@Test
  public void testGetUserStatusNonDefaultRealm() throws Exception {
    final List<String> realms = securitySystem.getRealms();
    realms.add("TestPrincipalsRealm");
    securitySystem.setRealms(realms);

    final Subject subject = login("tempUser", "tempPass");
    try {
      final PrincipalCollection principals = subject.getPrincipals();

      // check status is passed through
      assertThat(helper().getUserStatus(principals), is(UserStatus.active));
      TestUserManager.status = UserStatus.disabled;
      assertThat(helper().getUserStatus(principals), is(UserStatus.disabled));
      TestUserManager.status = UserStatus.locked;
      assertThat(helper().getUserStatus(principals), is(UserStatus.locked));
      TestUserManager.status = UserStatus.active;
      assertThat(helper().getUserStatus(principals), is(UserStatus.active));

      TestUserManager.userDeleted = true;

      try {
        helper().getUserStatus(principals);

        Assert.fail("Expected UserNotFoundException");
      } catch (final UserNotFoundException e) {
        // expected...
      }
    } finally {
      subject.logout();
    }
  }
  @SuppressWarnings("unchecked")
  @Test
  public void test() {

    // 因为Realm里没有进行验证,所以相当于每个Realm都身份验证成功了
    login("classpath:shiro-multirealm.ini", "zhang", "123");
    Subject subject = subject();
    // 获取Primary Principal(即第一个)
    Object primaryPrincipal1 = subject.getPrincipal();
    PrincipalCollection princialCollection = subject.getPrincipals();
    Object primaryPrincipal2 = princialCollection.getPrimaryPrincipal();

    // 但是因为多个Realm都返回了Principal,所以此处到底是哪个是不确定的
    Assert.assertEquals(primaryPrincipal1, primaryPrincipal2);

    // 返回 a b c
    Set<String> realmNames = princialCollection.getRealmNames();
    System.out.println(realmNames);

    // 因为MyRealm1和MyRealm2返回的凭据都是zhang,所以排重了
    Set<Object> principals = princialCollection.asSet(); // asList和asSet的结果一样
    System.out.println(principals);

    // 根据Realm名字获取
    Collection<User> users = princialCollection.fromRealm("c");
    System.out.println(users);
  }
 /**
  * <br>
  * 描 述:获取用户名 <br>
  * 作 者:checkSun <br>
  * 历 史: (版本) 作者 时间 注释
  *
  * @return
  */
 public static String getUserName() {
   Subject subject = SecurityUtils.getSubject();
   PrincipalCollection principals = subject.getPrincipals();
   if (!principals.isEmpty()) {
     String accountname = (String) principals.getPrimaryPrincipal();
     return accountname;
   }
   return "";
 }
  @Test
  public void testGetUserStatus() throws UserNotFoundException, AuthenticationException {
    final Subject subject = login("test-user", "deployment123");
    try {
      final PrincipalCollection principals = subject.getPrincipals();

      assertThat(helper().getUserStatus(principals), is(UserStatus.active));
    } finally {
      subject.logout();
    }
  }
 /**
  * <br>
  * 描 述: 获取用户ID <br>
  * 作 者:checkSun <br>
  * 历 史: (版本) 作者 时间 注释
  *
  * @return
  */
 @SuppressWarnings("unchecked")
 public static String getAccountId() {
   Subject subject = SecurityUtils.getSubject();
   PrincipalCollection principals = subject.getPrincipals();
   String accountId = "";
   if (!principals.isEmpty()) {
     HashMap<String, String> map = (HashMap<String, String>) principals.asList().get(1);
     accountId = map.get("user_account_id");
   }
   return accountId;
 }
  @Test
  public void testFindUserManager() throws NoSuchUserManagerException, AuthenticationException {
    final Subject subject = login("test-user", "deployment123");
    try {
      final PrincipalCollection principals = subject.getPrincipals();
      final UserManager userManager = helper().findUserManager(principals);

      assertThat(principals.getPrimaryPrincipal().toString(), isIn(userManager.listUserIds()));
      assertThat(userManager.getAuthenticationRealmName(), isIn(principals.getRealmNames()));
    } finally {
      subject.logout();
    }
  }
  /**
   * Test that validates functionality for issue <a
   * href="https://issues.apache.org/jira/browse/JSEC-22">JSEC-22</a>
   */
  @Test
  public void testSubjectReuseAfterLogout() {

