List of usage examples for org.apache.shiro.util ThreadContext get
public static Object get(Object key)
key that is bound to the current thread. From source file:org.apache.zeppelin.realm.jwt.KnoxAuthenticationFilter.java
License:Apache License
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) { // Check with existing shiro authentication logic // https://github.com/apache/shiro/blob/shiro-root-1.3.2/web/src/main/java/org/apache/shiro/ // web/filter/authc/AuthenticatingFilter.java#L123-L124 boolean accessAllowed = super.isAccessAllowed(request, response, mappedValue) || !isLoginRequest(request, response) && isPermissive(mappedValue); if (accessAllowed) { accessAllowed = false;// w ww . j av a2s .c om KnoxJwtRealm knoxJwtRealm = null; // TODO(jl): Is this logic really useful? DefaultWebSecurityManager defaultWebSecurityManager; String key = ThreadContext.SECURITY_MANAGER_KEY; defaultWebSecurityManager = (DefaultWebSecurityManager) ThreadContext.get(key); Collection<Realm> realms = defaultWebSecurityManager.getRealms(); for (Object realm : realms) { if (realm instanceof KnoxJwtRealm) { knoxJwtRealm = (KnoxJwtRealm) realm; break; } } if (null != knoxJwtRealm) { for (Cookie cookie : ((ShiroHttpServletRequest) request).getCookies()) { if (cookie.getName().equals(knoxJwtRealm.getCookieName())) { if (knoxJwtRealm.validateToken(cookie.getValue())) { accessAllowed = true; } break; } } } else { LOGGER.error("Looks like this filter is enabled without enabling KnoxJwtRealm, please refer" + " to https://zeppelin.apache.org/docs/latest/security/shiroauthentication.html" + "#knox-sso"); } } return accessAllowed; }
From source file:org.apache.zeppelin.realm.kerberos.KerberosAuthenticationFilter.java
License:Apache License
/** * If the request has a valid authentication token it allows the request to continue to * the target resource,/*from w ww. j a v a2 s .c om*/ * otherwise it triggers an authentication sequence using the configured * {@link AuthenticationHandler}. * * @param request the request object. * @param response the response object. * @param filterChain the filter chain object. * @throws IOException thrown if an IO error occurred. * @throws ServletException thrown if a processing error occurred. */ @Override public void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { KerberosRealm kerberosRealm = null; DefaultWebSecurityManager defaultWebSecurityManager; String key = ThreadContext.SECURITY_MANAGER_KEY; defaultWebSecurityManager = (DefaultWebSecurityManager) ThreadContext.get(key); Collection<Realm> realms = defaultWebSecurityManager.getRealms(); for (Object realm : realms) { if (realm instanceof KerberosRealm) { kerberosRealm = (KerberosRealm) realm; break; } } if (kerberosRealm != null) { kerberosRealm.doKerberosAuth(request, response, filterChain); } else { LOG.error("Looks like this filter is enabled without enabling KerberosRealm, please refer" + " to https://zeppelin.apache.org/docs/latest/security/shiroauthentication.html" + "#kerberos-auth"); } }
From source file:org.apache.zeppelin.service.ShiroAuthenticationService.java
License:Apache License
@Override public Collection getRealmsList() { DefaultWebSecurityManager defaultWebSecurityManager; String key = ThreadContext.SECURITY_MANAGER_KEY; defaultWebSecurityManager = (DefaultWebSecurityManager) ThreadContext.get(key); return defaultWebSecurityManager.getRealms(); }
From source file:org.apache.zeppelin.utils.SecurityUtils.java
License:Apache License
public static Collection getRealmsList() { DefaultWebSecurityManager defaultWebSecurityManager; String key = ThreadContext.SECURITY_MANAGER_KEY; defaultWebSecurityManager = (DefaultWebSecurityManager) ThreadContext.get(key); Collection<Realm> realms = defaultWebSecurityManager.getRealms(); return realms; }
From source file:org.codice.ddf.catalog.plugin.clientinfo.ClientInfoPlugin.java
License:Open Source License
