List of usage examples for org.apache.shiro.subject Subject hasAllRoles
boolean hasAllRoles(Collection<String> roleIdentifiers);
From source file:at.pollux.thymeleaf.shiro.dialect.test.ShiroDialectTest.java
License:Apache License
@Test public void testHasAllRoles() { Subject subjectUnderTest = new Subject.Builder(getSecurityManager()).buildSubject(); setSubject(subjectUnderTest);/*w ww . j a v a 2s .co m*/ Context context = new Context(); String result; // Guest user result = templateEngine.process(TEST_TEMPLATE_PATH, context); assertFalse(result.contains("shiro:")); assertFalse(result.contains("HASALLROLES1")); assertFalse(result.contains("HASALLROLES2")); // Logged in user 1 subjectUnderTest.login(new UsernamePasswordToken(USER1, PASS1)); assertFalse(subjectUnderTest.hasAllRoles(Arrays.asList("roleb", "rolec"))); // sanity result = templateEngine.process(TEST_TEMPLATE_PATH, context); assertFalse(result.contains("shiro:")); assertFalse(result.contains("HASALLROLES1")); assertFalse(result.contains("HASALLROLES2")); subjectUnderTest.logout(); // Logged in user 2 subjectUnderTest.login(new UsernamePasswordToken(USER2, PASS2)); assertTrue(subjectUnderTest.hasAllRoles(Arrays.asList("roleb", "rolec"))); // sanity result = templateEngine.process(TEST_TEMPLATE_PATH, context); assertFalse(result.contains("shiro:")); assertTrue(result.contains("HASALLROLES1")); assertTrue(result.contains("HASALLROLES2")); subjectUnderTest.logout(); }
From source file:com.bennavetta.appsite.security.AccessFilter.java
License:Apache License
@Override protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception { if (!(request instanceof HttpServletRequest)) { return true; // can't handle other request types because we need the uri }//from w ww .j a v a2 s. com HttpServletRequest httpReq = (HttpServletRequest) request; if (isLoginRequest(request, response)) { return true; } for (AccessRule rule : rules.get()) { if (!matcher.isPattern(rule.getPattern())) { log.warn("Invalid pattern: '{}'", rule.getPattern()); continue; } if (matcher.match(rule.getPattern(), httpReq.getRequestURI())) { Subject subject = getSubject(request, response); if (rule.getRoles() != null && !subject.hasAllRoles(rule.getRoles())) { return false; } for (String permission : rule.getPermissions()) { if (rule.getPermissions() != null && !subject.isPermitted(permission)) { return false; } } } } return true; }
From source file:com.klwork.explorer.security.ShiroSecurityNavigator.java
License:Apache License
/** * Check access for class/*w w w . ja v a 2 s . co m*/ * ??Shiro? * @param clazz * @return */ public static boolean hasAccess(Class<?> clazz) { boolean isAllow = true; if (clazz.isAnnotationPresent(RequiresRoles.class)) { isAllow = false; RequiresRoles requiresRoles = clazz.getAnnotation(RequiresRoles.class); String[] roles = requiresRoles.value(); Logical logical = requiresRoles.logical(); if (roles.length > 0) { Subject subject = SecurityUtils.getSubject(); if (!subject.isAuthenticated()) { return false; } if (logical == Logical.AND && subject.hasAllRoles(Arrays.asList(roles))) { isAllow = true; } if (logical == Logical.OR) { for (boolean hasRole : subject.hasRoles(Arrays.asList(roles))) { if (hasRole) { isAllow = true; break; } } } } } if (isAllow && clazz.isAnnotationPresent(RequiresPermissions.class)) { isAllow = false; RequiresPermissions requiresPermissions = clazz.getAnnotation(RequiresPermissions.class); String[] permissions = requiresPermissions.value(); Logical logical = requiresPermissions.logical(); Subject subject = SecurityUtils.getSubject(); if (permissions.length > 0) { if (!subject.isAuthenticated()) { return false; } if (logical == Logical.AND && subject.isPermittedAll(permissions)) { isAllow = true; } if (logical == Logical.OR && subject.isPermittedAll(permissions)) { for (boolean isPermitted : subject.isPermitted(permissions)) { if (isPermitted) { isAllow = true; break; } } } } } if (isAllow && clazz.isAnnotationPresent(RequiresAuthentication.class)) { Subject subject = SecurityUtils.getSubject(); isAllow = subject.isAuthenticated(); } if (isAllow && clazz.isAnnotationPresent(RequiresGuest.class)) { Subject subject = SecurityUtils.getSubject(); isAllow = subject.getPrincipals() == null; } if (isAllow && clazz.isAnnotationPresent(RequiresUser.class)) { Subject subject = SecurityUtils.getSubject(); isAllow = subject.getPrincipals() != null && !subject.getPrincipals().isEmpty(); } return isAllow; }
