green">291</FONT> <a name="line.291"></a>
<FONT color="green">292</FONT> public boolean isAuthenticated() {<a name="line.292"></a>
<FONT color="green">293</FONT> return authenticated;<a name="line.293"></a>
<FONT color="green">294</FONT> }<a name="line.294"></a>
<FONT color="green">295</FONT> <a name="line.295"></a>
<FONT color="green">296</FONT> public boolean isRemembered() {<a name="line.296"></a>
<FONT color="green">297</FONT> PrincipalCollection principals = getPrincipals();<a name="line.297"></a>
<FONT color="green">298</FONT> return principals != null &amp;&amp; !principals.isEmpty() &amp;&amp; !isAuthenticated();<a name="line.298"></a>
<FONT color="green">299</FONT> }<a name="line.299"></a>
<FONT color="green">300</FONT> <a name="line.300"></a>
<FONT color="green">301</FONT> /**<a name="line.301"></a>
<FONT color="green">302</FONT> * Returns {@code true} if this Subject is allowed to create sessions, {@code false} otherwise.<a name="line.302"></a>
<FONT color="green">303</FONT> *<a name="line.303"></a>
<FONT color="green">304</FONT> * @return {@code true} if this Subject is allowed to create sessions, {@code false} otherwise.<a name="line.304"></a>
<FONT color="green">305</FONT> * @since 1.2<a name="line.305"></a>
<FONT color="green">306</FONT> */<a name="line.306"></a>
<FONT color="green">307</FONT> protected boolean isSessionCreationEnabled() {<a name="line.307"></a>
<FONT color="green">308</FONT> return this.sessionCreationEnabled;<a name="line.308"></a>
<FONT color="green">309</FONT> }<a name="line.309"></a>
<FONT color="green">310</FONT> <a name="line.310"></a>
<FONT color="green">311</FONT> public Session getSession() {<a name="line.311"></a>
<FONT color="green">312</FONT> return getSession(true);<a name="line.312"></a>
<FONT color="green">313</FONT> }<a name="line.313"></a>
<FONT color="green">314</FONT> <a name="line.314"></a>
<FONT color="green">315</FONT> public Session getSession(boolean create) {<a name="line.315"></a>
<FONT color="green">316</FONT> if (log.isTraceEnabled()) {<a name="line.316"></a>
<FONT color="green">317</FONT> log.trace("attempting to get session; create = " + create +<a name="line.317"></a>
<FONT color="green">318</FONT> "; session is null = " + (this.session == null) +<a name="line.318"></a>
<FONT color="green">319</FONT> "; session has id = " + (this.session != null &amp;&amp; session.getId() != null));<a name="line.319"></a>
<FONT color="green">320</FONT> }<a name="line.320"></a>
<FONT color="green">321</FONT> <a name="line.321"></a>
<FONT color="green">322</FONT> if (this.session == null &amp;&amp; create) {<a name="line.322"></a>
<FONT color="green">323</FONT> <a name="line.323"></a>
<FONT color="green">324</FONT> //added in 1.2:<a name="line.324"></a>
<FONT color="green">325</FONT> if (!isSessionCreationEnabled()) {<a name="line.325"></a>
<FONT color="green">326</FONT> String msg = "Session creation has been disabled for the current subject. This exception indicates " +<a name="line.326"></a>
<FONT color="green">327</FONT> "that there is either a programming error (using a session when it should never be " +<a name="line.327"></a>
<FONT color="green">328</FONT> "used) or that Shiro's configuration needs to be adjusted to allow Sessions to be created " +<a name="line.328"></a>
<FONT color="green">329</FONT> "for the current Subject. See the " + DisabledSessionException.class.getName() + " JavaDoc " +<a name="line.329"></a>
<FONT color="green">330</FONT> "for more.";<a name="line.330"></a>
<FONT color="green">331</FONT> throw new DisabledSessionException(msg);<a name="line.331"></a>
<FONT color="green">332</FONT> }<a name="line.332"></a>
<FONT color="green">333</FONT> <a name="line.333"></a>
<FONT color="green">334</FONT> log.trace("Starting session for host {}", getHost());<a name="line.334"></a>
