| <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en"><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/><link rel="stylesheet" href="../../jacoco-resources/report.css" type="text/css"/><link rel="shortcut icon" href="../../jacoco-resources/report.gif" type="image/gif"/><title>ShiroHttpServletRequest.java</title><link rel="stylesheet" href="../../jacoco-resources/prettify.css" type="text/css"/><script type="text/javascript" src="../../jacoco-resources/prettify.js"></script></head><body onload="window['PR_TAB_WIDTH']=4;prettyPrint()"><div class="breadcrumb" id="breadcrumb"><span class="info"><a href="../../jacoco-sessions.html" class="el_session">Sessions</a></span><a href="../../index.html" class="el_report">Apache Shiro :: All (aggregate jar)</a> > <a href="../index.html" class="el_bundle">shiro-web</a> > <a href="index.source.html" class="el_package">org.apache.shiro.web.servlet</a> > <span class="el_source">ShiroHttpServletRequest.java</span></div><h1>ShiroHttpServletRequest.java</h1><pre class="source lang-java linenums">/* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| package org.apache.shiro.web.servlet; |
| |
| import org.apache.shiro.SecurityUtils; |
| import org.apache.shiro.session.Session; |
| import org.apache.shiro.subject.Subject; |
| import org.apache.shiro.subject.support.DisabledSessionException; |
| import org.apache.shiro.web.util.WebUtils; |
| |
| import javax.servlet.ServletContext; |
| import javax.servlet.http.HttpServletRequest; |
| import javax.servlet.http.HttpServletRequestWrapper; |
| import javax.servlet.http.HttpSession; |
| import java.security.Principal; |
| |
| |
| /** |
| * A {@code ShiroHttpServletRequest} wraps the Servlet container's original {@code ServletRequest} instance, but ensures |
| * that all {@link HttpServletRequest} invocations that require Shiro's support ({@link #getRemoteUser getRemoteUser}, |
| * {@link #getSession getSession}, etc) can be executed first by Shiro as necessary before allowing the underlying |
| * Servlet container instance's method to be invoked. |
| * |
| * @since 0.2 |
| */ |
| public class ShiroHttpServletRequest extends HttpServletRequestWrapper { |
| |
| //TODO - complete JavaDoc |
| |
| //The following 7 constants support the Shiro's implementation of the Servlet Specification |
| public static final String COOKIE_SESSION_ID_SOURCE = "cookie"; |
| public static final String URL_SESSION_ID_SOURCE = "url"; |
| <span class="fc" id="L49"> public static final String REFERENCED_SESSION_ID = ShiroHttpServletRequest.class.getName() + "_REQUESTED_SESSION_ID";</span> |
| <span class="fc" id="L50"> public static final String REFERENCED_SESSION_ID_IS_VALID = ShiroHttpServletRequest.class.getName() + "_REQUESTED_SESSION_ID_VALID";</span> |
| <span class="fc" id="L51"> public static final String REFERENCED_SESSION_IS_NEW = ShiroHttpServletRequest.class.getName() + "_REFERENCED_SESSION_IS_NEW";</span> |
| <span class="fc" id="L52"> public static final String REFERENCED_SESSION_ID_SOURCE = ShiroHttpServletRequest.class.getName() + "REFERENCED_SESSION_ID_SOURCE";</span> |
| <span class="fc" id="L53"> public static final String IDENTITY_REMOVED_KEY = ShiroHttpServletRequest.class.getName() + "_IDENTITY_REMOVED_KEY";</span> |
| <span class="fc" id="L54"> public static final String SESSION_ID_URL_REWRITING_ENABLED = ShiroHttpServletRequest.class.getName() + "_SESSION_ID_URL_REWRITING_ENABLED";</span> |
| |
| <span class="fc" id="L56"> protected ServletContext servletContext = null;</span> |
| |
| <span class="fc" id="L58"> protected HttpSession session = null;</span> |
| <span class="fc" id="L59"> protected boolean httpSessions = true;</span> |
| |
| public ShiroHttpServletRequest(HttpServletRequest wrapped, ServletContext servletContext, boolean httpSessions) { |
| <span class="fc" id="L62"> super(wrapped);</span> |
| <span class="fc" id="L63"> this.servletContext = servletContext;</span> |
| <span class="fc" id="L64"> this.httpSessions = httpSessions;</span> |
| <span class="fc" id="L65"> }</span> |
| |
| public boolean isHttpSessions() { |
| <span class="fc" id="L68"> return httpSessions;</span> |
| } |
| |
| public String getRemoteUser() { |
| String remoteUser; |
| <span class="nc" id="L73"> Object scPrincipal = getSubjectPrincipal();</span> |
| <span class="nc bnc" id="L74" title="All 2 branches missed."> if (scPrincipal != null) {</span> |
