Folks,. I cant get into my system even if I embellish the login with administrator role.
Can someone help me with this stack error ? I can configure shiro or comment it all out and I get the same thing. thid exception gets thrown when I try to save my bean to hibernate below org.apache.shiro.authz.UnauthenticatedException: This subject is anonymous - it does not have any identifying principals and authorization operations require an identity to check against. A Subject instance will acquire these identifying principals automatically after a successful login is performed be executing org.apache.shiro.subject.Subject.login(AuthenticationToken) or when 'Remember Me' functionality is enabled by the SecurityManager. This exception can also occur when a previously logged-in Subject has logged out which makes it anonymous again. Because an identity is currently not known due to any of these conditions, authorization is denied. Best Regards and thanks Kenneth William Colassi [email protected] realm package org.tynamo.examples.pphl.services.realms; import java.util.HashSet; import java.util.Iterator; import java.util.Set; import org.apache.shiro.authc.AccountException; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.IncorrectCredentialsException; import org.apache.shiro.authc.SaltedAuthenticationInfo; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authc.credential.HashedCredentialsMatcher; import org.apache.shiro.authz.AuthorizationException; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.authz.permission.WildcardPermissionResolver; import org.apache.shiro.cache.MemoryConstrainedCacheManager; import org.apache.shiro.codec.Base64; import org.apache.shiro.crypto.hash.Md5Hash; import org.apache.shiro.crypto.hash.Sha1Hash; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.util.SimpleByteSource; import org.apache.tapestry5.alerts.AlertManager; import org.apache.tapestry5.ioc.Messages; import org.apache.tapestry5.ioc.annotations.Inject; import org.apache.tapestry5.ioc.annotations.Symbol; import org.apache.tapestry5.services.ApplicationStateManager; import org.hibernate.Criteria; import org.hibernate.Session; import org.hibernate.Transaction; import org.hibernate.criterion.Restrictions; import org.slf4j.Logger; import org.tynamo.builder.BuilderDirector; import org.tynamo.common.services.authenticationlisteners.SecurityAuthenticationToken; import org.tynamo.examples.pphl.AdminLayoutBuilder; import org.tynamo.examples.pphl.HitCounterBuilder; import org.tynamo.examples.pphl.PersonBuilder; import org.tynamo.examples.pphl.model.AdminLayout; import org.tynamo.examples.pphl.model.HitCounter; import org.tynamo.examples.pphl.model.Person; import org.tynamo.examples.pphl.model.Person.Permission; import org.tynamo.examples.pphl.model.Person.Role; import org.tynamo.security.federatedaccounts.services.FederatedAccountService; import org.tynamo.services.DescriptorService; import org.tynamo.services.PersistenceService; import org.tynamo.util.Utils; /** * Refer to RollingTokenRealm to finish proper federate logic * * @author Owner * */ public class HibernateUserRealm extends AuthorizingRealm { public static final String HIBERNATEUSER_CLIENTID_USERNAME = "hibernateuser.clientid"; public static final String HIBERNATEUSER_CLIENTSECRET_PASSWORD = "hibernateuser.clientsecret"; public static final String HIBERNATEUSER_PERMISSIONS = "hibernateuser.permissions"; public static final String HIBERNATEUSER_PRINCIPAL = "hibernateuser.principal"; public static enum PrincipalProperty { id, email, name }; private PrincipalProperty principalProperty; private final Logger logger; private FederatedAccountService federatedAccountService; private Session session; private String clientIdUserName; private String clientSecretPassword; private String permissions; public HibernateUserRealm(Logger logger, FederatedAccountService federatedAccountService, Session session, @Inject @Symbol(HibernateUserRealm.HIBERNATEUSER_CLIENTID_USERNAME) String clientIdUserName, @Inject @Symbol(HibernateUserRealm.HIBERNATEUSER_CLIENTSECRET_PASSWORD) String clientSecretPassword, @Inject @Symbol(HibernateUserRealm.HIBERNATEUSER_PERMISSIONS) String permissions, @Inject @Symbol(HibernateUserRealm.HIBERNATEUSER_PRINCIPAL) String principalPropertyName) { super(new MemoryConstrainedCacheManager()); // caches your user account // on next iterations thru this.logger = logger; this.federatedAccountService = federatedAccountService; this.session = session; this.clientIdUserName = clientIdUserName; this.clientSecretPassword = clientSecretPassword; this.permissions = permissions; this.principalProperty = PrincipalProperty.valueOf(principalPropertyName); setName(HibernateUserRealm.class.getSimpleName()); //setAuthenticationTokenClass(SecurityAuthenticationToken.class); setAuthenticationTokenClass(UsernamePasswordToken.class); setPermissionResolver(new WildcardPermissionResolver()); setCredentialsMatcher(new HashedCredentialsMatcher(Sha1Hash.ALGORITHM_NAME)); //setCredentialsMatcher(new HashedCredentialsMatcher(Md5Hash.ALGORITHM_NAME)); } @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { if (principals == null) throw new AuthorizationException("PrincipalCollection was null, which should not happen"); if (principals.isEmpty()) { System.out.println("principals collection is empty"); return null; } if (principals.fromRealm(getName()).size() <= 0) { System.out.println("principals from realm collection is empty"); return null; } SimpleAuthorizationInfo info = null; Person user = applicationStateManager.get(Person.class); if ("administrator".equals(user.getUsername())) { Set<String> rroles = new HashSet<String>(user.getRoles().size()); rroles.add("administrator"); info = new SimpleAuthorizationInfo(rroles); info.addStringPermission("*:create:*,*:read:*,*:update:*,*:delete:*"); } else { // do roles Set<String> rroles = new HashSet<String>(user.getRoles().size()); Set<Role> roles = user.getRoles(); for (Role role : roles) rroles.add(role.name()); info = new SimpleAuthorizationInfo(rroles); // do permissions String permString = ""; Set<Permission> permissions = user.getPermissions(); for (Permission permission : permissions) { permString += ("*:" + permission.name() + ":*,"); } if (permString.length() > 0) permString = permString.substring(0, permString.length() - 1); if (!principals.fromRealm(getName()).isEmpty()) info.addStringPermission(permString); } return info; } private Person findByUsername(String username) { return (Person) session.createCriteria(Person.class).add(Restrictions.eq("username", username)).uniqueResult(); } private Set<String> findRolesByUsername(Person person) { Set<String> result = new HashSet<String>(); Iterator<Role> iterator = person.getRoles().iterator(); while (iterator.hasNext()) { Role role = iterator.next(); result.add(role.toString()); } return result; } private Set<String> findPermissionsByUsername(Person person) { Set<Permission> permissions = new HashSet<Permission>(); Criteria criteria = session.createCriteria(Person.Permission.class); criteria.add(Restrictions.eq("Person_id", person.getId())); permissions.addAll(criteria.list()); Set<String> result = new HashSet<String>(); Iterator<Permission> iterator = permissions.iterator(); while (iterator.hasNext()) { Permission permission = iterator.next(); result.add(permission.toString()); } return result; } @Inject private DescriptorService descriptorService; @Inject private BuilderDirector builderDirector; @Inject private PersistenceService persistenceService; private PersonBuilder pb = new PersonBuilder(); private AdminLayoutBuilder ab = new AdminLayoutBuilder(); private HitCounterBuilder hcb = new HitCounterBuilder(); @Inject private Messages messages; @Inject private AlertManager alertManager; @Inject private ApplicationStateManager applicationStateManager; private Person createPerson(String username, String password) { // Person bean = builderDirector.createNewInstance(Coach.class); Person bean = pb.build(); bean.setUsername(username); if ( "administrator".equals(bean.getUsername()) ) bean.getRoles().add(Person.Role.administrator); bean.setEmailAddress(username); bean.setPassword(password); bean.setFirstName(username.substring(username.indexOf('@') + 1)); bean.setLastName(username.substring(username.indexOf('@') + 1)); try { Transaction tx = session.beginTransaction(); persistenceService.save(bean); alertManager.info(messages.getFormatter(Utils.ADDED_MESSAGE).format(bean)); tx.commit(); return bean; } catch (RuntimeException e) { alertManager.info(e.toString()); } return null; } private AdminLayout createAdminLayout() { AdminLayout bean = ab.build(); try { Transaction tx = session.beginTransaction(); persistenceService.save(bean); alertManager.info(messages.getFormatter(Utils.ADDED_MESSAGE).format(bean)); tx.commit(); return bean; } catch (RuntimeException e) { alertManager.info(e.toString()); } return null; } private HitCounter createHitCounter() { // Person bean = builderDirector.createNewInstance(Coach.class); HitCounter bean = hcb.build(); try { Transaction tx = session.beginTransaction(); bean.setLoginPageHits(new Integer(0)); persistenceService.save(bean); alertManager.info(messages.getFormatter(Utils.ADDED_MESSAGE).format(bean)); tx.commit(); return bean; } catch (RuntimeException e) { alertManager.info(e.toString()); } return bean; } @Override protected SaltedAuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { UsernamePasswordToken upToken = (UsernamePasswordToken) token; // SecurityAuthenticationToken upToken = (SecurityAuthenticationToken) token; String username = (String) upToken.getPrincipal(); String password = (String) new String (upToken.getCredentials().toString()); boolean rememberMe = upToken.isRememberMe(); if (username == null) { throw new AccountException("Null usernames are not allowed by this realm."); } if (password.toString().length() < 1) { throw new IncorrectCredentialsException("Password cannot be null."); } // Person person = findByUsername(username); Criteria criteria = session.createCriteria(Person.class); criteria.add(Restrictions.ilike("username", username)); Person person = (Person) criteria.uniqueResult(); HitCounter hc = findHitCounter(); if (person == null) { person = createPerson(username, password); hc.setCreatedUsers(hc.getCreatedUsers() + 1); } hc.setLoginPageHits(hc.getLoginPageHits() + 1); applicationStateManager.set(HitCounter.class, updateHitCounter(hc)); synchronized (applicationStateManager) { applicationStateManager.set(Person.class, person); if (findAdminLayout() != null) applicationStateManager.set(AdminLayout.class, findAdminLayout()); else { createAdminLayout(); applicationStateManager.set(AdminLayout.class, findAdminLayout()); } } SimpleByteSource bs = new SimpleByteSource(Base64.decode(person.getPasswordSalt())); return new SimpleAuthenticationInfo(username, token.getCredentials(), bs, getName()); } private HitCounter updateHitCounter(HitCounter bean) { try { Transaction tx = session.beginTransaction(); persistenceService.update(bean); alertManager.info(messages.getFormatter(Utils.SAVED_MESSAGE).format(bean)); tx.commit(); } catch (RuntimeException e) { alertManager.info(e.toString()); } return bean; } /** * Find Methods * * @return */ private AdminLayout findAdminLayout() { return (AdminLayout) session.createCriteria(AdminLayout.class).add(Restrictions.eq("id", 1)).uniqueResult(); } private HitCounter findHitCounter() { HitCounter bean = (HitCounter) session.createCriteria(HitCounter.class).add(Restrictions.eq("id", 1)) .uniqueResult(); if (bean == null) bean = createHitCounter(); return bean; } }
