| <!DOCTYPE html> |
| <!-- |
| | Generated by Apache Maven Doxia Site Renderer 1.11.1 at 2023-07-11 |
| | Rendered using Apache Maven Fluido Skin 1.5 |
| --> |
| <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> |
| <head> |
| <meta charset="UTF-8" /> |
| <meta name="viewport" content="width=device-width, initial-scale=1.0" /> |
| <meta name="Date-Revision-yyyymmdd" content="20230711" /> |
| <meta http-equiv="Content-Language" content="en" /> |
| <title>shiro-root – CPD Results</title> |
| <link rel="stylesheet" href="./css/apache-maven-fluido-1.5.min.css" /> |
| <link rel="stylesheet" href="./css/site.css" /> |
| <link rel="stylesheet" href="./css/print.css" media="print" /> |
| |
| |
| <script type="text/javascript" src="./js/apache-maven-fluido-1.5.min.js"></script> |
| |
| </head> |
| <body class="topBarDisabled"> |
| |
| |
| |
| <div class="container-fluid"> |
| <div id="banner"> |
| <div class="pull-left"> |
| <a href="http://shiro.apache.org" id="bannerLeft"> |
| <img src="http://shiro.apache.org/images/apache-shiro-logo.png" alt="Shiro"/> |
| </a> |
| </div> |
| <div class="pull-right"> <div id="bannerRight"> |
| <img src="http://shiro.apache.org/images/asf_logo.png" /> |
| </div> |
| </div> |
| <div class="clear"><hr/></div> |
| </div> |
| |
| <div id="breadcrumbs"> |
| <ul class="breadcrumb"> |
| |
| <li class=""> |
| <a href="index.html" title="Apache Shiro"> |
| Apache Shiro</a> |
| <span class="divider">/</span> |
| </li> |
| <li class="active ">CPD Results</li> |
| |
| |
| <li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2023-07-11</li> |
| <li id="projectVersion" class="pull-right"> |
| Version: 1.12.0 |
| </li> |
| |
| </ul> |
| </div> |
| |
| |
| <div class="row-fluid"> |
| <div id="leftColumn" class="span2"> |
| <div class="well sidebar-nav"> |
| |
| <ul class="nav nav-list"> |
| <li class="nav-header">Modules</li> |
| |
| <li> |
| |
| <a href="shiro-lang/index.html" title="Apache Shiro :: Lang"> |
| <span class="none"></span> |
| Apache Shiro :: Lang</a> |
| </li> |
| |
| <li> |
| |
| <a href="shiro-crypto/index.html" title="Apache Shiro :: Cryptography"> |
| <span class="none"></span> |
| Apache Shiro :: Cryptography</a> |
| </li> |
| |
| <li> |
| |
| <a href="shiro-event/index.html" title="Apache Shiro :: Event"> |
| <span class="none"></span> |
| Apache Shiro :: Event</a> |
| </li> |
| |
| <li> |
| |
| <a href="shiro-cache/index.html" title="Apache Shiro :: Cache"> |
| <span class="none"></span> |
| Apache Shiro :: Cache</a> |
| </li> |
| |
| <li> |
| |
| <a href="shiro-config/index.html" title="Apache Shiro :: Configuration"> |
| <span class="none"></span> |
| Apache Shiro :: Configuration</a> |
| </li> |
| |
| <li> |
| |
| <a href="shiro-core/index.html" title="Apache Shiro :: Core"> |
| <span class="none"></span> |
| Apache Shiro :: Core</a> |
| </li> |
| |
| <li> |
| |
| <a href="shiro-web/index.html" title="Apache Shiro :: Web"> |
| <span class="none"></span> |
| Apache Shiro :: Web</a> |
| </li> |
| |
| <li> |
| |
| <a href="shiro-support/index.html" title="Apache Shiro :: Support"> |
| <span class="none"></span> |
| Apache Shiro :: Support</a> |
| </li> |
| |
| <li> |
| |
| <a href="shiro-tools/index.html" title="Apache Shiro :: Tools"> |
| <span class="none"></span> |
| Apache Shiro :: Tools</a> |
| </li> |
| |
| <li> |
| |
| <a href="shiro-all/index.html" title="Apache Shiro :: All (aggregate jar)"> |
| <span class="none"></span> |
| Apache Shiro :: All (aggregate jar)</a> |
| </li> |
| |
| <li> |
| |
| <a href="shiro-integration-tests/index.html" title="Apache Shiro :: Integration Tests"> |
| <span class="none"></span> |
| Apache Shiro :: Integration Tests</a> |
| </li> |
| |
| <li> |
| |
| <a href="shiro-samples/index.html" title="Apache Shiro :: Samples"> |
| <span class="none"></span> |
| Apache Shiro :: Samples</a> |
| </li> |
| |
| <li> |
| |
| <a href="shiro-test-coverage/index.html" title="Apache Shiro :: Test Coverage"> |
| <span class="none"></span> |
| Apache Shiro :: Test Coverage</a> |
| </li> |
| |
| <li> |
| |
| <a href="shiro-bom/index.html" title="Apache Shiro :: BOM"> |
| <span class="none"></span> |
| Apache Shiro :: BOM</a> |
| </li> |
| <li class="nav-header">Project Documentation</li> |
| |
| <li> |
| |
| <a href="project-info.html" title="Project Information"> |
| <span class="icon-chevron-right"></span> |
| Project Information</a> |
