| <!DOCTYPE HTML> |
| <html lang="en"> |
| <head> |
| <title>Source code</title> |
| <link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="Style"> |
| </head> |
| <body> |
| <main role="main"> |
| <div class="sourceContainer"> |
| <pre><span class="sourceLineNo">001</span><a id="line.1">/*</a> |
| <span class="sourceLineNo">002</span><a id="line.2"> * Licensed to the Apache Software Foundation (ASF) under one</a> |
| <span class="sourceLineNo">003</span><a id="line.3"> * or more contributor license agreements. See the NOTICE file</a> |
| <span class="sourceLineNo">004</span><a id="line.4"> * distributed with this work for additional information</a> |
| <span class="sourceLineNo">005</span><a id="line.5"> * regarding copyright ownership. The ASF licenses this file</a> |
| <span class="sourceLineNo">006</span><a id="line.6"> * to you under the Apache License, Version 2.0 (the</a> |
| <span class="sourceLineNo">007</span><a id="line.7"> * "License"); you may not use this file except in compliance</a> |
| <span class="sourceLineNo">008</span><a id="line.8"> * with the License. You may obtain a copy of the License at</a> |
| <span class="sourceLineNo">009</span><a id="line.9"> *</a> |
| <span class="sourceLineNo">010</span><a id="line.10"> * http://www.apache.org/licenses/LICENSE-2.0</a> |
| <span class="sourceLineNo">011</span><a id="line.11"> *</a> |
| <span class="sourceLineNo">012</span><a id="line.12"> * Unless required by applicable law or agreed to in writing,</a> |
| <span class="sourceLineNo">013</span><a id="line.13"> * software distributed under the License is distributed on an</a> |
| <span class="sourceLineNo">014</span><a id="line.14"> * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY</a> |
| <span class="sourceLineNo">015</span><a id="line.15"> * KIND, either express or implied. See the License for the</a> |
| <span class="sourceLineNo">016</span><a id="line.16"> * specific language governing permissions and limitations</a> |
| <span class="sourceLineNo">017</span><a id="line.17"> * under the License.</a> |
| <span class="sourceLineNo">018</span><a id="line.18"> */</a> |
| <span class="sourceLineNo">019</span><a id="line.19">package org.apache.shiro.mgt;</a> |
| <span class="sourceLineNo">020</span><a id="line.20"></a> |
| <span class="sourceLineNo">021</span><a id="line.21">import org.apache.shiro.authc.AuthenticationException;</a> |
| <span class="sourceLineNo">022</span><a id="line.22">import org.apache.shiro.authc.AuthenticationInfo;</a> |
| <span class="sourceLineNo">023</span><a id="line.23">import org.apache.shiro.authc.AuthenticationToken;</a> |
| <span class="sourceLineNo">024</span><a id="line.24">import org.apache.shiro.authc.RememberMeAuthenticationToken;</a> |
| <span class="sourceLineNo">025</span><a id="line.25">import org.apache.shiro.codec.Base64;</a> |
| <span class="sourceLineNo">026</span><a id="line.26">import org.apache.shiro.crypto.AesCipherService;</a> |
| <span class="sourceLineNo">027</span><a id="line.27">import org.apache.shiro.crypto.CipherService;</a> |
| <span class="sourceLineNo">028</span><a id="line.28">import org.apache.shiro.io.DefaultSerializer;</a> |
| <span class="sourceLineNo">029</span><a id="line.29">import org.apache.shiro.io.Serializer;</a> |
| <span class="sourceLineNo">030</span><a id="line.30">import org.apache.shiro.subject.PrincipalCollection;</a> |
| <span class="sourceLineNo">031</span><a id="line.31">import org.apache.shiro.subject.Subject;</a> |
| <span class="sourceLineNo">032</span><a id="line.32">import org.apache.shiro.subject.SubjectContext;</a> |
| <span class="sourceLineNo">033</span><a id="line.33">import org.apache.shiro.util.ByteSource;</a> |
| <span class="sourceLineNo">034</span><a id="line.34">import org.slf4j.Logger;</a> |
| <span class="sourceLineNo">035</span><a id="line.35">import org.slf4j.LoggerFactory;</a> |
| <span class="sourceLineNo">036</span><a id="line.36"></a> |
| <span class="sourceLineNo">037</span><a id="line.37">/**</a> |
| <span class="sourceLineNo">038</span><a id="line.38"> * Abstract implementation of the {@code RememberMeManager} interface that handles</a> |
| <span class="sourceLineNo">039</span><a id="line.39"> * {@link #setSerializer(org.apache.shiro.io.Serializer) serialization} and</a> |
| <span class="sourceLineNo">040</span><a id="line.40"> * {@link #setCipherService encryption} of the remembered user identity.</a> |
| <span class="sourceLineNo">041</span><a id="line.41"> * <p/></a> |
| <span class="sourceLineNo">042</span><a id="line.42"> * The remembered identity storage location and details are left to subclasses.</a> |
| <span class="sourceLineNo">043</span><a id="line.43"> * <h2>Default encryption key</h2></a> |
| <span class="sourceLineNo">044</span><a id="line.44"> * This implementation uses an {@link AesCipherService AesCipherService} for strong encryption by default. It also</a> |
| <span class="sourceLineNo">045</span><a id="line.45"> * uses a default generated symmetric key to both encrypt and decrypt data. As AES is a symmetric cipher, the same</a> |
| <span class="sourceLineNo">046</span><a id="line.46"> * {@code key} is used to both encrypt and decrypt data, BUT NOTE:</a> |
| <span class="sourceLineNo">047</span><a id="line.47"> * <p/></a> |
| <span class="sourceLineNo">048</span><a id="line.48"> * Because Shiro is an open-source project, if anyone knew that you were using Shiro's default</a> |
| <span class="sourceLineNo">049</span><a id="line.49"> * {@code key}, they could download/view the source, and with enough effort, reconstruct the {@code key}</a> |
| <span class="sourceLineNo">050</span><a id="line.50"> * and decode encrypted data at will.</a> |
| <span class="sourceLineNo">051</span><a id="line.51"> * <p/></a> |
| <span class="sourceLineNo">052</span><a id="line.52"> * Of course, this key is only really used to encrypt the remembered {@code PrincipalCollection} which is typically</a> |
| <span class="sourceLineNo">053</span><a id="line.53"> * a user id or username. So if you do not consider that sensitive information, and you think the default key still</a> |
| <span class="sourceLineNo">054</span><a id="line.54"> * makes things 'sufficiently difficult', then you can ignore this issue.</a> |
| <span class="sourceLineNo">055</span><a id="line.55"> * <p/></a> |
| <span class="sourceLineNo">056</span><a id="line.56"> * However, if you do feel this constitutes sensitive information, it is recommended that you provide your own</a> |
| <span class="sourceLineNo">057</span><a id="line.57"> * {@code key} via the {@link #setCipherKey setCipherKey} method to a key known only to your application,</a> |
| <span class="sourceLineNo">058</span><a id="line.58"> * guaranteeing that no third party can decrypt your data. You can generate your own key by calling the</a> |
| <span class="sourceLineNo">059</span><a id="line.59"> * {@code CipherService}'s {@link org.apache.shiro.crypto.AesCipherService#generateNewKey() generateNewKey} method</a> |
| <span class="sourceLineNo">060</span><a id="line.60"> * and using that result as the {@link #setCipherKey cipherKey} configuration attribute.</a> |
