CPD Results
The following document contains the results of PMD's CPD 6.55.0.
Duplications
| File |
Project |
Line |
| QuickstartGuice.java |
Apache Shiro :: Samples :: Quick Start Guice |
44 |
| Quickstart.java |
Apache Shiro :: Samples :: Quick Start |
50 |
SecurityManager securityManager = injector.getInstance(SecurityManager.class);
// for this simple example quickstart, make the SecurityManager
// accessible as a JVM singleton. Most applications wouldn't do this
// and instead rely on their container configuration or web.xml for
// webapps. That is outside the scope of this simple quickstart, so
// we'll just do the bare minimum so you can continue to get a feel
// for things.
SecurityUtils.setSecurityManager(securityManager);
// Now that a simple Shiro environment is set up, let's see what you can do:
// get the currently executing user:
Subject currentUser = SecurityUtils.getSubject();
// Do some stuff with a Session (no need for a web or EJB container!!!)
Session session = currentUser.getSession();
session.setAttribute("someKey", "aValue");
String value = (String) session.getAttribute("someKey");
if (value.equals("aValue")) {
log.info("Retrieved the correct value! [" + value + "]");
}
// let's login the current user so we can check against roles and permissions:
if (!currentUser.isAuthenticated()) {
UsernamePasswordToken token = new UsernamePasswordToken("lonestarr", "vespa");
token.setRememberMe(true);
try {
currentUser.login(token);
} catch (UnknownAccountException uae) {
log.info("There is no user with username of " + token.getPrincipal());
} catch (IncorrectCredentialsException ice) {
log.info("Password for account " + token.getPrincipal() + " was incorrect!");
} catch (LockedAccountException lae) {
log.info("The account for username " + token.getPrincipal() + " is locked. " +
"Please contact your administrator to unlock it.");
}
// ... catch more exceptions here (maybe custom ones specific to your application?
catch (AuthenticationException ae) {
//unexpected condition? error?
}
}
//say who they are:
//print their identifying principal (in this case, a username):
log.info("User [" + currentUser.getPrincipal() + "] logged in successfully.");
//test a role:
if (currentUser.hasRole("schwartz")) {
log.info("May the Schwartz be with you!");
} else {
log.info("Hello, mere mortal.");
}
//test a typed permission (not instance-level)
if (currentUser.isPermitted("lightsaber:wield")) {
log.info("You may use a lightsaber ring. Use it wisely.");
} else {
log.info("Sorry, lightsaber rings are for schwartz masters only.");
}
//a (very powerful) Instance Level permission:
if (currentUser.isPermitted("winnebago:drive:eagle5")) {
log.info("You are permitted to 'drive' the winnebago with license plate (id) 'eagle5'. " +
"Here are the keys - have fun!");
} else {
log.info("Sorry, you aren't allowed to drive the 'eagle5' winnebago!");
}
//all done - log out!
currentUser.logout();
System.exit(0);
}
} |
| File |
Project |
Line |
| org/apache/shiro/samples/guice/SampleShiroServletModule.java |
Apache Shiro :: ITs :: Guice 4 |
38 |
| org/apache/shiro/samples/guice/SampleShiroServletModule.java |
Apache Shiro :: Samples :: Guice Web |
38 |
public class SampleShiroServletModule extends ShiroWebModule {
private final ServletContext servletContext;
public SampleShiroServletModule(ServletContext servletContext) {
super(servletContext);
this.servletContext = servletContext;
}
@Override
protected void configureShiroWeb() {
bindConstant().annotatedWith(Names.named("shiro.loginUrl")).to("/login.jsp");
try {
this.bindRealm().toConstructor(IniRealm.class.getConstructor(Ini.class));
} catch (NoSuchMethodException e) {
addError("Could not locate proper constructor for IniRealm.", e);
}
this.addFilterChain("/login.jsp", AUTHC);
this.addFilterChain("/logout", LOGOUT);
this.addFilterChain("/account/**", AUTHC);
this.addFilterChain("/remoting/**",
filterConfig(AUTHC),
filterConfig(ROLES, "b2bClient"),
filterConfig(PERMS, "remote:invoke:lan,wan"));
}
@Provides
@Singleton
Ini loadShiroIni() throws MalformedURLException {
URL iniUrl = servletContext.getResource("/WEB-INF/shiro.ini");
return Ini.fromResourcePath("url:" + iniUrl.toExternalForm());
}
@Override
protected void bindWebSecurityManager(AnnotatedBindingBuilder<? super WebSecurityManager> bind) {
try {