| </li> |
| |
| <li> |
| |
| <a href="project-reports.html" title="Project Reports"> |
| <span class="icon-chevron-down"></span> |
| Project Reports</a> |
| <ul class="nav nav-list"> |
| |
| <li> |
| |
| <a href="apidocs/index.html" title="Javadoc"> |
| <span class="none"></span> |
| Javadoc</a> |
| </li> |
| |
| <li class="active"> |
| |
| <a href="#"><span class="none"></span>CPD</a> |
| </li> |
| |
| <li> |
| |
| <a href="pmd.html" title="PMD"> |
| <span class="none"></span> |
| PMD</a> |
| </li> |
| |
| <li> |
| |
| <a href="rat-report.html" title="Rat Report"> |
| <span class="none"></span> |
| Rat Report</a> |
| </li> |
| |
| <li> |
| |
| <a href="surefire-report.html" title="Surefire"> |
| <span class="none"></span> |
| Surefire</a> |
| </li> |
| |
| <li> |
| |
| <a href="dashboard-report.html" title="Global DashBoard Report"> |
| <span class="none"></span> |
| Global DashBoard Report</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| |
| |
| <hr /> |
| |
| <div id="poweredBy"> |
| <div class="clear"></div> |
| <div class="clear"></div> |
| <div class="clear"></div> |
| <div class="clear"></div> |
| <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy"> |
| <img class="builtBy" alt="Built by Maven" src="./images/logos/maven-feather.png" /> |
| </a> |
| </div> |
| </div> |
| </div> |
| |
| |
| <div id="bodyColumn" class="span10" > |
| |
| <section> |
| <h2><a name="CPD_Results"></a>CPD Results</h2> |
| <p>The following document contains the results of PMD's <a class="externalLink" href="https://pmd.github.io/latest/pmd_userdocs_cpd.html">CPD</a> 6.53.0.</p></section><section> |
| <h2><a name="Duplications"></a>Duplications</h2> |
| <table border="0" class="table table-striped"> |
| <tr class="a"> |
| <th>File</th> |
| <th>Project</th> |
| <th>Line</th></tr> |
| <tr class="b"> |
| <td>org/apache/shiro/samples/guice/SampleShiroServletModule.java</td> |
| <td>Apache Shiro :: ITs :: Guice 4</td> |
| <td><a href="./xref/org/apache/shiro/samples/guice/SampleShiroServletModule.html#L38">38</a></td></tr> |
| <tr class="a"> |
| <td>org/apache/shiro/samples/guice/SampleShiroServletModule.java</td> |
| <td>Apache Shiro :: Samples :: Guice Web</td> |
| <td><a href="./xref/org/apache/shiro/samples/guice/SampleShiroServletModule.html#L39">39</a></td></tr> |
| <tr class="b"><td colspan='3'> |
| <div> |
| <pre>public class SampleShiroServletModule extends ShiroWebModule { |
| private final ServletContext servletContext; |
| |
| public SampleShiroServletModule(ServletContext servletContext) { |
| super(servletContext); |
| |
| this.servletContext = servletContext; |
| } |
| |
| @Override |
| protected void configureShiroWeb() { |
| bindConstant().annotatedWith(Names.named("shiro.loginUrl")).to("/login.jsp"); |
| try { |
| this.bindRealm().toConstructor(IniRealm.class.getConstructor(Ini.class)); |
| } catch (NoSuchMethodException e) { |
| addError("Could not locate proper constructor for IniRealm.", e); |
| } |
| |
| this.addFilterChain("/login.jsp", AUTHC); |
| this.addFilterChain("/logout", LOGOUT); |
| this.addFilterChain("/account/**", AUTHC); |
| |
| this.addFilterChain("/remoting/**", filterConfig(AUTHC), filterConfig(ROLES, "b2bClient"), filterConfig(PERMS, "remote:invoke:lan,wan")); |
| } |
| |
| @Provides |
| @Singleton |
| Ini loadShiroIni() throws MalformedURLException { |
| URL iniUrl = servletContext.getResource("/WEB-INF/shiro.ini"); |
| return Ini.fromResourcePath("url:" + iniUrl.toExternalForm()); |
| } |
| |
| @Override |
| protected void bindWebSecurityManager(AnnotatedBindingBuilder<? super WebSecurityManager> bind) |
| { |
| try |
| { |
| String cipherKey = loadShiroIni().getSectionProperty( "main", "securityManager.rememberMeManager.cipherKey" ); |
| |
| DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); |
| CookieRememberMeManager rememberMeManager = new CookieRememberMeManager(); |
| rememberMeManager.setCipherKey( Base64.decode( cipherKey ) ); |
| securityManager.setRememberMeManager(rememberMeManager); |
| bind.toInstance(securityManager); |
| } |
| catch ( MalformedURLException e ) |
| { |
| // for now just throw, you could just call |
| // super.bindWebSecurityManager(bind) if you do not need rememberMe functionality |
| throw new ConfigurationException( "securityManager.rememberMeManager.cipherKey must be set in shiro.ini." ); |
| } |
| |
| |
| } |
| }</pre></div></td></tr></table> |
