001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied.  See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 */
019package org.apache.shiro.web.subject.support;
020
021import org.apache.shiro.mgt.SecurityManager;
022import org.apache.shiro.session.Session;
023import org.apache.shiro.session.mgt.SessionContext;
024import org.apache.shiro.subject.PrincipalCollection;
025import org.apache.shiro.subject.support.DelegatingSubject;
026import org.apache.shiro.util.StringUtils;
027import org.apache.shiro.web.session.mgt.DefaultWebSessionContext;
028import org.apache.shiro.web.session.mgt.WebSessionContext;
029import org.apache.shiro.web.subject.WebSubject;
030import org.apache.shiro.web.util.WebUtils;
031
032import javax.servlet.ServletRequest;
033import javax.servlet.ServletResponse;
034
035/**
036 * Default {@link WebSubject WebSubject} implementation that additional ensures the ability to retain a
037 * servlet request/response pair to be used by internal shiro components as necessary during the request execution.
038 *
039 * @since 1.0
040 */
041public class WebDelegatingSubject extends DelegatingSubject implements WebSubject {
042
043    private static final long serialVersionUID = -1655724323350159250L;
044
045    private final ServletRequest servletRequest;
046    private final ServletResponse servletResponse;
047
048    public WebDelegatingSubject(PrincipalCollection principals, boolean authenticated,
049                                String host, Session session,
050                                ServletRequest request, ServletResponse response,
051                                SecurityManager securityManager) {
052        this(principals, authenticated, host, session, true, request, response, securityManager);
053    }
054
055    //since 1.2
056    public WebDelegatingSubject(PrincipalCollection principals, boolean authenticated,
057                                String host, Session session, boolean sessionEnabled,
058                                ServletRequest request, ServletResponse response,
059                                SecurityManager securityManager) {
060        super(principals, authenticated, host, session, sessionEnabled, securityManager);
061        this.servletRequest = request;
062        this.servletResponse = response;
063    }
064
065    public ServletRequest getServletRequest() {
066        return servletRequest;
067    }
068
069    public ServletResponse getServletResponse() {
070        return servletResponse;
071    }
072
073    /**
074     * Returns {@code true} if session creation is allowed  (as determined by the super class's
075     * {@link super#isSessionCreationEnabled()} value and no request-specific override has disabled sessions for this subject,
076     * {@code false} otherwise.
077     * <p/>
078     * This means session creation is disabled if the super {@link super#isSessionCreationEnabled()} property is {@code false}
079     * or if a request attribute is discovered that turns off sessions for the current request.
080     *
081     * @return {@code true} if session creation is allowed  (as determined by the super class's
082     *         {@link super#isSessionCreationEnabled()} value and no request-specific override has disabled sessions for this
083     *         subject, {@code false} otherwise.
084     * @since 1.2
085     */
086    @Override
087    protected boolean isSessionCreationEnabled() {
088        boolean enabled = super.isSessionCreationEnabled();
089        return enabled && WebUtils._isSessionCreationEnabled(this);
090    }
091
092    @Override
093    protected SessionContext createSessionContext() {
094        WebSessionContext wsc = new DefaultWebSessionContext();
095        String host = getHost();
096        if (StringUtils.hasText(host)) {
097            wsc.setHost(host);
098        }
099        wsc.setServletRequest(this.servletRequest);
100        wsc.setServletResponse(this.servletResponse);
101        return wsc;
102    }
103}