Setting Principals Outside of a Realm

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Setting Principals Outside of a Realm

Paul Holding
Hi

Is it possible to set either the primary principal or an additional principal for a subject outside of the authenticating realms configured in shiro.ini? If so, could you provide me with some points or examples please?

The reason for the question is I would like to associate a UUID obtained from a database that uniquely identifies the user which I can then retrieve for use in other parts of the web based application, however the authentication may not have been performed by the JDBC realm. Ideally I would like to use an authentication listener to set this UUID obtained from the database as the primary principal.

Not sure if its relevant but this is a web based application.

Many Thanks

Paul
Reply | Threaded
Open this post in threaded view
|

Re: Setting Principals Outside of a Realm

Paul Holding
Sorry to bump my own thread but just wondering if anyone is able to help with this query or can point me in the right direction.

Many Thanks

Paul
Reply | Threaded
Open this post in threaded view
|

Re: Setting Principals Outside of a Realm

domfarr
if you have access to the request object you can grab the session object and then the principal object and inject what you need 


On 4 March 2014 15:22, Paul Holding <[hidden email]> wrote:
Sorry to bump my own thread but just wondering if anyone is able to help with
this query or can point me in the right direction.

Many Thanks

Paul



--
View this message in context: http://shiro-user.582556.n2.nabble.com/Setting-Principals-Outside-of-a-Realm-tp7579653p7579716.html
Sent from the Shiro User mailing list archive at Nabble.com.

Reply | Threaded
Open this post in threaded view
|

Re: Setting Principals Outside of a Realm

Paul Holding
Dominic Farr wrote
if you have access to the request object you can grab the session object
and then the principal object and inject what you need
Hi Dominic

I'm not sure I understand what you're referring to by the request object. Ideally, I would like to use an AuthenticationListener to set the additional principals, so I've looked in SecurityUtils.getSubject().getSession() but I can't see anything related to principals within getSession(). I've also looked into using SecurityUtils.getSubject().getPrincipals() but cannot see anything that would let me set a principal.

Would you be able to provide some example code or let me know which methods I need to invoke to set the additional principals please?

Kind Regards

Paul
Reply | Threaded
Open this post in threaded view
|

Re: Setting Principals Outside of a Realm

versatec
In reply to this post by Paul Holding
You could do this within a custom shiro filter:
String principal = retrieveUser'sNameFromWherever();
PrincipalCollection principals = new SimplePrincipalCollection(principal, "UUID-Realm");
WebSubject.Builder builder = new WebSubject.Builder(request, response);
builder.principals(principals).authenticated(true);
WebSubject webSubject = builder.buildWebSubject();
ThreadContext.bind(webSubject);
Reply | Threaded
Open this post in threaded view
|

Re: Setting Principals Outside of a Realm

domfarr
Paul, the filter suggestion is good way.

But to clarify what I meant. 

The principal that shiro stores is just an value associated with a key in the session object. By default shiro uses this static value as the key. DefaultSubjectContext.PRINCIPALS_SESSION_KEY. Anyone that has access to the session object can get the object backed by this key. 

Object principal = request.getSession(false).get(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);

I've previously created a simple app for another forum user, but have extended it to show what I mean. 


To start app execute this command 

mvn jetty:run


Check out the last section of the read me and look at this jsp



On 5 March 2014 07:30, versatec <[hidden email]> wrote:
You could do this within a custom shiro filter:
String principal = retrieveUser'sNameFromWherever();
PrincipalCollection principals = new SimplePrincipalCollection(principal,
"UUID-Realm");
WebSubject.Builder builder = new WebSubject.Builder(request, response);
builder.principals(principals).authenticated(true);
WebSubject webSubject = builder.buildWebSubject();
ThreadContext.bind(webSubject);



--
View this message in context: http://shiro-user.582556.n2.nabble.com/Setting-Principals-Outside-of-a-Realm-tp7579653p7579721.html
Sent from the Shiro User mailing list archive at Nabble.com.