| <span class="nc bnc" id="L75" title="All 2 branches missed."> if (scPrincipal instanceof String) {</span> |
| <span class="nc" id="L76"> return (String) scPrincipal;</span> |
| <span class="nc bnc" id="L77" title="All 2 branches missed."> } else if (scPrincipal instanceof Principal) {</span> |
| <span class="nc" id="L78"> remoteUser = ((Principal) scPrincipal).getName();</span> |
| } else { |
| <span class="nc" id="L80"> remoteUser = scPrincipal.toString();</span> |
| } |
| } else { |
| <span class="nc" id="L83"> remoteUser = super.getRemoteUser();</span> |
| } |
| <span class="nc" id="L85"> return remoteUser;</span> |
| } |
| |
| protected Subject getSubject() { |
| <span class="fc" id="L89"> return SecurityUtils.getSubject();</span> |
| } |
| |
| protected Object getSubjectPrincipal() { |
| <span class="nc" id="L93"> Object userPrincipal = null;</span> |
| <span class="nc" id="L94"> Subject subject = getSubject();</span> |
| <span class="nc bnc" id="L95" title="All 2 branches missed."> if (subject != null) {</span> |
| <span class="nc" id="L96"> userPrincipal = subject.getPrincipal();</span> |
| } |
| <span class="nc" id="L98"> return userPrincipal;</span> |
| } |
| |
| public boolean isUserInRole(String s) { |
| <span class="nc" id="L102"> Subject subject = getSubject();</span> |
| <span class="nc bnc" id="L103" title="All 4 branches missed."> boolean inRole = (subject != null && subject.hasRole(s));</span> |
| <span class="nc bnc" id="L104" title="All 2 branches missed."> if (!inRole) {</span> |
| <span class="nc" id="L105"> inRole = super.isUserInRole(s);</span> |
| } |
| <span class="nc" id="L107"> return inRole;</span> |
| } |
| |
| public Principal getUserPrincipal() { |
| Principal userPrincipal; |
| <span class="nc" id="L112"> Object scPrincipal = getSubjectPrincipal();</span> |
| <span class="nc bnc" id="L113" title="All 2 branches missed."> if (scPrincipal != null) {</span> |
| <span class="nc bnc" id="L114" title="All 2 branches missed."> if (scPrincipal instanceof Principal) {</span> |
| <span class="nc" id="L115"> userPrincipal = (Principal) scPrincipal;</span> |
| } else { |
| <span class="nc" id="L117"> userPrincipal = new ObjectPrincipal(scPrincipal);</span> |
| } |
| } else { |
| <span class="nc" id="L120"> userPrincipal = super.getUserPrincipal();</span> |
| } |
| <span class="nc" id="L122"> return userPrincipal;</span> |
| } |
| |
| public String getRequestedSessionId() { |
| <span class="nc" id="L126"> String requestedSessionId = null;</span> |
| <span class="nc bnc" id="L127" title="All 2 branches missed."> if (isHttpSessions()) {</span> |
| <span class="nc" id="L128"> requestedSessionId = super.getRequestedSessionId();</span> |
| } else { |
| <span class="nc" id="L130"> Object sessionId = getAttribute(REFERENCED_SESSION_ID);</span> |
| <span class="nc bnc" id="L131" title="All 2 branches missed."> if (sessionId != null) {</span> |
| <span class="nc" id="L132"> requestedSessionId = sessionId.toString();</span> |
| } |
| } |
| |
| <span class="nc" id="L136"> return requestedSessionId;</span> |
| } |
| |
| public HttpSession getSession(boolean create) { |
| |
| HttpSession httpSession; |
| |
| <span class="pc bpc" id="L143" title="1 of 2 branches missed."> if (isHttpSessions()) {</span> |
| <span class="nc" id="L144"> httpSession = super.getSession(false);</span> |
| <span class="nc bnc" id="L145" title="All 4 branches missed."> if (httpSession == null && create) {</span> |
| //Shiro 1.2: assert that creation is enabled (SHIRO-266): |
| <span class="nc bnc" id="L147" title="All 2 branches missed."> if (WebUtils._isSessionCreationEnabled(this)) {</span> |
| <span class="nc" id="L148"> httpSession = super.getSession(create);</span> |
| } else { |
| <span class="nc" id="L150"> throw newNoSessionCreationException();</span> |
| } |
| } |
| } else { |
| <span class="fc bfc" id="L154" title="All 2 branches covered."> boolean existing = getSubject().getSession(false) != null;</span> |
| |
| <span class="fc bfc" id="L156" title="All 4 branches covered."> if (this.session == null || !existing) {</span> |
| <span class="fc" id="L157"> Session shiroSession = getSubject().getSession(create);</span> |
| <span class="fc bfc" id="L158" title="All 2 branches covered."> if (shiroSession != null) {</span> |
| <span class="fc" id="L159"> this.session = new ShiroHttpSession(shiroSession, this, this.servletContext);</span> |
| <span class="fc bfc" id="L160" title="All 2 branches covered."> if (!existing) {</span> |
