org.apache.shiro.subject.Subject.isRemembered()方法的使用及代码示例

x33g5p2x  于2022-01-29 转载在 其他  
字(10.0k)|赞(0)|评价(0)|浏览(125)

本文整理了Java中org.apache.shiro.subject.Subject.isRemembered()方法的一些代码示例,展示了Subject.isRemembered()的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。Subject.isRemembered()方法的具体详情如下:
包路径:org.apache.shiro.subject.Subject
类名称:Subject
方法名:isRemembered

Subject.isRemembered介绍

[英]Returns true if this Subject has an identity (it is not anonymous) and the identity (aka #getPrincipals()) is remembered from a successful authentication during a previous session.

Although the underlying implementation determines exactly how this method functions, most implementations have this method act as the logical equivalent to this code:

#getPrincipal() != null && ! 
#isAuthenticated()

Note as indicated by the above code example, if a Subject is remembered, they are NOT considered authenticated. A check against #isAuthenticated() is a more strict check than that reflected by this method. For example, a check to see if a subject can access financial information should almost always depend on #isAuthenticated() to guarantee a verified identity, and not this method.

Once the subject is authenticated, they are no longer considered only remembered because their identity would have been verified during the current session.

Remembered vs Authenticated

Authentication is the process of proving you are who you say you are. When a user is only remembered, the remembered identity gives the system an idea who that user probably is, but in reality, has no way of absolutely guaranteeing if the remembered Subject represents the user currently using the application.

So although many parts of the application can still perform user-specific logic based on the remembered #getPrincipals(), such as customized views, it should never perform highly-sensitive operations until the user has legitimately verified their identity by executing a successful authentication attempt.

We see this paradigm all over the web, and we will use Amazon.com as an example:

When you visit Amazon.com and perform a login and ask it to 'remember me', it will set a cookie with your identity. If you don't log out and your session expires, and you come back, say the next day, Amazon still knows who you probably are: you still see all of your book and movie recommendations and similar user-specific features since these are based on your (remembered) user id.

BUT, if you try to do something sensitive, such as access your account's billing data, Amazon forces you to do an actual log-in, requiring your username and password.

This is because although amazon.com assumed your identity from 'remember me', it recognized that you were not actually authenticated. The only way to really guarantee you are who you say you are, and therefore allow you access to sensitive account data, is to force you to perform an actual successful authentication. You can check this guarantee via the #isAuthenticated() method and not via this method.
[中]如果此主题具有身份(它不是匿名的),并且在上一次会话中成功通过身份验证记住了该身份(aka#getPrinciples()),则返回true。
尽管底层实现确切地确定了该方法的工作方式,但大多数实现都将该方法作为与此代码的逻辑等价物:

#getPrincipal() != null && ! 
#isAuthenticated()

注:如上述代码示例所示,如果记住了某个主题,则认为它们经过身份验证。对#isAuthenticated()的检查比此方法反映的检查更严格。例如,检查受试者是否可以访问财务信息几乎总是依赖于#isAuthenticated()来保证已验证的身份,而不是此方法。
一旦受试者通过身份验证,他们将不再被认为只会被记住,因为他们的身份将在当前会话中得到验证。
#####记忆vs认证
认证是证明你是你所说的人的过程。当用户只被记住时,记住的身份会让系统知道该用户可能是谁,但实际上,如果记住的主体代表当前使用该应用程序的用户,则无法绝对“保证”。
因此,尽管应用程序的许多部分仍然可以基于记住的#GetPrinciples()执行特定于用户的逻辑,例如自定义视图,但在用户通过执行成功的身份验证尝试合法验证其身份之前,它永远不应该执行高度敏感的操作。
我们在网络上看到了这个范例,我们将以Amazon.com为例:
当你访问亚马逊时。com并进行登录,让它“记住我”,它会用你的身份设置一个cookie。如果你不注销,会话过期,第二天回来,比如说,亚马逊仍然知道你可能是谁:你仍然可以看到你所有的书籍和电影推荐,以及类似的用户特定功能,因为它们基于你(记住的)用户id。
但是,如果你试图做一些敏感的事情,比如访问你账户的账单数据,亚马逊会强迫你实际登录,需要你的用户名和密码。
这是因为尽管亚马逊。com从“记住我”中假设了你的身份,它承认你实际上没有经过身份验证。要真正保证你是你所说的那种人,从而允许你访问敏感帐户数据,唯一的方法就是强制你执行真正成功的身份验证。您可以通过#isAuthenticated()方法检查此保证,而不是通过此方法。