| <table border="0" class="table table-striped"> |
| <tr class="a"> |
| <th>File</th> |
| <th>Project</th> |
| <th>Line</th></tr> |
| <tr class="b"> |
| <td>QuickstartGuice.java</td> |
| <td>Apache Shiro :: Samples :: Quick Start Guice</td> |
| <td><a href="./xref/QuickstartGuice.html#L44">44</a></td></tr> |
| <tr class="a"> |
| <td>Quickstart.java</td> |
| <td>Apache Shiro :: Samples :: Quick Start</td> |
| <td><a href="./xref/Quickstart.html#L51">51</a></td></tr> |
| <tr class="b"><td colspan='3'> |
| <div> |
| <pre>SecurityManager securityManager = injector.getInstance(SecurityManager.class); |
| |
| // for this simple example quickstart, make the SecurityManager |
| // accessible as a JVM singleton. Most applications wouldn't do this |
| // and instead rely on their container configuration or web.xml for |
| // webapps. That is outside the scope of this simple quickstart, so |
| // we'll just do the bare minimum so you can continue to get a feel |
| // for things. |
| SecurityUtils.setSecurityManager(securityManager); |
| |
| // Now that a simple Shiro environment is set up, let's see what you can do: |
| |
| // get the currently executing user: |
| Subject currentUser = SecurityUtils.getSubject(); |
| |
| // Do some stuff with a Session (no need for a web or EJB container!!!) |
| Session session = currentUser.getSession(); |
| session.setAttribute("someKey", "aValue"); |
| String value = (String) session.getAttribute("someKey"); |
| if (value.equals("aValue")) { |
| log.info("Retrieved the correct value! [" + value + "]"); |
| } |
| |
| // let's login the current user so we can check against roles and permissions: |
| if (!currentUser.isAuthenticated()) { |
| UsernamePasswordToken token = new UsernamePasswordToken("lonestarr", "vespa"); |
| token.setRememberMe(true); |
| try { |
| currentUser.login(token); |
| } catch (UnknownAccountException uae) { |
| log.info("There is no user with username of " + token.getPrincipal()); |
| } catch (IncorrectCredentialsException ice) { |
| log.info("Password for account " + token.getPrincipal() + " was incorrect!"); |
| } catch (LockedAccountException lae) { |
| log.info("The account for username " + token.getPrincipal() + " is locked. " + |
| "Please contact your administrator to unlock it."); |
| } |
| // ... catch more exceptions here (maybe custom ones specific to your application? |
| catch (AuthenticationException ae) { |
| //unexpected condition? error? |
| } |
| } |
| |
| //say who they are: |
| //print their identifying principal (in this case, a username): |
| log.info("User [" + currentUser.getPrincipal() + "] logged in successfully."); |
| |
| //test a role: |
| if (currentUser.hasRole("schwartz")) { |
| log.info("May the Schwartz be with you!"); |
| } else { |
| log.info("Hello, mere mortal."); |
| } |
| |
| //test a typed permission (not instance-level) |
| if (currentUser.isPermitted("lightsaber:weild")) {</pre></div></td></tr></table> |
| <table border="0" class="table table-striped"> |
| <tr class="a"> |
| <th>File</th> |
| <th>Project</th> |
| <th>Line</th></tr> |
| <tr class="b"> |
| <td>org/apache/shiro/spring/boot/autoconfigure/ShiroAutoConfiguration.java</td> |
| <td>Apache Shiro :: Support :: Spring Boot</td> |
| <td><a href="./xref/org/apache/shiro/spring/boot/autoconfigure/ShiroAutoConfiguration.html#L48">48</a></td></tr> |
| <tr class="a"> |
| <td>org/apache/shiro/spring/config/web/autoconfigure/ShiroWebAutoConfiguration.java</td> |
| <td>Apache Shiro :: Support :: Spring Boot</td> |
| <td><a href="./xref/org/apache/shiro/spring/config/web/autoconfigure/ShiroWebAutoConfiguration.html#L56">56</a></td></tr> |
| <tr class="b"><td colspan='3'> |
| <div> |
| <pre>public class ShiroAutoConfiguration extends AbstractShiroConfiguration { |
| |
| @Bean |
| @ConditionalOnMissingBean |
| @Override |
| protected AuthenticationStrategy authenticationStrategy() { |
| return super.authenticationStrategy(); |
| } |
| |
| @Bean |
| @ConditionalOnMissingBean |
| @Override |
| protected Authenticator authenticator() { |
| return super.authenticator(); |
| } |
| |
| @Bean |
| @ConditionalOnMissingBean |
| @Override |
| protected Authorizer authorizer() { |
| return super.authorizer(); |
| } |
| |
| @Bean |
| @ConditionalOnMissingBean |
| @Override |
| protected SubjectDAO subjectDAO() { |
| return super.subjectDAO(); |
| } |
| |
| @Bean |