| <span class="fc" id="L161"> setAttribute(REFERENCED_SESSION_IS_NEW, Boolean.TRUE);</span> |
| } |
| <span class="pc bpc" id="L163" title="1 of 2 branches missed."> } else if (this.session != null) {</span> |
| <span class="fc" id="L164"> this.session = null;</span> |
| } |
| } |
| <span class="fc" id="L167"> httpSession = this.session;</span> |
| } |
| |
| <span class="fc" id="L170"> return httpSession;</span> |
| } |
| |
| /** |
| * Constructs and returns a {@link DisabledSessionException} with an appropriate message explaining why |
| * session creation has been disabled. |
| * |
| * @return a new DisabledSessionException with appropriate no creation message |
| * @since 1.2 |
| */ |
| private DisabledSessionException newNoSessionCreationException() { |
| <span class="nc" id="L181"> String msg = "Session creation has been disabled for the current request. This exception indicates " +</span> |
| "that there is either a programming error (using a session when it should never be " + |
| "used) or that Shiro's configuration needs to be adjusted to allow Sessions to be created " + |
| <span class="nc" id="L184"> "for the current request. See the " + DisabledSessionException.class.getName() + " JavaDoc " +</span> |
| "for more."; |
| <span class="nc" id="L186"> return new DisabledSessionException(msg);</span> |
| } |
| |
| public HttpSession getSession() { |
| <span class="fc" id="L190"> return getSession(true);</span> |
| } |
| |
| public boolean isRequestedSessionIdValid() { |
| <span class="nc bnc" id="L194" title="All 2 branches missed."> if (isHttpSessions()) {</span> |
| <span class="nc" id="L195"> return super.isRequestedSessionIdValid();</span> |
| } else { |
| <span class="nc" id="L197"> Boolean value = (Boolean) getAttribute(REFERENCED_SESSION_ID_IS_VALID);</span> |
| <span class="nc bnc" id="L198" title="All 4 branches missed."> return (value != null && value.equals(Boolean.TRUE));</span> |
| } |
| } |
| |
| public boolean isRequestedSessionIdFromCookie() { |
| <span class="nc bnc" id="L203" title="All 2 branches missed."> if (isHttpSessions()) {</span> |
| <span class="nc" id="L204"> return super.isRequestedSessionIdFromCookie();</span> |
| } else { |
| <span class="nc" id="L206"> String value = (String) getAttribute(REFERENCED_SESSION_ID_SOURCE);</span> |
| <span class="nc bnc" id="L207" title="All 4 branches missed."> return value != null && value.equals(COOKIE_SESSION_ID_SOURCE);</span> |
| } |
| } |
| |
| public boolean isRequestedSessionIdFromURL() { |
| <span class="nc bnc" id="L212" title="All 2 branches missed."> if (isHttpSessions()) {</span> |
| <span class="nc" id="L213"> return super.isRequestedSessionIdFromURL();</span> |
| } else { |
| <span class="nc" id="L215"> String value = (String) getAttribute(REFERENCED_SESSION_ID_SOURCE);</span> |
| <span class="nc bnc" id="L216" title="All 4 branches missed."> return value != null && value.equals(URL_SESSION_ID_SOURCE);</span> |
| } |
| } |
| |
| public boolean isRequestedSessionIdFromUrl() { |
| <span class="nc" id="L221"> return isRequestedSessionIdFromURL();</span> |
| } |
| |
| private class ObjectPrincipal implements java.security.Principal { |
| <span class="nc" id="L225"> private Object object = null;</span> |
| |
| <span class="nc" id="L227"> public ObjectPrincipal(Object object) {</span> |
| <span class="nc" id="L228"> this.object = object;</span> |
| <span class="nc" id="L229"> }</span> |
| |
| public Object getObject() { |
| <span class="nc" id="L232"> return object;</span> |
| } |
| |
| public String getName() { |
| <span class="nc" id="L236"> return getObject().toString();</span> |
| } |
| |
| public int hashCode() { |
| <span class="nc" id="L240"> return object.hashCode();</span> |
| } |
| |
| public boolean equals(Object o) { |
| <span class="nc bnc" id="L244" title="All 2 branches missed."> if (o instanceof ObjectPrincipal) {</span> |
| <span class="nc" id="L245"> ObjectPrincipal op = (ObjectPrincipal) o;</span> |
| <span class="nc" id="L246"> return getObject().equals(op.getObject());</span> |
| } |
| <span class="nc" id="L248"> return false;</span> |
| } |
| |
| public String toString() { |
| <span class="nc" id="L252"> return object.toString();</span> |
| } |
| } |
| } |
| </pre><div class="footer"><span class="right">Created with <a href="http://www.jacoco.org/jacoco">JaCoCo</a> 0.8.3.201901230119</span></div></body></html> |