| <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en"><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/><link rel="stylesheet" href="../../jacoco-resources/report.css" type="text/css"/><link rel="shortcut icon" href="../../jacoco-resources/report.gif" type="image/gif"/><title>AbstractRememberMeManager.java</title><link rel="stylesheet" href="../../jacoco-resources/prettify.css" type="text/css"/><script type="text/javascript" src="../../jacoco-resources/prettify.js"></script></head><body onload="window['PR_TAB_WIDTH']=4;prettyPrint()"><div class="breadcrumb" id="breadcrumb"><span class="info"><a href="../../jacoco-sessions.html" class="el_session">Sessions</a></span><a href="../../index.html" class="el_report">Apache Shiro :: Jar Bundle</a> > <a href="../index.html" class="el_bundle">shiro-core</a> > <a href="index.source.html" class="el_package">org.apache.shiro.mgt</a> > <span class="el_source">AbstractRememberMeManager.java</span></div><h1>AbstractRememberMeManager.java</h1><pre class="source lang-java linenums">/* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| package org.apache.shiro.mgt; |
| |
| import org.apache.shiro.authc.AuthenticationException; |
| import org.apache.shiro.authc.AuthenticationInfo; |
| import org.apache.shiro.authc.AuthenticationToken; |
| import org.apache.shiro.authc.RememberMeAuthenticationToken; |
| import org.apache.shiro.codec.Base64; |
| import org.apache.shiro.crypto.AesCipherService; |
| import org.apache.shiro.crypto.CipherService; |
| import org.apache.shiro.io.DefaultSerializer; |
| import org.apache.shiro.io.Serializer; |
| import org.apache.shiro.subject.PrincipalCollection; |
| import org.apache.shiro.subject.Subject; |
| import org.apache.shiro.subject.SubjectContext; |
| import org.apache.shiro.util.ByteSource; |
| import org.slf4j.Logger; |
| import org.slf4j.LoggerFactory; |
| |
| /** |
| * Abstract implementation of the {@code RememberMeManager} interface that handles |
| * {@link #setSerializer(org.apache.shiro.io.Serializer) serialization} and |
| * {@link #setCipherService encryption} of the remembered user identity. |
| * <p/> |
| * The remembered identity storage location and details are left to subclasses. |
| * <h2>Default encryption key</h2> |
| * This implementation uses an {@link AesCipherService AesCipherService} for strong encryption by default. It also |
| * uses a default generated symmetric key to both encrypt and decrypt data. As AES is a symmetric cipher, the same |
| * {@code key} is used to both encrypt and decrypt data, BUT NOTE: |
| * <p/> |
| * Because Shiro is an open-source project, if anyone knew that you were using Shiro's default |
| * {@code key}, they could download/view the source, and with enough effort, reconstruct the {@code key} |
| * and decode encrypted data at will. |
| * <p/> |
| * Of course, this key is only really used to encrypt the remembered {@code PrincipalCollection} which is typically |
| * a user id or username. So if you do not consider that sensitive information, and you think the default key still |
| * makes things 'sufficiently difficult', then you can ignore this issue. |
| * <p/> |
| * However, if you do feel this constitutes sensitive information, it is recommended that you provide your own |
| * {@code key} via the {@link #setCipherKey setCipherKey} method to a key known only to your application, |
| * guaranteeing that no third party can decrypt your data. You can generate your own key by calling the |
| * {@code CipherService}'s {@link org.apache.shiro.crypto.AesCipherService#generateNewKey() generateNewKey} method |
| * and using that result as the {@link #setCipherKey cipherKey} configuration attribute. |
| * |
| * @since 0.9 |
| */ |
| public abstract class AbstractRememberMeManager implements RememberMeManager { |
| |
| /** |
| * private inner log instance. |
| */ |
| <span class="fc" id="L69"> private static final Logger log = LoggerFactory.getLogger(AbstractRememberMeManager.class);</span> |
| |
| /** |
| * Serializer to use for converting PrincipalCollection instances to/from byte arrays |
| */ |
| private Serializer<PrincipalCollection> serializer; |
| |