| @ConditionalOnMissingBean |
| @Override |
| protected SessionStorageEvaluator sessionStorageEvaluator() { |
| return super.sessionStorageEvaluator(); |
| } |
| |
| @Bean |
| @ConditionalOnMissingBean |
| @Override |
| protected SubjectFactory subjectFactory() { |
| return super.subjectFactory(); |
| } |
| |
| @Bean |
| @ConditionalOnMissingBean |
| @Override |
| protected SessionFactory sessionFactory() { |
| return super.sessionFactory(); |
| } |
| |
| @Bean |
| @ConditionalOnMissingBean |
| @Override |
| protected SessionDAO sessionDAO() { |
| return super.sessionDAO(); |
| } |
| |
| @Bean |
| @ConditionalOnMissingBean |
| @Override |
| protected SessionManager sessionManager() { |
| return super.sessionManager(); |
| } |
| |
| @Bean |
| @ConditionalOnMissingBean |
| @Override |
| protected SessionsSecurityManager securityManager(List<Realm> realms) { |
| return super.securityManager(realms); |
| } |
| |
| @Bean |
| @ConditionalOnResource(resources = "classpath:shiro.ini")</pre></div></td></tr></table> |
| <table border="0" class="table table-striped"> |
| <tr class="a"> |
| <th>File</th> |
| <th>Project</th> |
| <th>Line</th></tr> |
| <tr class="b"> |
| <td>org/apache/shiro/realm/ldap/DefaultLdapContextFactory.java</td> |
| <td>Apache Shiro :: Core</td> |
| <td><a href="./xref/org/apache/shiro/realm/ldap/DefaultLdapContextFactory.html#L291">291</a></td></tr> |
| <tr class="a"> |
| <td>org/apache/shiro/realm/ldap/JndiLdapContextFactory.java</td> |
| <td>Apache Shiro :: Core</td> |
| <td><a href="./xref/org/apache/shiro/realm/ldap/JndiLdapContextFactory.html#L523">523</a></td></tr> |
| <tr class="b"><td colspan='3'> |
| <div> |
| <pre>private void validateAuthenticationInfo(Hashtable<String, Object> environment) |
| throws AuthenticationException |
| { |
| // validate when using Simple auth both principal and credentials are set |
| if(SIMPLE_AUTHENTICATION_MECHANISM_NAME.equals(environment.get(Context.SECURITY_AUTHENTICATION))) { |
| |
| // only validate credentials if we have a non-empty principal |
| if( environment.get(Context.SECURITY_PRINCIPAL) != null && |
| StringUtils.hasText( String.valueOf( environment.get(Context.SECURITY_PRINCIPAL) ))) { |
| |
| Object credentials = environment.get(Context.SECURITY_CREDENTIALS); |
| |
| // from the FAQ, we need to check for empty credentials: |
| // http://docs.oracle.com/javase/tutorial/jndi/ldap/faq.html |
| if( credentials == null || |
| (credentials instanceof byte[] && ((byte[])credentials).length <= 0) || // empty byte[] |
| (credentials instanceof char[] && ((char[])credentials).length <= 0) || // empty char[] |
| (String.class.isInstance(credentials) && !StringUtils.hasText(String.valueOf(credentials)))) { |
| |
| throw new javax.naming.AuthenticationException("LDAP Simple authentication requires both a " |
| + "principal and credentials."); |
| } |
| } |
| } |
| } |
| |
| }</pre></div></td></tr></table> |
| <table border="0" class="table table-striped"> |
| <tr class="a"> |
| <th>File</th> |
| <th>Project</th> |
| <th>Line</th></tr> |
| <tr class="b"> |
| <td>org/apache/shiro/samples/guice/SampleShiroServletModule.java</td> |
| <td>Apache Shiro :: ITs :: Guice 4</td> |
| <td><a href="./xref/org/apache/shiro/samples/guice/SampleShiroServletModule.html#L41">41</a></td></tr> |
| <tr class="a"> |
| <td>org/apache/shiro/samples/guice/SampleShiroNativeSessionsServletModule.java</td> |
| <td>Apache Shiro :: Samples :: Guice Web</td> |
| <td><a href="./xref/org/apache/shiro/samples/guice/SampleShiroNativeSessionsServletModule.html#L45">45</a></td></tr> |
| <tr class="b"> |
| <td>org/apache/shiro/samples/guice/SampleShiroServletModule.java</td> |
| <td>Apache Shiro :: Samples :: Guice Web</td> |
| <td><a href="./xref/org/apache/shiro/samples/guice/SampleShiroServletModule.html#L42">42</a></td></tr> |
| <tr class="a"><td colspan='3'> |
| <div> |
| <pre>public SampleShiroServletModule(ServletContext servletContext) { |
| super(servletContext); |
| |
| this.servletContext = servletContext; |
| } |
| |
| @Override |
| protected void configureShiroWeb() { |
| bindConstant().annotatedWith(Names.named("shiro.loginUrl")).to("/login.jsp"); |
| try { |
| this.bindRealm().toConstructor(IniRealm.class.getConstructor(Ini.class)); |
| } catch (NoSuchMethodException e) { |
| addError("Could not locate proper constructor for IniRealm.", e); |
| } |
| |