| <span class="sourceLineNo">061</span><a id="line.61"> *</a> |
| <span class="sourceLineNo">062</span><a id="line.62"> * @since 0.9</a> |
| <span class="sourceLineNo">063</span><a id="line.63"> */</a> |
| <span class="sourceLineNo">064</span><a id="line.64">public abstract class AbstractRememberMeManager implements RememberMeManager {</a> |
| <span class="sourceLineNo">065</span><a id="line.65"></a> |
| <span class="sourceLineNo">066</span><a id="line.66"> /**</a> |
| <span class="sourceLineNo">067</span><a id="line.67"> * private inner log instance.</a> |
| <span class="sourceLineNo">068</span><a id="line.68"> */</a> |
| <span class="sourceLineNo">069</span><a id="line.69"> private static final Logger log = LoggerFactory.getLogger(AbstractRememberMeManager.class);</a> |
| <span class="sourceLineNo">070</span><a id="line.70"></a> |
| <span class="sourceLineNo">071</span><a id="line.71"> /**</a> |
| <span class="sourceLineNo">072</span><a id="line.72"> * Serializer to use for converting PrincipalCollection instances to/from byte arrays</a> |
| <span class="sourceLineNo">073</span><a id="line.73"> */</a> |
| <span class="sourceLineNo">074</span><a id="line.74"> private Serializer<PrincipalCollection> serializer;</a> |
| <span class="sourceLineNo">075</span><a id="line.75"></a> |
| <span class="sourceLineNo">076</span><a id="line.76"> /**</a> |
| <span class="sourceLineNo">077</span><a id="line.77"> * Cipher to use for encrypting/decrypting serialized byte arrays for added security</a> |
| <span class="sourceLineNo">078</span><a id="line.78"> */</a> |
| <span class="sourceLineNo">079</span><a id="line.79"> private CipherService cipherService;</a> |
| <span class="sourceLineNo">080</span><a id="line.80"></a> |
| <span class="sourceLineNo">081</span><a id="line.81"> /**</a> |
| <span class="sourceLineNo">082</span><a id="line.82"> * Cipher encryption key to use with the Cipher when encrypting data</a> |
| <span class="sourceLineNo">083</span><a id="line.83"> */</a> |
| <span class="sourceLineNo">084</span><a id="line.84"> private byte[] encryptionCipherKey;</a> |
| <span class="sourceLineNo">085</span><a id="line.85"></a> |
| <span class="sourceLineNo">086</span><a id="line.86"> /**</a> |
| <span class="sourceLineNo">087</span><a id="line.87"> * Cipher decryption key to use with the Cipher when decrypting data</a> |
| <span class="sourceLineNo">088</span><a id="line.88"> */</a> |
| <span class="sourceLineNo">089</span><a id="line.89"> private byte[] decryptionCipherKey;</a> |
| <span class="sourceLineNo">090</span><a id="line.90"></a> |
| <span class="sourceLineNo">091</span><a id="line.91"> /**</a> |
| <span class="sourceLineNo">092</span><a id="line.92"> * Default constructor that initializes a {@link DefaultSerializer} as the {@link #getSerializer() serializer} and</a> |
| <span class="sourceLineNo">093</span><a id="line.93"> * an {@link AesCipherService} as the {@link #getCipherService() cipherService}.</a> |
| <span class="sourceLineNo">094</span><a id="line.94"> */</a> |
| <span class="sourceLineNo">095</span><a id="line.95"> public AbstractRememberMeManager() {</a> |
| <span class="sourceLineNo">096</span><a id="line.96"> this.serializer = new DefaultSerializer<PrincipalCollection>();</a> |
| <span class="sourceLineNo">097</span><a id="line.97"> AesCipherService cipherService = new AesCipherService();</a> |
| <span class="sourceLineNo">098</span><a id="line.98"> this.cipherService = cipherService;</a> |
| <span class="sourceLineNo">099</span><a id="line.99"> setCipherKey(cipherService.generateNewKey().getEncoded());</a> |
| <span class="sourceLineNo">100</span><a id="line.100"> }</a> |
| <span class="sourceLineNo">101</span><a id="line.101"></a> |
| <span class="sourceLineNo">102</span><a id="line.102"> /**</a> |
| <span class="sourceLineNo">103</span><a id="line.103"> * Returns the {@code Serializer} used to serialize and deserialize {@link PrincipalCollection} instances for</a> |
| <span class="sourceLineNo">104</span><a id="line.104"> * persistent remember me storage.</a> |
| <span class="sourceLineNo">105</span><a id="line.105"> * <p/></a> |
| <span class="sourceLineNo">106</span><a id="line.106"> * Unless overridden by the {@link #setSerializer} method, the default instance is a</a> |
| <span class="sourceLineNo">107</span><a id="line.107"> * {@link org.apache.shiro.io.DefaultSerializer}.</a> |
| <span class="sourceLineNo">108</span><a id="line.108"> *</a> |
| <span class="sourceLineNo">109</span><a id="line.109"> * @return the {@code Serializer} used to serialize and deserialize {@link PrincipalCollection} instances for</a> |
| <span class="sourceLineNo">110</span><a id="line.110"> * persistent remember me storage.</a> |
| <span class="sourceLineNo">111</span><a id="line.111"> */</a> |
| <span class="sourceLineNo">112</span><a id="line.112"> public Serializer<PrincipalCollection> getSerializer() {</a> |
| <span class="sourceLineNo">113</span><a id="line.113"> return serializer;</a> |
| <span class="sourceLineNo">114</span><a id="line.114"> }</a> |
| <span class="sourceLineNo">115</span><a id="line.115"></a> |
| <span class="sourceLineNo">116</span><a id="line.116"> /**</a> |
| <span class="sourceLineNo">117</span><a id="line.117"> * Sets the {@code Serializer} used to serialize and deserialize {@link PrincipalCollection} instances for</a> |
| <span class="sourceLineNo">118</span><a id="line.118"> * persistent remember me storage.</a> |
| <span class="sourceLineNo">119</span><a id="line.119"> * <p/></a> |
| <span class="sourceLineNo">120</span><a id="line.120"> * Unless overridden by this method, the default instance is a {@link DefaultSerializer}.</a> |
| <span class="sourceLineNo">121</span><a id="line.121"> *</a> |
| <span class="sourceLineNo">122</span><a id="line.122"> * @param serializer the {@code Serializer} used to serialize and deserialize {@link PrincipalCollection} instances</a> |
| <span class="sourceLineNo">123</span><a id="line.123"> * for persistent remember me storage.</a> |
| <span class="sourceLineNo">124</span><a id="line.124"> */</a> |
| <span class="sourceLineNo">125</span><a id="line.125"> public void setSerializer(Serializer<PrincipalCollection> serializer) {</a> |
| <span class="sourceLineNo">126</span><a id="line.126"> this.serializer = serializer;</a> |
| <span class="sourceLineNo">127</span><a id="line.127"> }</a> |
| <span class="sourceLineNo">128</span><a id="line.128"></a> |
| <span class="sourceLineNo">129</span><a id="line.129"> /**</a> |
| <span class="sourceLineNo">130</span><a id="line.130"> * Returns the {@code CipherService} to use for encrypting and decrypting serialized identity data to prevent easy</a> |
| <span class="sourceLineNo">131</span><a id="line.131"> * inspection of Subject identity data.</a> |
| <span class="sourceLineNo">132</span><a id="line.132"> * <p/></a> |
| <span class="sourceLineNo">133</span><a id="line.133"> * Unless overridden by the {@link #setCipherService} method, the default instance is an {@link AesCipherService}.</a> |
| <span class="sourceLineNo">134</span><a id="line.134"> *</a> |
| <span class="sourceLineNo">135</span><a id="line.135"> * @return the {@code Cipher} to use for encrypting and decrypting serialized identity data to prevent easy</a> |