| /** |
| * Cipher to use for encrypting/decrypting serialized byte arrays for added security |
| */ |
| private CipherService cipherService; |
| |
| /** |
| * Cipher encryption key to use with the Cipher when encrypting data |
| */ |
| private byte[] encryptionCipherKey; |
| |
| /** |
| * Cipher decryption key to use with the Cipher when decrypting data |
| */ |
| private byte[] decryptionCipherKey; |
| |
| /** |
| * Default constructor that initializes a {@link DefaultSerializer} as the {@link #getSerializer() serializer} and |
| * an {@link AesCipherService} as the {@link #getCipherService() cipherService}. |
| */ |
| <span class="fc" id="L95"> public AbstractRememberMeManager() {</span> |
| <span class="fc" id="L96"> this.serializer = new DefaultSerializer<PrincipalCollection>();</span> |
| <span class="fc" id="L97"> AesCipherService cipherService = new AesCipherService();</span> |
| <span class="fc" id="L98"> this.cipherService = cipherService;</span> |
| <span class="fc" id="L99"> setCipherKey(cipherService.generateNewKey().getEncoded());</span> |
| <span class="fc" id="L100"> }</span> |
| |
| /** |
| * Returns the {@code Serializer} used to serialize and deserialize {@link PrincipalCollection} instances for |
| * persistent remember me storage. |
| * <p/> |
| * Unless overridden by the {@link #setSerializer} method, the default instance is a |
| * {@link org.apache.shiro.io.DefaultSerializer}. |
| * |
| * @return the {@code Serializer} used to serialize and deserialize {@link PrincipalCollection} instances for |
| * persistent remember me storage. |
| */ |
| public Serializer<PrincipalCollection> getSerializer() { |
| <span class="fc" id="L113"> return serializer;</span> |
| } |
| |
| /** |
| * Sets the {@code Serializer} used to serialize and deserialize {@link PrincipalCollection} instances for |
| * persistent remember me storage. |
| * <p/> |
| * Unless overridden by this method, the default instance is a {@link DefaultSerializer}. |
| * |
| * @param serializer the {@code Serializer} used to serialize and deserialize {@link PrincipalCollection} instances |
| * for persistent remember me storage. |
| */ |
| public void setSerializer(Serializer<PrincipalCollection> serializer) { |
| <span class="nc" id="L126"> this.serializer = serializer;</span> |
| <span class="nc" id="L127"> }</span> |
| |
| /** |
| * Returns the {@code CipherService} to use for encrypting and decrypting serialized identity data to prevent easy |
| * inspection of Subject identity data. |
| * <p/> |
| * Unless overridden by the {@link #setCipherService} method, the default instance is an {@link AesCipherService}. |
| * |
| * @return the {@code Cipher} to use for encrypting and decrypting serialized identity data to prevent easy |
| * inspection of Subject identity data |
| */ |
| public CipherService getCipherService() { |
| <span class="fc" id="L139"> return cipherService;</span> |
| } |
| |
| /** |
| * Sets the {@code CipherService} to use for encrypting and decrypting serialized identity data to prevent easy |
| * inspection of Subject identity data. |
| * <p/> |
| * If the CipherService is a symmetric CipherService (using the same key for both encryption and decryption), you |
| * should set your key via the {@link #setCipherKey(byte[])} method. |
| * <p/> |
| * If the CipherService is an asymmetric CipherService (different keys for encryption and decryption, such as |
| * public/private key pairs), you should set your encryption and decryption key via the respective |
| * {@link #setEncryptionCipherKey(byte[])} and {@link #setDecryptionCipherKey(byte[])} methods. |
| * <p/> |
| * <b>N.B.</b> Unless overridden by this method, the default CipherService instance is an |
| * {@link AesCipherService}. This {@code RememberMeManager} implementation already has a configured symmetric key |
| * to use for encryption and decryption, but it is recommended to provide your own for added security. See the |
| * class-level JavaDoc for more information and why it might be good to provide your own. |
| * |
| * @param cipherService the {@code CipherService} to use for encrypting and decrypting serialized identity data to |
