001    /*
002     * Licensed to the Apache Software Foundation (ASF) under one
003     * or more contributor license agreements.  See the NOTICE file
004     * distributed with this work for additional information
005     * regarding copyright ownership.  The ASF licenses this file
006     * to you under the Apache License, Version 2.0 (the
007     * "License"); you may not use this file except in compliance
008     * with the License.  You may obtain a copy of the License at
009     *
010     *     http://www.apache.org/licenses/LICENSE-2.0
011     *
012     * Unless required by applicable law or agreed to in writing,
013     * software distributed under the License is distributed on an
014     * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015     * KIND, either express or implied.  See the License for the
016     * specific language governing permissions and limitations
017     * under the License.
018     */
019    package org.apache.shiro.web.subject.support;
020    
021    import org.apache.shiro.mgt.SecurityManager;
022    import org.apache.shiro.session.Session;
023    import org.apache.shiro.session.mgt.SessionContext;
024    import org.apache.shiro.subject.PrincipalCollection;
025    import org.apache.shiro.subject.support.DelegatingSubject;
026    import org.apache.shiro.util.StringUtils;
027    import org.apache.shiro.web.session.mgt.DefaultWebSessionContext;
028    import org.apache.shiro.web.session.mgt.WebSessionContext;
029    import org.apache.shiro.web.subject.WebSubject;
030    import org.apache.shiro.web.util.WebUtils;
031    
032    import javax.servlet.ServletRequest;
033    import javax.servlet.ServletResponse;
034    
035    /**
036     * Default {@link WebSubject WebSubject} implementation that additional ensures the ability to retain a
037     * servlet request/response pair to be used by internal shiro components as necessary during the request execution.
038     *
039     * @since 1.0
040     */
041    public class WebDelegatingSubject extends DelegatingSubject implements WebSubject {
042    
043        private static final long serialVersionUID = -1655724323350159250L;
044    
045        private final ServletRequest servletRequest;
046        private final ServletResponse servletResponse;
047    
048        public WebDelegatingSubject(PrincipalCollection principals, boolean authenticated,
049                                    String host, Session session,
050                                    ServletRequest request, ServletResponse response,
051                                    SecurityManager securityManager) {
052            this(principals, authenticated, host, session, true, request, response, securityManager);
053        }
054    
055        //since 1.2
056        public WebDelegatingSubject(PrincipalCollection principals, boolean authenticated,
057                                    String host, Session session, boolean sessionEnabled,
058                                    ServletRequest request, ServletResponse response,
059                                    SecurityManager securityManager) {
060            super(principals, authenticated, host, session, sessionEnabled, securityManager);
061            this.servletRequest = request;
062            this.servletResponse = response;
063        }
064    
065        public ServletRequest getServletRequest() {
066            return servletRequest;
067        }
068    
069        public ServletResponse getServletResponse() {
070            return servletResponse;
071        }
072    
073        /**
074         * Returns {@code true} if session creation is allowed  (as determined by the super class's
075         * {@link super#isSessionCreationEnabled()} value and no request-specific override has disabled sessions for this subject,
076         * {@code false} otherwise.
077         * <p/>
078         * This means session creation is disabled if the super {@link super#isSessionCreationEnabled()} property is {@code false}
079         * or if a request attribute is discovered that turns off sessions for the current request.
080         *
081         * @return {@code true} if session creation is allowed  (as determined by the super class's
082         *         {@link super#isSessionCreationEnabled()} value and no request-specific override has disabled sessions for this
083         *         subject, {@code false} otherwise.
084         * @since 1.2
085         */
086        @Override
087        protected boolean isSessionCreationEnabled() {
088            boolean enabled = super.isSessionCreationEnabled();
089            return enabled && WebUtils._isSessionCreationEnabled(this);
090        }
091    
092        @Override
093        protected SessionContext createSessionContext() {
094            WebSessionContext wsc = new DefaultWebSessionContext();
095            String host = getHost();
096            if (StringUtils.hasText(host)) {
097                wsc.setHost(host);
098            }
099            wsc.setServletRequest(this.servletRequest);
100            wsc.setServletResponse(this.servletResponse);
101            return wsc;
102        }
103    }