protected void assertAuthzCheckPossible() throws AuthorizationException { if (!hasPrincipals()) { String msg = "This subject is anonymous - it does not have any identifying principals and " + "authorization operations require an identity to check against. A Subject instance will " + "acquire these identifying principals automatically after a successful login is performed " + "be executing " + Subject.class.getName() + ".login(AuthenticationToken) or when 'Remember Me' " + "functionality is enabled by the SecurityManager. This exception can also occur when a " + "previously logged-in Subject has logged out which " + "makes it anonymous again. Because an identity is currently not known due to any of these " + "conditions, authorization is denied."; throw new UnauthenticatedException(msg); } }
@Override public Response toResponse(UnauthenticatedException exception) { ResponseBuilder builder = Response.status(Response.Status.UNAUTHORIZED); builder.header("WWW-Authenticate", HttpServletRequest.BASIC_AUTH + " realm=\"" + appName + "\""); if (exception.getMessage() != null) builder = builder.entity(exception.getMessage()).type("text/plain"); return builder.build(); }
@Override protected Response convert(UnauthenticatedException exception, String id) { return Response.status(Status.UNAUTHORIZED) .header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN_TYPE) .entity(exception.getMessage()) .build(); } }
/** * Ensures that the calling <code>Subject</code> is authenticated, and if not, throws an * {@link org.apache.shiro.authz.UnauthenticatedException UnauthenticatedException} indicating the method is not allowed to be executed. * * @param a the annotation to inspect * @throws org.apache.shiro.authz.UnauthenticatedException if the calling <code>Subject</code> has not yet * authenticated. */ public void assertAuthorized(Annotation a) throws UnauthenticatedException { if (a instanceof RequiresAuthentication && !getSubject().isAuthenticated() ) { throw new UnauthenticatedException( "The current Subject is not authenticated. Access denied." ); } } }
@ExceptionHandler(UnauthenticatedException.class) @ResponseStatus(HttpStatus.FORBIDDEN) @ResponseBody public Response<Void> handleException(UnauthenticatedException e) { log.debug("{} was thrown", e.getClass(), e); ShiroExceptionHandler.remove(); shiroEventListener.afterLogin(currentUserName.get(),false,e.getMessage()); return new Response<>(HttpStatus.FORBIDDEN.value() + "", "当前用户未登录", null); }
/** * Ensures that the calling <code>Subject</code> is NOT a <em>user</em>, that is, they do not * have an {@link org.apache.shiro.subject.Subject#getPrincipal() identity} before continuing. If they are * a user ({@link org.apache.shiro.subject.Subject#getPrincipal() Subject.getPrincipal()} != null), an * <code>AuthorizingException</code> will be thrown indicating that execution is not allowed to continue. * * @param a the annotation to check for one or more roles * @throws org.apache.shiro.authz.AuthorizationException * if the calling <code>Subject</code> is not a "guest". */ public void assertAuthorized(Annotation a) throws AuthorizationException { if (a instanceof RequiresGuest && getSubject().getPrincipal() != null) { throw new UnauthenticatedException("Attempting to perform a guest-only operation. The current Subject is " + "not a guest (they have been authenticated or remembered from a previous login). Access " + "denied."); } } }
/** * Ensures that the calling <code>Subject</code> is a <em>user</em>, that is, they are <em>either</code> * {@link org.apache.shiro.subject.Subject#isAuthenticated() authenticated} <b><em>or</em></b> remembered via remember * me services before allowing access, and if not, throws an * <code>AuthorizingException</code> indicating access is not allowed. * * @param a the RequiresUser annotation to check * @throws org.apache.shiro.authz.AuthorizationException * if the calling <code>Subject</code> is not authenticated or remembered via rememberMe services. */ public void assertAuthorized(Annotation a) throws AuthorizationException { if (a instanceof RequiresUser && getSubject().getPrincipal() == null) { throw new UnauthenticatedException("Attempting to perform a user-only operation. The current Subject is " + "not a user (they haven't been authenticated or remembered from a previous login). " + "Access denied."); } } }
protected void assertAuthzCheckPossible() throws AuthorizationException { if (!hasPrincipals()) { String msg = "This subject is anonymous - it does not have any identifying principals and " + "authorization operations require an identity to check against. A Subject instance will " + "acquire these identifying principals automatically after a successful login is performed " + "be executing " + Subject.class.getName() + ".login(AuthenticationToken) or when 'Remember Me' " + "functionality is enabled by the SecurityManager. This exception can also occur when a " + "previously logged-in Subject has logged out which " + "makes it anonymous again. Because an identity is currently not known due to any of these " + "conditions, authorization is denied."; throw new UnauthenticatedException(msg); } }
/** * Ensures that the calling <code>Subject</code> is authenticated, and if not, throws an * {@link org.apache.shiro.authz.UnauthenticatedException UnauthenticatedException} indicating the method is not allowed to be executed. * * @param a the annotation to inspect * @throws org.apache.shiro.authz.UnauthenticatedException if the calling <code>Subject</code> has not yet * authenticated. */ public void assertAuthorized(Annotation a) throws UnauthenticatedException { if (a instanceof RequiresAuthentication && !getSubject().isAuthenticated() ) { throw new UnauthenticatedException( "The current Subject is not authenticated. Access denied." ); } } }