| this.addFilterChain("/login.jsp", AUTHC); |
| this.addFilterChain("/logout", LOGOUT); |
| this.addFilterChain("/account/**", AUTHC); |
| |
| this.addFilterChain("/remoting/**", filterConfig(AUTHC), filterConfig(ROLES, "b2bClient"), filterConfig(PERMS, "remote:invoke:lan,wan")); |
| } |
| |
| @Provides |
| @Singleton |
| Ini loadShiroIni() throws MalformedURLException { |
| URL iniUrl = servletContext.getResource("/WEB-INF/shiro.ini"); |
| return Ini.fromResourcePath("url:" + iniUrl.toExternalForm()); |
| } |
| |
| @Override |
| protected void bindWebSecurityManager(AnnotatedBindingBuilder<? super WebSecurityManager> bind)</pre></div></td></tr></table> |
| <table border="0" class="table table-striped"> |
| <tr class="a"> |
| <th>File</th> |
| <th>Project</th> |
| <th>Line</th></tr> |
| <tr class="b"> |
| <td>org/apache/shiro/crypto/hash/AbstractHash.java</td> |
| <td>Apache Shiro :: Cryptography :: Hashing</td> |
| <td><a href="./xref/org/apache/shiro/crypto/hash/AbstractHash.html#L225">225</a></td></tr> |
| <tr class="a"> |
| <td>org/apache/shiro/crypto/hash/SimpleHash.java</td> |
| <td>Apache Shiro :: Cryptography :: Hashing</td> |
| <td><a href="./xref/org/apache/shiro/crypto/hash/SimpleHash.html#L360">360</a></td></tr> |
| <tr class="b"><td colspan='3'> |
| <div> |
| <pre>} |
| |
| /** |
| * Returns a hex-encoded string of the underlying {@link #getBytes byte array}. |
| * <p/> |
| * This implementation caches the resulting hex string so multiple calls to this method remain efficient. |
| * However, calling {@link #setBytes setBytes} will null the cached value, forcing it to be recalculated the |
| * next time this method is called. |
| * |
| * @return a hex-encoded string of the underlying {@link #getBytes byte array}. |
| */ |
| public String toHex() { |
| if (this.hexEncoded == null) { |
| this.hexEncoded = Hex.encodeToString(getBytes()); |
| } |
| return this.hexEncoded; |
| } |
| |
| /** |
| * Returns a Base64-encoded string of the underlying {@link #getBytes byte array}. |
| * <p/> |
| * This implementation caches the resulting Base64 string so multiple calls to this method remain efficient. |
| * However, calling {@link #setBytes setBytes} will null the cached value, forcing it to be recalculated the |
| * next time this method is called. |
| * |
| * @return a Base64-encoded string of the underlying {@link #getBytes byte array}. |
| */ |
| public String toBase64() { |
| if (this.base64Encoded == null) { |
| //cache result in case this method is called multiple times. |
| this.base64Encoded = Base64.encodeToString(getBytes()); |
| } |
| return this.base64Encoded; |
| } |
| |
| /** |
| * Simple implementation that merely returns {@link #toHex() toHex()}. |
| * |
| * @return the {@link #toHex() toHex()} value. |
| */ |
| public String toString() { |
| return toHex(); |
| } |
| |
| /** |
| * Returns {@code true} if the specified object is a Hash and its {@link #getBytes byte array} is identical to |
| * this Hash's byte array, {@code false} otherwise. |
| * |
| * @param o the object (Hash) to check for equality. |
| * @return {@code true} if the specified object is a Hash and its {@link #getBytes byte array} is identical to |
| * this Hash's byte array, {@code false} otherwise. |
| */ |
| public boolean equals(Object o) { |
| if (o instanceof Hash) { |
| Hash other = (Hash) o; |
| return MessageDigest.isEqual(getBytes(), other.getBytes()); |
| } |
| return false; |
| } |
| |
| /** |
| * Simply returns toHex().hashCode(); |
| * |
| * @return toHex().hashCode() |
| */ |
| public int hashCode() { |
| if (this.bytes == null || this.bytes.length == 0) { |
| return 0; |
| } |
| return Arrays.hashCode(this.bytes); |
| }</pre></div></td></tr></table> |
| <table border="0" class="table table-striped"> |
| <tr class="a"> |
| <th>File</th> |
| <th>Project</th> |
| <th>Line</th></tr> |
| <tr class="b"> |
| <td>org/apache/shiro/samples/QuickStart.java</td> |
| <td>Apache Shiro :: Samples :: Spring Boot</td> |
| <td><a href="./xref/org/apache/shiro/samples/QuickStart.html#L37">37</a></td></tr> |
| <tr class="a"> |
| <td>org/apache/shiro/samples/spring/QuickStart.java</td> |
| <td>Apache Shiro :: Samples :: Spring Quickstart</td> |
| <td><a href="./xref/org/apache/shiro/samples/spring/QuickStart.html#L37">37</a></td></tr> |
| <tr class="b"><td colspan='3'> |
| <div> |
| <pre>@Component |
| public class QuickStart { |
| |