| <span class="sourceLineNo">136</span><a id="line.136"> * inspection of Subject identity data</a> |
| <span class="sourceLineNo">137</span><a id="line.137"> */</a> |
| <span class="sourceLineNo">138</span><a id="line.138"> public CipherService getCipherService() {</a> |
| <span class="sourceLineNo">139</span><a id="line.139"> return cipherService;</a> |
| <span class="sourceLineNo">140</span><a id="line.140"> }</a> |
| <span class="sourceLineNo">141</span><a id="line.141"></a> |
| <span class="sourceLineNo">142</span><a id="line.142"> /**</a> |
| <span class="sourceLineNo">143</span><a id="line.143"> * Sets the {@code CipherService} to use for encrypting and decrypting serialized identity data to prevent easy</a> |
| <span class="sourceLineNo">144</span><a id="line.144"> * inspection of Subject identity data.</a> |
| <span class="sourceLineNo">145</span><a id="line.145"> * <p/></a> |
| <span class="sourceLineNo">146</span><a id="line.146"> * If the CipherService is a symmetric CipherService (using the same key for both encryption and decryption), you</a> |
| <span class="sourceLineNo">147</span><a id="line.147"> * should set your key via the {@link #setCipherKey(byte[])} method.</a> |
| <span class="sourceLineNo">148</span><a id="line.148"> * <p/></a> |
| <span class="sourceLineNo">149</span><a id="line.149"> * If the CipherService is an asymmetric CipherService (different keys for encryption and decryption, such as</a> |
| <span class="sourceLineNo">150</span><a id="line.150"> * public/private key pairs), you should set your encryption and decryption key via the respective</a> |
| <span class="sourceLineNo">151</span><a id="line.151"> * {@link #setEncryptionCipherKey(byte[])} and {@link #setDecryptionCipherKey(byte[])} methods.</a> |
| <span class="sourceLineNo">152</span><a id="line.152"> * <p/></a> |
| <span class="sourceLineNo">153</span><a id="line.153"> * <b>N.B.</b> Unless overridden by this method, the default CipherService instance is an</a> |
| <span class="sourceLineNo">154</span><a id="line.154"> * {@link AesCipherService}. This {@code RememberMeManager} implementation already has a configured symmetric key</a> |
| <span class="sourceLineNo">155</span><a id="line.155"> * to use for encryption and decryption, but it is recommended to provide your own for added security. See the</a> |
| <span class="sourceLineNo">156</span><a id="line.156"> * class-level JavaDoc for more information and why it might be good to provide your own.</a> |
| <span class="sourceLineNo">157</span><a id="line.157"> *</a> |
| <span class="sourceLineNo">158</span><a id="line.158"> * @param cipherService the {@code CipherService} to use for encrypting and decrypting serialized identity data to</a> |
| <span class="sourceLineNo">159</span><a id="line.159"> * prevent easy inspection of Subject identity data.</a> |
| <span class="sourceLineNo">160</span><a id="line.160"> */</a> |
| <span class="sourceLineNo">161</span><a id="line.161"> public void setCipherService(CipherService cipherService) {</a> |
| <span class="sourceLineNo">162</span><a id="line.162"> this.cipherService = cipherService;</a> |
| <span class="sourceLineNo">163</span><a id="line.163"> }</a> |
| <span class="sourceLineNo">164</span><a id="line.164"></a> |
| <span class="sourceLineNo">165</span><a id="line.165"> /**</a> |
| <span class="sourceLineNo">166</span><a id="line.166"> * Returns the cipher key to use for encryption operations.</a> |
| <span class="sourceLineNo">167</span><a id="line.167"> *</a> |
| <span class="sourceLineNo">168</span><a id="line.168"> * @return the cipher key to use for encryption operations.</a> |
| <span class="sourceLineNo">169</span><a id="line.169"> * @see #setCipherService for a description of the various {@code get/set*Key} methods.</a> |
| <span class="sourceLineNo">170</span><a id="line.170"> */</a> |
| <span class="sourceLineNo">171</span><a id="line.171"> public byte[] getEncryptionCipherKey() {</a> |
| <span class="sourceLineNo">172</span><a id="line.172"> return encryptionCipherKey;</a> |
| <span class="sourceLineNo">173</span><a id="line.173"> }</a> |
| <span class="sourceLineNo">174</span><a id="line.174"></a> |
| <span class="sourceLineNo">175</span><a id="line.175"> /**</a> |
| <span class="sourceLineNo">176</span><a id="line.176"> * Sets the encryption key to use for encryption operations.</a> |
| <span class="sourceLineNo">177</span><a id="line.177"> *</a> |
| <span class="sourceLineNo">178</span><a id="line.178"> * @param encryptionCipherKey the encryption key to use for encryption operations.</a> |
| <span class="sourceLineNo">179</span><a id="line.179"> * @see #setCipherService for a description of the various {@code get/set*Key} methods.</a> |
| <span class="sourceLineNo">180</span><a id="line.180"> */</a> |
| <span class="sourceLineNo">181</span><a id="line.181"> public void setEncryptionCipherKey(byte[] encryptionCipherKey) {</a> |
| <span class="sourceLineNo">182</span><a id="line.182"> this.encryptionCipherKey = encryptionCipherKey;</a> |
| <span class="sourceLineNo">183</span><a id="line.183"> }</a> |
| <span class="sourceLineNo">184</span><a id="line.184"></a> |
| <span class="sourceLineNo">185</span><a id="line.185"> /**</a> |
| <span class="sourceLineNo">186</span><a id="line.186"> * Returns the decryption cipher key to use for decryption operations.</a> |
| <span class="sourceLineNo">187</span><a id="line.187"> *</a> |
| <span class="sourceLineNo">188</span><a id="line.188"> * @return the cipher key to use for decryption operations.</a> |
| <span class="sourceLineNo">189</span><a id="line.189"> * @see #setCipherService for a description of the various {@code get/set*Key} methods.</a> |
| <span class="sourceLineNo">190</span><a id="line.190"> */</a> |
| <span class="sourceLineNo">191</span><a id="line.191"> public byte[] getDecryptionCipherKey() {</a> |
| <span class="sourceLineNo">192</span><a id="line.192"> return decryptionCipherKey;</a> |
| <span class="sourceLineNo">193</span><a id="line.193"> }</a> |
| <span class="sourceLineNo">194</span><a id="line.194"></a> |
| <span class="sourceLineNo">195</span><a id="line.195"> /**</a> |
| <span class="sourceLineNo">196</span><a id="line.196"> * Sets the decryption key to use for decryption operations.</a> |
| <span class="sourceLineNo">197</span><a id="line.197"> *</a> |
| <span class="sourceLineNo">198</span><a id="line.198"> * @param decryptionCipherKey the decryption key to use for decryption operations.</a> |
| <span class="sourceLineNo">199</span><a id="line.199"> * @see #setCipherService for a description of the various {@code get/set*Key} methods.</a> |
| <span class="sourceLineNo">200</span><a id="line.200"> */</a> |
| <span class="sourceLineNo">201</span><a id="line.201"> public void setDecryptionCipherKey(byte[] decryptionCipherKey) {</a> |
| <span class="sourceLineNo">202</span><a id="line.202"> this.decryptionCipherKey = decryptionCipherKey;</a> |
| <span class="sourceLineNo">203</span><a id="line.203"> }</a> |
| <span class="sourceLineNo">204</span><a id="line.204"></a> |