/** * Ensures that the calling <code>Subject</code> is a <em>user</em>, that is, they are <em>either</code> * {@link org.apache.shiro.subject.Subject#isAuthenticated() authenticated} <b><em>or</em></b> remembered via remember * me services before allowing access, and if not, throws an * <code>AuthorizingException</code> indicating access is not allowed. * * @param a the RequiresUser annotation to check * @throws org.apache.shiro.authz.AuthorizationException * if the calling <code>Subject</code> is not authenticated or remembered via rememberMe services. */ public void assertAuthorized(Annotation a) throws AuthorizationException { if (a instanceof RequiresUser && getSubject().getPrincipal() == null) { throw new UnauthenticatedException("Attempting to perform a user-only operation. The current Subject is " + "not a user (they haven't been authenticated or remembered from a previous login). " + "Access denied."); } } }
/** * Ensures that the calling <code>Subject</code> is NOT a <em>user</em>, that is, they do not * have an {@link org.apache.shiro.subject.Subject#getPrincipal() identity} before continuing. If they are * a user ({@link org.apache.shiro.subject.Subject#getPrincipal() Subject.getPrincipal()} != null), an * <code>AuthorizingException</code> will be thrown indicating that execution is not allowed to continue. * * @param a the annotation to check for one or more roles * @throws org.apache.shiro.authz.AuthorizationException * if the calling <code>Subject</code> is not a "guest". */ public void assertAuthorized(Annotation a) throws AuthorizationException { if (a instanceof RequiresGuest && getSubject().getPrincipal() != null) { throw new UnauthenticatedException("Attempting to perform a guest-only operation. The current Subject is " + "not a guest (they have been authenticated or remembered from a previous login). Access " + "denied."); } } }
private void handleRequiresAuthentication( Subject subject ) { if ( requiresAuthentication != null ) { LOGGER.debug( "SecurityConcern::RequiresAuthentication" ); if ( !subject.isAuthenticated() ) { throw new UnauthenticatedException( "The current Subject is not authenticated. Access denied." ); } } else { LOGGER.debug( "SecurityConcern::RequiresAuthentication: not concerned" ); } }
private void handleRequiresAuthentication( Subject subject ) { if ( requiresAuthentication != null ) { LOGGER.debug( "SecurityConcern::RequiresAuthentication" ); if ( !subject.isAuthenticated() ) { throw new UnauthenticatedException( "The current Subject is not authenticated. Access denied." ); } } else { LOGGER.debug( "SecurityConcern::RequiresAuthentication: not concerned" ); } }
private void handleRequiresUser( Subject subject ) { if ( requiresUser != null ) { LOGGER.debug( "SecurityConcern::RequiresUser" ); if ( subject.getPrincipal() == null ) { throw new UnauthenticatedException( "Attempting to perform a user-only operation. The current Subject is " + "not a user (they haven't been authenticated or remembered from a previous login). " + "Access denied." ); } } else { LOGGER.debug( "SecurityConcern::RequiresUser: not concerned" ); } }
private void handleRequiresGuest( Subject subject ) { if ( requiresGuest != null ) { LOGGER.debug( "SecurityConcern::RequiresGuest" ); if ( subject.getPrincipal() != null ) { throw new UnauthenticatedException( "Attempting to perform a guest-only operation. The current Subject is " + "not a guest (they have been authenticated or remembered from a previous login). Access " + "denied." ); } } else { LOGGER.debug( "SecurityConcern::RequiresGuest: not concerned" ); } }
private void handleRequiresGuest( Subject subject ) { if ( requiresGuest != null ) { LOGGER.debug( "SecurityConcern::RequiresGuest" ); if ( subject.getPrincipal() != null ) { throw new UnauthenticatedException( "Attempting to perform a guest-only operation. The current Subject is " + "not a guest (they have been authenticated or remembered from a previous login). Access " + "denied." ); } } else { LOGGER.debug( "SecurityConcern::RequiresGuest: not concerned" ); } }
protected void assertAuthzCheckPossible() throws AuthorizationException { if (!hasPrincipals()) { String msg = "This subject is anonymous - it does not have any identifying principals and " + "authorization operations require an identity to check against. A Subject instance will " + "acquire these identifying principals automatically after a successful login is performed " + "be executing " + Subject.class.getName() + ".login(AuthenticationToken) or when 'Remember Me' " + "functionality is enabled by the SecurityManager. This exception can also occur when a " + "previously logged-in Subject has logged out which " + "makes it anonymous again. Because an identity is currently not known due to any of these " + "conditions, authorization is denied."; throw new UnauthenticatedException(msg); } }
private void handleRequiresUser( Subject subject ) { if ( requiresUser != null ) { LOGGER.debug( "SecurityConcern::RequiresUser" ); if ( subject.getPrincipal() == null ) { throw new UnauthenticatedException( "Attempting to perform a user-only operation. The current Subject is " + "not a user (they haven't been authenticated or remembered from a previous login). " + "Access denied." ); } } else { LOGGER.debug( "SecurityConcern::RequiresUser: not concerned" ); } }
@Override public void assertAuthorized() throws AuthorizationException { if (getSubject().getPrincipal() == null) { throw new UnauthenticatedException("Attempting to perform a user-only operation. The current Subject is " + "not a user (they haven't been authenticated or remembered from a previous login). " + "Access denied."); } } }
@Override public void assertAuthorized() throws AuthorizationException { Subject subject = getSubject(); if (subject.getPrincipal() == null) { return; } throw new UnauthenticatedException("Attempting to perform a guest-only operation. The current Subject is " + "not a guest (they have been authenticated or remembered from a previous login). Access " + "denied."); }