first commit

base/shiro/1.2.4/Dockerfile

@@ -0,0 +1,20 @@
+FROM maven:3-jdk-8 AS builder
+
+LABEL MAINTAINER="phithon <root@leavesongs.com>"
+
+COPY ./code/ /usr/src/
+
+WORKDIR /usr/src
+
+RUN cd /usr/src; \
+    mvn -U clean package -Dmaven.test.skip=true
+
+FROM openjdk:8u102-jre
+
+LABEL MAINTAINER="phithon <root@leavesongs.com>"
+
+COPY --from=builder /usr/src/target/shirodemo-1.0-SNAPSHOT.jar /shirodemo-1.0-SNAPSHOT.jar
+
+EXPOSE 8080
+
+CMD ["java", "-jar", "/shirodemo-1.0-SNAPSHOT.jar"]

base/shiro/1.2.4/code/.gitignore

@@ -0,0 +1,31 @@
+HELP.md
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**
+!**/src/test/**
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+
+### VS Code ###
+.vscode/

base/shiro/1.2.4/code/pom.xml

@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>2.2.2.RELEASE</version>
+        <relativePath/> <!-- lookup parent from repository -->
+    </parent>
+    <groupId>org.vulhub</groupId>
+    <artifactId>shirodemo</artifactId>
+    <version>1.0-SNAPSHOT</version>
+    <name>shirodemo</name>
+    <description>Demo project for Spring Boot and Shiro</description>
+
+    <properties>
+        <java.version>1.8</java.version>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-thymeleaf</artifactId>
+            <version>2.2.2.RELEASE</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+            <version>2.2.2.RELEASE</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <version>1.18.10</version>
+            <optional>true</optional>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.shiro</groupId>
+            <artifactId>shiro-core</artifactId>
+            <version>1.2.4</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.shiro</groupId>
+            <artifactId>shiro-spring</artifactId>
+            <version>1.2.4</version>
+        </dependency>
+
+        <dependency>
+			<groupId>commons-beanutils</groupId>
+			<artifactId>commons-beanutils</artifactId>
+			<version>1.9.2</version>
+		</dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>

base/shiro/1.2.4/code/src/main/java/org/vulhub/shirodemo/MainRealm.java

@@ -0,0 +1,25 @@
+package org.vulhub.shirodemo;
+
+import org.apache.shiro.authc.*;
+import org.apache.shiro.authz.AuthorizationInfo;
+import org.apache.shiro.realm.AuthorizingRealm;
+import org.apache.shiro.subject.PrincipalCollection;
+
+public class MainRealm extends AuthorizingRealm {
+
+    @Override
+    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
+        return null;
+    }
+
+    @Override
+    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
+        String username = (String) authenticationToken.getPrincipal();
+        String password = new String((char [])authenticationToken.getCredentials());
+        if (username.equals("admin") && password.equals("vulhub")) {
+            return new SimpleAuthenticationInfo(username, password, getName());
+        } else {
+            throw new IncorrectCredentialsException("Username or password is incorrect.");
+        }
+    }
+}

base/shiro/1.2.4/code/src/main/java/org/vulhub/shirodemo/ShiroConfig.java

@@ -0,0 +1,46 @@
+package org.vulhub.shirodemo;
+
+import org.apache.shiro.mgt.RememberMeManager;
+import org.apache.shiro.mgt.SecurityManager;
+import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
+import org.apache.shiro.web.mgt.CookieRememberMeManager;
+import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+@Configuration
+public class ShiroConfig {
+    @Bean
+    MainRealm mainRealm() {
+        return new MainRealm();
+    }
+
+    @Bean
+    RememberMeManager cookieRememberMeManager() {
+        return new CookieRememberMeManager();
+    }
+
+    @Bean
+    SecurityManager securityManager(MainRealm mainRealm, RememberMeManager cookieRememberMeManager) {
+        DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
+        manager.setRealm(mainRealm);
+        manager.setRememberMeManager(cookieRememberMeManager);
+        return manager;
+    }
+
+    @Bean(name="shiroFilter")
+    ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
+        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
+        bean.setSecurityManager(securityManager);
+        bean.setLoginUrl("/login");
+        bean.setUnauthorizedUrl("/unauth");
+        Map<String, String> map = new LinkedHashMap<>();
+        map.put("/doLogin", "anon");
+        map.put("/**", "user");
+        bean.setFilterChainDefinitionMap(map);
+        return bean;
+    }
+}

base/shiro/1.2.4/code/src/main/java/org/vulhub/shirodemo/ShirodemoApplication.java