| <span class="sourceLineNo">205</span><a id="line.205"> /**</a> |
| <span class="sourceLineNo">206</span><a id="line.206"> * Convenience method that returns the cipher key to use for <em>both</em> encryption and decryption.</a> |
| <span class="sourceLineNo">207</span><a id="line.207"> * <p/></a> |
| <span class="sourceLineNo">208</span><a id="line.208"> * <b>N.B.</b> This method can only be called if the underlying {@link #getCipherService() cipherService} is a symmetric</a> |
| <span class="sourceLineNo">209</span><a id="line.209"> * CipherService which by definition uses the same key for both encryption and decryption. If using an asymmetric</a> |
| <span class="sourceLineNo">210</span><a id="line.210"> * CipherService public/private key pair, you cannot use this method, and should instead use the</a> |
| <span class="sourceLineNo">211</span><a id="line.211"> * {@link #getEncryptionCipherKey()} and {@link #getDecryptionCipherKey()} methods individually.</a> |
| <span class="sourceLineNo">212</span><a id="line.212"> * <p/></a> |
| <span class="sourceLineNo">213</span><a id="line.213"> * The default {@link AesCipherService} instance is a symmetric cipher service, so this method can be used if you are</a> |
| <span class="sourceLineNo">214</span><a id="line.214"> * using the default.</a> |
| <span class="sourceLineNo">215</span><a id="line.215"> *</a> |
| <span class="sourceLineNo">216</span><a id="line.216"> * @return the symmetric cipher key used for both encryption and decryption.</a> |
| <span class="sourceLineNo">217</span><a id="line.217"> */</a> |
| <span class="sourceLineNo">218</span><a id="line.218"> public byte[] getCipherKey() {</a> |
| <span class="sourceLineNo">219</span><a id="line.219"> //Since this method should only be used with symmetric ciphers</a> |
| <span class="sourceLineNo">220</span><a id="line.220"> //(where the enc and dec keys are the same), either is fine, just return one of them:</a> |
| <span class="sourceLineNo">221</span><a id="line.221"> return getEncryptionCipherKey();</a> |
| <span class="sourceLineNo">222</span><a id="line.222"> }</a> |
| <span class="sourceLineNo">223</span><a id="line.223"></a> |
| <span class="sourceLineNo">224</span><a id="line.224"> /**</a> |
| <span class="sourceLineNo">225</span><a id="line.225"> * Convenience method that sets the cipher key to use for <em>both</em> encryption and decryption.</a> |
| <span class="sourceLineNo">226</span><a id="line.226"> * <p/></a> |
| <span class="sourceLineNo">227</span><a id="line.227"> * <b>N.B.</b> This method can only be called if the underlying {@link #getCipherService() cipherService} is a</a> |
| <span class="sourceLineNo">228</span><a id="line.228"> * symmetric CipherService?which by definition uses the same key for both encryption and decryption. If using an</a> |
| <span class="sourceLineNo">229</span><a id="line.229"> * asymmetric CipherService?(such as a public/private key pair), you cannot use this method, and should instead use</a> |
| <span class="sourceLineNo">230</span><a id="line.230"> * the {@link #setEncryptionCipherKey(byte[])} and {@link #setDecryptionCipherKey(byte[])} methods individually.</a> |
| <span class="sourceLineNo">231</span><a id="line.231"> * <p/></a> |
| <span class="sourceLineNo">232</span><a id="line.232"> * The default {@link AesCipherService} instance is a symmetric CipherService, so this method can be used if you</a> |
| <span class="sourceLineNo">233</span><a id="line.233"> * are using the default.</a> |
| <span class="sourceLineNo">234</span><a id="line.234"> *</a> |
| <span class="sourceLineNo">235</span><a id="line.235"> * @param cipherKey the symmetric cipher key to use for both encryption and decryption.</a> |
| <span class="sourceLineNo">236</span><a id="line.236"> */</a> |
| <span class="sourceLineNo">237</span><a id="line.237"> public void setCipherKey(byte[] cipherKey) {</a> |
| <span class="sourceLineNo">238</span><a id="line.238"> //Since this method should only be used in symmetric ciphers</a> |
| <span class="sourceLineNo">239</span><a id="line.239"> //(where the enc and dec keys are the same), set it on both:</a> |
| <span class="sourceLineNo">240</span><a id="line.240"> setEncryptionCipherKey(cipherKey);</a> |
| <span class="sourceLineNo">241</span><a id="line.241"> setDecryptionCipherKey(cipherKey);</a> |
| <span class="sourceLineNo">242</span><a id="line.242"> }</a> |
| <span class="sourceLineNo">243</span><a id="line.243"></a> |
| <span class="sourceLineNo">244</span><a id="line.244"> /**</a> |
| <span class="sourceLineNo">245</span><a id="line.245"> * Forgets (removes) any remembered identity data for the specified {@link Subject} instance.</a> |
| <span class="sourceLineNo">246</span><a id="line.246"> *</a> |
| <span class="sourceLineNo">247</span><a id="line.247"> * @param subject the subject instance for which identity data should be forgotten from the underlying persistence</a> |
| <span class="sourceLineNo">248</span><a id="line.248"> * mechanism.</a> |
| <span class="sourceLineNo">249</span><a id="line.249"> */</a> |
| <span class="sourceLineNo">250</span><a id="line.250"> protected abstract void forgetIdentity(Subject subject);</a> |
| <span class="sourceLineNo">251</span><a id="line.251"></a> |
| <span class="sourceLineNo">252</span><a id="line.252"> /**</a> |
| <span class="sourceLineNo">253</span><a id="line.253"> * Determines whether or not remember me services should be performed for the specified token. This method returns</a> |
| <span class="sourceLineNo">254</span><a id="line.254"> * {@code true} iff:</a> |
| <span class="sourceLineNo">255</span><a id="line.255"> * <ol></a> |
| <span class="sourceLineNo">256</span><a id="line.256"> * <li>The token is not {@code null} and</li></a> |
| <span class="sourceLineNo">257</span><a id="line.257"> * <li>The token is an {@code instanceof} {@link RememberMeAuthenticationToken} and</li></a> |
| <span class="sourceLineNo">258</span><a id="line.258"> * <li>{@code token}.{@link org.apache.shiro.authc.RememberMeAuthenticationToken#isRememberMe() isRememberMe()} is</a> |
| <span class="sourceLineNo">259</span><a id="line.259"> * {@code true}</li></a> |
| <span class="sourceLineNo">260</span><a id="line.260"> * </ol></a> |
| <span class="sourceLineNo">261</span><a id="line.261"> *</a> |
| <span class="sourceLineNo">262</span><a id="line.262"> * @param token the authentication token submitted during the successful authentication attempt.</a> |
| <span class="sourceLineNo">263</span><a id="line.263"> * @return true if remember me services should be performed as a result of the successful authentication attempt.</a> |
| <span class="sourceLineNo">264</span><a id="line.264"> */</a> |
| <span class="sourceLineNo">265</span><a id="line.265"> protected boolean isRememberMe(AuthenticationToken token) {</a> |
| <span class="sourceLineNo">266</span><a id="line.266"> return token != null && (token instanceof RememberMeAuthenticationToken) &&</a> |
| <span class="sourceLineNo">267</span><a id="line.267"> ((RememberMeAuthenticationToken) token).isRememberMe();</a> |
| <span class="sourceLineNo">268</span><a id="line.268"> }</a> |
