Coverage Report

Coverage Report - org.apache.shiro.subject.support.DefaultSubjectContext

Classes in this File

Line Coverage

Branch Coverage

Complexity

DefaultSubjectContext

81%

82/101

53%

29/54

1.889

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.shiro.subject.support;
 
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.UnavailableSecurityManagerException;
 import org.apache.shiro.authc.AuthenticationInfo;
 import org.apache.shiro.authc.AuthenticationToken;
 import org.apache.shiro.authc.HostAuthenticationToken;
 import org.apache.shiro.mgt.SecurityManager;
 import org.apache.shiro.session.Session;
 import org.apache.shiro.subject.PrincipalCollection;
 import org.apache.shiro.subject.Subject;
 import org.apache.shiro.subject.SubjectContext;
 import org.apache.shiro.util.CollectionUtils;
 import org.apache.shiro.util.MapContext;
 import org.apache.shiro.util.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import java.io.Serializable;
 
 /**
  * Default implementation of the {@link SubjectContext} interface.  Note that the getters and setters are not
  * simple pass-through methods to an underlying attribute;  the getters will employ numerous heuristics to acquire
  * their data attribute as best as possible (for example, if {@link #getPrincipals} is invoked, if the principals aren't
  * in the backing map, it might check to see if there is a subject or session in the map and attempt to acquire the
  * principals from those objects).
  *
  * @since 1.0
  */
 public class DefaultSubjectContext extends MapContext implements SubjectContext {
 
     private static final String SECURITY_MANAGER = DefaultSubjectContext.class.getName() + ".SECURITY_MANAGER";
 
     private static final String SESSION_ID = DefaultSubjectContext.class.getName() + ".SESSION_ID";
 
     private static final String AUTHENTICATION_TOKEN = DefaultSubjectContext.class.getName() + ".AUTHENTICATION_TOKEN";
 
     private static final String AUTHENTICATION_INFO = DefaultSubjectContext.class.getName() + ".AUTHENTICATION_INFO";
 
     private static final String SUBJECT = DefaultSubjectContext.class.getName() + ".SUBJECT";
 
     private static final String PRINCIPALS = DefaultSubjectContext.class.getName() + ".PRINCIPALS";
 
     private static final String SESSION = DefaultSubjectContext.class.getName() + ".SESSION";
 
     private static final String AUTHENTICATED = DefaultSubjectContext.class.getName() + ".AUTHENTICATED";
 
     private static final String HOST = DefaultSubjectContext.class.getName() + ".HOST";
 
     public static final String SESSION_CREATION_ENABLED = DefaultSubjectContext.class.getName() + ".SESSION_CREATION_ENABLED";
 
     /**
      * The session key that is used to store subject principals.
      */
     public static final String PRINCIPALS_SESSION_KEY = DefaultSubjectContext.class.getName() + "_PRINCIPALS_SESSION_KEY";
 
     /**
      * The session key that is used to store whether or not the user is authenticated.
      */
     public static final String AUTHENTICATED_SESSION_KEY = DefaultSubjectContext.class.getName() + "_AUTHENTICATED_SESSION_KEY";
 
     private static final transient Logger log = LoggerFactory.getLogger(DefaultSubjectContext.class);
 
     public DefaultSubjectContext() {
         super();
     }
 
     public DefaultSubjectContext(SubjectContext ctx) {
         super(ctx);
     }
 
     public SecurityManager getSecurityManager() {
         return getTypedValue(SECURITY_MANAGER, SecurityManager.class);
     }
 
     public void setSecurityManager(SecurityManager securityManager) {
         nullSafePut(SECURITY_MANAGER, securityManager);
     }
 