    Subject subject = SecurityUtils.getSubject();

    AuthenticationToken token = new UsernamePasswordToken("guest", "guest");
    subject.login(token);
    assertTrue(subject.isAuthenticated());
    assertTrue("guest".equals(subject.getPrincipal()));
    assertTrue(subject.hasRole("guest"));

    Session session = subject.getSession();
    Serializable firstSessionId = session.getId();

    session.setAttribute("key", "value");
    assertEquals(session.getAttribute("key"), "value");

    subject.logout();

    assertNull(subject.getSession(false));
    assertNull(subject.getPrincipal());
    assertNull(subject.getPrincipals());

    subject.login(new UsernamePasswordToken("lonestarr", "vespa"));
    assertTrue(subject.isAuthenticated());
    assertTrue("lonestarr".equals(subject.getPrincipal()));
    assertTrue(subject.hasRole("goodguy"));

    assertNotNull(subject.getSession());
    assertFalse(firstSessionId.equals(subject.getSession().getId()));

    subject.logout();

    assertNull(subject.getSession(false));
    assertNull(subject.getPrincipal());
    assertNull(subject.getPrincipals());
  }
 /**
  * @Description 添加
  *
  * @param entity
  * @return JsonResult
  * @author davidwan
  */
 public JsonResult create(MeetingRoom entity) {
   Subject currentUser = SecurityUtils.getSubject();
   ShiroUser shiroUser = (ShiroUser) currentUser.getPrincipals().getPrimaryPrincipal();
   entity.setCreator_id(shiroUser.getId());
   entity.setCreate_time(new Date());
   // 若要获取id,请使用entity.getId();
   int result = meetingRoomDao.insertEntity(entity);
   if (result > 0) {
     // 添加操作日志
     systemLogService.create(EnumLogModule.会议室管理.getValue(), "添加会议室", "添加会议室:" + entity.getName());
     return new JsonResult(true);
   } else {
     return new JsonResult(false);
   }
 }
 /**
  * <br>
  * 描 述:获取用户真实姓名 <br>
  * 作 者:checkSun <br>
  * 历 史: (版本) 作者 时间 注释
  *
  * @return
  */
 @SuppressWarnings("unchecked")
 public static String getRealName() {
   String realname = "";
   try {
     Subject subject = SecurityUtils.getSubject();
     PrincipalCollection principals = subject.getPrincipals();
     if (!principals.isEmpty()) {
       HashMap<String, String> map = (HashMap<String, String>) principals.asList().get(1);
       realname = map.get("usesr_account_name");
       realname = URLDecoder.decode(realname, "UTF-8");
     }
   } catch (Exception e) {
     e.printStackTrace();
   }
   return realname;
 }
Beispiel #10
0
  @Test
  public void test() {
    Subject subject = SecurityUtils.getSubject();
    UsernamePasswordToken token = new UsernamePasswordToken(u1.getUsername(), password);
    subject.login(token);

    Assert.assertTrue(subject.isAuthenticated());
    subject.checkRole("admin");
    subject.checkPermission("user:create");

    userService.changePassword(u1.getId(), password + "1");
    userRealm.clearCache(subject.getPrincipals());

    token = new UsernamePasswordToken(u1.getUsername(), password + "1");
    subject.login(token);
  }
  @Test
  public void testFindUserManagerNonDefaultRealm() throws Exception {
    final List<String> realms = securitySystem.getRealms();
    realms.add("TestPrincipalsRealm");
    securitySystem.setRealms(realms);

    final Subject subject = login("tempUser", "tempPass");
    try {
      final PrincipalCollection principals = subject.getPrincipals();
      final UserManager userManager = helper().findUserManager(principals);

      assertThat(principals.getPrimaryPrincipal().toString(), isIn(userManager.listUserIds()));
      assertThat(userManager.getAuthenticationRealmName(), isIn(principals.getRealmNames()));
    } finally {
      subject.logout();
    }
  }
  @Test
  public void testDefaultConfig() {
    Subject subject = SecurityUtils.getSubject();