| private static Logger log = LoggerFactory.getLogger(QuickStart.class); |
| |
| @Autowired |
| private SecurityManager securityManager; |
| |
| @Autowired |
| private SimpleService simpleService; |
| |
| public void run() { |
| |
| // get the current subject |
| Subject subject = SecurityUtils.getSubject(); |
| |
| // Subject is not authenticated yet |
| Assert.isTrue(!subject.isAuthenticated()); |
| |
| // login the subject with a username / password |
| UsernamePasswordToken token = new UsernamePasswordToken("joe.coder", "password"); |
| subject.login(token); |
| |
| // joe.coder has the "user" role |
| subject.checkRole("user"); |
| |
| // joe.coder does NOT have the admin role |
| Assert.isTrue(!subject.hasRole("admin")); |
| |
| // joe.coder has the "read" permission |
| subject.checkPermission("read"); |
| |
| // current user is allowed to execute this method. |
| simpleService.readRestrictedCall(); |
| |
| try { |
| // but not this one! |
| simpleService.writeRestrictedCall(); |
| } |
| catch (AuthorizationException e) { |
| log.info("Subject was NOT allowed to execute method 'writeRestrictedCall'"); |
| } |
| |
| // logout |
| subject.logout(); |
| Assert.isTrue(!subject.isAuthenticated()); |
| } |
| |
| |
| /** |
| * Sets the static instance of SecurityManager. This is NOT needed for web applications. |
| */ |
| @PostConstruct |
| private void initStaticSecurityManager() { |
| SecurityUtils.setSecurityManager(securityManager); |
| } |
| }</pre></div></td></tr></table> |
| <table border="0" class="table table-striped"> |
| <tr class="a"> |
| <th>File</th> |
| <th>Project</th> |
| <th>Line</th></tr> |
| <tr class="b"> |
| <td>org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java</td> |
| <td>Apache Shiro :: Web</td> |
| <td><a href="./xref/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.html#L75">75</a></td></tr> |
| <tr class="a"> |
| <td>org/apache/shiro/web/filter/authc/HttpAuthenticationFilter.java</td> |
| <td>Apache Shiro :: Web</td> |
| <td><a href="./xref/org/apache/shiro/web/filter/authc/HttpAuthenticationFilter.html#L320">320</a></td></tr> |
| <tr class="b"><td colspan='3'> |
| <div> |
| <pre>} |
| |
| /** |
| * Creates an AuthenticationToken for use during login attempt with the provided credentials in the http header. |
| * <p/> |
| * This implementation: |
| * <ol><li>acquires the username and password based on the request's |
| * {@link #getAuthzHeader(javax.servlet.ServletRequest) authorization header} via the |
| * {@link #getPrincipalsAndCredentials(String, javax.servlet.ServletRequest) getPrincipalsAndCredentials} method</li> |
| * <li>The return value of that method is converted to an <code>AuthenticationToken</code> via the |
| * {@link #createToken(String, String, javax.servlet.ServletRequest, javax.servlet.ServletResponse) createToken} method</li> |
| * <li>The created <code>AuthenticationToken</code> is returned.</li> |
| * </ol> |
| * |
| * @param request incoming ServletRequest |
| * @param response outgoing ServletResponse |
| * @return the AuthenticationToken used to execute the login attempt |
| */ |
| protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) { |
| String authorizationHeader = getAuthzHeader(request); |
| if (authorizationHeader == null || authorizationHeader.length() == 0) { |
| // Create an empty authentication token since there is no |
| // Authorization header. |
| return createToken("", "", request, response); |
| } |
| |
| log.debug("Attempting to execute login with auth header"); |
| |
| String[] prinCred = getPrincipalsAndCredentials(authorizationHeader, request); |
| if (prinCred == null || prinCred.length < 2) { |
| // Create an authentication token with an empty password, |
| // since one hasn't been provided in the request. |
| String username = prinCred == null || prinCred.length == 0 ? "" : prinCred[0]; |
| return createToken(username, "", request, response); |
| } |
| |
| String username = prinCred[0]; |
| String password = prinCred[1]; |
| |
| return createToken(username, password, request, response); |
| } |
| |
| /** |
| * Returns the username and password pair based on the specified <code>encoded</code> String obtained from |
| * the request's authorization header. |
| * <p/> |
| * Per RFC 2617, the default implementation first Base64 decodes the string and then splits the resulting decoded |
