Package org.apache.shiro.util

Examples of org.apache.shiro.util.ByteSource$Util


    private AuthenticationInfo buildAuthenticationInfo(UsernamePasswordToken token, Object principal) {
        AuthenticationInfo authenticationInfo;
        HashingPasswordService hashService = getHashService();
        if (hashService != null) {
            Hash hash = hashService.hashPassword(token.getPassword());
            ByteSource salt = hash.getSalt();
            authenticationInfo = new SimpleAuthenticationInfo(principal, hash, salt, getName());
        } else {
            Object credentials = token.getCredentials();
            authenticationInfo = new SimpleAuthenticationInfo(principal, credentials, getName());
        }
View Full Code Here


    public ByteSource encrypt() throws Exception {
        ByteArrayOutputStream stream = new  ByteArrayOutputStream();
        ObjectOutput serialStream = new ObjectOutputStream(stream);
        serialStream.writeObject(securityToken);
        ByteSource byteSource = cipherService.encrypt(stream.toByteArray(), passPhrase);
        serialStream.close();
        stream.close();
       
        return byteSource;
    }
View Full Code Here

                applySecurityPolicy(exchange);              
                processor.process(exchange);
            }
           
            private void applySecurityPolicy(Exchange exchange) throws Exception {
                ByteSource encryptedToken = (ByteSource)exchange.getIn().getHeader("SHIRO_SECURITY_TOKEN");
                ByteSource decryptedToken = getCipherService().decrypt(encryptedToken.getBytes(), getPassPhrase());
               
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decryptedToken.getBytes());
                ObjectInputStream objectInputStream = new ObjectInputStream(byteArrayInputStream);
                ShiroSecurityToken securityToken = (ShiroSecurityToken)objectInputStream.readObject();
                objectInputStream.close();
                byteArrayInputStream.close();
               
View Full Code Here

                applySecurityPolicy(exchange);              
                processor.process(exchange);
            }
           
            private void applySecurityPolicy(Exchange exchange) throws Exception {
                ByteSource encryptedToken = ExchangeHelper.getMandatoryHeader(exchange, "SHIRO_SECURITY_TOKEN", ByteSource.class);
                ByteSource decryptedToken = getCipherService().decrypt(encryptedToken.getBytes(), getPassPhrase());
               
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decryptedToken.getBytes());
                ObjectInputStream objectInputStream = new ObjectInputStream(byteArrayInputStream);
                ShiroSecurityToken securityToken;
                try {
                    securityToken = (ShiroSecurityToken)objectInputStream.readObject();
                } finally {
View Full Code Here

        if (request == null || request.getSource() == null || request.getSource().isEmpty()) {
            return null;
        }

        String algorithmName = getAlgorithmName(request);
        ByteSource source = request.getSource();
        int iterations = getIterations(request);

        ByteSource publicSalt = getPublicSalt(request);
        ByteSource privateSalt = getPrivateSalt();
        ByteSource salt = combine(privateSalt, publicSalt);

        Hash computed = new SimpleHash(algorithmName, source, salt, iterations);

        SimpleHash result = new SimpleHash(algorithmName);
        result.setBytes(computed.getBytes());
View Full Code Here

     * @return the public salt that should be used to compute a hash based on the specified request or
     *         {@code null} if no public salt should be used.
     */
    protected ByteSource getPublicSalt(HashRequest request) {

        ByteSource publicSalt = request.getSalt();

        if (publicSalt != null && !publicSalt.isEmpty()) {
            //a public salt was explicitly requested to be used - go ahead and use it:
            return publicSalt;
        }

        publicSalt = null;

        //check to see if we need to generate one:
        ByteSource privateSalt = getPrivateSalt();
        boolean privateSaltExists = privateSalt != null && !privateSalt.isEmpty();

        //If a private salt exists, we must generate a public salt to protect the integrity of the private salt.
        //Or generate it if the instance is explicitly configured to do so:
        if (privateSaltExists || isGeneratePublicSalt()) {
            publicSalt = getRandomNumberGenerator().nextBytes();
View Full Code Here

        return super.process(exchange, callback);
    }

    private void applySecurityPolicy(Exchange exchange) throws Exception {
        ByteSource encryptedToken;