| <span class="sourceLineNo">269</span><a id="line.269"></a> |
| <span class="sourceLineNo">270</span><a id="line.270"> /**</a> |
| <span class="sourceLineNo">271</span><a id="line.271"> * Reacts to the successful login attempt by first always {@link #forgetIdentity(Subject) forgetting} any previously</a> |
| <span class="sourceLineNo">272</span><a id="line.272"> * stored identity. Then if the {@code token}</a> |
| <span class="sourceLineNo">273</span><a id="line.273"> * {@link #isRememberMe(org.apache.shiro.authc.AuthenticationToken) is a RememberMe} token, the associated identity</a> |
| <span class="sourceLineNo">274</span><a id="line.274"> * will be {@link #rememberIdentity(org.apache.shiro.subject.Subject, org.apache.shiro.authc.AuthenticationToken, org.apache.shiro.authc.AuthenticationInfo) remembered}</a> |
| <span class="sourceLineNo">275</span><a id="line.275"> * for later retrieval during a new user session.</a> |
| <span class="sourceLineNo">276</span><a id="line.276"> *</a> |
| <span class="sourceLineNo">277</span><a id="line.277"> * @param subject the subject for which the principals are being remembered.</a> |
| <span class="sourceLineNo">278</span><a id="line.278"> * @param token the token that resulted in a successful authentication attempt.</a> |
| <span class="sourceLineNo">279</span><a id="line.279"> * @param info the authentication info resulting from the successful authentication attempt.</a> |
| <span class="sourceLineNo">280</span><a id="line.280"> */</a> |
| <span class="sourceLineNo">281</span><a id="line.281"> public void onSuccessfulLogin(Subject subject, AuthenticationToken token, AuthenticationInfo info) {</a> |
| <span class="sourceLineNo">282</span><a id="line.282"> //always clear any previous identity:</a> |
| <span class="sourceLineNo">283</span><a id="line.283"> forgetIdentity(subject);</a> |
| <span class="sourceLineNo">284</span><a id="line.284"></a> |
| <span class="sourceLineNo">285</span><a id="line.285"> //now save the new identity:</a> |
| <span class="sourceLineNo">286</span><a id="line.286"> if (isRememberMe(token)) {</a> |
| <span class="sourceLineNo">287</span><a id="line.287"> rememberIdentity(subject, token, info);</a> |
| <span class="sourceLineNo">288</span><a id="line.288"> } else {</a> |
| <span class="sourceLineNo">289</span><a id="line.289"> if (log.isDebugEnabled()) {</a> |
| <span class="sourceLineNo">290</span><a id="line.290"> log.debug("AuthenticationToken did not indicate RememberMe is requested. " +</a> |
| <span class="sourceLineNo">291</span><a id="line.291"> "RememberMe functionality will not be executed for corresponding account.");</a> |
| <span class="sourceLineNo">292</span><a id="line.292"> }</a> |
| <span class="sourceLineNo">293</span><a id="line.293"> }</a> |
| <span class="sourceLineNo">294</span><a id="line.294"> }</a> |
| <span class="sourceLineNo">295</span><a id="line.295"></a> |
| <span class="sourceLineNo">296</span><a id="line.296"> /**</a> |
| <span class="sourceLineNo">297</span><a id="line.297"> * Remembers a subject-unique identity for retrieval later. This implementation first</a> |
| <span class="sourceLineNo">298</span><a id="line.298"> * {@link #getIdentityToRemember resolves} the exact</a> |
| <span class="sourceLineNo">299</span><a id="line.299"> * {@link PrincipalCollection principals} to remember. It then remembers the principals by calling</a> |
| <span class="sourceLineNo">300</span><a id="line.300"> * {@link #rememberIdentity(org.apache.shiro.subject.Subject, org.apache.shiro.subject.PrincipalCollection)}.</a> |
| <span class="sourceLineNo">301</span><a id="line.301"> * <p/></a> |
| <span class="sourceLineNo">302</span><a id="line.302"> * This implementation ignores the {@link AuthenticationToken} argument, but it is available to subclasses if</a> |
| <span class="sourceLineNo">303</span><a id="line.303"> * necessary for custom logic.</a> |
| <span class="sourceLineNo">304</span><a id="line.304"> *</a> |
| <span class="sourceLineNo">305</span><a id="line.305"> * @param subject the subject for which the principals are being remembered.</a> |
| <span class="sourceLineNo">306</span><a id="line.306"> * @param token the token that resulted in a successful authentication attempt.</a> |
| <span class="sourceLineNo">307</span><a id="line.307"> * @param authcInfo the authentication info resulting from the successful authentication attempt.</a> |
| <span class="sourceLineNo">308</span><a id="line.308"> */</a> |
| <span class="sourceLineNo">309</span><a id="line.309"> public void rememberIdentity(Subject subject, AuthenticationToken token, AuthenticationInfo authcInfo) {</a> |
| <span class="sourceLineNo">310</span><a id="line.310"> PrincipalCollection principals = getIdentityToRemember(subject, authcInfo);</a> |
| <span class="sourceLineNo">311</span><a id="line.311"> rememberIdentity(subject, principals);</a> |
| <span class="sourceLineNo">312</span><a id="line.312"> }</a> |
| <span class="sourceLineNo">313</span><a id="line.313"></a> |
| <span class="sourceLineNo">314</span><a id="line.314"> /**</a> |
| <span class="sourceLineNo">315</span><a id="line.315"> * Returns {@code info}.{@link org.apache.shiro.authc.AuthenticationInfo#getPrincipals() getPrincipals()} and</a> |
| <span class="sourceLineNo">316</span><a id="line.316"> * ignores the {@link Subject} argument.</a> |
| <span class="sourceLineNo">317</span><a id="line.317"> *</a> |
| <span class="sourceLineNo">318</span><a id="line.318"> * @param subject the subject for which the principals are being remembered.</a> |
| <span class="sourceLineNo">319</span><a id="line.319"> * @param info the authentication info resulting from the successful authentication attempt.</a> |
| <span class="sourceLineNo">320</span><a id="line.320"> * @return the {@code PrincipalCollection} to remember.</a> |
| <span class="sourceLineNo">321</span><a id="line.321"> */</a> |
| <span class="sourceLineNo">322</span><a id="line.322"> protected PrincipalCollection getIdentityToRemember(Subject subject, AuthenticationInfo info) {</a> |
| <span class="sourceLineNo">323</span><a id="line.323"> return info.getPrincipals();</a> |
| <span class="sourceLineNo">324</span><a id="line.324"> }</a> |
| <span class="sourceLineNo">325</span><a id="line.325"></a> |
| <span class="sourceLineNo">326</span><a id="line.326"> /**</a> |
| <span class="sourceLineNo">327</span><a id="line.327"> * Remembers the specified account principals by first</a> |
| <span class="sourceLineNo">328</span><a id="line.328"> * {@link #convertPrincipalsToBytes(org.apache.shiro.subject.PrincipalCollection) converting} them to a byte</a> |
| <span class="sourceLineNo">329</span><a id="line.329"> * array and then {@link #rememberSerializedIdentity(org.apache.shiro.subject.Subject, byte[]) remembers} that</a> |
| <span class="sourceLineNo">330</span><a id="line.330"> * byte array.</a> |
| <span class="sourceLineNo">331</span><a id="line.331"> *</a> |
| <span class="sourceLineNo">332</span><a id="line.332"> * @param subject the subject for which the principals are being remembered.</a> |
| <span class="sourceLineNo">333</span><a id="line.333"> * @param accountPrincipals the principals to remember for retrieval later.</a> |