| * prevent easy inspection of Subject identity data. |
| */ |
| public void setCipherService(CipherService cipherService) { |
| <span class="nc" id="L162"> this.cipherService = cipherService;</span> |
| <span class="nc" id="L163"> }</span> |
| |
| /** |
| * Returns the cipher key to use for encryption operations. |
| * |
| * @return the cipher key to use for encryption operations. |
| * @see #setCipherService for a description of the various {@code get/set*Key} methods. |
| */ |
| public byte[] getEncryptionCipherKey() { |
| <span class="fc" id="L172"> return encryptionCipherKey;</span> |
| } |
| |
| /** |
| * Sets the encryption key to use for encryption operations. |
| * |
| * @param encryptionCipherKey the encryption key to use for encryption operations. |
| * @see #setCipherService for a description of the various {@code get/set*Key} methods. |
| */ |
| public void setEncryptionCipherKey(byte[] encryptionCipherKey) { |
| <span class="fc" id="L182"> this.encryptionCipherKey = encryptionCipherKey;</span> |
| <span class="fc" id="L183"> }</span> |
| |
| /** |
| * Returns the decryption cipher key to use for decryption operations. |
| * |
| * @return the cipher key to use for decryption operations. |
| * @see #setCipherService for a description of the various {@code get/set*Key} methods. |
| */ |
| public byte[] getDecryptionCipherKey() { |
| <span class="fc" id="L192"> return decryptionCipherKey;</span> |
| } |
| |
| /** |
| * Sets the decryption key to use for decryption operations. |
| * |
| * @param decryptionCipherKey the decryption key to use for decryption operations. |
| * @see #setCipherService for a description of the various {@code get/set*Key} methods. |
| */ |
| public void setDecryptionCipherKey(byte[] decryptionCipherKey) { |
| <span class="fc" id="L202"> this.decryptionCipherKey = decryptionCipherKey;</span> |
| <span class="fc" id="L203"> }</span> |
| |
| /** |
| * Convenience method that returns the cipher key to use for <em>both</em> encryption and decryption. |
| * <p/> |
| * <b>N.B.</b> This method can only be called if the underlying {@link #getCipherService() cipherService} is a symmetric |
| * CipherService which by definition uses the same key for both encryption and decryption. If using an asymmetric |
| * CipherService public/private key pair, you cannot use this method, and should instead use the |
| * {@link #getEncryptionCipherKey()} and {@link #getDecryptionCipherKey()} methods individually. |
| * <p/> |
| * The default {@link AesCipherService} instance is a symmetric cipher service, so this method can be used if you are |
| * using the default. |
| * |
| * @return the symmetric cipher key used for both encryption and decryption. |
| */ |
| public byte[] getCipherKey() { |
| //Since this method should only be used with symmetric ciphers |
| //(where the enc and dec keys are the same), either is fine, just return one of them: |
| <span class="nc" id="L221"> return getEncryptionCipherKey();</span> |
| } |
| |
| /** |
| * Convenience method that sets the cipher key to use for <em>both</em> encryption and decryption. |
| * <p/> |
| * <b>N.B.</b> This method can only be called if the underlying {@link #getCipherService() cipherService} is a |
| * symmetric CipherService?which by definition uses the same key for both encryption and decryption. If using an |
| * asymmetric CipherService?(such as a public/private key pair), you cannot use this method, and should instead use |
| * the {@link #setEncryptionCipherKey(byte[])} and {@link #setDecryptionCipherKey(byte[])} methods individually. |
| * <p/> |
| * The default {@link AesCipherService} instance is a symmetric CipherService, so this method can be used if you |
| * are using the default. |
| * |
| * @param cipherKey the symmetric cipher key to use for both encryption and decryption. |
| */ |
| public void setCipherKey(byte[] cipherKey) { |
| //Since this method should only be used in symmetric ciphers |
| //(where the enc and dec keys are the same), set it on both: |
| <span class="fc" id="L240"> setEncryptionCipherKey(cipherKey);</span> |
| <span class="fc" id="L241"> setDecryptionCipherKey(cipherKey);</span> |
