Java Code Examples for org.apache.shiro.util.ThreadContext#unbindSubject()

The following examples show how to use org.apache.shiro.util.ThreadContext#unbindSubject() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SecurityManagerAssociatingFilter.java    From aries-jax-rs-whiteboard with Apache License 2.0 6 votes vote down vote up 
/**
 * Clean up after the request
 */
@Override
public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext)
        throws IOException {
    _LOG.debug("Cleaning up the Shiro Security Context");
    Subject subject = ThreadContext.getSubject();
    ThreadContext.unbindSecurityManager();
    ThreadContext.unbindSubject();
    
    if(subject != null && !subject.isAuthenticated()) {
        // Not authenticated. Check for incoming session cookie
        Cookie cookie = requestContext.getCookies().get(SESSION_COOKIE_NAME);
        
        // If we have a session cookie then it should be deleted
        if(cookie != null) {
            _LOG.debug("The subject associated with this request is not authenticated, removing the session cookie");
            responseContext.getHeaders().add(SET_COOKIE, getDeletionCookie(requestContext));
        }
    }
    
}
Example 2
Source File: ShiroJwtVerifyingFilterTest.java    From cassandra-reaper with Apache License 2.0 6 votes vote down vote up 
@Test
public void testIsRemembered() throws Exception {
  try {
    Subject subject = Mockito.mock(Subject.class);
    Mockito.when(subject.getPrincipal()).thenReturn(Mockito.mock(Object.class));
    Mockito.when(subject.isRemembered()).thenReturn(true);
    ThreadContext.bind(subject);
    ShiroJwtVerifyingFilter filter = new ShiroJwtVerifyingFilter();

    Assertions.assertThat(
        filter.isAccessAllowed(
            Mockito.mock(HttpServletRequest.class),
            Mockito.mock(ServletResponse.class),
            Mockito.mock(Object.class)))
        .isTrue();
  } finally {
    ThreadContext.unbindSubject();
  }
}
Example 3
Source File: ShiroJwtVerifyingFilterTest.java    From cassandra-reaper with Apache License 2.0 6 votes vote down vote up 
@Test
public void testIsAuthenticated() throws Exception {
  try {
    Subject subject = Mockito.mock(Subject.class);
    Mockito.when(subject.getPrincipal()).thenReturn(Mockito.mock(Object.class));
    Mockito.when(subject.isAuthenticated()).thenReturn(true);
    ThreadContext.bind(subject);
    ShiroJwtVerifyingFilter filter = new ShiroJwtVerifyingFilter();

    Assertions.assertThat(
        filter.isAccessAllowed(
            Mockito.mock(HttpServletRequest.class),
            Mockito.mock(ServletResponse.class),
            Mockito.mock(Object.class)))
        .isTrue();
  } finally {
    ThreadContext.unbindSubject();
  }
}
Example 4
Source File: ShiroJwtVerifyingFilterTest.java    From cassandra-reaper with Apache License 2.0 6 votes vote down vote up 
@Test
public void testAuthorization0() throws Exception {
  try {
    SecurityUtils.setSecurityManager(new DefaultSecurityManager());
    new ShiroJwtProvider(Mockito.mock(AppContext.class));
    HttpServletRequest req = Mockito.mock(HttpServletRequest.class);
    Mockito.when(req.getHeader("Authorization")).thenReturn("junk");
    ShiroJwtVerifyingFilter filter = new ShiroJwtVerifyingFilter();

    Assertions.assertThat(
        filter.isAccessAllowed(
            req,
            Mockito.mock(ServletResponse.class),
            Mockito.mock(Object.class)))
        .isFalse();
  } finally {
    ThreadContext.unbindSubject();
    ThreadContext.unbindSecurityManager();
  }
}
Example 5
Source File: ShiroJwtVerifyingFilterTest.java    From cassandra-reaper with Apache License 2.0 6 votes vote down vote up 
@Test
public void testAuthorization1() throws Exception {
  try {
    SecurityUtils.setSecurityManager(new DefaultSecurityManager());
    new ShiroJwtProvider(Mockito.mock(AppContext.class));
    HttpServletRequest req = Mockito.mock(HttpServletRequest.class);
    Mockito.when(req.getHeader("Authorization")).thenReturn("Bearer ");
    ShiroJwtVerifyingFilter filter = new ShiroJwtVerifyingFilter();

    Assertions.assertThat(
        filter.isAccessAllowed(
            req,
            Mockito.mock(ServletResponse.class),
            Mockito.mock(Object.class)))
        .isFalse();
  } finally {
    ThreadContext.unbindSubject();
    ThreadContext.unbindSecurityManager();
  }
}
Example 6
Source File: ShiroJwtVerifyingFilterTest.java    From cassandra-reaper with Apache License 2.0 6 votes vote down vote up 
@Test
public void testAuthorization2() throws Exception {
  try {
    SecurityUtils.setSecurityManager(new DefaultSecurityManager());
    new ShiroJwtProvider(Mockito.mock(AppContext.class));
    HttpServletRequest req = Mockito.mock(HttpServletRequest.class);
    Mockito.when(req.getHeader("Authorization")).thenReturn("Bearer eyJhbGciOiJIUzI1NiJ9");
    ShiroJwtVerifyingFilter filter = new ShiroJwtVerifyingFilter();