<FONT color="green">335</FONT> SessionContext sessionContext = createSessionContext();<a name="line.335"></a>
<FONT color="green">336</FONT> Session session = this.securityManager.start(sessionContext);<a name="line.336"></a>
<FONT color="green">337</FONT> this.session = decorate(session);<a name="line.337"></a>
<FONT color="green">338</FONT> }<a name="line.338"></a>
<FONT color="green">339</FONT> return this.session;<a name="line.339"></a>
<FONT color="green">340</FONT> }<a name="line.340"></a>
<FONT color="green">341</FONT> <a name="line.341"></a>
<FONT color="green">342</FONT> protected SessionContext createSessionContext() {<a name="line.342"></a>
<FONT color="green">343</FONT> SessionContext sessionContext = new DefaultSessionContext();<a name="line.343"></a>
<FONT color="green">344</FONT> if (StringUtils.hasText(host)) {<a name="line.344"></a>
<FONT color="green">345</FONT> sessionContext.setHost(host);<a name="line.345"></a>
<FONT color="green">346</FONT> }<a name="line.346"></a>
<FONT color="green">347</FONT> return sessionContext;<a name="line.347"></a>
<FONT color="green">348</FONT> }<a name="line.348"></a>
<FONT color="green">349</FONT> <a name="line.349"></a>
<FONT color="green">350</FONT> private void clearRunAsIdentitiesInternal() {<a name="line.350"></a>
<FONT color="green">351</FONT> //try/catch added for SHIRO-298<a name="line.351"></a>
<FONT color="green">352</FONT> try {<a name="line.352"></a>
<FONT color="green">353</FONT> clearRunAsIdentities();<a name="line.353"></a>
<FONT color="green">354</FONT> } catch (SessionException se) {<a name="line.354"></a>
<FONT color="green">355</FONT> log.debug("Encountered session exception trying to clear 'runAs' identities during logout. This " +<a name="line.355"></a>
<FONT color="green">356</FONT> "can generally safely be ignored.", se);<a name="line.356"></a>
<FONT color="green">357</FONT> }<a name="line.357"></a>
<FONT color="green">358</FONT> }<a name="line.358"></a>
<FONT color="green">359</FONT> <a name="line.359"></a>
<FONT color="green">360</FONT> public void logout() {<a name="line.360"></a>
<FONT color="green">361</FONT> try {<a name="line.361"></a>
<FONT color="green">362</FONT> clearRunAsIdentitiesInternal();<a name="line.362"></a>
<FONT color="green">363</FONT> this.securityManager.logout(this);<a name="line.363"></a>
<FONT color="green">364</FONT> } finally {<a name="line.364"></a>
<FONT color="green">365</FONT> this.session = null;<a name="line.365"></a>
<FONT color="green">366</FONT> this.principals = null;<a name="line.366"></a>
<FONT color="green">367</FONT> this.authenticated = false;<a name="line.367"></a>
<FONT color="green">368</FONT> //Don't set securityManager to null here - the Subject can still be<a name="line.368"></a>
<FONT color="green">369</FONT> //used, it is just considered anonymous at this point. The SecurityManager instance is<a name="line.369"></a>
<FONT color="green">370</FONT> //necessary if the subject would log in again or acquire a new session. This is in response to<a name="line.370"></a>
<FONT color="green">371</FONT> //https://issues.apache.org/jira/browse/JSEC-22<a name="line.371"></a>
<FONT color="green">372</FONT> //this.securityManager = null;<a name="line.372"></a>
<FONT color="green">373</FONT> }<a name="line.373"></a>
<FONT color="green">374</FONT> }<a name="line.374"></a>
<FONT color="green">375</FONT> <a name="line.375"></a>
<FONT color="green">376</FONT> private void sessionStopped() {<a name="line.376"></a>
<FONT color="green">377</FONT> this.session = null;<a name="line.377"></a>
<FONT color="green">378</FONT> }<a name="line.378"></a>
<FONT color="green">379</FONT> <a name="line.379"></a>