From source file:eu.forgestore.ws.util.ShiroUTAuthorizingRealm.java
License:Apache License
public boolean validate(UsernameToken usernameToken) throws LoginException { if (usernameToken == null) { throw new SecurityException("noCredential"); }/*from ww w .ja v a 2 s . c o m*/ // Validate the UsernameToken String pwType = usernameToken.getPasswordType(); logger.info("UsernameToken user " + usernameToken.getName()); logger.info("UsernameToken password " + usernameToken.getPassword()); logger.info("UsernameToken password type " + pwType); // if (!WSConstants.PASSWORD_TEXT.equals(pwType)) { // if (log.isDebugEnabled()) { // logger.debug("Authentication failed - digest passwords are not accepted"); // } // throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION); // } if (usernameToken.getPassword() == null) { logger.debug("Authentication failed - no password was provided"); throw new FailedLoginException("Sorry! No login for you."); } // Validate it via Shiro Subject currentUser = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken(usernameToken.getName(), usernameToken.getPassword()); token.setRememberMe(true); try { currentUser.login(token); } catch (AuthenticationException ex) { logger.info(ex.getMessage(), ex); throw new FailedLoginException("Sorry! No login for you."); } // Perform authorization check if (!requiredRoles.isEmpty() && !currentUser.hasAllRoles(requiredRoles)) { logger.info("Authorization failed for authenticated user"); throw new FailedLoginException("Sorry! No login for you."); } boolean succeeded = true; return succeeded; }
From source file:eu.forgestore.ws.util.ShiroUTValidator.java
License:Apache License
public String validate(UsernameToken usernameToken) throws LoginException { if (usernameToken == null) { throw new SecurityException("noCredential"); }//from w w w .j a va 2 s . c o m // Validate the UsernameToken String pwType = usernameToken.getPasswordType(); logger.info("UsernameToken user " + usernameToken.getName()); logger.info("UsernameToken password " + usernameToken.getPassword()); logger.info("UsernameToken password type " + pwType); // if (!WSConstants.PASSWORD_TEXT.equals(pwType)) { // if (log.isDebugEnabled()) { // logger.debug("Authentication failed - digest passwords are not accepted"); // } // throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION); // } if (usernameToken.getPassword() == null) { logger.debug("Authentication failed - no password was provided"); throw new FailedLoginException("Sorry! No login for you."); } // Validate it via Shiro Subject currentUser = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken(usernameToken.getName(), usernameToken.getPassword()); token.setRememberMe(true); try { currentUser.login(token); currentUser.getSession().setAttribute("aKey", UUID.randomUUID().toString()); } catch (AuthenticationException ex) { logger.info(ex.getMessage(), ex); throw new FailedLoginException("Sorry! No login for you."); } // Perform authorization check if (!requiredRoles.isEmpty() && !currentUser.hasAllRoles(requiredRoles)) { logger.info("Authorization failed for authenticated user"); throw new FailedLoginException("Sorry! No login for you."); } return (String) currentUser.getPrincipal(); }
From source file:org.apache.coheigea.cxf.shiro.authentication.ShiroUTValidator.java
License:Apache License