| <span class="fc" id="L242"> }</span> |
| |
| /** |
| * Forgets (removes) any remembered identity data for the specified {@link Subject} instance. |
| * |
| * @param subject the subject instance for which identity data should be forgotten from the underlying persistence |
| * mechanism. |
| */ |
| protected abstract void forgetIdentity(Subject subject); |
| |
| /** |
| * Determines whether or not remember me services should be performed for the specified token. This method returns |
| * {@code true} iff: |
| * <ol> |
| * <li>The token is not {@code null} and</li> |
| * <li>The token is an {@code instanceof} {@link RememberMeAuthenticationToken} and</li> |
| * <li>{@code token}.{@link org.apache.shiro.authc.RememberMeAuthenticationToken#isRememberMe() isRememberMe()} is |
| * {@code true}</li> |
| * </ol> |
| * |
| * @param token the authentication token submitted during the successful authentication attempt. |
| * @return true if remember me services should be performed as a result of the successful authentication attempt. |
| */ |
| protected boolean isRememberMe(AuthenticationToken token) { |
| <span class="pc bpc" id="L266" title="2 of 4 branches missed."> return token != null && (token instanceof RememberMeAuthenticationToken) &&</span> |
| <span class="fc bfc" id="L267" title="All 2 branches covered."> ((RememberMeAuthenticationToken) token).isRememberMe();</span> |
| } |
| |
| /** |
| * Reacts to the successful login attempt by first always {@link #forgetIdentity(Subject) forgetting} any previously |
| * stored identity. Then if the {@code token} |
| * {@link #isRememberMe(org.apache.shiro.authc.AuthenticationToken) is a RememberMe} token, the associated identity |
| * will be {@link #rememberIdentity(org.apache.shiro.subject.Subject, org.apache.shiro.authc.AuthenticationToken, org.apache.shiro.authc.AuthenticationInfo) remembered} |
| * for later retrieval during a new user session. |
| * |
| * @param subject the subject for which the principals are being remembered. |
| * @param token the token that resulted in a successful authentication attempt. |
| * @param info the authentication info resulting from the successful authentication attempt. |
| */ |
| public void onSuccessfulLogin(Subject subject, AuthenticationToken token, AuthenticationInfo info) { |
| //always clear any previous identity: |
| <span class="fc" id="L283"> forgetIdentity(subject);</span> |
| |
| //now save the new identity: |
| <span class="fc bfc" id="L286" title="All 2 branches covered."> if (isRememberMe(token)) {</span> |
| <span class="fc" id="L287"> rememberIdentity(subject, token, info);</span> |
| } else { |
| <span class="pc bpc" id="L289" title="1 of 2 branches missed."> if (log.isDebugEnabled()) {</span> |
| <span class="fc" id="L290"> log.debug("AuthenticationToken did not indicate RememberMe is requested. " +</span> |
| "RememberMe functionality will not be executed for corresponding account."); |
| } |
| } |
| <span class="fc" id="L294"> }</span> |
| |
| /** |
| * Remembers a subject-unique identity for retrieval later. This implementation first |
| * {@link #getIdentityToRemember resolves} the exact |
| * {@link PrincipalCollection principals} to remember. It then remembers the principals by calling |
| * {@link #rememberIdentity(org.apache.shiro.subject.Subject, org.apache.shiro.subject.PrincipalCollection)}. |
| * <p/> |
| * This implementation ignores the {@link AuthenticationToken} argument, but it is available to subclasses if |
| * necessary for custom logic. |
| * |
| * @param subject the subject for which the principals are being remembered. |
| * @param token the token that resulted in a successful authentication attempt. |
| * @param authcInfo the authentication info resulting from the successful authentication attempt. |
| */ |
| public void rememberIdentity(Subject subject, AuthenticationToken token, AuthenticationInfo authcInfo) { |
| <span class="fc" id="L310"> PrincipalCollection principals = getIdentityToRemember(subject, authcInfo);</span> |
| <span class="fc" id="L311"> rememberIdentity(subject, principals);</span> |
| <span class="fc" id="L312"> }</span> |
| |
