Google Git
Sign in
apache / shiro-site / 01016f43374d9b054f3ea1e568b015d5d69428f9 / . / src / site / assets / static / 1.4.0-RC2 / shiro-all / jacoco-aggregate / shiro-core / org.apache.shiro.mgt / AbstractRememberMeManager.java.html
blob: 6dade1c70f4a63fdd24994b46a8b7a9e92e6ba64 [file] [log] [blame]
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en"><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/><link rel="stylesheet" href="../../jacoco-resources/report.css" type="text/css"/><link rel="shortcut icon" href="../../jacoco-resources/report.gif" type="image/gif"/><title>AbstractRememberMeManager.java</title><link rel="stylesheet" href="../../jacoco-resources/prettify.css" type="text/css"/><script type="text/javascript" src="../../jacoco-resources/prettify.js"></script></head><body onload="window['PR_TAB_WIDTH']=4;prettyPrint()"><div class="breadcrumb" id="breadcrumb"><span class="info"><a href="../../jacoco-sessions.html" class="el_session">Sessions</a></span><a href="../../index.html" class="el_report">Apache Shiro :: All (aggregate jar)</a> &gt; <a href="../index.html" class="el_bundle">shiro-core</a> &gt; <a href="index.source.html" class="el_package">org.apache.shiro.mgt</a> &gt; <span class="el_source">AbstractRememberMeManager.java</span></div><h1>AbstractRememberMeManager.java</h1><pre class="source lang-java linenums">/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* &quot;License&quot;); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* &quot;AS IS&quot; BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.shiro.mgt;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.RememberMeAuthenticationToken;
import org.apache.shiro.codec.Base64;
import org.apache.shiro.crypto.AesCipherService;
import org.apache.shiro.crypto.CipherService;
import org.apache.shiro.io.DefaultSerializer;
import org.apache.shiro.io.Serializer;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.subject.SubjectContext;
import org.apache.shiro.util.ByteSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* Abstract implementation of the {@code RememberMeManager} interface that handles
* {@link #setSerializer(org.apache.shiro.io.Serializer) serialization} and
* {@link #setCipherService encryption} of the remembered user identity.
* &lt;p/&gt;
* The remembered identity storage location and details are left to subclasses.
* &lt;h2&gt;Default encryption key&lt;/h2&gt;
* This implementation uses an {@link AesCipherService AesCipherService} for strong encryption by default. It also
* uses a default generated symmetric key to both encrypt and decrypt data. As AES is a symmetric cipher, the same
* {@code key} is used to both encrypt and decrypt data, BUT NOTE:
* &lt;p/&gt;
* Because Shiro is an open-source project, if anyone knew that you were using Shiro's default
* {@code key}, they could download/view the source, and with enough effort, reconstruct the {@code key}
* and decode encrypted data at will.
* &lt;p/&gt;
* Of course, this key is only really used to encrypt the remembered {@code PrincipalCollection} which is typically
* a user id or username. So if you do not consider that sensitive information, and you think the default key still
* makes things 'sufficiently difficult', then you can ignore this issue.
* &lt;p/&gt;
* However, if you do feel this constitutes sensitive information, it is recommended that you provide your own
* {@code key} via the {@link #setCipherKey setCipherKey} method to a key known only to your application,
* guaranteeing that no third party can decrypt your data. You can generate your own key by calling the
* {@code CipherService}'s {@link org.apache.shiro.crypto.AesCipherService#generateNewKey() generateNewKey} method
* and using that result as the {@link #setCipherKey cipherKey} configuration attribute.
*
* @since 0.9
*/
public abstract class AbstractRememberMeManager implements RememberMeManager {
/**
* private inner log instance.
*/
<span class="fc" id="L69"> private static final Logger log = LoggerFactory.getLogger(AbstractRememberMeManager.class);</span>
/**
* Serializer to use for converting PrincipalCollection instances to/from byte arrays
*/
private Serializer&lt;PrincipalCollection&gt; serializer;
/**
* Cipher to use for encrypting/decrypting serialized byte arrays for added security
*/
private CipherService cipherService;
/**
* Cipher encryption key to use with the Cipher when encrypting data
*/
private byte[] encryptionCipherKey;
/**
* Cipher decryption key to use with the Cipher when decrypting data
*/
private byte[] decryptionCipherKey;
/**
* Default constructor that initializes a {@link DefaultSerializer} as the {@link #getSerializer() serializer} and
* an {@link AesCipherService} as the {@link #getCipherService() cipherService}.