@@ -0,0 +1,13 @@
+package org.vulhub.shirodemo;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class ShirodemoApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(ShirodemoApplication.class, args);
+    }
+
+}

base/shiro/1.2.4/code/src/main/java/org/vulhub/shirodemo/UserController.java

@@ -0,0 +1,38 @@
+package org.vulhub.shirodemo;
+
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.subject.Subject;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.*;
+
+@Controller
+public class UserController {
+    @PostMapping("/doLogin")
+    public String doLoginPage(@RequestParam("username") String username, @RequestParam("password") String password, @RequestParam(name="rememberme", defaultValue = "") String rememberMe) {
+        Subject subject = SecurityUtils.getSubject();
+        try {
+            subject.login(new UsernamePasswordToken(username, password, rememberMe.equals("remember-me")));
+        } catch (AuthenticationException e) {
+            return "forward:/login";
+        }
+
+        return "forward:/";
+    }
+
+    @RequestMapping("/")
+    public String helloPage() {
+        return "hello";
+    }
+
+    @RequestMapping("/unauth")
+    public String errorPage() {
+        return "error";
+    }
+
+    @RequestMapping("/login")
+    public String loginPage() {
+        return "login";
+    }
+}

base/shiro/1.2.4/code/src/main/resources/application.properties

@@ -0,0 +1 @@
+

base/shiro/1.2.4/code/src/main/resources/templates/error.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Error</title>
+</head>
+<body>
+
+<p>login error</p>
+
+</body>
+</html>

base/shiro/1.2.4/code/src/main/resources/templates/hello.html

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Congrats</title>
+</head>
+<body>
+
+<h1>Congrats</h1>
+<p>You have successfully logged in</p>
+
+</body>
+</html>

base/shiro/1.2.4/code/src/main/resources/templates/login.html

@@ -0,0 +1,84 @@
+<!doctype html>
+<html lang="en">
+<head>
+    <meta charset="utf-8">
+    <title>Login Page</title>
+    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.4.1/dist/css/bootstrap.min.css" integrity="sha256-L/W5Wfqfa0sdBNIKN9cG6QA5F2qx4qICmU2VgLruv9Y=" crossorigin="anonymous">
+    <style>
+        .bd-placeholder-img {
+            font-size: 1.125rem;
+            text-anchor: middle;
+            -webkit-user-select: none;
+            -moz-user-select: none;
+            -ms-user-select: none;
+            user-select: none;
+        }
+
+        @media (min-width: 768px) {
+            .bd-placeholder-img-lg {
+                font-size: 3.5rem;
+            }
+        }
+
+        html,
+        body {
+            height: 100%;
+        }
+
+        body {
+            display: -ms-flexbox;
+            display: flex;
+            -ms-flex-align: center;
+            align-items: center;
+            padding-top: 40px;
+            padding-bottom: 40px;
+            background-color: #f5f5f5;
+        }
+
+        .form-signin {
+            width: 100%;
+            max-width: 330px;
+            padding: 15px;
+            margin: auto;
+        }
+        .form-signin .checkbox {
+            font-weight: 400;
+        }
+        .form-signin .form-control {
+            position: relative;
+            box-sizing: border-box;
+            height: auto;
+            padding: 10px;
+            font-size: 16px;
+        }
+        .form-signin .form-control:focus {
+            z-index: 2;
+        }
+        .form-signin input[type="email"] {
+            margin-bottom: -1px;
+            border-bottom-right-radius: 0;
+            border-bottom-left-radius: 0;
+        }
+        .form-signin input[type="password"] {
+            margin-bottom: 10px;
+            border-top-left-radius: 0;
+            border-top-right-radius: 0;
+        }
+    </style>
+</head>
+<body class="text-center">
+    <form class="form-signin" action="/doLogin" method="post">
+        <h1 class="h3 mb-3 font-weight-normal">Please sign in</h1>
+        <label class="sr-only">Username</label>
+        <input type="text" class="form-control" placeholder="Username" name="username" required>
+        <label class="sr-only">Password</label>
+        <input type="password" class="form-control" placeholder="Password" name="password" required>
+        <div class="checkbox mb-3">
+            <label>
+                <input type="checkbox" name="rememberme" value="remember-me"> Remember me
+            </label>
+        </div>
+        <button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
+    </form>
+</body>
+</html>