Search in sources :

Example 1 with ExcessiveAttemptsException

use of org.apache.shiro.authc.ExcessiveAttemptsException in project neo4j by neo4j.

the class MultiRealmAuthManager method login.

@Override
public EnterpriseSecurityContext login(Map<String, Object> authToken) throws InvalidAuthTokenException {
    EnterpriseSecurityContext securityContext;
    ShiroAuthToken token = new ShiroAuthToken(authToken);
    assertValidScheme(token);
    try {
        securityContext = new StandardEnterpriseSecurityContext(this, (ShiroSubject) securityManager.login(null, token));
        if (logSuccessfulLogin) {
            securityLog.info(securityContext, "logged in");
        }
    } catch (UnsupportedTokenException e) {
        securityLog.error("Unknown user failed to log in: %s", e.getMessage());
        Throwable cause = e.getCause();
        if (cause != null && cause instanceof InvalidAuthTokenException) {
            throw new InvalidAuthTokenException(cause.getMessage() + ": " + token);
        }
        throw invalidToken(": " + token);
    } catch (ExcessiveAttemptsException e) {
        // NOTE: We only get this with single (internal) realm authentication
        securityContext = new StandardEnterpriseSecurityContext(this, new ShiroSubject(securityManager, AuthenticationResult.TOO_MANY_ATTEMPTS));
        securityLog.error("[%s]: failed to log in: too many failed attempts", escape(token.getPrincipal().toString()));
    } catch (AuthenticationException e) {
        if (e.getCause() != null && e.getCause() instanceof AuthProviderTimeoutException) {
            securityLog.error("[%s]: failed to log in: auth server timeout", escape(token.getPrincipal().toString()));
            throw new AuthProviderTimeoutException(e.getCause().getMessage(), e.getCause());
        }
        securityContext = new StandardEnterpriseSecurityContext(this, new ShiroSubject(securityManager, AuthenticationResult.FAILURE));
        securityLog.error("[%s]: failed to log in: invalid principal or credentials", escape(token.getPrincipal().toString()));
    }
    return securityContext;
}
Also used : EnterpriseSecurityContext(org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext) AuthenticationException(org.apache.shiro.authc.AuthenticationException) ExcessiveAttemptsException(org.apache.shiro.authc.ExcessiveAttemptsException) AuthProviderTimeoutException(org.neo4j.graphdb.security.AuthProviderTimeoutException) UnsupportedTokenException(org.apache.shiro.authc.pam.UnsupportedTokenException) InvalidAuthTokenException(org.neo4j.kernel.api.security.exception.InvalidAuthTokenException)

Example 2 with ExcessiveAttemptsException

use of org.apache.shiro.authc.ExcessiveAttemptsException in project wechat by dllwh.

the class ShiroHelper method login.

/**
 * ----------------------------------------------------- Fields end
 */
public static AjaxJson login(String userName, String passWord) {
    // 用户名密码令牌
    UsernamePasswordToken token = new UsernamePasswordToken(userName, passWord);
    token.setRememberMe(false);
    String logMsg = "", resultMsg = "";
    AjaxJson ajaxJson = new AjaxJson();
    boolean suc = false;
    // 获得当前登录用户对象Subject,现在状态为 “未认证”
    Subject subject = SecurityUtils.getSubject();
    try {
        subject.login(token);
    } catch (UnknownAccountException uae) {
        logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,未知账户";
        resultMsg = MessageConstant.LOGIN_USER_UNKNOWN;
    } catch (IncorrectCredentialsException ice) {
        logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,错误的凭证";
        resultMsg = MessageConstant.LOGIN_USER_REEOE;
    } catch (LockedAccountException lae) {
        logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,账户已锁定";
        resultMsg = MessageConstant.LOGIN_USER_LOCK;
    } catch (DisabledAccountException dae) {
        logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,帐号已被禁用";
        resultMsg = MessageConstant.LOGIN_USER_DISABLED;
    } catch (ExpiredCredentialsException ece) {
        logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,帐号已过期";
        resultMsg = MessageConstant.LOGIN_USER_EXPIRED;
    } catch (ExcessiveAttemptsException eae) {
        logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,用户名或密码错误次数过多";
        resultMsg = MessageConstant.LOGIN_USER_MORE;
    } catch (UnauthorizedException e) {
        logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,您没有得到相应的授权!";
        resultMsg = MessageConstant.LOGIN_USER_UNAUTHORIZED;
    } catch (AuthenticationException ae) {
        logMsg = "对用户[" + userName + "]进行登录验证..验证未通过," + ae.getMessage();
        resultMsg = MessageConstant.LOGIN_ERROR;
    }
    if (subject.isAuthenticated()) {
        logMsg = "对用户[" + userName + "]进行登录验证..验证通过";
        suc = true;
    } else {
        token.clear();
    }
    ajaxJson.setSuccess(suc);
    ajaxJson.setMsg(resultMsg);
    ajaxJson.setObj(logMsg);
    return ajaxJson;
}
Also used : DisabledAccountException(org.apache.shiro.authc.DisabledAccountException) IncorrectCredentialsException(org.apache.shiro.authc.IncorrectCredentialsException) AuthenticationException(org.apache.shiro.authc.AuthenticationException) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) ExcessiveAttemptsException(org.apache.shiro.authc.ExcessiveAttemptsException) AjaxJson(com.cdeledu.common.base.AjaxJson) Subject(org.apache.shiro.subject.Subject) ExpiredCredentialsException(org.apache.shiro.authc.ExpiredCredentialsException) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) UnauthorizedException(org.apache.shiro.authz.UnauthorizedException) LockedAccountException(org.apache.shiro.authc.LockedAccountException)

