Search in sources :

Example 1 with DisabledAccountException

use of org.apache.shiro.authc.DisabledAccountException in project cas by apereo.

the class ShiroAuthenticationHandler method authenticateUsernamePasswordInternal.

@Override
protected HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential transformedCredential, final String originalPassword) throws GeneralSecurityException, PreventedException {
    try {
        final UsernamePasswordToken token = new UsernamePasswordToken(transformedCredential.getUsername(), transformedCredential.getPassword());
        if (transformedCredential instanceof RememberMeUsernamePasswordCredential) {
            token.setRememberMe(RememberMeUsernamePasswordCredential.class.cast(transformedCredential).isRememberMe());
        }
        final Subject currentUser = getCurrentExecutingSubject();
        currentUser.login(token);
        checkSubjectRolesAndPermissions(currentUser);
        return createAuthenticatedSubjectResult(transformedCredential, currentUser);
    } catch (final UnknownAccountException uae) {
        throw new AccountNotFoundException(uae.getMessage());
    } catch (final IncorrectCredentialsException ice) {
        throw new FailedLoginException(ice.getMessage());
    } catch (final LockedAccountException | ExcessiveAttemptsException lae) {
        throw new AccountLockedException(lae.getMessage());
    } catch (final ExpiredCredentialsException eae) {
        throw new CredentialExpiredException(eae.getMessage());
    } catch (final DisabledAccountException eae) {
        throw new AccountDisabledException(eae.getMessage());
    } catch (final AuthenticationException e) {
        throw new FailedLoginException(e.getMessage());
    }
}
Also used : DisabledAccountException(org.apache.shiro.authc.DisabledAccountException) IncorrectCredentialsException(org.apache.shiro.authc.IncorrectCredentialsException) AccountLockedException(javax.security.auth.login.AccountLockedException) AuthenticationException(org.apache.shiro.authc.AuthenticationException) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) ExcessiveAttemptsException(org.apache.shiro.authc.ExcessiveAttemptsException) Subject(org.apache.shiro.subject.Subject) ExpiredCredentialsException(org.apache.shiro.authc.ExpiredCredentialsException) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) FailedLoginException(javax.security.auth.login.FailedLoginException) AccountNotFoundException(javax.security.auth.login.AccountNotFoundException) CredentialExpiredException(javax.security.auth.login.CredentialExpiredException) RememberMeUsernamePasswordCredential(org.apereo.cas.authentication.RememberMeUsernamePasswordCredential) LockedAccountException(org.apache.shiro.authc.LockedAccountException) AccountDisabledException(org.apereo.cas.authentication.exceptions.AccountDisabledException)

Example 2 with DisabledAccountException

use of org.apache.shiro.authc.DisabledAccountException in project neo4j by neo4j.

the class InternalFlatFileRealm method doGetAuthenticationInfo.

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    if (!authenticationEnabled) {
        return null;
    }
    ShiroAuthToken shiroAuthToken = (ShiroAuthToken) token;
    String username;
    String password;
    try {
        username = AuthToken.safeCast(AuthToken.PRINCIPAL, shiroAuthToken.getAuthTokenMap());
        password = AuthToken.safeCast(AuthToken.CREDENTIALS, shiroAuthToken.getAuthTokenMap());
    } catch (InvalidAuthTokenException e) {
        throw new UnsupportedTokenException(e);
    }
    User user = userRepository.getUserByName(username);
    if (user == null) {
        throw new UnknownAccountException();
    }
    AuthenticationResult result = authenticationStrategy.authenticate(user, password);
    switch(result) {
        case FAILURE:
            throw new IncorrectCredentialsException();
        case TOO_MANY_ATTEMPTS:
            throw new ExcessiveAttemptsException();
        default:
            break;
    }
    if (user.hasFlag(InternalFlatFileRealm.IS_SUSPENDED)) {
        throw new DisabledAccountException("User '" + user.name() + "' is suspended.");
    }
    if (user.passwordChangeRequired()) {
        result = AuthenticationResult.PASSWORD_CHANGE_REQUIRED;
    }
    // and we do not need to store hashed credentials in the AuthenticationInfo.
    return new ShiroAuthenticationInfo(user.name(), getName(), result);
}
Also used : DisabledAccountException(org.apache.shiro.authc.DisabledAccountException) IncorrectCredentialsException(org.apache.shiro.authc.IncorrectCredentialsException) User(org.neo4j.kernel.impl.security.User) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) ExcessiveAttemptsException(org.apache.shiro.authc.ExcessiveAttemptsException) UnsupportedTokenException(org.apache.shiro.authc.pam.UnsupportedTokenException) InvalidAuthTokenException(org.neo4j.kernel.api.security.exception.InvalidAuthTokenException) AuthenticationResult(org.neo4j.kernel.api.security.AuthenticationResult)

Aggregations

DisabledAccountException (org.apache.shiro.authc.DisabledAccountException)2 ExcessiveAttemptsException (org.apache.shiro.authc.ExcessiveAttemptsException)2 IncorrectCredentialsException (org.apache.shiro.authc.IncorrectCredentialsException)2 UnknownAccountException (org.apache.shiro.authc.UnknownAccountException)2 AccountLockedException (javax.security.auth.login.AccountLockedException)1 AccountNotFoundException (javax.security.auth.login.AccountNotFoundException)1 CredentialExpiredException (javax.security.auth.login.CredentialExpiredException)1 FailedLoginException (javax.security.auth.login.FailedLoginException)1 AuthenticationException (org.apache.shiro.authc.AuthenticationException)1 ExpiredCredentialsException (org.apache.shiro.authc.ExpiredCredentialsException)1 LockedAccountException (org.apache.shiro.authc.LockedAccountException)1 UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)1 UnsupportedTokenException (org.apache.shiro.authc.pam.UnsupportedTokenException)1 Subject (org.apache.shiro.subject.Subject)1 RememberMeUsernamePasswordCredential (org.apereo.cas.authentication.RememberMeUsernamePasswordCredential)1 AccountDisabledException (org.apereo.cas.authentication.exceptions.AccountDisabledException)1 AuthenticationResult (org.neo4j.kernel.api.security.AuthenticationResult)1 InvalidAuthTokenException (org.neo4j.kernel.api.security.exception.InvalidAuthTokenException)1 User (org.neo4j.kernel.impl.security.User)1