String cipherKey = loadShiroIni().getSectionProperty("main", "securityManager.rememberMeManager.cipherKey");
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
CookieRememberMeManager rememberMeManager = new CookieRememberMeManager();
rememberMeManager.setCipherKey(Base64.decode(cipherKey));
securityManager.setRememberMeManager(rememberMeManager);
bind.toInstance(securityManager);
} catch (MalformedURLException e) {
// for now just throw, you could just call
// super.bindWebSecurityManager(bind) if you do not need rememberMe functionality
throw new ConfigurationException("securityManager.rememberMeManager.cipherKey must be set in shiro.ini.");
}
}
} |
| File |
Project |
Line |
| org/apache/shiro/samples/WebApp.java |
Apache Shiro :: Samples :: Spring Boot 3 Web |
47 |
| org/apache/shiro/samples/WebApp.java |
Apache Shiro :: Samples :: Spring Boot Web |
44 |
@Configuration
@ControllerAdvice
@SpringBootApplication
public class WebApp {
private static Logger log = LoggerFactory.getLogger(WebApp.class);
public static void main(String[] args) {
SpringApplication.run(WebApp.class, args);
}
@ExceptionHandler(AuthorizationException.class)
@ResponseStatus(HttpStatus.FORBIDDEN)
public String handleException(AuthorizationException e, Model model) {
// you could return a 404 here instead (this is how github handles 403, so the user does NOT know there is a
// resource at that location)
log.debug("AuthorizationException was thrown", e);
Map<String, Object> map = new HashMap<String, Object>();
map.put("status", HttpStatus.FORBIDDEN.value());
map.put("message", "No message available");
model.addAttribute("errors", map);
return "error";
}
@Bean
public Realm realm() {
TextConfigurationRealm realm = new TextConfigurationRealm();
realm.setUserDefinitions("joe.coder=password,user\n" + "jill.coder=password,admin");
realm.setRoleDefinitions("admin=read,write\n" + "user=read");
realm.setCachingEnabled(true);
return realm;
}
@Bean
public ShiroFilterChainDefinition shiroFilterChainDefinition() {
DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition();
// need to accept POSTs from the login form
chainDefinition.addPathDefinition("/login.html", "authc");
chainDefinition.addPathDefinition("/logout", "logout");
return chainDefinition;
}
@ModelAttribute(name = "subject")
public Subject subject() {
return SecurityUtils.getSubject();
}
} |
| File |
Project |
Line |
| org/apache/shiro/spring/boot/autoconfigure/ShiroAutoConfiguration.java |
Apache Shiro :: Support :: Spring Boot |
48 |
| org/apache/shiro/spring/config/web/autoconfigure/ShiroWebAutoConfiguration.java |
Apache Shiro :: Support :: Spring Boot |
56 |
public class ShiroAutoConfiguration extends AbstractShiroConfiguration {
@Bean
@ConditionalOnMissingBean
@Override
protected AuthenticationStrategy authenticationStrategy() {
return super.authenticationStrategy();
}
@Bean
@ConditionalOnMissingBean
@Override
protected Authenticator authenticator() {
return super.authenticator();
}
@Bean
@ConditionalOnMissingBean
@Override
protected Authorizer authorizer() {
return super.authorizer();
}
@Bean
@ConditionalOnMissingBean
@Override
protected SubjectDAO subjectDAO() {
return super.subjectDAO();
}
@Bean
@ConditionalOnMissingBean
@Override
protected SessionStorageEvaluator sessionStorageEvaluator() {
return super.sessionStorageEvaluator();
}
@Bean
@ConditionalOnMissingBean
@Override
protected SubjectFactory subjectFactory() {
return super.subjectFactory();
}
@Bean
@ConditionalOnMissingBean
@Override
protected SessionFactory sessionFactory() {
return super.sessionFactory();
}
@Bean
@ConditionalOnMissingBean
@Override
protected SessionDAO sessionDAO() {
return super.sessionDAO();
}
@Bean
@ConditionalOnMissingBean
@Override
protected SessionManager sessionManager() {
return super.sessionManager();
}
@Bean
@ConditionalOnMissingBean
@Override
protected SessionsSecurityManager securityManager(List<Realm> realms) {
return super.securityManager(realms);
}
@Bean
@ConditionalOnResource(resources = "classpath:shiro.ini") |
| File |
Project |
Line |
| org/apache/shiro/crypto/hash/AbstractHash.java |
Apache Shiro :: Cryptography :: Hashing |
229 |
| org/apache/shiro/crypto/hash/SimpleHash.java |
Apache Shiro :: Cryptography :: Hashing |
406 |
}
/**
* Returns a hex-encoded string of the underlying {@link #getBytes byte array}.