| /** |
| * Returns {@code info}.{@link org.apache.shiro.authc.AuthenticationInfo#getPrincipals() getPrincipals()} and |
| * ignores the {@link Subject} argument. |
| * |
| * @param subject the subject for which the principals are being remembered. |
| * @param info the authentication info resulting from the successful authentication attempt. |
| * @return the {@code PrincipalCollection} to remember. |
| */ |
| protected PrincipalCollection getIdentityToRemember(Subject subject, AuthenticationInfo info) { |
| <span class="fc" id="L323"> return info.getPrincipals();</span> |
| } |
| |
| /** |
| * Remembers the specified account principals by first |
| * {@link #convertPrincipalsToBytes(org.apache.shiro.subject.PrincipalCollection) converting} them to a byte |
| * array and then {@link #rememberSerializedIdentity(org.apache.shiro.subject.Subject, byte[]) remembers} that |
| * byte array. |
| * |
| * @param subject the subject for which the principals are being remembered. |
| * @param accountPrincipals the principals to remember for retrieval later. |
| */ |
| protected void rememberIdentity(Subject subject, PrincipalCollection accountPrincipals) { |
| <span class="fc" id="L336"> byte[] bytes = convertPrincipalsToBytes(accountPrincipals);</span> |
| <span class="fc" id="L337"> rememberSerializedIdentity(subject, bytes);</span> |
| <span class="fc" id="L338"> }</span> |
| |
| /** |
| * Converts the given principal collection the byte array that will be persisted to be 'remembered' later. |
| * <p/> |
| * This implementation first {@link #serialize(org.apache.shiro.subject.PrincipalCollection) serializes} the |
| * principals to a byte array and then {@link #encrypt(byte[]) encrypts} that byte array. |
| * |
| * @param principals the {@code PrincipalCollection} to convert to a byte array |
| * @return the representative byte array to be persisted for remember me functionality. |
| */ |
| protected byte[] convertPrincipalsToBytes(PrincipalCollection principals) { |
| <span class="fc" id="L350"> byte[] bytes = serialize(principals);</span> |
| <span class="pc bpc" id="L351" title="1 of 2 branches missed."> if (getCipherService() != null) {</span> |
| <span class="fc" id="L352"> bytes = encrypt(bytes);</span> |
| } |
| <span class="fc" id="L354"> return bytes;</span> |
| } |
| |
| /** |
| * Persists the identity bytes to a persistent store for retrieval later via the |
| * {@link #getRememberedSerializedIdentity(SubjectContext)} method. |
| * |
| * @param subject the Subject for which the identity is being serialized. |
| * @param serialized the serialized bytes to be persisted. |
| */ |
| protected abstract void rememberSerializedIdentity(Subject subject, byte[] serialized); |
| |
| /** |
| * Implements the interface method by first {@link #getRememberedSerializedIdentity(SubjectContext) acquiring} |
| * the remembered serialized byte array. Then it {@link #convertBytesToPrincipals(byte[], SubjectContext) converts} |
| * them and returns the re-constituted {@link PrincipalCollection}. If no remembered principals could be |
| * obtained, {@code null} is returned. |
| * <p/> |
| * If any exceptions are thrown, the {@link #onRememberedPrincipalFailure(RuntimeException, SubjectContext)} method |
| * is called to allow any necessary post-processing (such as immediately removing any previously remembered |
| * values for safety). |
| * |
| * @param subjectContext the contextual data, usually provided by a {@link Subject.Builder} implementation, that |
| * is being used to construct a {@link Subject} instance. |
| * @return the remembered principals or {@code null} if none could be acquired. |
| */ |
| public PrincipalCollection getRememberedPrincipals(SubjectContext subjectContext) { |
| <span class="fc" id="L381"> PrincipalCollection principals = null;</span> |
| try { |
| <span class="fc" id="L383"> byte[] bytes = getRememberedSerializedIdentity(subjectContext);</span> |
| //SHIRO-138 - only call convertBytesToPrincipals if bytes exist: |
| <span class="fc bfc" id="L385" title="All 4 branches covered."> if (bytes != null && bytes.length > 0) {</span> |