| <span class="sourceLineNo">334</span><a id="line.334"> */</a> |
| <span class="sourceLineNo">335</span><a id="line.335"> protected void rememberIdentity(Subject subject, PrincipalCollection accountPrincipals) {</a> |
| <span class="sourceLineNo">336</span><a id="line.336"> byte[] bytes = convertPrincipalsToBytes(accountPrincipals);</a> |
| <span class="sourceLineNo">337</span><a id="line.337"> rememberSerializedIdentity(subject, bytes);</a> |
| <span class="sourceLineNo">338</span><a id="line.338"> }</a> |
| <span class="sourceLineNo">339</span><a id="line.339"></a> |
| <span class="sourceLineNo">340</span><a id="line.340"> /**</a> |
| <span class="sourceLineNo">341</span><a id="line.341"> * Converts the given principal collection the byte array that will be persisted to be 'remembered' later.</a> |
| <span class="sourceLineNo">342</span><a id="line.342"> * <p/></a> |
| <span class="sourceLineNo">343</span><a id="line.343"> * This implementation first {@link #serialize(org.apache.shiro.subject.PrincipalCollection) serializes} the</a> |
| <span class="sourceLineNo">344</span><a id="line.344"> * principals to a byte array and then {@link #encrypt(byte[]) encrypts} that byte array.</a> |
| <span class="sourceLineNo">345</span><a id="line.345"> *</a> |
| <span class="sourceLineNo">346</span><a id="line.346"> * @param principals the {@code PrincipalCollection} to convert to a byte array</a> |
| <span class="sourceLineNo">347</span><a id="line.347"> * @return the representative byte array to be persisted for remember me functionality.</a> |
| <span class="sourceLineNo">348</span><a id="line.348"> */</a> |
| <span class="sourceLineNo">349</span><a id="line.349"> protected byte[] convertPrincipalsToBytes(PrincipalCollection principals) {</a> |
| <span class="sourceLineNo">350</span><a id="line.350"> byte[] bytes = serialize(principals);</a> |
| <span class="sourceLineNo">351</span><a id="line.351"> if (getCipherService() != null) {</a> |
| <span class="sourceLineNo">352</span><a id="line.352"> bytes = encrypt(bytes);</a> |
| <span class="sourceLineNo">353</span><a id="line.353"> }</a> |
| <span class="sourceLineNo">354</span><a id="line.354"> return bytes;</a> |
| <span class="sourceLineNo">355</span><a id="line.355"> }</a> |
| <span class="sourceLineNo">356</span><a id="line.356"></a> |
| <span class="sourceLineNo">357</span><a id="line.357"> /**</a> |
| <span class="sourceLineNo">358</span><a id="line.358"> * Persists the identity bytes to a persistent store for retrieval later via the</a> |
| <span class="sourceLineNo">359</span><a id="line.359"> * {@link #getRememberedSerializedIdentity(SubjectContext)} method.</a> |
| <span class="sourceLineNo">360</span><a id="line.360"> *</a> |
| <span class="sourceLineNo">361</span><a id="line.361"> * @param subject the Subject for which the identity is being serialized.</a> |
| <span class="sourceLineNo">362</span><a id="line.362"> * @param serialized the serialized bytes to be persisted.</a> |
| <span class="sourceLineNo">363</span><a id="line.363"> */</a> |
| <span class="sourceLineNo">364</span><a id="line.364"> protected abstract void rememberSerializedIdentity(Subject subject, byte[] serialized);</a> |
| <span class="sourceLineNo">365</span><a id="line.365"></a> |
| <span class="sourceLineNo">366</span><a id="line.366"> /**</a> |
| <span class="sourceLineNo">367</span><a id="line.367"> * Implements the interface method by first {@link #getRememberedSerializedIdentity(SubjectContext) acquiring}</a> |
| <span class="sourceLineNo">368</span><a id="line.368"> * the remembered serialized byte array. Then it {@link #convertBytesToPrincipals(byte[], SubjectContext) converts}</a> |
| <span class="sourceLineNo">369</span><a id="line.369"> * them and returns the re-constituted {@link PrincipalCollection}. If no remembered principals could be</a> |
| <span class="sourceLineNo">370</span><a id="line.370"> * obtained, {@code null} is returned.</a> |
| <span class="sourceLineNo">371</span><a id="line.371"> * <p/></a> |
| <span class="sourceLineNo">372</span><a id="line.372"> * If any exceptions are thrown, the {@link #onRememberedPrincipalFailure(RuntimeException, SubjectContext)} method</a> |
| <span class="sourceLineNo">373</span><a id="line.373"> * is called to allow any necessary post-processing (such as immediately removing any previously remembered</a> |
| <span class="sourceLineNo">374</span><a id="line.374"> * values for safety).</a> |
| <span class="sourceLineNo">375</span><a id="line.375"> *</a> |
| <span class="sourceLineNo">376</span><a id="line.376"> * @param subjectContext the contextual data, usually provided by a {@link Subject.Builder} implementation, that</a> |
| <span class="sourceLineNo">377</span><a id="line.377"> * is being used to construct a {@link Subject} instance.</a> |
| <span class="sourceLineNo">378</span><a id="line.378"> * @return the remembered principals or {@code null} if none could be acquired.</a> |
| <span class="sourceLineNo">379</span><a id="line.379"> */</a> |
| <span class="sourceLineNo">380</span><a id="line.380"> public PrincipalCollection getRememberedPrincipals(SubjectContext subjectContext) {</a> |
| <span class="sourceLineNo">381</span><a id="line.381"> PrincipalCollection principals = null;</a> |
| <span class="sourceLineNo">382</span><a id="line.382"> try {</a> |
| <span class="sourceLineNo">383</span><a id="line.383"> byte[] bytes = getRememberedSerializedIdentity(subjectContext);</a> |
| <span class="sourceLineNo">384</span><a id="line.384"> //SHIRO-138 - only call convertBytesToPrincipals if bytes exist:</a> |
| <span class="sourceLineNo">385</span><a id="line.385"> if (bytes != null && bytes.length > 0) {</a> |
| <span class="sourceLineNo">386</span><a id="line.386"> principals = convertBytesToPrincipals(bytes, subjectContext);</a> |
| <span class="sourceLineNo">387</span><a id="line.387"> }</a> |
| <span class="sourceLineNo">388</span><a id="line.388"> } catch (RuntimeException re) {</a> |
| <span class="sourceLineNo">389</span><a id="line.389"> principals = onRememberedPrincipalFailure(re, subjectContext);</a> |
| <span class="sourceLineNo">390</span><a id="line.390"> }</a> |
| <span class="sourceLineNo">391</span><a id="line.391"></a> |
| <span class="sourceLineNo">392</span><a id="line.392"> return principals;</a> |
| <span class="sourceLineNo">393</span><a id="line.393"> }</a> |
| <span class="sourceLineNo">394</span><a id="line.394"></a> |
| <span class="sourceLineNo">395</span><a id="line.395"> /**</a> |
| <span class="sourceLineNo">396</span><a id="line.396"> * Based on the given subject context data, retrieves the previously persisted serialized identity, or</a> |
| <span class="sourceLineNo">397</span><a id="line.397"> * {@code null} if there is no available data. The context map is usually populated by a {@link Subject.Builder}</a> |
| <span class="sourceLineNo">398</span><a id="line.398"> * implementation. See the {@link SubjectFactory} class constants for Shiro's known map keys.</a> |
| <span class="sourceLineNo">399</span><a id="line.399"> *</a> |