        // if we have username and password as headers then use them to create a token
        String username = exchange.getIn().getHeader(ShiroSecurityConstants.SHIRO_SECURITY_USERNAME, String.class);
        String password = exchange.getIn().getHeader(ShiroSecurityConstants.SHIRO_SECURITY_PASSWORD, String.class);
        if (username != null && password != null) {
            ShiroSecurityToken token = new ShiroSecurityToken(username, password);

            // store the token as header, either as base64 or as the object as-is
            if (policy.isBase64()) {
                ByteSource bytes = ShiroSecurityHelper.encrypt(token, policy.getPassPhrase(), policy.getCipherService());
                String base64 = bytes.toBase64();
                exchange.getIn().setHeader(ShiroSecurityConstants.SHIRO_SECURITY_TOKEN, base64);
            } else {
                exchange.getIn().setHeader(ShiroSecurityConstants.SHIRO_SECURITY_TOKEN, token);
            }
            // and now remove the headers as we turned those into the token instead
            exchange.getIn().removeHeader(ShiroSecurityConstants.SHIRO_SECURITY_USERNAME);
            exchange.getIn().removeHeader(ShiroSecurityConstants.SHIRO_SECURITY_PASSWORD);
        }

        Object token = ExchangeHelper.getMandatoryHeader(exchange, ShiroSecurityConstants.SHIRO_SECURITY_TOKEN, Object.class);

        // we support the token in a number of ways
        if (token instanceof ShiroSecurityToken) {
            ShiroSecurityToken sst = (ShiroSecurityToken) token;
            encryptedToken = ShiroSecurityHelper.encrypt(sst, policy.getPassPhrase(), policy.getCipherService());
            // Remove unencrypted token + replace with an encrypted token
            exchange.getIn().removeHeader(ShiroSecurityConstants.SHIRO_SECURITY_TOKEN);
            exchange.getIn().setHeader(ShiroSecurityConstants.SHIRO_SECURITY_TOKEN, encryptedToken);
        } else if (token instanceof String) {
            String data = (String) token;
            if (policy.isBase64()) {
                byte[] bytes = Base64.decode(data);
                encryptedToken = ByteSource.Util.bytes(bytes);
            } else {
                encryptedToken = ByteSource.Util.bytes(data);
            }
        } else if (token instanceof ByteSource) {
            encryptedToken = (ByteSource) token;
        } else {
            throw new CamelExchangeException("Shiro security header " + ShiroSecurityConstants.SHIRO_SECURITY_TOKEN + " is unsupported type: " + ObjectHelper.classCanonicalName(token), exchange);
        }

        ByteSource decryptedToken = policy.getCipherService().decrypt(encryptedToken.getBytes(), policy.getPassPhrase());

        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decryptedToken.getBytes());
        ObjectInputStream objectInputStream = new ObjectInputStream(byteArrayInputStream);
        ShiroSecurityToken securityToken;
        try {
            securityToken = (ShiroSecurityToken)objectInputStream.readObject();
        } finally {
View Full Code Here

        }
        return ShiroSecurityHelper.encrypt(securityToken, passPhrase, cipherService);
    }

    public void process(Exchange exchange) throws Exception {
        ByteSource bytes = encrypt();

        Object token;
        if (isBase64()) {
            token = bytes.toBase64();
        } else {
            token = bytes;
        }

        exchange.getIn().setHeader(ShiroSecurityConstants.SHIRO_SECURITY_TOKEN, token);
View Full Code Here

                applySecurityPolicy(exchange);              
                processor.process(exchange);
            }
           
            private void applySecurityPolicy(Exchange exchange) throws Exception {
                ByteSource encryptedToken = (ByteSource)exchange.getIn().getHeader("SHIRO_SECURITY_TOKEN");
                ByteSource decryptedToken = getCipherService().decrypt(encryptedToken.getBytes(), getPassPhrase());
               
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decryptedToken.getBytes());
                ObjectInputStream objectInputStream = new ObjectInputStream(byteArrayInputStream);
                ShiroSecurityToken securityToken = (ShiroSecurityToken)objectInputStream.readObject();
                objectInputStream.close();
                byteArrayInputStream.close();
               
View Full Code Here

     * @param key      the encryption key
     * @return encrypted password in base64 encoding
     */
    public static String encryptPassword(String password, byte[] key) {
        AesCipherService cipherService = new AesCipherService();
        ByteSource encrypted = cipherService.encrypt(password.getBytes(), key);
        return encrypted.toBase64();
    }
View Full Code Here

TOP

Related Classes of org.apache.shiro.util.ByteSource$Util

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.