代码示例

代码示例来源:origin: apache/usergrid

public static boolean isAnonymous() {
  Subject currentUser = getSubject();
  if ( currentUser == null ) {
    return true;
  }
  return !currentUser.isAuthenticated() && !currentUser.isRemembered();
}

代码示例来源:origin: apache/shiro

if (subject.isAuthenticated() || subject.isRemembered()) {
  try {
    issueSuccessRedirect(request, response);

代码示例来源:origin: com.wuyushuo/vplus-data

/**
 * 检查用户是否Remembered
 * @return 用户是否Remembered
 */
public static boolean isRemembered() {
  return Optional.ofNullable(SecurityUtils.getSubject()).map(x -> x.isRemembered()).orElse(false);
}

代码示例来源:origin: org.sonatype.nexus.plugins/nexus-extdirect-plugin

public ErrorResponse(final Throwable cause) {
 this(checkNotNull(cause).getMessage() == null ? cause.getClass().getName() : cause.getMessage());
 authenticationRequired = cause instanceof UnauthenticatedException;
 if (authenticationRequired) {
  Subject subject = SecurityUtils.getSubject();
  if (subject == null || !(subject.isRemembered() || subject.isAuthenticated())) {
   message = "Access denied (authentication required)";
  }
 }
}

代码示例来源:origin: org.sonatype.nexus/nexus-extdirect

public ErrorResponse(final Throwable cause) {
 this(checkNotNull(cause).getMessage() == null ? cause.getClass().getName() : cause.getMessage());
 authenticationRequired = cause instanceof UnauthenticatedException;
 if (authenticationRequired) {
  Subject subject = SecurityUtils.getSubject();
  if (subject == null || !(subject.isRemembered() || subject.isAuthenticated())) {
   message = "Access denied (authentication required)";
  }
 }
}

代码示例来源:origin: lfz757077613/MyBlog

@PostMapping("isLogin")
@ResponseBody
public MyResponse isLogin() {
  Subject subject = SecurityUtils.getSubject();
  if (subject.isAuthenticated() || subject.isRemembered()) {
    return MyResponse.createResponse(ResponseEnum.ALREADY_LOGIN, SecurityUtils.getSubject().getPrincipal().toString());
  }
  return MyResponse.createResponse(ResponseEnum.SUCC);
}

代码示例来源:origin: subchen/jetbrick-template-2x

/**
 * Displays body content only if the current user has remembered.
 */
public static void not_remembered(JetTagContext ctx) throws IOException {
  final Subject subject = getSubject();
  boolean show = !subject.isRemembered();
  if (show) {
    printTagBody(ctx);
  }
}

代码示例来源:origin: subchen/jetbrick-template-2x

/**
 * Displays body content only if the current user has remembered.
 */
public static void remembered(JetTagContext ctx) throws IOException {
  final Subject subject = getSubject();
  boolean show = subject.isRemembered();
  if (show) {
    printTagBody(ctx);
  }
}

代码示例来源:origin: deluan/shiro-faces

protected boolean checkAuthentication() {
    return (getSubject() != null && getSubject().isRemembered());
  }
}

代码示例来源:origin: zhangyd-c/springboot-shiro

@GetMapping("/login")
public ModelAndView login(Model model) {
  Subject subject = SecurityUtils.getSubject();
  if (subject.isAuthenticated()||subject.isRemembered()){
    return ResultUtil.redirect("/index");
  }
  return ResultUtil.view("/login");
}

代码示例来源:origin: cn.dreampie/jfinal-shiro

/**
 * 判断是否已经登录
 *
 * @return boolean
 */
public static boolean isAuthed() {
 Subject subject = getSubject();
 if (subject == null || subject.getPrincipal() == null || (!subject.isAuthenticated() && !subject.isRemembered())) {
  return false;
 } else
  return true;
}