     public SecurityManager resolveSecurityManager() {
         SecurityManager securityManager = getSecurityManager();
         if (securityManager == null) {
             if (log.isDebugEnabled()) {
                 log.debug("No SecurityManager available in subject context map.  " +
                         "Falling back to SecurityUtils.getSecurityManager() lookup.");
             }
             try {
                 securityManager = SecurityUtils.getSecurityManager();
             } catch (UnavailableSecurityManagerException e) {
                 if (log.isDebugEnabled()) {
                     log.debug("No SecurityManager available via SecurityUtils.  Heuristics exhausted.", e);
                 }
             }
         }
         return securityManager;
     }
 
     public Serializable getSessionId() {
         return getTypedValue(SESSION_ID, Serializable.class);
     }
 
     public void setSessionId(Serializable sessionId) {
         nullSafePut(SESSION_ID, sessionId);
     }
 
     public Subject getSubject() {
         return getTypedValue(SUBJECT, Subject.class);
     }
 
     public void setSubject(Subject subject) {
         nullSafePut(SUBJECT, subject);
     }
 
     public PrincipalCollection getPrincipals() {
         return getTypedValue(PRINCIPALS, PrincipalCollection.class);
     }
 
     public void setPrincipals(PrincipalCollection principals) {
         if (!CollectionUtils.isEmpty(principals)) {
             put(PRINCIPALS, principals);
         }
     }
 
     public PrincipalCollection resolvePrincipals() {
         PrincipalCollection principals = getPrincipals();
 
         if (CollectionUtils.isEmpty(principals)) {
             //check to see if they were just authenticated:
             AuthenticationInfo info = getAuthenticationInfo();
             if (info != null) {
                 principals = info.getPrincipals();
             }
         }
 
         if (CollectionUtils.isEmpty(principals)) {
             Subject subject = getSubject();
             if (subject != null) {
                 principals = subject.getPrincipals();
             }
         }
 
         if (CollectionUtils.isEmpty(principals)) {
             //try the session:
             Session session = resolveSession();
             if (session != null) {
                 principals = (PrincipalCollection) session.getAttribute(PRINCIPALS_SESSION_KEY);
             }
         }
 
         return principals;
     }
 
 
     public Session getSession() {
         return getTypedValue(SESSION, Session.class);
     }
 
     public void setSession(Session session) {
         nullSafePut(SESSION, session);
     }
 
     public Session resolveSession() {
         Session session = getSession();
         if (session == null) {
             //try the Subject if it exists:
             Subject existingSubject = getSubject();
             if (existingSubject != null) {
                 session = existingSubject.getSession(false);
             }
         }
         return session;
     }
 
     public boolean isSessionCreationEnabled() {
         Boolean val = getTypedValue(SESSION_CREATION_ENABLED, Boolean.class);
         return val == null || val;
     }
 
     public void setSessionCreationEnabled(boolean enabled) {
         nullSafePut(SESSION_CREATION_ENABLED, enabled);
     }
 
     public boolean isAuthenticated() {
         Boolean authc = getTypedValue(AUTHENTICATED, Boolean.class);
         return authc != null && authc;
     }
 
     public void setAuthenticated(boolean authc) {
         put(AUTHENTICATED, authc);
     }
 
     public boolean resolveAuthenticated() {
         Boolean authc = getTypedValue(AUTHENTICATED, Boolean.class);
         if (authc == null) {
             //see if there is an AuthenticationInfo object.  If so, the very presence of one indicates a successful
             //authentication attempt:
             AuthenticationInfo info = getAuthenticationInfo();
             authc = info != null;
         }
         if (!authc) {
             //fall back to a session check:
             Session session = resolveSession();
             if (session != null) {
                 Boolean sessionAuthc = (Boolean) session.getAttribute(AUTHENTICATED_SESSION_KEY);
                 authc = sessionAuthc != null && sessionAuthc;
             }
         }
 
         return authc;
     }
 
     public AuthenticationInfo getAuthenticationInfo() {
         return getTypedValue(AUTHENTICATION_INFO, AuthenticationInfo.class);
     }
 
