Examples of org.apache.shiro.subject.Subject

• org.apache.shiro.subject.Subject
  A {@code Subject} represents state and security operations for a single application user.These operations include authentication (login/logout), authorization (access control), and session access. It is Shiro's primary mechanism for single-user security functionality.

  Acquiring a Subject

  To acquire the currently-executing {@code Subject}, application developers will almost always use {@code SecurityUtils}:

   {@link SecurityUtils SecurityUtils}. {@link org.apache.shiro.SecurityUtils#getSubject() getSubject()}

  Almost all security operations should be performed with the {@code Subject} returned from this method.

  Permission methods

  Note that there are many *Permission methods in this interface overloaded to accept String arguments instead of {@link Permission Permission} instances. They are a convenience allowing the caller to use a String representation ofa {@link Permission Permission} if desired. The underlying Authorization subsystem implementations will usuallysimply convert these String values to {@link Permission Permission} instances and then just call the correspondingtype-safe method. (Shiro's default implementations do String-to-Permission conversion for these methods using {@link org.apache.shiro.authz.permission.PermissionResolver PermissionResolver}s.)

  These overloaded *Permission methods forgo type-saftey for the benefit of convenience and simplicity, so you should choose which ones to use based on your preferences and needs. @since 0.1

        expect(mockRequest.getCookies()).andReturn(null);

        replay(mockRequest);
        replay(mockResponse);

        Subject subject = newSubject(mockRequest, mockResponse);

        verify(mockRequest);
        verify(mockResponse);

        assertNotNull(subject);
        assertTrue(subject.getPrincipals() == null || subject.getPrincipals().isEmpty());
        assertTrue(subject.getSession(false) == null);
        assertFalse(subject.isAuthenticated());
    }

        HttpServletResponse mockResponse = createNiceMock(HttpServletResponse.class);

        replay(mockRequest);
        replay(mockResponse);

        Subject subject = newSubject(mockRequest, mockResponse);

        Session session = subject.getSession();
        Serializable sessionId = session.getId();

        assertNotNull(sessionId);

        verify(mockRequest);
        verify(mockResponse);

        mockRequest = createNiceMock(HttpServletRequest.class);
        mockResponse = createNiceMock(HttpServletResponse.class);
        //now simulate the cookie going with the request and the Subject should be acquired based on that:
        Cookie[] cookies = new Cookie[]{new Cookie(ShiroHttpSession.DEFAULT_SESSION_ID_NAME, sessionId.toString())};
        expect(mockRequest.getCookies()).andReturn(cookies).anyTimes();
        expect(mockRequest.getParameter(isA(String.class))).andReturn(null).anyTimes();

        replay(mockRequest);
        replay(mockResponse);

        subject = newSubject(mockRequest, mockResponse);

        session = subject.getSession(false);
        assertNotNull(session);
        assertEquals(sessionId, session.getId());

        verify(mockRequest);
        verify(mockResponse);

    @Override
    public boolean login(String subject, String password) {
        UsernamePasswordToken token = new UsernamePasswordToken(subject, password);
        token.setRememberMe(true);
        Subject currentUser = SecurityUtils.getSubject();
        try {
            currentUser.login(token);
            currentUser.getSession().setTimeout(-1);
            return true;
        } catch (Exception e) {
            LOG.warning(e.getLocalizedMessage());
            return false;
        }

        }
    }

    @Override
    public void logout() {
        Subject currentUser = SecurityUtils.getSubject();
        currentUser.logout();

    }

    private void executePrivileged(String classname, Runnable action) {
        if (isInited()) {
            //LOG.info("Executing privileged for plugin: " + classname);
            PrincipalCollection plugPrincipals = new SimplePrincipalCollection(classname, pluginRealm.getName());
            Subject plugSubject = new Subject.Builder().principals(plugPrincipals).buildSubject();
            plugSubject.getSession().setTimeout(-1);
            plugSubject.execute(action);
        } else {
            action.run();
        }
    }

    @RequiresPermissions("auth:fakeUser")
    @Override
    public boolean bindFakeUser(String userName) {
        if (baseRealm.accountExists(userName)) {
            PrincipalCollection principals = new SimplePrincipalCollection(userName, BASE_REALM_NAME);
            Subject subj = new Subject.Builder().principals(principals).buildSubject();
            ThreadState threadState = new SubjectThreadState(subj);
            threadState.bind();
            return true;
        }
        return false;

    ============================================*/

    public String getValue() {
        String value = null;

        Subject subject = SecurityUtils.getSubject();
        Session session = subject.getSession(false);
        if (session != null) {
            value = (String) session.getAttribute(VALUE_KEY);
            if (log.isDebugEnabled()) {
                log.debug("retrieving session key [" + VALUE_KEY + "] with value [" + value + "] on session with id [" + session.getId() + "]");
            }

        return value;
    }

    public void setValue(String newValue) {
        Subject subject = SecurityUtils.getSubject();
        Session session = subject.getSession();

        if (log.isDebugEnabled()) {
            log.debug("saving session key [" + VALUE_KEY + "] with value [" + newValue + "] on session with id [" + session.getId() + "]");
        }

        command.setValue(sampleManager.getValue());
        return command;
    }

    protected Map<String, Object> referenceData(HttpServletRequest request, Object command, Errors errors) throws Exception {
        Subject subject = SecurityUtils.getSubject();
        boolean hasRole1 = subject.hasRole("role1");
        boolean hasRole2 = subject.hasRole("role2");

        Map<String, Object> refData = new HashMap<String, Object>();
        refData.put("hasRole1", hasRole1);
        refData.put("hasRole2", hasRole2);
        refData.put("subjectSession", subject.getSession());
        return refData;
    }

    |               M E T H O D S               |
    ============================================*/

    protected ModelAndView handleRequestInternal(HttpServletRequest request, HttpServletResponse response) throws Exception {

        Subject subject = SecurityUtils.getSubject();
        Session session = null;

        if (subject != null) {
            session = subject.getSession();
        }
        if (session == null) {
            String msg = "Expected a non-null Shiro session.";
            throw new IllegalArgumentException(msg);
        }