| <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en"><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/><link rel="stylesheet" href="../../jacoco-resources/report.css" type="text/css"/><link rel="shortcut icon" href="../../jacoco-resources/report.gif" type="image/gif"/><title>SecureRemoteInvocationExecutor.java</title><link rel="stylesheet" href="../../jacoco-resources/prettify.css" type="text/css"/><script type="text/javascript" src="../../jacoco-resources/prettify.js"></script></head><body onload="window['PR_TAB_WIDTH']=4;prettyPrint()"><div class="breadcrumb" id="breadcrumb"><span class="info"><a href="../../jacoco-sessions.html" class="el_session">Sessions</a></span><a href="../../index.html" class="el_report">Apache Shiro :: Test Coverage</a> > <a href="../index.html" class="el_bundle">shiro-spring</a> > <a href="index.source.html" class="el_package">org.apache.shiro.spring.remoting</a> > <span class="el_source">SecureRemoteInvocationExecutor.java</span></div><h1>SecureRemoteInvocationExecutor.java</h1><pre class="source lang-java linenums">/* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| package org.apache.shiro.spring.remoting; |
| |
| import org.apache.shiro.SecurityUtils; |
| import org.apache.shiro.mgt.SecurityManager; |
| import org.apache.shiro.subject.ExecutionException; |
| import org.apache.shiro.subject.Subject; |
| import org.slf4j.Logger; |
| import org.slf4j.LoggerFactory; |
| import org.springframework.remoting.support.DefaultRemoteInvocationExecutor; |
| import org.springframework.remoting.support.RemoteInvocation; |
| |
| import java.io.Serializable; |
| import java.lang.reflect.InvocationTargetException; |
| import java.util.concurrent.Callable; |
| |
| |
| /** |
| * An implementation of the Spring {@link org.springframework.remoting.support.RemoteInvocationExecutor} |
| * that binds a {@code sessionId} to the incoming thread to make it available to the {@code SecurityManager} |
| * implementation during the thread execution. The {@code SecurityManager} implementation can use this sessionId |
| * to reconstitute the {@code Subject} instance based on persistent state in the corresponding {@code Session}. |
| * |
| * @since 0.1 |
| */ |
| <span class="nc" id="L43">public class SecureRemoteInvocationExecutor extends DefaultRemoteInvocationExecutor {</span> |
| |
| //TODO - complete JavaDoc |
| |
| /*-------------------------------------------- |
| | C O N S T A N T S | |
| ============================================*/ |
| |
| /*-------------------------------------------- |
| | I N S T A N C E V A R I A B L E S | |
| ============================================*/ |
| <span class="nc" id="L54"> private static final Logger log = LoggerFactory.getLogger(SecureRemoteInvocationExecutor.class);</span> |
| |
| /** |
| * The SecurityManager used to retrieve realms that should be associated with the |
| * created <tt>Subject</tt>s upon remote invocation. |
| */ |
| private SecurityManager securityManager; |
| |
| /*-------------------------------------------- |
| | C O N S T R U C T O R S | |
| ============================================*/ |
| |
| /*-------------------------------------------- |
| | A C C E S S O R S / M O D I F I E R S | |
| ============================================*/ |
| |
| public void setSecurityManager(org.apache.shiro.mgt.SecurityManager securityManager) { |
| <span class="nc" id="L71"> this.securityManager = securityManager;</span> |
| <span class="nc" id="L72"> }</span> |
| |
| /*-------------------------------------------- |
| | M E T H O D S | |
| ============================================*/ |
| @SuppressWarnings({"unchecked"}) |
| public Object invoke(final RemoteInvocation invocation, final Object targetObject) |
| throws NoSuchMethodException, IllegalAccessException, InvocationTargetException { |
| |
| try { |
| <span class="nc bnc" id="L82" title="All 2 branches missed."> SecurityManager securityManager =</span> |
| <span class="nc" id="L83"> this.securityManager != null ? this.securityManager : SecurityUtils.getSecurityManager();</span> |
| |
| <span class="nc" id="L85"> Subject.Builder builder = new Subject.Builder(securityManager);</span> |
| |
| <span class="nc" id="L87"> String host = (String) invocation.getAttribute(SecureRemoteInvocationFactory.HOST_KEY);</span> |
| <span class="nc bnc" id="L88" title="All 2 branches missed."> if (host != null) {</span> |
| <span class="nc" id="L89"> builder.host(host);</span> |
| } |
| |
| <span class="nc" id="L92"> Serializable sessionId = invocation.getAttribute(SecureRemoteInvocationFactory.SESSION_ID_KEY);</span> |
| <span class="nc bnc" id="L93" title="All 2 branches missed."> if (sessionId != null) {</span> |
| <span class="nc" id="L94"> builder.sessionId(sessionId);</span> |
| } else { |
| <span class="nc bnc" id="L96" title="All 2 branches missed."> if (log.isTraceEnabled()) {</span> |
| <span class="nc" id="L97"> log.trace("RemoteInvocation did not contain a Shiro Session id attribute under " +</span> |
| "key [" + SecureRemoteInvocationFactory.SESSION_ID_KEY + "]. A Subject based " + |
| "on an existing Session will not be available during the method invocation."); |
| } |
| } |
| |
| <span class="nc" id="L103"> Subject subject = builder.buildSubject();</span> |
| <span class="nc" id="L104"> return subject.execute(new Callable() {</span> |
| public Object call() throws Exception { |
| <span class="nc" id="L106"> return SecureRemoteInvocationExecutor.super.invoke(invocation, targetObject);</span> |
| } |
| }); |
| <span class="nc" id="L109"> } catch (ExecutionException e) {</span> |
| <span class="nc" id="L110"> Throwable cause = e.getCause();</span> |
| <span class="nc bnc" id="L111" title="All 2 branches missed."> if (cause instanceof NoSuchMethodException) {</span> |
| <span class="nc" id="L112"> throw (NoSuchMethodException) cause;</span> |
| <span class="nc bnc" id="L113" title="All 2 branches missed."> } else if (cause instanceof IllegalAccessException) {</span> |
| <span class="nc" id="L114"> throw (IllegalAccessException) cause;</span> |
| <span class="nc bnc" id="L115" title="All 2 branches missed."> } else if (cause instanceof InvocationTargetException) {</span> |
| <span class="nc" id="L116"> throw (InvocationTargetException) cause;</span> |
| } else { |
| <span class="nc" id="L118"> throw new InvocationTargetException(cause);</span> |
| } |
| <span class="nc" id="L120"> } catch (Throwable t) {</span> |
| <span class="nc" id="L121"> throw new InvocationTargetException(t);</span> |
| } |
| } |
| } |
| </pre><div class="footer"><span class="right">Created with <a href="http://www.jacoco.org/jacoco">JaCoCo</a> 0.8.3.201901230119</span></div></body></html> |
