View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.shiro.web.subject.support;
20  
21  import org.apache.shiro.mgt.SecurityManager;
22  import org.apache.shiro.session.Session;
23  import org.apache.shiro.session.mgt.SessionContext;
24  import org.apache.shiro.subject.PrincipalCollection;
25  import org.apache.shiro.subject.support.DelegatingSubject;
26  import org.apache.shiro.lang.util.StringUtils;
27  import org.apache.shiro.web.session.mgt.DefaultWebSessionContext;
28  import org.apache.shiro.web.session.mgt.WebSessionContext;
29  import org.apache.shiro.web.subject.WebSubject;
30  import org.apache.shiro.web.util.WebUtils;
31  
32  import javax.servlet.ServletRequest;
33  import javax.servlet.ServletResponse;
34  
35  /**
36   * Default {@link WebSubject WebSubject} implementation that additional ensures the ability to retain a
37   * servlet request/response pair to be used by internal shiro components as necessary during the request execution.
38   *
39   * @since 1.0
40   */
41  public class WebDelegatingSubject extends DelegatingSubject implements WebSubject {
42  
43      private static final long serialVersionUID = -1655724323350159250L;
44  
45      private final ServletRequest servletRequest;
46      private final ServletResponse servletResponse;
47  
48      public WebDelegatingSubject(PrincipalCollection principals, boolean authenticated,
49                                  String host, Session session,
50                                  ServletRequest request, ServletResponse response,
51                                  SecurityManager securityManager) {
52          this(principals, authenticated, host, session, true, request, response, securityManager);
53      }
54  
55      //since 1.2
56      public WebDelegatingSubject(PrincipalCollection principals, boolean authenticated,
57                                  String host, Session session, boolean sessionEnabled,
58                                  ServletRequest request, ServletResponse response,
59                                  SecurityManager securityManager) {
60          super(principals, authenticated, host, session, sessionEnabled, securityManager);
61          this.servletRequest = request;
62          this.servletResponse = response;
63      }
64  
65      public ServletRequest getServletRequest() {
66          return servletRequest;
67      }
68  
69      public ServletResponse getServletResponse() {
70          return servletResponse;
71      }
72  
73      /**
74       * Returns {@code true} if session creation is allowed  (as determined by the super class's
75       * {@link super#isSessionCreationEnabled()} value and no request-specific override has disabled sessions for this subject,
76       * {@code false} otherwise.
77       * <p/>
78       * This means session creation is disabled if the super {@link super#isSessionCreationEnabled()} property is {@code false}
79       * or if a request attribute is discovered that turns off sessions for the current request.
80       *
81       * @return {@code true} if session creation is allowed  (as determined by the super class's
82       * {@link super#isSessionCreationEnabled()} value and no request-specific override has disabled sessions for this
83       * subject, {@code false} otherwise.
84       * @since 1.2
85       */
86      @Override
87      protected boolean isSessionCreationEnabled() {
88          boolean enabled = super.isSessionCreationEnabled();
89          return enabled && WebUtils.isSessionCreationEnabled(this);
90      }
91  
92      @Override
93      protected SessionContext createSessionContext() {
94          WebSessionContext wsc = new DefaultWebSessionContext();
95          String host = getHost();
96          if (StringUtils.hasText(host)) {
97              wsc.setHost(host);
98          }
99          wsc.setServletRequest(this.servletRequest);
100         wsc.setServletResponse(this.servletResponse);
101         return wsc;
102     }
103 }