*/
<span class="fc" id="L95"> public AbstractRememberMeManager() {</span>
<span class="fc" id="L96"> this.serializer = new DefaultSerializer&lt;PrincipalCollection&gt;();</span>
<span class="fc" id="L97"> AesCipherService cipherService = new AesCipherService();</span>
<span class="fc" id="L98"> this.cipherService = cipherService;</span>
<span class="fc" id="L99"> setCipherKey(cipherService.generateNewKey().getEncoded());</span>
<span class="fc" id="L100"> }</span>
/**
* Returns the {@code Serializer} used to serialize and deserialize {@link PrincipalCollection} instances for
* persistent remember me storage.
* &lt;p/&gt;
* Unless overridden by the {@link #setSerializer} method, the default instance is a
* {@link org.apache.shiro.io.DefaultSerializer}.
*
* @return the {@code Serializer} used to serialize and deserialize {@link PrincipalCollection} instances for
* persistent remember me storage.
*/
public Serializer&lt;PrincipalCollection&gt; getSerializer() {
<span class="fc" id="L113"> return serializer;</span>
}
/**
* Sets the {@code Serializer} used to serialize and deserialize {@link PrincipalCollection} instances for
* persistent remember me storage.
* &lt;p/&gt;
* Unless overridden by this method, the default instance is a {@link DefaultSerializer}.
*
* @param serializer the {@code Serializer} used to serialize and deserialize {@link PrincipalCollection} instances
* for persistent remember me storage.
*/
public void setSerializer(Serializer&lt;PrincipalCollection&gt; serializer) {
<span class="nc" id="L126"> this.serializer = serializer;</span>
<span class="nc" id="L127"> }</span>
/**
* Returns the {@code CipherService} to use for encrypting and decrypting serialized identity data to prevent easy
* inspection of Subject identity data.
* &lt;p/&gt;
* Unless overridden by the {@link #setCipherService} method, the default instance is an {@link AesCipherService}.
*
* @return the {@code Cipher} to use for encrypting and decrypting serialized identity data to prevent easy
* inspection of Subject identity data
*/
public CipherService getCipherService() {
<span class="fc" id="L139"> return cipherService;</span>
}
/**
* Sets the {@code CipherService} to use for encrypting and decrypting serialized identity data to prevent easy
* inspection of Subject identity data.
* &lt;p/&gt;
* If the CipherService is a symmetric CipherService (using the same key for both encryption and decryption), you
* should set your key via the {@link #setCipherKey(byte[])} method.
* &lt;p/&gt;
* If the CipherService is an asymmetric CipherService (different keys for encryption and decryption, such as
* public/private key pairs), you should set your encryption and decryption key via the respective
* {@link #setEncryptionCipherKey(byte[])} and {@link #setDecryptionCipherKey(byte[])} methods.
* &lt;p/&gt;
* &lt;b&gt;N.B.&lt;/b&gt; Unless overridden by this method, the default CipherService instance is an
* {@link AesCipherService}. This {@code RememberMeManager} implementation already has a configured symmetric key
* to use for encryption and decryption, but it is recommended to provide your own for added security. See the
* class-level JavaDoc for more information and why it might be good to provide your own.
*
* @param cipherService the {@code CipherService} to use for encrypting and decrypting serialized identity data to
* prevent easy inspection of Subject identity data.
*/
public void setCipherService(CipherService cipherService) {
<span class="nc" id="L162"> this.cipherService = cipherService;</span>
<span class="nc" id="L163"> }</span>
/**
* Returns the cipher key to use for encryption operations.
*
* @return the cipher key to use for encryption operations.
* @see #setCipherService for a description of the various {@code get/set*Key} methods.
*/
public byte[] getEncryptionCipherKey() {
<span class="fc" id="L172"> return encryptionCipherKey;</span>
}
/**
* Sets the encryption key to use for encryption operations.
*
* @param encryptionCipherKey the encryption key to use for encryption operations.
* @see #setCipherService for a description of the various {@code get/set*Key} methods.
*/
public void setEncryptionCipherKey(byte[] encryptionCipherKey) {
<span class="fc" id="L182"> this.encryptionCipherKey = encryptionCipherKey;</span>
<span class="fc" id="L183"> }</span>
/**
* Returns the decryption cipher key to use for decryption operations.
*
* @return the cipher key to use for decryption operations.
* @see #setCipherService for a description of the various {@code get/set*Key} methods.
