Example usage for org.apache.shiro.util ThreadContext SECURITY_MANAGER_KEY

List of usage examples for org.apache.shiro.util ThreadContext SECURITY_MANAGER_KEY

  1. HOME
  2. Java
  3. org.apache.shiro
  4. org.apache.shiro.util.*
  5. ThreadContext
  6. SECURITY_MANAGER_KEY

Introduction

In this page you can find the example usage for org.apache.shiro.util ThreadContext SECURITY_MANAGER_KEY.

Prototype

String SECURITY_MANAGER_KEY

To view the source code for org.apache.shiro.util ThreadContext SECURITY_MANAGER_KEY.

Click Source Link

Usage

From source file:org.apache.zeppelin.realm.jwt.KnoxAuthenticationFilter.java

License:Apache License

protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
    // Check with existing shiro authentication logic
    // https://github.com/apache/shiro/blob/shiro-root-1.3.2/web/src/main/java/org/apache/shiro/
    // web/filter/authc/AuthenticatingFilter.java#L123-L124
    boolean accessAllowed = super.isAccessAllowed(request, response, mappedValue)
            || !isLoginRequest(request, response) && isPermissive(mappedValue);

    if (accessAllowed) {
        accessAllowed = false;// w  w w  .  j  a  va  2  s  . c  o m
        KnoxJwtRealm knoxJwtRealm = null;
        // TODO(jl): Is this logic really useful?
        DefaultWebSecurityManager defaultWebSecurityManager;
        String key = ThreadContext.SECURITY_MANAGER_KEY;
        defaultWebSecurityManager = (DefaultWebSecurityManager) ThreadContext.get(key);
        Collection<Realm> realms = defaultWebSecurityManager.getRealms();
        for (Object realm : realms) {
            if (realm instanceof KnoxJwtRealm) {
                knoxJwtRealm = (KnoxJwtRealm) realm;
                break;
            }
        }
        if (null != knoxJwtRealm) {
            for (Cookie cookie : ((ShiroHttpServletRequest) request).getCookies()) {
                if (cookie.getName().equals(knoxJwtRealm.getCookieName())) {
                    if (knoxJwtRealm.validateToken(cookie.getValue())) {
                        accessAllowed = true;
                    }
                    break;
                }
            }
        } else {
            LOGGER.error("Looks like this filter is enabled without enabling KnoxJwtRealm, please refer"
                    + " to https://zeppelin.apache.org/docs/latest/security/shiroauthentication.html"
                    + "#knox-sso");
        }
    }
    return accessAllowed;
}

From source file:org.apache.zeppelin.realm.kerberos.KerberosAuthenticationFilter.java

License:Apache License

/**
 * If the request has a valid authentication token it allows the request to continue to
 * the target resource,/*from   ww  w.ja v  a 2 s .  c o  m*/
 * otherwise it triggers an authentication sequence using the configured
 * {@link AuthenticationHandler}.
 *
 * @param request     the request object.
 * @param response    the response object.
 * @param filterChain the filter chain object.
 * @throws IOException      thrown if an IO error occurred.
 * @throws ServletException thrown if a processing error occurred.
 */
@Override
public void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain filterChain)
        throws IOException, ServletException {
    KerberosRealm kerberosRealm = null;
    DefaultWebSecurityManager defaultWebSecurityManager;
    String key = ThreadContext.SECURITY_MANAGER_KEY;
    defaultWebSecurityManager = (DefaultWebSecurityManager) ThreadContext.get(key);
    Collection<Realm> realms = defaultWebSecurityManager.getRealms();
    for (Object realm : realms) {
        if (realm instanceof KerberosRealm) {
            kerberosRealm = (KerberosRealm) realm;
            break;
        }
    }
    if (kerberosRealm != null) {
        kerberosRealm.doKerberosAuth(request, response, filterChain);
    } else {
        LOG.error("Looks like this filter is enabled without enabling KerberosRealm, please refer"
                + " to https://zeppelin.apache.org/docs/latest/security/shiroauthentication.html"
                + "#kerberos-auth");
    }
}

From source file:org.apache.zeppelin.service.ShiroAuthenticationService.java

License:Apache License

@Override
public Collection getRealmsList() {
    DefaultWebSecurityManager defaultWebSecurityManager;
    String key = ThreadContext.SECURITY_MANAGER_KEY;
    defaultWebSecurityManager = (DefaultWebSecurityManager) ThreadContext.get(key);
    return defaultWebSecurityManager.getRealms();
}

From source file:org.apache.zeppelin.utils.SecurityUtils.java

License:Apache License

public static Collection getRealmsList() {
    DefaultWebSecurityManager defaultWebSecurityManager;
    String key = ThreadContext.SECURITY_MANAGER_KEY;
    defaultWebSecurityManager = (DefaultWebSecurityManager) ThreadContext.get(key);
    Collection<Realm> realms = defaultWebSecurityManager.getRealms();
    return realms;
}