| <span class="fc" id="L386"> principals = convertBytesToPrincipals(bytes, subjectContext);</span> |
| } |
| <span class="fc" id="L388"> } catch (RuntimeException re) {</span> |
| <span class="nc" id="L389"> principals = onRememberedPrincipalFailure(re, subjectContext);</span> |
| <span class="fc" id="L390"> }</span> |
| |
| <span class="fc" id="L392"> return principals;</span> |
| } |
| |
| /** |
| * Based on the given subject context data, retrieves the previously persisted serialized identity, or |
| * {@code null} if there is no available data. The context map is usually populated by a {@link Subject.Builder} |
| * implementation. See the {@link SubjectFactory} class constants for Shiro's known map keys. |
| * |
| * @param subjectContext the contextual data, usually provided by a {@link Subject.Builder} implementation, that |
| * is being used to construct a {@link Subject} instance. To be used to assist with data |
| * lookup. |
| * @return the previously persisted serialized identity, or {@code null} if there is no available data for the |
| * Subject. |
| */ |
| protected abstract byte[] getRememberedSerializedIdentity(SubjectContext subjectContext); |
| |
| /** |
| * If a {@link #getCipherService() cipherService} is available, it will be used to first decrypt the byte array. |
| * Then the bytes are then {@link #deserialize(byte[]) deserialized} and then returned. |
| * |
| * @param bytes the bytes to decrypt if necessary and then deserialize. |
| * @param subjectContext the contextual data, usually provided by a {@link Subject.Builder} implementation, that |
| * is being used to construct a {@link Subject} instance. |
| * @return the de-serialized and possibly decrypted principals |
| */ |
| protected PrincipalCollection convertBytesToPrincipals(byte[] bytes, SubjectContext subjectContext) { |
| <span class="pc bpc" id="L418" title="1 of 2 branches missed."> if (getCipherService() != null) {</span> |
| <span class="fc" id="L419"> bytes = decrypt(bytes);</span> |
| } |
| <span class="fc" id="L421"> return deserialize(bytes);</span> |
| } |
| |
| /** |
| * Called when an exception is thrown while trying to retrieve principals. The default implementation logs a |
| * warning message and forgets ('unremembers') the problem identity by calling |
| * {@link #forgetIdentity(SubjectContext) forgetIdentity(context)} and then immediately re-throws the |
| * exception to allow the calling component to react accordingly. |
| * <p/> |
| * This method implementation never returns an |
| * object - it always rethrows, but can be overridden by subclasses for custom handling behavior. |
| * <p/> |
| * This most commonly would be called when an encryption key is updated and old principals are retrieved that have |
| * been encrypted with the previous key. |
| * |
| * @param e the exception that was thrown. |
| * @param context the contextual data, usually provided by a {@link Subject.Builder} implementation, that |
| * is being used to construct a {@link Subject} instance. |
| * @return nothing - the original {@code RuntimeException} is propagated in all cases. |
| */ |
| protected PrincipalCollection onRememberedPrincipalFailure(RuntimeException e, SubjectContext context) { |
| |
| <span class="pc bpc" id="L443" title="1 of 2 branches missed."> if (log.isWarnEnabled()) {</span> |
| <span class="fc" id="L444"> String message = "There was a failure while trying to retrieve remembered principals. This could be due to a " +</span> |
| "configuration problem or corrupted principals. This could also be due to a recently " + |
| "changed encryption key, if you are using a shiro.ini file, this property would be " + |
| "'securityManager.rememberMeManager.cipherKey' see: http://shiro.apache.org/web.html#Web-RememberMeServices. " + |
| "The remembered identity will be forgotten and not used for this request."; |
| <span class="fc" id="L449"> log.warn(message);</span> |
| } |
| <span class="fc" id="L451"> forgetIdentity(context);</span> |
| //propagate - security manager implementation will handle and warn appropriately |
| <span class="fc" id="L453"> throw e;</span> |
| } |
| |
| /** |
| * Encrypts the byte array by using the configured {@link #getCipherService() cipherService}. |