     public void setAuthenticationInfo(AuthenticationInfo info) {
         nullSafePut(AUTHENTICATION_INFO, info);
     }
 
     public AuthenticationToken getAuthenticationToken() {
         return getTypedValue(AUTHENTICATION_TOKEN, AuthenticationToken.class);
     }
 
     public void setAuthenticationToken(AuthenticationToken token) {
         nullSafePut(AUTHENTICATION_TOKEN, token);
     }
 
     public String getHost() {
         return getTypedValue(HOST, String.class);
     }
 
     public void setHost(String host) {
         if (StringUtils.hasText(host)) {
             put(HOST, host);
         }
     }
 
     public String resolveHost() {
         String host = getHost();
 
         if (host == null) {
             //check to see if there is an AuthenticationToken from which to retrieve it:
             AuthenticationToken token = getAuthenticationToken();
             if (token instanceof HostAuthenticationToken) {
                 host = ((HostAuthenticationToken) token).getHost();
             }
         }
 
         if (host == null) {
             Session session = resolveSession();
             if (session != null) {
                 host = session.getHost();
             }
         }
 
         return host;
     }
 }

1		/*
2		* Licensed to the Apache Software Foundation (ASF) under one
3		* or more contributor license agreements. See the NOTICE file
4		* distributed with this work for additional information
5		* regarding copyright ownership. The ASF licenses this file
6		* to you under the Apache License, Version 2.0 (the
7		* "License"); you may not use this file except in compliance
8		* with the License. You may obtain a copy of the License at
9		*
10		* http://www.apache.org/licenses/LICENSE-2.0
11		*
12		* Unless required by applicable law or agreed to in writing,
13		* software distributed under the License is distributed on an
14		* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15		* KIND, either express or implied. See the License for the
16		* specific language governing permissions and limitations
17		* under the License.
18		*/
19		package org.apache.shiro.subject.support;
20
21		import org.apache.shiro.SecurityUtils;
22		import org.apache.shiro.UnavailableSecurityManagerException;
23		import org.apache.shiro.authc.AuthenticationInfo;
24		import org.apache.shiro.authc.AuthenticationToken;
25		import org.apache.shiro.authc.HostAuthenticationToken;
26		import org.apache.shiro.mgt.SecurityManager;
27		import org.apache.shiro.session.Session;
28		import org.apache.shiro.subject.PrincipalCollection;
29		import org.apache.shiro.subject.Subject;
30		import org.apache.shiro.subject.SubjectContext;
31		import org.apache.shiro.util.CollectionUtils;
32		import org.apache.shiro.util.MapContext;
33		import org.apache.shiro.util.StringUtils;
34		import org.slf4j.Logger;
35		import org.slf4j.LoggerFactory;
36
37		import java.io.Serializable;
38
39		/**
40		* Default implementation of the {@link SubjectContext} interface. Note that the getters and setters are not
41		* simple pass-through methods to an underlying attribute; the getters will employ numerous heuristics to acquire
42		* their data attribute as best as possible (for example, if {@link #getPrincipals} is invoked, if the principals aren't
43		* in the backing map, it might check to see if there is a subject or session in the map and attempt to acquire the
44		* principals from those objects).
45		*
46		* @since 1.0
47		*/
48		public class DefaultSubjectContext extends MapContext implements SubjectContext {
49
50	1	private static final String SECURITY_MANAGER = DefaultSubjectContext.class.getName() + ".SECURITY_MANAGER";
