use of org.apache.shiro.authc.DisabledAccountException in project cas by apereo.
the class ShiroAuthenticationHandler method authenticateUsernamePasswordInternal.
@Override
protected HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential transformedCredential, final String originalPassword) throws GeneralSecurityException, PreventedException {
try {
final UsernamePasswordToken token = new UsernamePasswordToken(transformedCredential.getUsername(), transformedCredential.getPassword());
if (transformedCredential instanceof RememberMeUsernamePasswordCredential) {
token.setRememberMe(RememberMeUsernamePasswordCredential.class.cast(transformedCredential).isRememberMe());
}
final Subject currentUser = getCurrentExecutingSubject();
currentUser.login(token);
checkSubjectRolesAndPermissions(currentUser);
return createAuthenticatedSubjectResult(transformedCredential, currentUser);
} catch (final UnknownAccountException uae) {
throw new AccountNotFoundException(uae.getMessage());
} catch (final IncorrectCredentialsException ice) {
throw new FailedLoginException(ice.getMessage());
} catch (final LockedAccountException | ExcessiveAttemptsException lae) {
throw new AccountLockedException(lae.getMessage());
} catch (final ExpiredCredentialsException eae) {
throw new CredentialExpiredException(eae.getMessage());
} catch (final DisabledAccountException eae) {
throw new AccountDisabledException(eae.getMessage());
} catch (final AuthenticationException e) {
throw new FailedLoginException(e.getMessage());
}
}
use of org.apache.shiro.authc.DisabledAccountException in project neo4j by neo4j.
the class InternalFlatFileRealm method doGetAuthenticationInfo.
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
if (!authenticationEnabled) {
return null;
}
ShiroAuthToken shiroAuthToken = (ShiroAuthToken) token;
String username;
String password;
try {
username = AuthToken.safeCast(AuthToken.PRINCIPAL, shiroAuthToken.getAuthTokenMap());
password = AuthToken.safeCast(AuthToken.CREDENTIALS, shiroAuthToken.getAuthTokenMap());
} catch (InvalidAuthTokenException e) {
throw new UnsupportedTokenException(e);
}
User user = userRepository.getUserByName(username);
if (user == null) {
throw new UnknownAccountException();
}
AuthenticationResult result = authenticationStrategy.authenticate(user, password);
switch(result) {
case FAILURE:
throw new IncorrectCredentialsException();
case TOO_MANY_ATTEMPTS:
throw new ExcessiveAttemptsException();
default:
break;
}
if (user.hasFlag(InternalFlatFileRealm.IS_SUSPENDED)) {
throw new DisabledAccountException("User '" + user.name() + "' is suspended.");
}
if (user.passwordChangeRequired()) {
result = AuthenticationResult.PASSWORD_CHANGE_REQUIRED;
}
// and we do not need to store hashed credentials in the AuthenticationInfo.
return new ShiroAuthenticationInfo(user.name(), getName(), result);
}
Aggregations