| <span class="sourceLineNo">400</span><a id="line.400"> * @param subjectContext the contextual data, usually provided by a {@link Subject.Builder} implementation, that</a> |
| <span class="sourceLineNo">401</span><a id="line.401"> * is being used to construct a {@link Subject} instance. To be used to assist with data</a> |
| <span class="sourceLineNo">402</span><a id="line.402"> * lookup.</a> |
| <span class="sourceLineNo">403</span><a id="line.403"> * @return the previously persisted serialized identity, or {@code null} if there is no available data for the</a> |
| <span class="sourceLineNo">404</span><a id="line.404"> * Subject.</a> |
| <span class="sourceLineNo">405</span><a id="line.405"> */</a> |
| <span class="sourceLineNo">406</span><a id="line.406"> protected abstract byte[] getRememberedSerializedIdentity(SubjectContext subjectContext);</a> |
| <span class="sourceLineNo">407</span><a id="line.407"></a> |
| <span class="sourceLineNo">408</span><a id="line.408"> /**</a> |
| <span class="sourceLineNo">409</span><a id="line.409"> * If a {@link #getCipherService() cipherService} is available, it will be used to first decrypt the byte array.</a> |
| <span class="sourceLineNo">410</span><a id="line.410"> * Then the bytes are then {@link #deserialize(byte[]) deserialized} and then returned.</a> |
| <span class="sourceLineNo">411</span><a id="line.411"> *</a> |
| <span class="sourceLineNo">412</span><a id="line.412"> * @param bytes the bytes to decrypt if necessary and then deserialize.</a> |
| <span class="sourceLineNo">413</span><a id="line.413"> * @param subjectContext the contextual data, usually provided by a {@link Subject.Builder} implementation, that</a> |
| <span class="sourceLineNo">414</span><a id="line.414"> * is being used to construct a {@link Subject} instance.</a> |
| <span class="sourceLineNo">415</span><a id="line.415"> * @return the de-serialized and possibly decrypted principals</a> |
| <span class="sourceLineNo">416</span><a id="line.416"> */</a> |
| <span class="sourceLineNo">417</span><a id="line.417"> protected PrincipalCollection convertBytesToPrincipals(byte[] bytes, SubjectContext subjectContext) {</a> |
| <span class="sourceLineNo">418</span><a id="line.418"> if (getCipherService() != null) {</a> |
| <span class="sourceLineNo">419</span><a id="line.419"> bytes = decrypt(bytes);</a> |
| <span class="sourceLineNo">420</span><a id="line.420"> }</a> |
| <span class="sourceLineNo">421</span><a id="line.421"> return deserialize(bytes);</a> |
| <span class="sourceLineNo">422</span><a id="line.422"> }</a> |
| <span class="sourceLineNo">423</span><a id="line.423"></a> |
| <span class="sourceLineNo">424</span><a id="line.424"> /**</a> |
| <span class="sourceLineNo">425</span><a id="line.425"> * Called when an exception is thrown while trying to retrieve principals. The default implementation logs a</a> |
| <span class="sourceLineNo">426</span><a id="line.426"> * warning message and forgets ('unremembers') the problem identity by calling</a> |
| <span class="sourceLineNo">427</span><a id="line.427"> * {@link #forgetIdentity(SubjectContext) forgetIdentity(context)} and then immediately re-throws the</a> |
| <span class="sourceLineNo">428</span><a id="line.428"> * exception to allow the calling component to react accordingly.</a> |
| <span class="sourceLineNo">429</span><a id="line.429"> * <p/></a> |
| <span class="sourceLineNo">430</span><a id="line.430"> * This method implementation never returns an</a> |
| <span class="sourceLineNo">431</span><a id="line.431"> * object - it always rethrows, but can be overridden by subclasses for custom handling behavior.</a> |
| <span class="sourceLineNo">432</span><a id="line.432"> * <p/></a> |
| <span class="sourceLineNo">433</span><a id="line.433"> * This most commonly would be called when an encryption key is updated and old principals are retrieved that have</a> |
| <span class="sourceLineNo">434</span><a id="line.434"> * been encrypted with the previous key.</a> |
| <span class="sourceLineNo">435</span><a id="line.435"> *</a> |
| <span class="sourceLineNo">436</span><a id="line.436"> * @param e the exception that was thrown.</a> |
| <span class="sourceLineNo">437</span><a id="line.437"> * @param context the contextual data, usually provided by a {@link Subject.Builder} implementation, that</a> |
| <span class="sourceLineNo">438</span><a id="line.438"> * is being used to construct a {@link Subject} instance.</a> |
| <span class="sourceLineNo">439</span><a id="line.439"> * @return nothing - the original {@code RuntimeException} is propagated in all cases.</a> |
| <span class="sourceLineNo">440</span><a id="line.440"> */</a> |
| <span class="sourceLineNo">441</span><a id="line.441"> protected PrincipalCollection onRememberedPrincipalFailure(RuntimeException e, SubjectContext context) {</a> |
| <span class="sourceLineNo">442</span><a id="line.442"></a> |
| <span class="sourceLineNo">443</span><a id="line.443"> if (log.isWarnEnabled()) {</a> |
| <span class="sourceLineNo">444</span><a id="line.444"> String message = "There was a failure while trying to retrieve remembered principals. This could be due to a " +</a> |
| <span class="sourceLineNo">445</span><a id="line.445"> "configuration problem or corrupted principals. This could also be due to a recently " +</a> |
| <span class="sourceLineNo">446</span><a id="line.446"> "changed encryption key, if you are using a shiro.ini file, this property would be " +</a> |
| <span class="sourceLineNo">447</span><a id="line.447"> "'securityManager.rememberMeManager.cipherKey' see: http://shiro.apache.org/web.html#Web-RememberMeServices. " +</a> |
| <span class="sourceLineNo">448</span><a id="line.448"> "The remembered identity will be forgotten and not used for this request.";</a> |
| <span class="sourceLineNo">449</span><a id="line.449"> log.warn(message);</a> |
| <span class="sourceLineNo">450</span><a id="line.450"> }</a> |
| <span class="sourceLineNo">451</span><a id="line.451"> forgetIdentity(context);</a> |
| <span class="sourceLineNo">452</span><a id="line.452"> //propagate - security manager implementation will handle and warn appropriately</a> |
| <span class="sourceLineNo">453</span><a id="line.453"> throw e;</a> |
| <span class="sourceLineNo">454</span><a id="line.454"> }</a> |
| <span class="sourceLineNo">455</span><a id="line.455"></a> |
| <span class="sourceLineNo">456</span><a id="line.456"> /**</a> |
| <span class="sourceLineNo">457</span><a id="line.457"> * Encrypts the byte array by using the configured {@link #getCipherService() cipherService}.</a> |
| <span class="sourceLineNo">458</span><a id="line.458"> *</a> |
| <span class="sourceLineNo">459</span><a id="line.459"> * @param serialized the serialized object byte array to be encrypted</a> |
| <span class="sourceLineNo">460</span><a id="line.460"> * @return an encrypted byte array returned by the configured {@link #getCipherService () cipher}.</a> |
| <span class="sourceLineNo">461</span><a id="line.461"> */</a> |
| <span class="sourceLineNo">462</span><a id="line.462"> protected byte[] encrypt(byte[] serialized) {</a> |
| <span class="sourceLineNo">463</span><a id="line.463"> byte[] value = serialized;</a> |
