use of org.apache.shiro.authc.ExpiredCredentialsException in project wechat by dllwh.
the class ShiroHelper method login.
/**
* ----------------------------------------------------- Fields end
*/
public static AjaxJson login(String userName, String passWord) {
// 用户名密码令牌
UsernamePasswordToken token = new UsernamePasswordToken(userName, passWord);
token.setRememberMe(false);
String logMsg = "", resultMsg = "";
AjaxJson ajaxJson = new AjaxJson();
boolean suc = false;
// 获得当前登录用户对象Subject,现在状态为 “未认证”
Subject subject = SecurityUtils.getSubject();
try {
subject.login(token);
} catch (UnknownAccountException uae) {
logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,未知账户";
resultMsg = MessageConstant.LOGIN_USER_UNKNOWN;
} catch (IncorrectCredentialsException ice) {
logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,错误的凭证";
resultMsg = MessageConstant.LOGIN_USER_REEOE;
} catch (LockedAccountException lae) {
logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,账户已锁定";
resultMsg = MessageConstant.LOGIN_USER_LOCK;
} catch (DisabledAccountException dae) {
logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,帐号已被禁用";
resultMsg = MessageConstant.LOGIN_USER_DISABLED;
} catch (ExpiredCredentialsException ece) {
logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,帐号已过期";
resultMsg = MessageConstant.LOGIN_USER_EXPIRED;
} catch (ExcessiveAttemptsException eae) {
logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,用户名或密码错误次数过多";
resultMsg = MessageConstant.LOGIN_USER_MORE;
} catch (UnauthorizedException e) {
logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,您没有得到相应的授权!";
resultMsg = MessageConstant.LOGIN_USER_UNAUTHORIZED;
} catch (AuthenticationException ae) {
logMsg = "对用户[" + userName + "]进行登录验证..验证未通过," + ae.getMessage();
resultMsg = MessageConstant.LOGIN_ERROR;
}
if (subject.isAuthenticated()) {
logMsg = "对用户[" + userName + "]进行登录验证..验证通过";
suc = true;
} else {
token.clear();
}
ajaxJson.setSuccess(suc);
ajaxJson.setMsg(resultMsg);
ajaxJson.setObj(logMsg);
return ajaxJson;
}
use of org.apache.shiro.authc.ExpiredCredentialsException in project shiro by apache.
the class SimpleAccountRealm method doGetAuthenticationInfo.
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
SimpleAccount account = getUser(upToken.getUsername());
if (account != null) {
if (account.isLocked()) {
throw new LockedAccountException("Account [" + account + "] is locked.");
}
if (account.isCredentialsExpired()) {
String msg = "The credentials for account [" + account + "] are expired";
throw new ExpiredCredentialsException(msg);
}
}
return account;
}
use of org.apache.shiro.authc.ExpiredCredentialsException in project cas by apereo.
the class ShiroAuthenticationHandler method authenticateUsernamePasswordInternal.
@Override
protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential transformedCredential, final String originalPassword) throws GeneralSecurityException {
try {
val token = new UsernamePasswordToken(transformedCredential.getUsername(), transformedCredential.getPassword());
if (transformedCredential instanceof RememberMeUsernamePasswordCredential) {
token.setRememberMe(RememberMeUsernamePasswordCredential.class.cast(transformedCredential).isRememberMe());
}
val currentUser = getCurrentExecutingSubject();
currentUser.login(token);
checkSubjectRolesAndPermissions(currentUser);
val strategy = getPasswordPolicyHandlingStrategy();
val messageList = new ArrayList<MessageDescriptor>();
if (strategy != null) {
LOGGER.debug("Attempting to examine and handle password policy via [{}]", strategy.getClass().getSimpleName());
val principal = this.principalFactory.createPrincipal(token.getUsername());
messageList.addAll(strategy.handle(principal, getPasswordPolicyConfiguration()));
}
return createAuthenticatedSubjectResult(transformedCredential, currentUser, messageList);
} catch (final UnknownAccountException uae) {
throw new AccountNotFoundException(uae.getMessage());
} catch (final LockedAccountException | ExcessiveAttemptsException lae) {
throw new AccountLockedException(lae.getMessage());
} catch (final ExpiredCredentialsException eae) {
throw new CredentialExpiredException(eae.getMessage());
} catch (final DisabledAccountException eae) {
throw new AccountDisabledException(eae.getMessage());
} catch (final AuthenticationException ice) {
throw new FailedLoginException(ice.getMessage());
}
}
Aggregations