| * |
| * @param serialized the serialized object byte array to be encrypted |
| * @return an encrypted byte array returned by the configured {@link #getCipherService () cipher}. |
| */ |
| protected byte[] encrypt(byte[] serialized) { |
| <span class="fc" id="L463"> byte[] value = serialized;</span> |
| <span class="fc" id="L464"> CipherService cipherService = getCipherService();</span> |
| <span class="pc bpc" id="L465" title="1 of 2 branches missed."> if (cipherService != null) {</span> |
| <span class="fc" id="L466"> ByteSource byteSource = cipherService.encrypt(serialized, getEncryptionCipherKey());</span> |
| <span class="fc" id="L467"> value = byteSource.getBytes();</span> |
| } |
| <span class="fc" id="L469"> return value;</span> |
| } |
| |
| /** |
| * Decrypts the byte array using the configured {@link #getCipherService() cipherService}. |
| * |
| * @param encrypted the encrypted byte array to decrypt |
| * @return the decrypted byte array returned by the configured {@link #getCipherService () cipher}. |
| */ |
| protected byte[] decrypt(byte[] encrypted) { |
| <span class="fc" id="L479"> byte[] serialized = encrypted;</span> |
| <span class="fc" id="L480"> CipherService cipherService = getCipherService();</span> |
| <span class="pc bpc" id="L481" title="1 of 2 branches missed."> if (cipherService != null) {</span> |
| <span class="fc" id="L482"> ByteSource byteSource = cipherService.decrypt(encrypted, getDecryptionCipherKey());</span> |
| <span class="fc" id="L483"> serialized = byteSource.getBytes();</span> |
| } |
| <span class="fc" id="L485"> return serialized;</span> |
| } |
| |
| /** |
| * Serializes the given {@code principals} by serializing them to a byte array by using the |
| * {@link #getSerializer() serializer}'s {@link Serializer#serialize(Object) serialize} method. |
| * |
| * @param principals the principal collection to serialize to a byte array |
| * @return the serialized principal collection in the form of a byte array |
| */ |
| protected byte[] serialize(PrincipalCollection principals) { |
| <span class="fc" id="L496"> return getSerializer().serialize(principals);</span> |
| } |
| |
| /** |
| * De-serializes the given byte array by using the {@link #getSerializer() serializer}'s |
| * {@link Serializer#deserialize deserialize} method. |
| * |
| * @param serializedIdentity the previously serialized {@code PrincipalCollection} as a byte array |
| * @return the de-serialized (reconstituted) {@code PrincipalCollection} |
| */ |
| protected PrincipalCollection deserialize(byte[] serializedIdentity) { |
| <span class="fc" id="L507"> return getSerializer().deserialize(serializedIdentity);</span> |
| } |
| |
| /** |
| * Reacts to a failed login by immediately {@link #forgetIdentity(org.apache.shiro.subject.Subject) forgetting} any |
| * previously remembered identity. This is an additional security feature to prevent any remenant identity data |
| * from being retained in case the authentication attempt is not being executed by the expected user. |
| * |
| * @param subject the subject which executed the failed login attempt |
| * @param token the authentication token resulting in a failed login attempt - ignored by this implementation |
| * @param ae the exception thrown as a result of the failed login attempt - ignored by this implementation |
| */ |
| public void onFailedLogin(Subject subject, AuthenticationToken token, AuthenticationException ae) { |
| <span class="nc" id="L520"> forgetIdentity(subject);</span> |
| <span class="nc" id="L521"> }</span> |
| |
| /** |
| * Reacts to a subject logging out of the application and immediately |
| * {@link #forgetIdentity(org.apache.shiro.subject.Subject) forgets} any previously stored identity and returns. |
| * |
| * @param subject the subject logging out. |
| */ |
| public void onLogout(Subject subject) { |
| <span class="fc" id="L530"> forgetIdentity(subject);</span> |
| <span class="fc" id="L531"> }</span> |
| } |
| </pre><div class="footer"><span class="right">Created with <a href="http://www.eclemma.org/jacoco">JaCoCo</a> 0.7.7.201606060606</span></div></body></html> |