*/
public byte[] getDecryptionCipherKey() {
<span class="fc" id="L192"> return decryptionCipherKey;</span>
}
/**
* Sets the decryption key to use for decryption operations.
*
* @param decryptionCipherKey the decryption key to use for decryption operations.
* @see #setCipherService for a description of the various {@code get/set*Key} methods.
*/
public void setDecryptionCipherKey(byte[] decryptionCipherKey) {
<span class="fc" id="L202"> this.decryptionCipherKey = decryptionCipherKey;</span>
<span class="fc" id="L203"> }</span>
/**
* Convenience method that returns the cipher key to use for &lt;em&gt;both&lt;/em&gt; encryption and decryption.
* &lt;p/&gt;
* &lt;b&gt;N.B.&lt;/b&gt; This method can only be called if the underlying {@link #getCipherService() cipherService} is a symmetric
* CipherService which by definition uses the same key for both encryption and decryption. If using an asymmetric
* CipherService public/private key pair, you cannot use this method, and should instead use the
* {@link #getEncryptionCipherKey()} and {@link #getDecryptionCipherKey()} methods individually.
* &lt;p/&gt;
* The default {@link AesCipherService} instance is a symmetric cipher service, so this method can be used if you are
* using the default.
*
* @return the symmetric cipher key used for both encryption and decryption.
*/
public byte[] getCipherKey() {
//Since this method should only be used with symmetric ciphers
//(where the enc and dec keys are the same), either is fine, just return one of them:
<span class="nc" id="L221"> return getEncryptionCipherKey();</span>
}
/**
* Convenience method that sets the cipher key to use for &lt;em&gt;both&lt;/em&gt; encryption and decryption.
* &lt;p/&gt;
* &lt;b&gt;N.B.&lt;/b&gt; This method can only be called if the underlying {@link #getCipherService() cipherService} is a
* symmetric CipherService?which by definition uses the same key for both encryption and decryption. If using an
* asymmetric CipherService?(such as a public/private key pair), you cannot use this method, and should instead use
* the {@link #setEncryptionCipherKey(byte[])} and {@link #setDecryptionCipherKey(byte[])} methods individually.
* &lt;p/&gt;
* The default {@link AesCipherService} instance is a symmetric CipherService, so this method can be used if you
* are using the default.
*
* @param cipherKey the symmetric cipher key to use for both encryption and decryption.
*/
public void setCipherKey(byte[] cipherKey) {
//Since this method should only be used in symmetric ciphers
//(where the enc and dec keys are the same), set it on both:
<span class="fc" id="L240"> setEncryptionCipherKey(cipherKey);</span>
<span class="fc" id="L241"> setDecryptionCipherKey(cipherKey);</span>
<span class="fc" id="L242"> }</span>
/**
* Forgets (removes) any remembered identity data for the specified {@link Subject} instance.
*
* @param subject the subject instance for which identity data should be forgotten from the underlying persistence
* mechanism.
*/
protected abstract void forgetIdentity(Subject subject);
/**
* Determines whether or not remember me services should be performed for the specified token. This method returns
* {@code true} iff:
* &lt;ol&gt;
* &lt;li&gt;The token is not {@code null} and&lt;/li&gt;
* &lt;li&gt;The token is an {@code instanceof} {@link RememberMeAuthenticationToken} and&lt;/li&gt;
* &lt;li&gt;{@code token}.{@link org.apache.shiro.authc.RememberMeAuthenticationToken#isRememberMe() isRememberMe()} is
* {@code true}&lt;/li&gt;
* &lt;/ol&gt;
*
* @param token the authentication token submitted during the successful authentication attempt.
* @return true if remember me services should be performed as a result of the successful authentication attempt.
*/
protected boolean isRememberMe(AuthenticationToken token) {
<span class="pc bpc" id="L266" title="2 of 4 branches missed."> return token != null &amp;&amp; (token instanceof RememberMeAuthenticationToken) &amp;&amp;</span>
<span class="fc bfc" id="L267" title="All 2 branches covered."> ((RememberMeAuthenticationToken) token).isRememberMe();</span>
}
/**
* Reacts to the successful login attempt by first always {@link #forgetIdentity(Subject) forgetting} any previously
* stored identity. Then if the {@code token}
* {@link #isRememberMe(org.apache.shiro.authc.AuthenticationToken) is a RememberMe} token, the associated identity
* will be {@link #rememberIdentity(org.apache.shiro.subject.Subject, org.apache.shiro.authc.AuthenticationToken, org.apache.shiro.authc.AuthenticationInfo) remembered}
* for later retrieval during a new user session.