* <p/>
* This implementation caches the resulting hex string so multiple calls to this method remain efficient.
* However, calling {@link #setBytes setBytes} will null the cached value, forcing it to be recalculated the
* next time this method is called.
*
* @return a hex-encoded string of the underlying {@link #getBytes byte array}.
*/
@Override
public String toHex() {
if (this.hexEncoded == null) {
this.hexEncoded = Hex.encodeToString(getBytes());
}
return this.hexEncoded;
}
/**
* Returns a Base64-encoded string of the underlying {@link #getBytes byte array}.
* <p/>
* This implementation caches the resulting Base64 string so multiple calls to this method remain efficient.
* However, calling {@link #setBytes setBytes} will null the cached value, forcing it to be recalculated the
* next time this method is called.
*
* @return a Base64-encoded string of the underlying {@link #getBytes byte array}.
*/
@Override
public String toBase64() {
if (this.base64Encoded == null) {
//cache result in case this method is called multiple times.
this.base64Encoded = Base64.encodeToString(getBytes());
}
return this.base64Encoded;
}
/**
* Simple implementation that merely returns {@link #toHex() toHex()}.
*
* @return the {@link #toHex() toHex()} value.
*/
@Override
public String toString() {
return toHex();
}
/**
* Returns {@code true} if the specified object is a Hash and its {@link #getBytes byte array} is identical to
* this Hash's byte array, {@code false} otherwise.
*
* @param o the object (Hash) to check for equality.
* @return {@code true} if the specified object is a Hash and its {@link #getBytes byte array} is identical to
* this Hash's byte array, {@code false} otherwise.
*/
@Override
public boolean equals(Object o) {
if (o instanceof Hash) {
Hash other = (Hash) o;
return MessageDigest.isEqual(getBytes(), other.getBytes());
}
return false;
}
/**
* Simply returns toHex().hashCode();
*
* @return toHex().hashCode()
*/
@Override
public int hashCode() {
if (this.bytes == null || this.bytes.length == 0) {
return 0;
}
return Arrays.hashCode(this.bytes);
}
} |
| File |
Project |
Line |
| org/apache/shiro/samples/guice/SampleShiroServletModule.java |
Apache Shiro :: ITs :: Guice 4 |
41 |
| org/apache/shiro/samples/guice/SampleShiroNativeSessionsServletModule.java |
Apache Shiro :: Samples :: Guice Web |
45 |
| org/apache/shiro/samples/guice/SampleShiroServletModule.java |
Apache Shiro :: Samples :: Guice Web |
41 |
public SampleShiroServletModule(ServletContext servletContext) {
super(servletContext);
this.servletContext = servletContext;
}
@Override
protected void configureShiroWeb() {
bindConstant().annotatedWith(Names.named("shiro.loginUrl")).to("/login.jsp");
try {
this.bindRealm().toConstructor(IniRealm.class.getConstructor(Ini.class));
} catch (NoSuchMethodException e) {
addError("Could not locate proper constructor for IniRealm.", e);
}
this.addFilterChain("/login.jsp", AUTHC);
this.addFilterChain("/logout", LOGOUT);
this.addFilterChain("/account/**", AUTHC);
this.addFilterChain("/remoting/**",
filterConfig(AUTHC),
filterConfig(ROLES, "b2bClient"),
filterConfig(PERMS, "remote:invoke:lan,wan"));
}
@Provides
@Singleton
Ini loadShiroIni() throws MalformedURLException {
URL iniUrl = servletContext.getResource("/WEB-INF/shiro.ini");
return Ini.fromResourcePath("url:" + iniUrl.toExternalForm());
}
@Override |
| File |
Project |
Line |
| org/apache/shiro/samples/QuickStart.java |
Apache Shiro :: Samples :: Spring Boot |
37 |
| org/apache/shiro/samples/spring/QuickStart.java |
Apache Shiro :: Samples :: Spring Quickstart |
37 |
@Component
public class QuickStart {
private static Logger log = LoggerFactory.getLogger(QuickStart.class);
@Autowired
private SecurityManager securityManager;
@Autowired
private SimpleService simpleService;
public void run() {
// get the current subject
Subject subject = SecurityUtils.getSubject();
// Subject is not authenticated yet
Assert.isTrue(!subject.isAuthenticated());
// login the subject with a username / password
UsernamePasswordToken token = new UsernamePasswordToken("joe.coder", "password");
subject.login(token);
// joe.coder has the "user" role
subject.checkRole("user");
// joe.coder does NOT have the admin role
Assert.isTrue(!subject.hasRole("admin"));
// joe.coder has the "read" permission
subject.checkPermission("read");
// current user is allowed to execute this method.