Example 3 with ExcessiveAttemptsException

use of org.apache.shiro.authc.ExcessiveAttemptsException in project wechat by dllwh.

the class ShiroRealm method doGetAuthenticationInfo.

/**
 * @方法描述: 验证当前登录的Subject
 * @说明: 该方法的调用时机为LoginController.login()方法中执行Subject.login()时
 * @param token
 * @return
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authtoken) throws AuthenticationException {
    UsernamePasswordToken token = (UsernamePasswordToken) authtoken;
    // ① 获取当前登录的用户名
    String currentUsername = token.getUsername();
    String passWord = String.valueOf(token.getPassword());
    SysUser sysUser = new SysUser();
    SysUser currentUser = null;
    SimpleAuthenticationInfo authcInfo = null;
    try {
        sysUser.setUserName(currentUsername);
        int userCount = userService.getCountForJdbcParam(sysUser);
        if (userCount <= 0) {
            throw new UnknownAccountException();
        }
        currentUser = userService.checkUserExits(currentUsername, passWord);
    } catch (Exception e) {
        throw new UnknownAccountException();
    }
    if (currentUser != null) {
        // 账号未通过审核
        if (currentUser.getIfEnabled() != 1) {
            throw new DisabledAccountException();
        }
        // 账号未通过审核
        if (currentUser.getIfVisible() != 1) {
            throw new DisabledAccountException("账号未通过审核");
        }
        // 账号不允许登录
        if (currentUser.getLoginFlag() != 1) {
            throw new AuthenticationException("账号不允许登录");
        }
        // 账号被锁定
        if (currentUser.getIfLocked() != 1) {
            throw new ExcessiveAttemptsException("账号被锁定");
        }
        WebUtilHelper.setCurrentLoginUser(currentUser);
        authcInfo = new SimpleAuthenticationInfo(currentUser, currentUser.getPassword(), getName());
    } else {
        throw new LockedAccountException("用户名或密码错误");
    }
    return authcInfo;
}
Also used : DisabledAccountException(org.apache.shiro.authc.DisabledAccountException) SysUser(com.cdeledu.model.rbac.SysUser) SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo) AuthenticationException(org.apache.shiro.authc.AuthenticationException) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) ExcessiveAttemptsException(org.apache.shiro.authc.ExcessiveAttemptsException) AuthenticationException(org.apache.shiro.authc.AuthenticationException) DisabledAccountException(org.apache.shiro.authc.DisabledAccountException) ExcessiveAttemptsException(org.apache.shiro.authc.ExcessiveAttemptsException) LockedAccountException(org.apache.shiro.authc.LockedAccountException) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) LockedAccountException(org.apache.shiro.authc.LockedAccountException) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)

Example 4 with ExcessiveAttemptsException

use of org.apache.shiro.authc.ExcessiveAttemptsException in project neo4j by neo4j.

the class InternalFlatFileRealm method doGetAuthenticationInfo.

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    if (!authenticationEnabled) {
        return null;
    }
    ShiroAuthToken shiroAuthToken = (ShiroAuthToken) token;
    String username;
    String password;
    try {
        username = AuthToken.safeCast(AuthToken.PRINCIPAL, shiroAuthToken.getAuthTokenMap());
        password = AuthToken.safeCast(AuthToken.CREDENTIALS, shiroAuthToken.getAuthTokenMap());
    } catch (InvalidAuthTokenException e) {
        throw new UnsupportedTokenException(e);
    }
    User user = userRepository.getUserByName(username);
    if (user == null) {
        throw new UnknownAccountException();
    }
    AuthenticationResult result = authenticationStrategy.authenticate(user, password);
    switch(result) {
        case FAILURE:
            throw new IncorrectCredentialsException();
        case TOO_MANY_ATTEMPTS:
            throw new ExcessiveAttemptsException();
        default:
            break;
    }
    if (user.hasFlag(InternalFlatFileRealm.IS_SUSPENDED)) {
        throw new DisabledAccountException("User '" + user.name() + "' is suspended.");
    }
    if (user.passwordChangeRequired()) {
        result = AuthenticationResult.PASSWORD_CHANGE_REQUIRED;
    }
    // and we do not need to store hashed credentials in the AuthenticationInfo.
    return new ShiroAuthenticationInfo(user.name(), getName(), result);
}
Also used : DisabledAccountException(org.apache.shiro.authc.DisabledAccountException) IncorrectCredentialsException(org.apache.shiro.authc.IncorrectCredentialsException) User(org.neo4j.kernel.impl.security.User) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) ExcessiveAttemptsException(org.apache.shiro.authc.ExcessiveAttemptsException) UnsupportedTokenException(org.apache.shiro.authc.pam.UnsupportedTokenException) InvalidAuthTokenException(org.neo4j.kernel.api.security.exception.InvalidAuthTokenException) AuthenticationResult(org.neo4j.kernel.api.security.AuthenticationResult)