| * string into two based on the ":" character. That is: |
| * <p/> |
| * <code>String decoded = Base64.decodeToString(encoded);<br/> |
| * return decoded.split(":");</code> |
| * |
| * @param scheme the {@link #getAuthcScheme() authcScheme} found in the request |
| * {@link #getAuthzHeader(javax.servlet.ServletRequest) authzHeader}. It is ignored by this implementation, |
| * but available to overriding implementations should they find it useful. |
| * @param encoded the Base64-encoded username:password value found after the scheme in the header |
| * @return the username (index 0)/password (index 1) pair obtained from the encoded header data. |
| */ |
| protected String[] getPrincipalsAndCredentials(String scheme, String encoded) {</pre></div></td></tr></table> |
| <table border="0" class="table table-striped"> |
| <tr class="a"> |
| <th>File</th> |
| <th>Project</th> |
| <th>Line</th></tr> |
| <tr class="b"> |
| <td>org/apache/shiro/samples/guice/SampleShiroServletModule.java</td> |
| <td>Apache Shiro :: ITs :: Guice 3</td> |
| <td><a href="./xref/org/apache/shiro/samples/guice/SampleShiroServletModule.html#L60">60</a></td></tr> |
| <tr class="a"> |
| <td>org/apache/shiro/samples/guice/SampleShiroServletModule.java</td> |
| <td>Apache Shiro :: ITs :: Guice 4</td> |
| <td><a href="./xref/org/apache/shiro/samples/guice/SampleShiroServletModule.html#L60">60</a></td></tr> |
| <tr class="b"> |
| <td>org/apache/shiro/samples/guice/SampleShiroServletModule.java</td> |
| <td>Apache Shiro :: Samples :: Guice Web</td> |
| <td><a href="./xref/org/apache/shiro/samples/guice/SampleShiroServletModule.html#L61">61</a></td></tr> |
| <tr class="a"><td colspan='3'> |
| <div> |
| <pre>this.addFilterChain("/remoting/**", AUTHC, config(ROLES, "b2bClient"), config(PERMS, "remote:invoke:lan,wan")); |
| } |
| |
| @Provides |
| @Singleton |
| Ini loadShiroIni() throws MalformedURLException { |
| URL iniUrl = servletContext.getResource("/WEB-INF/shiro.ini"); |
| return Ini.fromResourcePath("url:" + iniUrl.toExternalForm()); |
| } |
| |
| @Override |
| protected void bindWebSecurityManager(AnnotatedBindingBuilder<? super WebSecurityManager> bind) |
| { |
| try |
| { |
| String cipherKey = loadShiroIni().getSectionProperty( "main", "securityManager.rememberMeManager.cipherKey" ); |
| |
| DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); |
| CookieRememberMeManager rememberMeManager = new CookieRememberMeManager(); |
| rememberMeManager.setCipherKey( Base64.decode( cipherKey ) ); |
| securityManager.setRememberMeManager(rememberMeManager); |
| bind.toInstance(securityManager); |
| } |
| catch ( MalformedURLException e ) |
| { |
| // for now just throw, you could just call |
| // super.bindWebSecurityManager(bind) if you do not need rememberMe functionality |
| throw new ConfigurationException( "securityManager.rememberMeManager.cipherKey must be set in shiro.ini." ); |
| } |
| |
| |
| } |
| }</pre></div></td></tr></table> |
| <table border="0" class="table table-striped"> |
| <tr class="a"> |
| <th>File</th> |
| <th>Project</th> |
| <th>Line</th></tr> |
| <tr class="b"> |
| <td>org/apache/shiro/samples/guice/SampleShiroServletModule.java</td> |
| <td>Apache Shiro :: ITs :: Guice 3</td> |
| <td><a href="./xref/org/apache/shiro/samples/guice/SampleShiroServletModule.html#L38">38</a></td></tr> |
| <tr class="a"> |
| <td>org/apache/shiro/samples/guice/SampleShiroServletModule.java</td> |
| <td>Apache Shiro :: ITs :: Guice 4</td> |
| <td><a href="./xref/org/apache/shiro/samples/guice/SampleShiroServletModule.html#L38">38</a></td></tr> |
| <tr class="b"> |
| <td>org/apache/shiro/samples/guice/SampleShiroServletModule.java</td> |
| <td>Apache Shiro :: Samples :: Guice Web</td> |
| <td><a href="./xref/org/apache/shiro/samples/guice/SampleShiroServletModule.html#L39">39</a></td></tr> |
| <tr class="a"><td colspan='3'> |
| <div> |
| <pre>public class SampleShiroServletModule extends ShiroWebModule { |
| private final ServletContext servletContext; |
| |
| public SampleShiroServletModule(ServletContext servletContext) { |
| super(servletContext); |
| |
| this.servletContext = servletContext; |
| } |
| |
| @Override |
| protected void configureShiroWeb() { |
| bindConstant().annotatedWith(Names.named("shiro.loginUrl")).to("/login.jsp"); |
| try { |
| this.bindRealm().toConstructor(IniRealm.class.getConstructor(Ini.class)); |
| } catch (NoSuchMethodException e) { |