<FONT color="green">380</FONT> public &lt;V&gt; V execute(Callable&lt;V&gt; callable) throws ExecutionException {<a name="line.380"></a>
<FONT color="green">381</FONT> Callable&lt;V&gt; associated = associateWith(callable);<a name="line.381"></a>
<FONT color="green">382</FONT> try {<a name="line.382"></a>
<FONT color="green">383</FONT> return associated.call();<a name="line.383"></a>
<FONT color="green">384</FONT> } catch (Throwable t) {<a name="line.384"></a>
<FONT color="green">385</FONT> throw new ExecutionException(t);<a name="line.385"></a>
<FONT color="green">386</FONT> }<a name="line.386"></a>
<FONT color="green">387</FONT> }<a name="line.387"></a>
<FONT color="green">388</FONT> <a name="line.388"></a>
<FONT color="green">389</FONT> public void execute(Runnable runnable) {<a name="line.389"></a>
<FONT color="green">390</FONT> Runnable associated = associateWith(runnable);<a name="line.390"></a>
<FONT color="green">391</FONT> associated.run();<a name="line.391"></a>
<FONT color="green">392</FONT> }<a name="line.392"></a>
<FONT color="green">393</FONT> <a name="line.393"></a>
<FONT color="green">394</FONT> public &lt;V&gt; Callable&lt;V&gt; associateWith(Callable&lt;V&gt; callable) {<a name="line.394"></a>
<FONT color="green">395</FONT> return new SubjectCallable&lt;V&gt;(this, callable);<a name="line.395"></a>
<FONT color="green">396</FONT> }<a name="line.396"></a>
<FONT color="green">397</FONT> <a name="line.397"></a>
<FONT color="green">398</FONT> public Runnable associateWith(Runnable runnable) {<a name="line.398"></a>
<FONT color="green">399</FONT> if (runnable instanceof Thread) {<a name="line.399"></a>
<FONT color="green">400</FONT> String msg = "This implementation does not support Thread arguments because of JDK ThreadLocal " +<a name="line.400"></a>
<FONT color="green">401</FONT> "inheritance mechanisms required by Shiro. Instead, the method argument should be a non-Thread " +<a name="line.401"></a>
<FONT color="green">402</FONT> "Runnable and the return value from this method can then be given to an ExecutorService or " +<a name="line.402"></a>
<FONT color="green">403</FONT> "another Thread.";<a name="line.403"></a>
<FONT color="green">404</FONT> throw new UnsupportedOperationException(msg);<a name="line.404"></a>
<FONT color="green">405</FONT> }<a name="line.405"></a>
<FONT color="green">406</FONT> return new SubjectRunnable(this, runnable);<a name="line.406"></a>
<FONT color="green">407</FONT> }<a name="line.407"></a>
<FONT color="green">408</FONT> <a name="line.408"></a>
<FONT color="green">409</FONT> private class StoppingAwareProxiedSession extends ProxiedSession {<a name="line.409"></a>
<FONT color="green">410</FONT> <a name="line.410"></a>
<FONT color="green">411</FONT> private final DelegatingSubject owner;<a name="line.411"></a>
<FONT color="green">412</FONT> <a name="line.412"></a>
<FONT color="green">413</FONT> private StoppingAwareProxiedSession(Session target, DelegatingSubject owningSubject) {<a name="line.413"></a>
<FONT color="green">414</FONT> super(target);<a name="line.414"></a>
<FONT color="green">415</FONT> owner = owningSubject;<a name="line.415"></a>
<FONT color="green">416</FONT> }<a name="line.416"></a>
<FONT color="green">417</FONT> <a name="line.417"></a>
<FONT color="green">418</FONT> public void stop() throws InvalidSessionException {<a name="line.418"></a>
<FONT color="green">419</FONT> super.stop();<a name="line.419"></a>
<FONT color="green">420</FONT> owner.sessionStopped();<a name="line.420"></a>
<FONT color="green">421</FONT> }<a name="line.421"></a>
<FONT color="green">422</FONT> }<a name="line.422"></a>
<FONT color="green">423</FONT> <a name="line.423"></a>
<FONT color="green">424</FONT> <a name="line.424"></a>
<FONT color="green">425</FONT> // ======================================<a name="line.425"></a>