    Assertions.assertThat(
        filter.isAccessAllowed(
            req,
            Mockito.mock(ServletResponse.class),
            Mockito.mock(Object.class)))
        .isFalse();
  } finally {
    ThreadContext.unbindSubject();
    ThreadContext.unbindSecurityManager();
  }
}
Example 7
Source File: ShiroJwtVerifyingFilterTest.java    From cassandra-reaper with Apache License 2.0 6 votes vote down vote up 
@Test
public void testAuthorization3() throws Exception {
  try {
    SecurityUtils.setSecurityManager(new DefaultSecurityManager());
    new ShiroJwtProvider(Mockito.mock(AppContext.class));
    HttpServletRequest req = Mockito.mock(HttpServletRequest.class);

    Mockito
        .when(req.getHeader("Authorization"))
        .thenReturn(
            "Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LXVzZXIifQ.neIA5mbTFZsZokqG5CFwK7gIxMiBoGOU0anDZmD7kkU");

    ShiroJwtVerifyingFilter filter = new ShiroJwtVerifyingFilter();

    Assertions.assertThat(
        filter.isAccessAllowed(
            req,
            Mockito.mock(ServletResponse.class),
            Mockito.mock(Object.class)))
        .isFalse();
  } finally {
    ThreadContext.unbindSubject();
    ThreadContext.unbindSecurityManager();
  }
}
Example 8
Source File: ShiroJwtVerifyingFilterTest.java    From cassandra-reaper with Apache License 2.0 6 votes vote down vote up 
@Test
public void testAuthorizationValid() throws Exception {
  try {
    SecurityUtils.setSecurityManager(new DefaultSecurityManager());
    HttpServletRequest req = Mockito.mock(HttpServletRequest.class);
    Principal principal = Mockito.mock(Principal.class);
    Mockito.when(principal.getName()).thenReturn("test-user");
    Mockito.when(req.getUserPrincipal()).thenReturn(principal);
    String jwt = new ShiroJwtProvider(Mockito.mock(AppContext.class)).getJwt(req);
    Mockito.when(req.getHeader("Authorization")).thenReturn("Bearer " + jwt);
    ShiroJwtVerifyingFilter filter = new ShiroJwtVerifyingFilter();

    Assertions.assertThat(
        filter.isAccessAllowed(
            req,
            Mockito.mock(ServletResponse.class),
            Mockito.mock(Object.class)))
        .isTrue();
  } finally {
    ThreadContext.unbindSubject();
    ThreadContext.unbindSecurityManager();
  }
}
Example 9
Source File: KnoxCLI.java    From knox with Apache License 2.0 6 votes vote down vote up 
/**
 *
 * @param config - the shiro.ini config file created in topology deployment.
 * @return returns the Subject given by the shiro config's settings.
 */
protected Subject getSubject(Ini config) throws BadSubjectException {
  try {
    ThreadContext.unbindSubject();
    @SuppressWarnings("deprecation")
    Factory factory = new IniSecurityManagerFactory(config);
    org.apache.shiro.mgt.SecurityManager securityManager = (org.apache.shiro.mgt.SecurityManager) factory.getInstance();
    SecurityUtils.setSecurityManager(securityManager);
    Subject subject = SecurityUtils.getSubject();
    if( subject != null) {
      return subject;
    } else {
      out.println("Error Creating Subject from config at: " + config);
    }
  } catch (Exception e){
    out.println(e.toString());
  }
  throw new BadSubjectException("Subject could not be created with Shiro Config at " + config);
}
Example 10
Source File: AuthenticationResourceFilter.java    From emodb with Apache License 2.0 5 votes vote down vote up 
@Override
public ContainerResponse filter(ContainerRequest request, ContainerResponse response) {
    Subject subject = ThreadContext.getSubject();
    if (subject != null) {
        if (subject.isAuthenticated()) {
            subject.logout();
        }
        ThreadContext.unbindSubject();
    }
    return response;
}
Example 11
Source File: IniSecurityManagerService.java    From attic-polygene-java with Apache License 2.0 5 votes vote down vote up 
@Override
public void passivateService()
        throws Exception
{
    ThreadContext.unbindSubject();
    ThreadContext.unbindSecurityManager();
}
Example 12
Source File: WithUserTestDecorator.java    From seed with Mozilla Public License 2.0 5 votes vote down vote up 
@Override
public void afterTest(TestContext testContext) {
    if (subject != null) {
        LOGGER.info("Logging user out", testContext.testMethod());
        subject.logout();
        ThreadContext.unbindSecurityManager();
        ThreadContext.unbindSubject();
    }
}
Example 13
Source File: UserIdMdcHelperTest.java    From nexus-public with Eclipse Public License 1.0 4 votes vote down vote up 
private void reset() {
  MDC.remove(KEY);
  ThreadContext.unbindSubject();
  ThreadContext.unbindSecurityManager();
}
Example 14
Source File: SessionServletTest.java    From nexus-public with Eclipse Public License 1.0 4 votes vote down vote up 
@After
public void cleanup() {
  ThreadContext.unbindSubject();
}
Example 15
Source File: StandaloneShiroTest.java    From attic-polygene-java with Apache License 2.0 4 votes vote down vote up 
public void interactionEnds()
{
    ThreadContext.unbindSubject();
    ThreadContext.unbindSecurityManager();
}