    AuthenticationToken token = new UsernamePasswordToken("guest", "guest");
    subject.login(token);
    assertTrue(subject.isAuthenticated());
    assertTrue("guest".equals(subject.getPrincipal()));
    assertTrue(subject.hasRole("guest"));

    Session session = subject.getSession();
    session.setAttribute("key", "value");
    assertEquals(session.getAttribute("key"), "value");

    subject.logout();

    assertNull(subject.getSession(false));
    assertNull(subject.getPrincipal());
    assertNull(subject.getPrincipals());
  }
 private void assertPrincipalsSize(Subject subject, int size) {
   PrincipalCollection principalCollection = subject.getPrincipals();
   assertEquals(size, principalCollection.asList().size());
 }
Beispiel #14
0
  @RequestMapping(value = "login", method = RequestMethod.POST)
  public String login(
      String memberName,
      String accountName,
      String password,
      HttpSession session,
      HttpServletRequest request,
      ModelMap map) {
    map.put("accountName", accountName);
    map.put("memberName", memberName);
    SupervisorSiteToken token = null;
    SupervisorPrincipal userBean = null;
    AccountEntity account = null;
    if (StringUtils.isNotEmpty(memberName) && StringUtils.isNotEmpty(accountName)) {
      MemberEntity member = memberService.getMemberByName(memberName);
      if (member == null) {
        map.put("message", "会员不存在");
        return LOGIN;
      }
      if (!member.getName().equals(memberName)) {
        map.put("message", "会员名错误");
        return LOGIN;
      }
      if (MemberCheckStateEnum.UNAUDITED.equals(member.getCheckState())) {
        map.put("message", "会员未审核");
        return LOGIN;
      }
      if (MemberStatesEnum.STOP.equals(member.getState())) {
        map.put("message", "会员已冻结");
        return LOGIN;
      }

      account = accountService.getAccountByName(accountName, member.getMemberNo());
      if (account == null) {
        map.put("amessage", "会员子账户不存在");
        return LOGIN;
      }
      if (AccountStatesEnum.STOP.equals(account.getState())) {
        map.put("amessage", "会员子账户已冻结");
        return LOGIN;
      }

      userBean = new SupervisorPrincipal();
      userBean.setAccount(account);
      userBean.setMember(member);
      token = new SupervisorSiteToken(userBean, password);
    } else if (StringUtils.isNotEmpty(memberName) && StringUtils.isEmpty(accountName)) {
      MemberEntity member = memberService.getMemberByName(memberName);
      if (member == null) {
        map.put("message", "会员不存在");
        return LOGIN;
      }
      if (MemberCheckStateEnum.UNAUDITED.equals(member.getCheckState())) {
        map.put("message", "会员未审核");
        return LOGIN;
      }
      if (MemberStatesEnum.STOP.equals(member.getState())) {
        map.put("message", "会员已冻结");
        return LOGIN;
      }
      userBean = new SupervisorPrincipal();
      userBean.setMember(member);
      token = new SupervisorSiteToken(userBean, password);
    } else {
      map.put("message", "公司名称和密码不能为空");
      // map.put("pmessage", "密码不能为空");
      return LOGIN;
    }
    Subject currentUser = SecurityUtils.getSubject();
    try {
      currentUser.login(token);
      PrincipalCollection principals = currentUser.getPrincipals();
      if (userBean.getAccount() != null) {
        SupervisorShiroRedisCache.addToMap(userBean.getAccount().getId(), principals);
      } else {
        SupervisorShiroRedisCache.addToMap(userBean.getMember().getMemberNo(), principals);
      }
    } catch (AuthenticationException e) {
      SxjLogger.error("登陆失败", e, this.getClass());
      map.put("pmessage", "密码错误");
      return LOGIN;
    }
    if (currentUser.isAuthenticated()) {
      session.setAttribute("userinfo", userBean);
      if (account != null) {
        accountService.edit_Login(account.getId());
      }
      return "redirect:" + getBasePath(request) + "index.htm";
    } else {
      map.put("message", "登陆失败");
      return LOGIN;
    }
  }