<FONT color="green">426</FONT> // 'Run As' support implementations<a name="line.426"></a>
<FONT color="green">427</FONT> // ======================================<a name="line.427"></a>
<FONT color="green">428</FONT> <a name="line.428"></a>
<FONT color="green">429</FONT> public void runAs(PrincipalCollection principals) {<a name="line.429"></a>
<FONT color="green">430</FONT> if (!hasPrincipals()) {<a name="line.430"></a>
<FONT color="green">431</FONT> String msg = "This subject does not yet have an identity. Assuming the identity of another " +<a name="line.431"></a>
<FONT color="green">432</FONT> "Subject is only allowed for Subjects with an existing identity. Try logging this subject in " +<a name="line.432"></a>
<FONT color="green">433</FONT> "first, or using the " + Subject.Builder.class.getName() + " to build ad hoc Subject instances " +<a name="line.433"></a>
<FONT color="green">434</FONT> "with identities as necessary.";<a name="line.434"></a>
<FONT color="green">435</FONT> throw new IllegalStateException(msg);<a name="line.435"></a>
<FONT color="green">436</FONT> }<a name="line.436"></a>
<FONT color="green">437</FONT> pushIdentity(principals);<a name="line.437"></a>
<FONT color="green">438</FONT> }<a name="line.438"></a>
<FONT color="green">439</FONT> <a name="line.439"></a>
<FONT color="green">440</FONT> public boolean isRunAs() {<a name="line.440"></a>
<FONT color="green">441</FONT> List&lt;PrincipalCollection&gt; stack = getRunAsPrincipalsStack();<a name="line.441"></a>
<FONT color="green">442</FONT> return !CollectionUtils.isEmpty(stack);<a name="line.442"></a>
<FONT color="green">443</FONT> }<a name="line.443"></a>
<FONT color="green">444</FONT> <a name="line.444"></a>
<FONT color="green">445</FONT> public PrincipalCollection getPreviousPrincipals() {<a name="line.445"></a>
<FONT color="green">446</FONT> PrincipalCollection previousPrincipals = null;<a name="line.446"></a>
<FONT color="green">447</FONT> List&lt;PrincipalCollection&gt; stack = getRunAsPrincipalsStack();<a name="line.447"></a>
<FONT color="green">448</FONT> int stackSize = stack != null ? stack.size() : 0;<a name="line.448"></a>
<FONT color="green">449</FONT> if (stackSize &gt; 0) {<a name="line.449"></a>
<FONT color="green">450</FONT> if (stackSize == 1) {<a name="line.450"></a>
<FONT color="green">451</FONT> previousPrincipals = this.principals;<a name="line.451"></a>
<FONT color="green">452</FONT> } else {<a name="line.452"></a>
<FONT color="green">453</FONT> //always get the one behind the current:<a name="line.453"></a>
<FONT color="green">454</FONT> assert stack != null;<a name="line.454"></a>
<FONT color="green">455</FONT> previousPrincipals = stack.get(1);<a name="line.455"></a>
<FONT color="green">456</FONT> }<a name="line.456"></a>
<FONT color="green">457</FONT> }<a name="line.457"></a>
<FONT color="green">458</FONT> return previousPrincipals;<a name="line.458"></a>
<FONT color="green">459</FONT> }<a name="line.459"></a>
<FONT color="green">460</FONT> <a name="line.460"></a>
<FONT color="green">461</FONT> public PrincipalCollection releaseRunAs() {<a name="line.461"></a>
<FONT color="green">462</FONT> return popIdentity();<a name="line.462"></a>
<FONT color="green">463</FONT> }<a name="line.463"></a>
<FONT color="green">464</FONT> <a name="line.464"></a>
<FONT color="green">465</FONT> @SuppressWarnings("unchecked")<a name="line.465"></a>
<FONT color="green">466</FONT> private List&lt;PrincipalCollection&gt; getRunAsPrincipalsStack() {<a name="line.466"></a>
<FONT color="green">467</FONT> Session session = getSession(false);<a name="line.467"></a>
<FONT color="green">468</FONT> if (session != null) {<a name="line.468"></a>