Example 5 with ExcessiveAttemptsException

use of org.apache.shiro.authc.ExcessiveAttemptsException in project cas by apereo.

the class ShiroAuthenticationHandler method authenticateUsernamePasswordInternal.

@Override
protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential transformedCredential, final String originalPassword) throws GeneralSecurityException {
    try {
        final UsernamePasswordToken token = new UsernamePasswordToken(transformedCredential.getUsername(), transformedCredential.getPassword());
        if (transformedCredential instanceof RememberMeUsernamePasswordCredential) {
            token.setRememberMe(RememberMeUsernamePasswordCredential.class.cast(transformedCredential).isRememberMe());
        }
        final Subject currentUser = getCurrentExecutingSubject();
        currentUser.login(token);
        checkSubjectRolesAndPermissions(currentUser);
        return createAuthenticatedSubjectResult(transformedCredential, currentUser);
    } catch (final UnknownAccountException uae) {
        throw new AccountNotFoundException(uae.getMessage());
    } catch (final IncorrectCredentialsException ice) {
        throw new FailedLoginException(ice.getMessage());
    } catch (final LockedAccountException | ExcessiveAttemptsException lae) {
        throw new AccountLockedException(lae.getMessage());
    } catch (final ExpiredCredentialsException eae) {
        throw new CredentialExpiredException(eae.getMessage());
    } catch (final DisabledAccountException eae) {
        throw new AccountDisabledException(eae.getMessage());
    } catch (final AuthenticationException e) {
        throw new FailedLoginException(e.getMessage());
    }
}
Also used : DisabledAccountException(org.apache.shiro.authc.DisabledAccountException) IncorrectCredentialsException(org.apache.shiro.authc.IncorrectCredentialsException) AccountLockedException(javax.security.auth.login.AccountLockedException) AuthenticationException(org.apache.shiro.authc.AuthenticationException) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) ExcessiveAttemptsException(org.apache.shiro.authc.ExcessiveAttemptsException) Subject(org.apache.shiro.subject.Subject) ExpiredCredentialsException(org.apache.shiro.authc.ExpiredCredentialsException) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) FailedLoginException(javax.security.auth.login.FailedLoginException) AccountNotFoundException(javax.security.auth.login.AccountNotFoundException) CredentialExpiredException(javax.security.auth.login.CredentialExpiredException) RememberMeUsernamePasswordCredential(org.apereo.cas.authentication.RememberMeUsernamePasswordCredential) LockedAccountException(org.apache.shiro.authc.LockedAccountException) AccountDisabledException(org.apereo.cas.authentication.exceptions.AccountDisabledException)

Aggregations

ExcessiveAttemptsException (org.apache.shiro.authc.ExcessiveAttemptsException)5 AuthenticationException (org.apache.shiro.authc.AuthenticationException)4 DisabledAccountException (org.apache.shiro.authc.DisabledAccountException)4 UnknownAccountException (org.apache.shiro.authc.UnknownAccountException)4 IncorrectCredentialsException (org.apache.shiro.authc.IncorrectCredentialsException)3 LockedAccountException (org.apache.shiro.authc.LockedAccountException)3 UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)3 ExpiredCredentialsException (org.apache.shiro.authc.ExpiredCredentialsException)2 UnsupportedTokenException (org.apache.shiro.authc.pam.UnsupportedTokenException)2 Subject (org.apache.shiro.subject.Subject)2 InvalidAuthTokenException (org.neo4j.kernel.api.security.exception.InvalidAuthTokenException)2 AjaxJson (com.cdeledu.common.base.AjaxJson)1 SysUser (com.cdeledu.model.rbac.SysUser)1 AccountLockedException (javax.security.auth.login.AccountLockedException)1 AccountNotFoundException (javax.security.auth.login.AccountNotFoundException)1 CredentialExpiredException (javax.security.auth.login.CredentialExpiredException)1 FailedLoginException (javax.security.auth.login.FailedLoginException)1 SimpleAuthenticationInfo (org.apache.shiro.authc.SimpleAuthenticationInfo)1 UnauthorizedException (org.apache.shiro.authz.UnauthorizedException)1 RememberMeUsernamePasswordCredential (org.apereo.cas.authentication.RememberMeUsernamePasswordCredential)1