*
* @param subject the subject for which the principals are being remembered.
* @param token the token that resulted in a successful authentication attempt.
* @param info the authentication info resulting from the successful authentication attempt.
*/
public void onSuccessfulLogin(Subject subject, AuthenticationToken token, AuthenticationInfo info) {
//always clear any previous identity:
<span class="fc" id="L283"> forgetIdentity(subject);</span>
//now save the new identity:
<span class="fc bfc" id="L286" title="All 2 branches covered."> if (isRememberMe(token)) {</span>
<span class="fc" id="L287"> rememberIdentity(subject, token, info);</span>
} else {
<span class="pc bpc" id="L289" title="1 of 2 branches missed."> if (log.isDebugEnabled()) {</span>
<span class="fc" id="L290"> log.debug(&quot;AuthenticationToken did not indicate RememberMe is requested. &quot; +</span>
&quot;RememberMe functionality will not be executed for corresponding account.&quot;);
}
}
<span class="fc" id="L294"> }</span>
/**
* Remembers a subject-unique identity for retrieval later. This implementation first
* {@link #getIdentityToRemember resolves} the exact
* {@link PrincipalCollection principals} to remember. It then remembers the principals by calling
* {@link #rememberIdentity(org.apache.shiro.subject.Subject, org.apache.shiro.subject.PrincipalCollection)}.
* &lt;p/&gt;
* This implementation ignores the {@link AuthenticationToken} argument, but it is available to subclasses if
* necessary for custom logic.
*
* @param subject the subject for which the principals are being remembered.
* @param token the token that resulted in a successful authentication attempt.
* @param authcInfo the authentication info resulting from the successful authentication attempt.
*/
public void rememberIdentity(Subject subject, AuthenticationToken token, AuthenticationInfo authcInfo) {
<span class="fc" id="L310"> PrincipalCollection principals = getIdentityToRemember(subject, authcInfo);</span>
<span class="fc" id="L311"> rememberIdentity(subject, principals);</span>
<span class="fc" id="L312"> }</span>
/**
* Returns {@code info}.{@link org.apache.shiro.authc.AuthenticationInfo#getPrincipals() getPrincipals()} and
* ignores the {@link Subject} argument.
*
* @param subject the subject for which the principals are being remembered.
* @param info the authentication info resulting from the successful authentication attempt.
* @return the {@code PrincipalCollection} to remember.
*/
protected PrincipalCollection getIdentityToRemember(Subject subject, AuthenticationInfo info) {
<span class="fc" id="L323"> return info.getPrincipals();</span>
}
/**
* Remembers the specified account principals by first
* {@link #convertPrincipalsToBytes(org.apache.shiro.subject.PrincipalCollection) converting} them to a byte
* array and then {@link #rememberSerializedIdentity(org.apache.shiro.subject.Subject, byte[]) remembers} that
* byte array.
*
* @param subject the subject for which the principals are being remembered.
* @param accountPrincipals the principals to remember for retrieval later.
*/
protected void rememberIdentity(Subject subject, PrincipalCollection accountPrincipals) {
<span class="fc" id="L336"> byte[] bytes = convertPrincipalsToBytes(accountPrincipals);</span>
<span class="fc" id="L337"> rememberSerializedIdentity(subject, bytes);</span>
<span class="fc" id="L338"> }</span>
/**
* Converts the given principal collection the byte array that will be persisted to be 'remembered' later.
* &lt;p/&gt;
* This implementation first {@link #serialize(org.apache.shiro.subject.PrincipalCollection) serializes} the
* principals to a byte array and then {@link #encrypt(byte[]) encrypts} that byte array.
*
* @param principals the {@code PrincipalCollection} to convert to a byte array
* @return the representative byte array to be persisted for remember me functionality.
*/
protected byte[] convertPrincipalsToBytes(PrincipalCollection principals) {
<span class="fc" id="L350"> byte[] bytes = serialize(principals);</span>
<span class="pc bpc" id="L351" title="1 of 2 branches missed."> if (getCipherService() != null) {</span>
<span class="fc" id="L352"> bytes = encrypt(bytes);</span>
}
<span class="fc" id="L354"> return bytes;</span>
}
/**
* Persists the identity bytes to a persistent store for retrieval later via the
* {@link #getRememberedSerializedIdentity(SubjectContext)} method.
*
* @param subject the Subject for which the identity is being serialized.