public Credential validate(Credential credential, RequestData data) throws WSSecurityException { if (credential == null || credential.getUsernametoken() == null) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential"); }//from w w w . j a v a 2 s.c o m // Validate the UsernameToken UsernameToken usernameToken = credential.getUsernametoken(); String pwType = usernameToken.getPasswordType(); if (log.isDebugEnabled()) { log.debug("UsernameToken user " + usernameToken.getName()); log.debug("UsernameToken password type " + pwType); } if (!WSConstants.PASSWORD_TEXT.equals(pwType)) { if (log.isDebugEnabled()) { log.debug("Authentication failed - digest passwords are not accepted"); } throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION); } if (usernameToken.getPassword() == null) { if (log.isDebugEnabled()) { log.debug("Authentication failed - no password was provided"); } throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION); } // Validate it via Shiro Subject currentUser = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken(usernameToken.getName(), usernameToken.getPassword()); try { currentUser.login(token); } catch (AuthenticationException ex) { if (log.isDebugEnabled()) { log.debug(ex.getMessage(), ex); } throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION); } // Perform authorization check if (!requiredRoles.isEmpty() && !currentUser.hasAllRoles(requiredRoles)) { log.debug("Authorization failed for authenticated user"); throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION); } return credential; }
From source file:org.mpavel.app.security.ApplicationSecurity.java
License:Apache License
public static boolean hasAllRoles(List<String> roles) { logger.executionTrace();//from w w w . jav a 2 s . c om final Subject subject = SecurityUtils.getSubject(); return subject.hasAllRoles(roles); }
From source file:org.qi4j.library.shiro.concerns.SecurityConcern.java
License:Open Source License
private void handleRequiresRoles(Subject subject) { if (requiresRoles != null) { LOGGER.debug("SecurityConcern::RequiresRoles"); String roleId = requiresRoles.value(); String[] roles = roleId.split(","); if (roles.length == 1) { if (!subject.hasRole(roles[0])) { String msg = "Calling Subject does not have required role [" + roleId + "]. " + "MethodInvocation denied."; throw new UnauthorizedException(msg); }/* ww w.ja va2s. c om*/ } else { Set<String> rolesSet = new LinkedHashSet<String>(Arrays.asList(roles)); if (!subject.hasAllRoles(rolesSet)) { String msg = "Calling Subject does not have required roles [" + roleId + "]. " + "MethodInvocation denied."; throw new UnauthorizedException(msg); } } } else { LOGGER.debug("SecurityConcern::RequiresRoles: not concerned"); } }
From source file:org.tynamo.security.shiro.authz.RolesAuthorizationFilter.java
License:Apache License
@SuppressWarnings({ "unchecked" })
public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
throws IOException {
Subject subject = getSubject(request, response);
String[] rolesArray = (String[]) mappedValue;
if (rolesArray == null || rolesArray.length == 0) {
//no roles specified, so nothing to check - allow access.
return true;
}/*from www . ja va 2 s.co m*/
Set<String> roles = CollectionUtils.asSet(rolesArray);
return subject.hasAllRoles(roles);
}
From source file:uk.q3c.krail.core.shiro.PageAccessController.java
License:Apache License
public boolean isAuthorised(Subject subject, MasterSitemap sitemap, MasterSitemapNode masterNode) { checkNotNull(masterNode, "node"); checkNotNull(subject, "subject"); //get reference early and keep it use provider directly - the sitemap instance could change String virtualPage = sitemap.navigationState(masterNode).getVirtualPage(); checkNotNull(virtualPage, "virtualPage"); checkNotNull(masterNode.getPageAccessControl(), "node.getPageAccessControl(), " + masterNode.getUriSegment()); log.debug("checking page access rights for {}", virtualPage); switch (masterNode.getPageAccessControl()) { case AUTHENTICATION: return subject.isAuthenticated(); case GUEST:/*w w w. ja v a2s. com*/ return (!subject.isAuthenticated()) && (!subject.isRemembered()); case PERMISSION: return subject.isPermitted(new PagePermission(virtualPage)); case PUBLIC: return true; case ROLES: return subject.hasAllRoles(masterNode.getRoles()); case USER: return (subject.isAuthenticated()) || (subject.isRemembered()); } return false; }