| addError("Could not locate proper constructor for IniRealm.", e); |
| } |
| |
| this.addFilterChain("/login.jsp", AUTHC); |
| this.addFilterChain("/logout", LOGOUT); |
| this.addFilterChain("/account/**", AUTHC); |
| |
| this.addFilterChain("/remoting/**", AUTHC, config(ROLES, "b2bClient"), config(PERMS, "remote:invoke:lan,wan"));</pre></div></td></tr></table> |
| <table border="0" class="table table-striped"> |
| <tr class="a"> |
| <th>File</th> |
| <th>Project</th> |
| <th>Line</th></tr> |
| <tr class="b"> |
| <td>org/apache/shiro/samples/guice/SampleShiroServletModule.java</td> |
| <td>Apache Shiro :: ITs :: Guice 3</td> |
| <td><a href="./xref/org/apache/shiro/samples/guice/SampleShiroServletModule.html#L41">41</a></td></tr> |
| <tr class="a"> |
| <td>org/apache/shiro/samples/guice/SampleShiroNativeSessionsServletModule.java</td> |
| <td>Apache Shiro :: Samples :: Guice Web</td> |
| <td><a href="./xref/org/apache/shiro/samples/guice/SampleShiroNativeSessionsServletModule.html#L45">45</a></td></tr> |
| <tr class="b"><td colspan='3'> |
| <div> |
| <pre>public SampleShiroServletModule(ServletContext servletContext) { |
| super(servletContext); |
| |
| this.servletContext = servletContext; |
| } |
| |
| @Override |
| protected void configureShiroWeb() { |
| bindConstant().annotatedWith(Names.named("shiro.loginUrl")).to("/login.jsp"); |
| try { |
| this.bindRealm().toConstructor(IniRealm.class.getConstructor(Ini.class)); |
| } catch (NoSuchMethodException e) { |
| addError("Could not locate proper constructor for IniRealm.", e); |
| } |
| |
| this.addFilterChain("/login.jsp", AUTHC); |
| this.addFilterChain("/logout", LOGOUT); |
| this.addFilterChain("/account/**", AUTHC); |
| |
| this.addFilterChain("/remoting/**", AUTHC, config(ROLES, "b2bClient"), config(PERMS, "remote:invoke:lan,wan"));</pre></div></td></tr></table> |
| <table border="0" class="table table-striped"> |
| <tr class="a"> |
| <th>File</th> |
| <th>Project</th> |
| <th>Line</th></tr> |
| <tr class="b"> |
| <td>org/apache/shiro/crypto/hash/AbstractHash.java</td> |
| <td>Apache Shiro :: Cryptography :: Hashing</td> |
| <td><a href="./xref/org/apache/shiro/crypto/hash/AbstractHash.html#L199">199</a></td></tr> |
| <tr class="a"> |
| <td>org/apache/shiro/crypto/hash/SimpleHash.java</td> |
| <td>Apache Shiro :: Cryptography :: Hashing</td> |
| <td><a href="./xref/org/apache/shiro/crypto/hash/SimpleHash.html#L330">330</a></td></tr> |
| <tr class="b"><td colspan='3'> |
| <div> |
| <pre>return hash(bytes, salt, 1); |
| } |
| |
| /** |
| * Hashes the specified byte array using the given {@code salt} for the specified number of iterations. |
| * |
| * @param bytes the bytes to hash |
| * @param salt the salt to use for the initial hash |
| * @param hashIterations the number of times the the {@code bytes} will be hashed (for attack resiliency). |
| * @return the hashed bytes. |
| * @throws UnknownAlgorithmException if the {@link #getAlgorithmName() algorithmName} is not available. |
| */ |
| protected byte[] hash(byte[] bytes, byte[] salt, int hashIterations) throws UnknownAlgorithmException { |
| MessageDigest digest = getDigest(getAlgorithmName()); |
| if (salt != null) { |
| digest.reset(); |
| digest.update(salt); |
| } |
| byte[] hashed = digest.digest(bytes); |
| int iterations = hashIterations - 1; //already hashed once above |
| //iterate remaining number: |
| for (int i = 0; i < iterations; i++) { |
| digest.reset(); |
| hashed = digest.digest(hashed); |
| } |
| return hashed; |
| } |
| |
| /** |
| * Returns a hex-encoded string of the underlying {@link #getBytes byte array}. |
| * <p/> |
| * This implementation caches the resulting hex string so multiple calls to this method remain efficient. |
| * However, calling {@link #setBytes setBytes} will null the cached value, forcing it to be recalculated the |
| * next time this method is called. |
| * |
| * @return a hex-encoded string of the underlying {@link #getBytes byte array}. |
| */ |
| public String toHex() {</pre></div></td></tr></table></section> |
| </div> |
| </div> |
| </div> |
| |
| <hr/> |
| |
| <footer> |
| <div class="container-fluid"> |
| <div class="row-fluid"> |
| <p >Copyright © 2004–2023 |
| <a href="https://www.apache.org/">The Apache Software Foundation</a>. |
| All rights reserved. |
| </p> |
| </div> |
| |
| |
| </div> |
| </footer> |
| </body> |
| </html> |