51
52	1	private static final String SESSION_ID = DefaultSubjectContext.class.getName() + ".SESSION_ID";
53
54	1	private static final String AUTHENTICATION_TOKEN = DefaultSubjectContext.class.getName() + ".AUTHENTICATION_TOKEN";
55
56	1	private static final String AUTHENTICATION_INFO = DefaultSubjectContext.class.getName() + ".AUTHENTICATION_INFO";
57
58	1	private static final String SUBJECT = DefaultSubjectContext.class.getName() + ".SUBJECT";
59
60	1	private static final String PRINCIPALS = DefaultSubjectContext.class.getName() + ".PRINCIPALS";
61
62	1	private static final String SESSION = DefaultSubjectContext.class.getName() + ".SESSION";
63
64	1	private static final String AUTHENTICATED = DefaultSubjectContext.class.getName() + ".AUTHENTICATED";
65
66	1	private static final String HOST = DefaultSubjectContext.class.getName() + ".HOST";
67
68	1	public static final String SESSION_CREATION_ENABLED = DefaultSubjectContext.class.getName() + ".SESSION_CREATION_ENABLED";
69
70		/**
71		* The session key that is used to store subject principals.
72		*/
73	1	public static final String PRINCIPALS_SESSION_KEY = DefaultSubjectContext.class.getName() + "_PRINCIPALS_SESSION_KEY";
74
75		/**
76		* The session key that is used to store whether or not the user is authenticated.
77		*/
78	1	public static final String AUTHENTICATED_SESSION_KEY = DefaultSubjectContext.class.getName() + "_AUTHENTICATED_SESSION_KEY";
79
80	1	private static final transient Logger log = LoggerFactory.getLogger(DefaultSubjectContext.class);
81
82		public DefaultSubjectContext() {
83	48	super();
84	48	}
85
86		public DefaultSubjectContext(SubjectContext ctx) {
87	46	super(ctx);
88	46	}
89
90		public SecurityManager getSecurityManager() {
91	92	return getTypedValue(SECURITY_MANAGER, SecurityManager.class);
92		}
93
94		public void setSecurityManager(SecurityManager securityManager) {
95	33	nullSafePut(SECURITY_MANAGER, securityManager);
96	33	}
97
98		public SecurityManager resolveSecurityManager() {
99	92	SecurityManager securityManager = getSecurityManager();
100	92	if (securityManager == null) {
101	30	if (log.isDebugEnabled()) {
102	30	log.debug("No SecurityManager available in subject context map. " +
103		"Falling back to SecurityUtils.getSecurityManager() lookup.");
104		}
105		try {
106	30	securityManager = SecurityUtils.getSecurityManager();
107	4	} catch (UnavailableSecurityManagerException e) {
108	4	if (log.isDebugEnabled()) {
109	4	log.debug("No SecurityManager available via SecurityUtils. Heuristics exhausted.", e);
110		}
111	26	}
112		}
113	92	return securityManager;
114		}
115
116		public Serializable getSessionId() {
117	46	return getTypedValue(SESSION_ID, Serializable.class);
118		}
119
120		public void setSessionId(Serializable sessionId) {
121	0	nullSafePut(SESSION_ID, sessionId);
122	0	}
123
124		public Subject getSubject() {
125	282	return getTypedValue(SUBJECT, Subject.class);
126		}
127
128		public void setSubject(Subject subject) {
129	17	nullSafePut(SUBJECT, subject);
130	17	}
131
132		public PrincipalCollection getPrincipals() {
133	92	return getTypedValue(PRINCIPALS, PrincipalCollection.class);
134		}
135
136		public void setPrincipals(PrincipalCollection principals) {
137	0	if (!CollectionUtils.isEmpty(principals)) {
138	0	put(PRINCIPALS, principals);
139		}
140	0	}
141
142		public PrincipalCollection resolvePrincipals() {
143	92	PrincipalCollection principals = getPrincipals();
144
145	92	if (CollectionUtils.isEmpty(principals)) {
146		//check to see if they were just authenticated:
147	92	AuthenticationInfo info = getAuthenticationInfo();
148	92	if (info != null) {