* @param serialized the serialized bytes to be persisted.
*/
protected abstract void rememberSerializedIdentity(Subject subject, byte[] serialized);
/**
* Implements the interface method by first {@link #getRememberedSerializedIdentity(SubjectContext) acquiring}
* the remembered serialized byte array. Then it {@link #convertBytesToPrincipals(byte[], SubjectContext) converts}
* them and returns the re-constituted {@link PrincipalCollection}. If no remembered principals could be
* obtained, {@code null} is returned.
* &lt;p/&gt;
* If any exceptions are thrown, the {@link #onRememberedPrincipalFailure(RuntimeException, SubjectContext)} method
* is called to allow any necessary post-processing (such as immediately removing any previously remembered
* values for safety).
*
* @param subjectContext the contextual data, usually provided by a {@link Subject.Builder} implementation, that
* is being used to construct a {@link Subject} instance.
* @return the remembered principals or {@code null} if none could be acquired.
*/
public PrincipalCollection getRememberedPrincipals(SubjectContext subjectContext) {
<span class="fc" id="L381"> PrincipalCollection principals = null;</span>
try {
<span class="fc" id="L383"> byte[] bytes = getRememberedSerializedIdentity(subjectContext);</span>
//SHIRO-138 - only call convertBytesToPrincipals if bytes exist:
<span class="fc bfc" id="L385" title="All 4 branches covered."> if (bytes != null &amp;&amp; bytes.length &gt; 0) {</span>
<span class="fc" id="L386"> principals = convertBytesToPrincipals(bytes, subjectContext);</span>
}
<span class="fc" id="L388"> } catch (RuntimeException re) {</span>
<span class="nc" id="L389"> principals = onRememberedPrincipalFailure(re, subjectContext);</span>
<span class="fc" id="L390"> }</span>
<span class="fc" id="L392"> return principals;</span>
}
/**
* Based on the given subject context data, retrieves the previously persisted serialized identity, or
* {@code null} if there is no available data. The context map is usually populated by a {@link Subject.Builder}
* implementation. See the {@link SubjectFactory} class constants for Shiro's known map keys.
*
* @param subjectContext the contextual data, usually provided by a {@link Subject.Builder} implementation, that
* is being used to construct a {@link Subject} instance. To be used to assist with data
* lookup.
* @return the previously persisted serialized identity, or {@code null} if there is no available data for the
* Subject.
*/
protected abstract byte[] getRememberedSerializedIdentity(SubjectContext subjectContext);
/**
* If a {@link #getCipherService() cipherService} is available, it will be used to first decrypt the byte array.
* Then the bytes are then {@link #deserialize(byte[]) deserialized} and then returned.
*
* @param bytes the bytes to decrypt if necessary and then deserialize.
* @param subjectContext the contextual data, usually provided by a {@link Subject.Builder} implementation, that
* is being used to construct a {@link Subject} instance.
* @return the de-serialized and possibly decrypted principals
*/
protected PrincipalCollection convertBytesToPrincipals(byte[] bytes, SubjectContext subjectContext) {
<span class="pc bpc" id="L418" title="1 of 2 branches missed."> if (getCipherService() != null) {</span>
<span class="fc" id="L419"> bytes = decrypt(bytes);</span>
}
<span class="fc" id="L421"> return deserialize(bytes);</span>
}
/**
* Called when an exception is thrown while trying to retrieve principals. The default implementation logs a
* warning message and forgets ('unremembers') the problem identity by calling
* {@link #forgetIdentity(SubjectContext) forgetIdentity(context)} and then immediately re-throws the
* exception to allow the calling component to react accordingly.
* &lt;p/&gt;
* This method implementation never returns an
* object - it always rethrows, but can be overridden by subclasses for custom handling behavior.
* &lt;p/&gt;
* This most commonly would be called when an encryption key is updated and old principals are retrieved that have
* been encrypted with the previous key.
*
* @param e the exception that was thrown.
* @param context the contextual data, usually provided by a {@link Subject.Builder} implementation, that
* is being used to construct a {@link Subject} instance.
* @return nothing - the original {@code RuntimeException} is propagated in all cases.