| <span class="sourceLineNo">464</span><a id="line.464"> CipherService cipherService = getCipherService();</a> |
| <span class="sourceLineNo">465</span><a id="line.465"> if (cipherService != null) {</a> |
| <span class="sourceLineNo">466</span><a id="line.466"> ByteSource byteSource = cipherService.encrypt(serialized, getEncryptionCipherKey());</a> |
| <span class="sourceLineNo">467</span><a id="line.467"> value = byteSource.getBytes();</a> |
| <span class="sourceLineNo">468</span><a id="line.468"> }</a> |
| <span class="sourceLineNo">469</span><a id="line.469"> return value;</a> |
| <span class="sourceLineNo">470</span><a id="line.470"> }</a> |
| <span class="sourceLineNo">471</span><a id="line.471"></a> |
| <span class="sourceLineNo">472</span><a id="line.472"> /**</a> |
| <span class="sourceLineNo">473</span><a id="line.473"> * Decrypts the byte array using the configured {@link #getCipherService() cipherService}.</a> |
| <span class="sourceLineNo">474</span><a id="line.474"> *</a> |
| <span class="sourceLineNo">475</span><a id="line.475"> * @param encrypted the encrypted byte array to decrypt</a> |
| <span class="sourceLineNo">476</span><a id="line.476"> * @return the decrypted byte array returned by the configured {@link #getCipherService () cipher}.</a> |
| <span class="sourceLineNo">477</span><a id="line.477"> */</a> |
| <span class="sourceLineNo">478</span><a id="line.478"> protected byte[] decrypt(byte[] encrypted) {</a> |
| <span class="sourceLineNo">479</span><a id="line.479"> byte[] serialized = encrypted;</a> |
| <span class="sourceLineNo">480</span><a id="line.480"> CipherService cipherService = getCipherService();</a> |
| <span class="sourceLineNo">481</span><a id="line.481"> if (cipherService != null) {</a> |
| <span class="sourceLineNo">482</span><a id="line.482"> ByteSource byteSource = cipherService.decrypt(encrypted, getDecryptionCipherKey());</a> |
| <span class="sourceLineNo">483</span><a id="line.483"> serialized = byteSource.getBytes();</a> |
| <span class="sourceLineNo">484</span><a id="line.484"> }</a> |
| <span class="sourceLineNo">485</span><a id="line.485"> return serialized;</a> |
| <span class="sourceLineNo">486</span><a id="line.486"> }</a> |
| <span class="sourceLineNo">487</span><a id="line.487"></a> |
| <span class="sourceLineNo">488</span><a id="line.488"> /**</a> |
| <span class="sourceLineNo">489</span><a id="line.489"> * Serializes the given {@code principals} by serializing them to a byte array by using the</a> |
| <span class="sourceLineNo">490</span><a id="line.490"> * {@link #getSerializer() serializer}'s {@link Serializer#serialize(Object) serialize} method.</a> |
| <span class="sourceLineNo">491</span><a id="line.491"> *</a> |
| <span class="sourceLineNo">492</span><a id="line.492"> * @param principals the principal collection to serialize to a byte array</a> |
| <span class="sourceLineNo">493</span><a id="line.493"> * @return the serialized principal collection in the form of a byte array</a> |
| <span class="sourceLineNo">494</span><a id="line.494"> */</a> |
| <span class="sourceLineNo">495</span><a id="line.495"> protected byte[] serialize(PrincipalCollection principals) {</a> |
| <span class="sourceLineNo">496</span><a id="line.496"> return getSerializer().serialize(principals);</a> |
| <span class="sourceLineNo">497</span><a id="line.497"> }</a> |
| <span class="sourceLineNo">498</span><a id="line.498"></a> |
| <span class="sourceLineNo">499</span><a id="line.499"> /**</a> |
| <span class="sourceLineNo">500</span><a id="line.500"> * De-serializes the given byte array by using the {@link #getSerializer() serializer}'s</a> |
| <span class="sourceLineNo">501</span><a id="line.501"> * {@link Serializer#deserialize deserialize} method.</a> |
| <span class="sourceLineNo">502</span><a id="line.502"> *</a> |
| <span class="sourceLineNo">503</span><a id="line.503"> * @param serializedIdentity the previously serialized {@code PrincipalCollection} as a byte array</a> |
| <span class="sourceLineNo">504</span><a id="line.504"> * @return the de-serialized (reconstituted) {@code PrincipalCollection}</a> |
| <span class="sourceLineNo">505</span><a id="line.505"> */</a> |
| <span class="sourceLineNo">506</span><a id="line.506"> protected PrincipalCollection deserialize(byte[] serializedIdentity) {</a> |
| <span class="sourceLineNo">507</span><a id="line.507"> return getSerializer().deserialize(serializedIdentity);</a> |
| <span class="sourceLineNo">508</span><a id="line.508"> }</a> |
| <span class="sourceLineNo">509</span><a id="line.509"></a> |
| <span class="sourceLineNo">510</span><a id="line.510"> /**</a> |
| <span class="sourceLineNo">511</span><a id="line.511"> * Reacts to a failed login by immediately {@link #forgetIdentity(org.apache.shiro.subject.Subject) forgetting} any</a> |
| <span class="sourceLineNo">512</span><a id="line.512"> * previously remembered identity. This is an additional security feature to prevent any remenant identity data</a> |
| <span class="sourceLineNo">513</span><a id="line.513"> * from being retained in case the authentication attempt is not being executed by the expected user.</a> |
| <span class="sourceLineNo">514</span><a id="line.514"> *</a> |
| <span class="sourceLineNo">515</span><a id="line.515"> * @param subject the subject which executed the failed login attempt</a> |
| <span class="sourceLineNo">516</span><a id="line.516"> * @param token the authentication token resulting in a failed login attempt - ignored by this implementation</a> |
| <span class="sourceLineNo">517</span><a id="line.517"> * @param ae the exception thrown as a result of the failed login attempt - ignored by this implementation</a> |
| <span class="sourceLineNo">518</span><a id="line.518"> */</a> |
| <span class="sourceLineNo">519</span><a id="line.519"> public void onFailedLogin(Subject subject, AuthenticationToken token, AuthenticationException ae) {</a> |
| <span class="sourceLineNo">520</span><a id="line.520"> forgetIdentity(subject);</a> |
| <span class="sourceLineNo">521</span><a id="line.521"> }</a> |
| <span class="sourceLineNo">522</span><a id="line.522"></a> |
| <span class="sourceLineNo">523</span><a id="line.523"> /**</a> |
| <span class="sourceLineNo">524</span><a id="line.524"> * Reacts to a subject logging out of the application and immediately</a> |
| <span class="sourceLineNo">525</span><a id="line.525"> * {@link #forgetIdentity(org.apache.shiro.subject.Subject) forgets} any previously stored identity and returns.</a> |
| <span class="sourceLineNo">526</span><a id="line.526"> *</a> |
| <span class="sourceLineNo">527</span><a id="line.527"> * @param subject the subject logging out.</a> |
| <span class="sourceLineNo">528</span><a id="line.528"> */</a> |
| <span class="sourceLineNo">529</span><a id="line.529"> public void onLogout(Subject subject) {</a> |
| <span class="sourceLineNo">530</span><a id="line.530"> forgetIdentity(subject);</a> |
| <span class="sourceLineNo">531</span><a id="line.531"> }</a> |
| <span class="sourceLineNo">532</span><a id="line.532">}</a> |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| </pre> |
| </div> |
| </main> |
| </body> |
| </html> |