149	34	principals = info.getPrincipals();
150		}
151		}
152
153	92	if (CollectionUtils.isEmpty(principals)) {
154	58	Subject subject = getSubject();
155	58	if (subject != null) {
156	0	principals = subject.getPrincipals();
157		}
158		}
159
160	92	if (CollectionUtils.isEmpty(principals)) {
161		//try the session:
162	58	Session session = resolveSession();
163	58	if (session != null) {
164	0	principals = (PrincipalCollection) session.getAttribute(PRINCIPALS_SESSION_KEY);
165		}
166		}
167
168	92	return principals;
169		}
170
171
172		public Session getSession() {
173	224	return getTypedValue(SESSION, Session.class);
174		}
175
176		public void setSession(Session session) {
177	0	nullSafePut(SESSION, session);
178	0	}
179
180		public Session resolveSession() {
181	224	Session session = getSession();
182	224	if (session == null) {
183		//try the Subject if it exists:
184	224	Subject existingSubject = getSubject();
185	224	if (existingSubject != null) {
186	50	session = existingSubject.getSession(false);
187		}
188		}
189	224	return session;
190		}
191
192		public boolean isSessionCreationEnabled() {
193	46	Boolean val = getTypedValue(SESSION_CREATION_ENABLED, Boolean.class);
194	46	return val == null \|\| val;
195		}
196
197		public void setSessionCreationEnabled(boolean enabled) {
198	0	nullSafePut(SESSION_CREATION_ENABLED, enabled);
199	0	}
200
201		public boolean isAuthenticated() {
202	0	Boolean authc = getTypedValue(AUTHENTICATED, Boolean.class);
203	0	return authc != null && authc;
204		}
205
206		public void setAuthenticated(boolean authc) {
207	17	put(AUTHENTICATED, authc);
208	17	}
209
210		public boolean resolveAuthenticated() {
211	46	Boolean authc = getTypedValue(AUTHENTICATED, Boolean.class);
212	46	if (authc == null) {
213		//see if there is an AuthenticationInfo object. If so, the very presence of one indicates a successful
214		//authentication attempt:
215	29	AuthenticationInfo info = getAuthenticationInfo();
216	29	authc = info != null;
217		}
218	46	if (!authc) {
219		//fall back to a session check:
220	29	Session session = resolveSession();
221	29	if (session != null) {
222	0	Boolean sessionAuthc = (Boolean) session.getAttribute(AUTHENTICATED_SESSION_KEY);
223	0	authc = sessionAuthc != null && sessionAuthc;
224		}
225		}
226
227	46	return authc;
228		}
229
230		public AuthenticationInfo getAuthenticationInfo() {
231	121	return getTypedValue(AUTHENTICATION_INFO, AuthenticationInfo.class);
232		}
233
234		public void setAuthenticationInfo(AuthenticationInfo info) {
235	17	nullSafePut(AUTHENTICATION_INFO, info);
236	17	}
237
238		public AuthenticationToken getAuthenticationToken() {
239	46	return getTypedValue(AUTHENTICATION_TOKEN, AuthenticationToken.class);
240		}
241
242		public void setAuthenticationToken(AuthenticationToken token) {
243	17	nullSafePut(AUTHENTICATION_TOKEN, token);
244	17	}
245
246		public String getHost() {
247	46	return getTypedValue(HOST, String.class);
248		}
249
250		public void setHost(String host) {
251	0	if (StringUtils.hasText(host)) {
252	0	put(HOST, host);
253		}
254	0	}
255
256		public String resolveHost() {
257	46	String host = getHost();
258
259	46	if (host == null) {
260		//check to see if there is an AuthenticationToken from which to retrieve it:
261	46	AuthenticationToken token = getAuthenticationToken();
262	46	if (token instanceof HostAuthenticationToken) {
263	17	host = ((HostAuthenticationToken) token).getHost();
264		}
265		}
266
267	46	if (host == null) {
268	45	Session session = resolveSession();
269	45	if (session != null) {
270	0	host = session.getHost();
271		}
272		}
273
274	46	return host;
275		}
276		}