/** * Assuming a client info map was added to the shiro {@link ThreadContext}, we retrieve the value * and put it into the request properties. The corresponding CXF filter in {@code * platform-filter-clientinfo} is responsible for removing the data to prevent leak. * * @param properties the request properties for the catalog framework. *//* w ww. ja v a2 s . co m*/ private void injectClientInfo(Map<String, Serializable> properties) { Object clientInfo = ThreadContext.get(CLIENT_INFO_KEY); if (clientInfo == null) { LOGGER.debug("No client info was stored for this thread [{}]", Thread.currentThread().getName()); } else if (!(clientInfo instanceof Serializable)) { LOGGER.debug("Provided client info to the ThreadContext was not Serializable"); } else { properties.put(CLIENT_INFO_KEY, (Serializable) clientInfo); } }
From source file:org.codice.ddf.catalog.plugin.metacard.MetacardIngestNetworkPlugin.java
License:Open Source License
@Override public CreateRequest processPreCreate(CreateRequest input) throws StopProcessingException { Object info = ThreadContext.get(CLIENT_INFO_KEY); if (!(info instanceof Map)) { LOGGER.debug("Client network info was null or not properly formatted"); return input; }/*from ww w .ja va2 s .c o m*/ Map<String, Serializable> clientInfoProperties = (Map<String, Serializable>) info; return createNewMetacardsIfConditionApplies(input, clientInfoProperties); }
From source file:org.codice.ddf.pax.web.jetty.ClientInfoFilterTest.java
License:Open Source License
private Object assertThatMapIsAccurate() throws Exception { Map<String, String> clientInfoMap = (Map<String, String>) ThreadContext.get(CLIENT_INFO_KEY); assertThat(clientInfoMap, notNullValue()); assertThat(clientInfoMap.get(SERVLET_REMOTE_ADDR), is(MOCK_REMOTE_ADDRESS)); assertThat(clientInfoMap.get(SERVLET_REMOTE_HOST), is(MOCK_REMOTE_HOST)); assertThat(clientInfoMap.get(SERVLET_SCHEME), is(MOCK_SCHEME)); assertThat(clientInfoMap.get(SERVLET_CONTEXT_PATH), is(MOCK_CONTEXT_PATH)); return null;// w w w .jav a2s . c o m }
From source file:org.codice.ddf.pax.web.jetty.ClientInfoFilterTest.java
License:Open Source License
private void assertThatMapIsNull() throws Exception { Map<String, String> clientInfoMap = (Map<String, String>) ThreadContext.get(CLIENT_INFO_KEY); assertThat(clientInfoMap, nullValue()); }
From source file:org.graylog2.security.realm.SessionAuthenticator.java
License:Open Source License
@Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { SessionIdToken sessionIdToken = (SessionIdToken) token; final Subject subject = new Subject.Builder().sessionId(sessionIdToken.getSessionId()).buildSubject(); final Session session = subject.getSession(false); if (session == null) { LOG.debug("Invalid session {}. Either it has expired or did not exist.", sessionIdToken.getSessionId()); return null; }//w w w . j ava 2 s . c o m final Object username = subject.getPrincipal(); final User user = userService.load(String.valueOf(username)); if (user == null) { LOG.debug("No user named {} found for session {}", username, sessionIdToken.getSessionId()); return null; } if (user.isExternalUser() && !ldapAuthenticator.isEnabled()) { throw new LockedAccountException("LDAP authentication is currently disabled."); } if (LOG.isDebugEnabled()) { LOG.debug("Found session {} for user name {}", session.getId(), username); } @SuppressWarnings("unchecked") final MultivaluedMap<String, String> requestHeaders = (MultivaluedMap<String, String>) ThreadContext .get("REQUEST_HEADERS"); // extend session unless the relevant header was passed. if (requestHeaders == null || !"true".equalsIgnoreCase(requestHeaders.getFirst("X-Graylog2-No-Session-Extension"))) { session.touch(); } else { LOG.debug("Not extending session because the request indicated not to."); } ThreadContext.bind(subject); return new SimpleAccount(user.getName(), null, "session authenticator"); }