simpleService.readRestrictedCall();
try {
// but not this one!
simpleService.writeRestrictedCall();
} catch (AuthorizationException e) {
log.info("Subject was NOT allowed to execute method 'writeRestrictedCall'");
}
// logout
subject.logout();
Assert.isTrue(!subject.isAuthenticated());
}
/**
* Sets the static instance of SecurityManager. This is NOT needed for web applications.
*/
@PostConstruct
private void initStaticSecurityManager() {
SecurityUtils.setSecurityManager(securityManager);
}
} |
| File |
Project |
Line |
| org/apache/shiro/samples/HelloController.java |
Apache Shiro :: Samples :: Spring Boot 3 Web |
34 |
| org/apache/shiro/samples/HelloController.java |
Apache Shiro :: Samples :: Spring Boot Web |
33 |
@Controller
public class HelloController {
@SuppressWarnings("Duplicates")
@RequestMapping("/")
public String home(HttpServletRequest request, Model model) {
String name = "World";
Subject subject = SecurityUtils.getSubject();
PrincipalCollection principalCollection = subject.getPrincipals();
if (principalCollection != null && !principalCollection.isEmpty()) {
Collection<Map> principalMaps = subject.getPrincipals().byType(Map.class);
if (CollectionUtils.isEmpty(principalMaps)) {
name = subject.getPrincipal().toString();
} else {
name = (String) principalMaps.iterator().next().get("username");
}
}
model.addAttribute("name", name);
return "hello";
}
} |
| File |
Project |
Line |
| org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java |
Apache Shiro :: Web |
89 |
| org/apache/shiro/web/filter/authc/HttpAuthenticationFilter.java |
Apache Shiro :: Web |
340 |
protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) {
String authorizationHeader = getAuthzHeader(request);
if (authorizationHeader == null || authorizationHeader.length() == 0) {
// Create an empty authentication token since there is no
// Authorization header.
return createToken("", "", request, response);
}
LOGGER.debug("Attempting to execute login with auth header");
String[] prinCred = getPrincipalsAndCredentials(authorizationHeader, request);
if (prinCred == null || prinCred.length < 2) {
// Create an authentication token with an empty password,
// since one hasn't been provided in the request.
String username = prinCred == null || prinCred.length == 0 ? "" : prinCred[0];
return createToken(username, "", request, response);
}
String username = prinCred[0];
String password = prinCred[1];
return createToken(username, password, request, response);
} |
| File |
Project |
Line |
| org/apache/shiro/samples/guice/SampleShiroServletModule.java |
Apache Shiro :: ITs :: Guice 3 |
61 |
| org/apache/shiro/samples/guice/SampleShiroServletModule.java |
Apache Shiro :: ITs :: Guice 4 |
63 |
| org/apache/shiro/samples/guice/SampleShiroServletModule.java |
Apache Shiro :: Samples :: Guice Web |
63 |
this.addFilterChain("/remoting/**", AUTHC, config(ROLES, "b2bClient"), config(PERMS, "remote:invoke:lan,wan"));
}
@Provides
@Singleton
Ini loadShiroIni() throws MalformedURLException {
URL iniUrl = servletContext.getResource("/WEB-INF/shiro.ini");
return Ini.fromResourcePath("url:" + iniUrl.toExternalForm());
}
@Override
protected void bindWebSecurityManager(AnnotatedBindingBuilder<? super WebSecurityManager> bind) {
try {
String cipherKey = loadShiroIni().getSectionProperty("main", "securityManager.rememberMeManager.cipherKey");
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
CookieRememberMeManager rememberMeManager = new CookieRememberMeManager();
rememberMeManager.setCipherKey(Base64.decode(cipherKey));
securityManager.setRememberMeManager(rememberMeManager);
bind.toInstance(securityManager);
} catch (MalformedURLException e) {
// for now just throw, you could just call
// super.bindWebSecurityManager(bind) if you do not need rememberMe functionality
throw new ConfigurationException("securityManager.rememberMeManager.cipherKey must be set in shiro.ini.");
}
}
} |