代码示例来源:origin: Dreampie/jfinal-shiro

/**
 * 判断是否已经登录
 *
 * @return boolean
 */
public static boolean isAuthed() {
 Subject subject = getSubject();
 if (subject == null || subject.getPrincipal() == null || (!subject.isAuthenticated() && !subject.isRemembered())) {
  return false;
 } else
  return true;
}

代码示例来源:origin: com.ning.billing/killbill-jaxrs

public SubjectJson(final Subject subject) {
  this.principal = subject.getPrincipal() == null ? null : subject.getPrincipal().toString();
  this.isAuthenticated = subject.isAuthenticated();
  this.isRemembered = subject.isRemembered();
  final Session subjectSession = subject.getSession(false);
  this.session = subjectSession == null ? null : new SessionJson(subjectSession);
}

代码示例来源:origin: org.kill-bill.billing/killbill-jaxrs

public SubjectJson(final Subject subject) {
  this.principal = subject.getPrincipal() == null ? null : subject.getPrincipal().toString();
  this.isAuthenticated = subject.isAuthenticated();
  this.isRemembered = subject.isRemembered();
  final Session subjectSession = subject.getSession(false);
  this.session = subjectSession == null ? null : new SessionJson(subjectSession);
}

代码示例来源:origin: be.c4j.ee.security.octopus/octopus-core

@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
  if (isLoginRequest(request, response)) {
    return true;
  } else {
    Subject subject = getSubject(request, response);
    // If principal is not null, then the user is known and should be allowed access.
    return subject.getPrincipal() != null && (subject.isAuthenticated() || subject.isRemembered());
  }
}

代码示例来源:origin: KrailOrg/krail

@Test
public void authenticated() {
  // given
  when(subject.isAuthenticated()).thenReturn(true);
  when(subject.isRemembered()).thenReturn(false);
  when(subject.getPrincipal()).thenReturn(principal);
  // when
  // then
  assertThat(subjectIdentifier.subjectName()).isEqualTo("wiggly");
  assertThat(subjectIdentifier.subjectIdentifier()).isNotNull();
  assertThat(subjectIdentifier.subjectIdentifier()).isEqualTo(principal);
}

代码示例来源:origin: KrailOrg/krail

@Test
public void remembered() {
  // given
  when(subject.isAuthenticated()).thenReturn(false);
  when(subject.isRemembered()).thenReturn(true);
  when(subject.getPrincipal()).thenReturn(principal);
  // when
  // then
  assertThat(subjectIdentifier.subjectName()).isEqualTo("wiggly?");
  assertThat(subjectIdentifier.subjectIdentifier()).isNotNull();
  assertThat(subjectIdentifier.subjectIdentifier()).isEqualTo(principal);
}

代码示例来源:origin: KrailOrg/krail

@Test
public void notAuthenticatedNotRemembered() {
  // given
  when(subject.isAuthenticated()).thenReturn(false);
  when(subject.isRemembered()).thenReturn(false);
  when(subject.getPrincipal()).thenReturn(null);
  // when
  // then
  assertThat(subjectIdentifier.subjectName()).isEqualTo("Guest");
  assertThat(subjectIdentifier.subjectIdentifier()).isNull();
}

代码示例来源:origin: be.c4j.ee.security.octopus/octopus-core

@Override
public SecurityCheckInfo performCheck(Subject subject, AccessDecisionVoterContext accessContext, Annotation securityAnnotation) {
  SecurityCheckInfo result;
  if (!subject.isAuthenticated() && !subject.isRemembered()) {  // When login from remember me, the isAuthenticated return false
    result = SecurityCheckInfo.withException(
        new OctopusUnauthorizedException("User required", infoProducer.getViolationInfo(accessContext))
    );
  } else {
    result = SecurityCheckInfo.allowAccess();
  }
  return result;
}

代码示例来源:origin: be.c4j.ee.security.octopus/octopus-core

@Override
protected void save(Subject subject) {
  super.save(subject);
  if (subject.isRemembered()) {
    // Ok, now the DAO has stored the Subject in the Session and thus HttpSession is created.
    // We now can sent an event (required for example for the ApplicationUsage) that there is a RememberedLogon.
    BeanManagerProvider.getInstance().getBeanManager().fireEvent(new RememberMeLogonEvent(subject));
  }
}

相关文章