<FONT color="green">469</FONT> return (List&lt;PrincipalCollection&gt;) session.getAttribute(RUN_AS_PRINCIPALS_SESSION_KEY);<a name="line.469"></a>
<FONT color="green">470</FONT> }<a name="line.470"></a>
<FONT color="green">471</FONT> return null;<a name="line.471"></a>
<FONT color="green">472</FONT> }<a name="line.472"></a>
<FONT color="green">473</FONT> <a name="line.473"></a>
<FONT color="green">474</FONT> private void clearRunAsIdentities() {<a name="line.474"></a>
<FONT color="green">475</FONT> Session session = getSession(false);<a name="line.475"></a>
<FONT color="green">476</FONT> if (session != null) {<a name="line.476"></a>
<FONT color="green">477</FONT> session.removeAttribute(RUN_AS_PRINCIPALS_SESSION_KEY);<a name="line.477"></a>
<FONT color="green">478</FONT> }<a name="line.478"></a>
<FONT color="green">479</FONT> }<a name="line.479"></a>
<FONT color="green">480</FONT> <a name="line.480"></a>
<FONT color="green">481</FONT> private void pushIdentity(PrincipalCollection principals) throws NullPointerException {<a name="line.481"></a>
<FONT color="green">482</FONT> if (CollectionUtils.isEmpty(principals)) {<a name="line.482"></a>
<FONT color="green">483</FONT> String msg = "Specified Subject principals cannot be null or empty for 'run as' functionality.";<a name="line.483"></a>
<FONT color="green">484</FONT> throw new NullPointerException(msg);<a name="line.484"></a>
<FONT color="green">485</FONT> }<a name="line.485"></a>
<FONT color="green">486</FONT> List&lt;PrincipalCollection&gt; stack = getRunAsPrincipalsStack();<a name="line.486"></a>
<FONT color="green">487</FONT> if (stack == null) {<a name="line.487"></a>
<FONT color="green">488</FONT> stack = new CopyOnWriteArrayList&lt;PrincipalCollection&gt;();<a name="line.488"></a>
<FONT color="green">489</FONT> }<a name="line.489"></a>
<FONT color="green">490</FONT> stack.add(0, principals);<a name="line.490"></a>
<FONT color="green">491</FONT> Session session = getSession();<a name="line.491"></a>
<FONT color="green">492</FONT> session.setAttribute(RUN_AS_PRINCIPALS_SESSION_KEY, stack);<a name="line.492"></a>
<FONT color="green">493</FONT> }<a name="line.493"></a>
<FONT color="green">494</FONT> <a name="line.494"></a>
<FONT color="green">495</FONT> private PrincipalCollection popIdentity() {<a name="line.495"></a>
<FONT color="green">496</FONT> PrincipalCollection popped = null;<a name="line.496"></a>
<FONT color="green">497</FONT> <a name="line.497"></a>
<FONT color="green">498</FONT> List&lt;PrincipalCollection&gt; stack = getRunAsPrincipalsStack();<a name="line.498"></a>
<FONT color="green">499</FONT> if (!CollectionUtils.isEmpty(stack)) {<a name="line.499"></a>
<FONT color="green">500</FONT> popped = stack.remove(0);<a name="line.500"></a>
<FONT color="green">501</FONT> Session session;<a name="line.501"></a>
<FONT color="green">502</FONT> if (!CollectionUtils.isEmpty(stack)) {<a name="line.502"></a>
<FONT color="green">503</FONT> //persist the changed stack to the session<a name="line.503"></a>
<FONT color="green">504</FONT> session = getSession();<a name="line.504"></a>
<FONT color="green">505</FONT> session.setAttribute(RUN_AS_PRINCIPALS_SESSION_KEY, stack);<a name="line.505"></a>
<FONT color="green">506</FONT> } else {<a name="line.506"></a>
<FONT color="green">507</FONT> //stack is empty, remove it from the session:<a name="line.507"></a>
<FONT color="green">508</FONT> clearRunAsIdentities();<a name="line.508"></a>
<FONT color="green">509</FONT> }<a name="line.509"></a>
<FONT color="green">510</FONT> }<a name="line.510"></a>
<FONT color="green">511</FONT> <a name="line.511"></a>
<FONT color="green">512</FONT> return popped;<a name="line.512"></a>
<FONT color="green">513</FONT> }<a name="line.513"></a>
<FONT color="green">514</FONT> }<a name="line.514"></a>
</PRE>
</BODY>
</HTML>