*/
protected PrincipalCollection onRememberedPrincipalFailure(RuntimeException e, SubjectContext context) {
<span class="pc bpc" id="L443" title="1 of 2 branches missed."> if (log.isWarnEnabled()) {</span>
<span class="fc" id="L444"> String message = &quot;There was a failure while trying to retrieve remembered principals. This could be due to a &quot; +</span>
&quot;configuration problem or corrupted principals. This could also be due to a recently &quot; +
&quot;changed encryption key, if you are using a shiro.ini file, this property would be &quot; +
&quot;'securityManager.rememberMeManager.cipherKey' see: http://shiro.apache.org/web.html#Web-RememberMeServices. &quot; +
&quot;The remembered identity will be forgotten and not used for this request.&quot;;
<span class="fc" id="L449"> log.warn(message);</span>
}
<span class="fc" id="L451"> forgetIdentity(context);</span>
//propagate - security manager implementation will handle and warn appropriately
<span class="fc" id="L453"> throw e;</span>
}
/**
* Encrypts the byte array by using the configured {@link #getCipherService() cipherService}.
*
* @param serialized the serialized object byte array to be encrypted
* @return an encrypted byte array returned by the configured {@link #getCipherService () cipher}.
*/
protected byte[] encrypt(byte[] serialized) {
<span class="fc" id="L463"> byte[] value = serialized;</span>
<span class="fc" id="L464"> CipherService cipherService = getCipherService();</span>
<span class="pc bpc" id="L465" title="1 of 2 branches missed."> if (cipherService != null) {</span>
<span class="fc" id="L466"> ByteSource byteSource = cipherService.encrypt(serialized, getEncryptionCipherKey());</span>
<span class="fc" id="L467"> value = byteSource.getBytes();</span>
}
<span class="fc" id="L469"> return value;</span>
}
/**
* Decrypts the byte array using the configured {@link #getCipherService() cipherService}.
*
* @param encrypted the encrypted byte array to decrypt
* @return the decrypted byte array returned by the configured {@link #getCipherService () cipher}.
*/
protected byte[] decrypt(byte[] encrypted) {
<span class="fc" id="L479"> byte[] serialized = encrypted;</span>
<span class="fc" id="L480"> CipherService cipherService = getCipherService();</span>
<span class="pc bpc" id="L481" title="1 of 2 branches missed."> if (cipherService != null) {</span>
<span class="fc" id="L482"> ByteSource byteSource = cipherService.decrypt(encrypted, getDecryptionCipherKey());</span>
<span class="fc" id="L483"> serialized = byteSource.getBytes();</span>
}
<span class="fc" id="L485"> return serialized;</span>
}
/**
* Serializes the given {@code principals} by serializing them to a byte array by using the
* {@link #getSerializer() serializer}'s {@link Serializer#serialize(Object) serialize} method.
*
* @param principals the principal collection to serialize to a byte array
* @return the serialized principal collection in the form of a byte array
*/
protected byte[] serialize(PrincipalCollection principals) {
<span class="fc" id="L496"> return getSerializer().serialize(principals);</span>
}
/**
* De-serializes the given byte array by using the {@link #getSerializer() serializer}'s
* {@link Serializer#deserialize deserialize} method.
*
* @param serializedIdentity the previously serialized {@code PrincipalCollection} as a byte array
* @return the de-serialized (reconstituted) {@code PrincipalCollection}
*/
protected PrincipalCollection deserialize(byte[] serializedIdentity) {
<span class="fc" id="L507"> return getSerializer().deserialize(serializedIdentity);</span>
}
/**
* Reacts to a failed login by immediately {@link #forgetIdentity(org.apache.shiro.subject.Subject) forgetting} any
* previously remembered identity. This is an additional security feature to prevent any remenant identity data
* from being retained in case the authentication attempt is not being executed by the expected user.
*
* @param subject the subject which executed the failed login attempt
* @param token the authentication token resulting in a failed login attempt - ignored by this implementation
* @param ae the exception thrown as a result of the failed login attempt - ignored by this implementation
*/
public void onFailedLogin(Subject subject, AuthenticationToken token, AuthenticationException ae) {
<span class="nc" id="L520"> forgetIdentity(subject);</span>
<span class="nc" id="L521"> }</span>
/**
* Reacts to a subject logging out of the application and immediately
* {@link #forgetIdentity(org.apache.shiro.subject.Subject) forgets} any previously stored identity and returns.
*
* @param subject the subject logging out.
*/
public void onLogout(Subject subject) {
<span class="fc" id="L530"> forgetIdentity(subject);</span>
<span class="fc" id="L531"> }</span>
}
</pre><div class="footer"><span class="right">Created with <a href="http://www.eclemma.org/jacoco">JaCoCo</a> 0.7.7.201606060606</span></div></body></html>