use of org.apache.shiro.authc.IncorrectCredentialsException in project wechat by dllwh.
the class ShiroHelper method login.
/**
* ----------------------------------------------------- Fields end
*/
public static AjaxJson login(String userName, String passWord) {
// 用户名密码令牌
UsernamePasswordToken token = new UsernamePasswordToken(userName, passWord);
token.setRememberMe(false);
String logMsg = "", resultMsg = "";
AjaxJson ajaxJson = new AjaxJson();
boolean suc = false;
// 获得当前登录用户对象Subject,现在状态为 “未认证”
Subject subject = SecurityUtils.getSubject();
try {
subject.login(token);
} catch (UnknownAccountException uae) {
logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,未知账户";
resultMsg = MessageConstant.LOGIN_USER_UNKNOWN;
} catch (IncorrectCredentialsException ice) {
logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,错误的凭证";
resultMsg = MessageConstant.LOGIN_USER_REEOE;
} catch (LockedAccountException lae) {
logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,账户已锁定";
resultMsg = MessageConstant.LOGIN_USER_LOCK;
} catch (DisabledAccountException dae) {
logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,帐号已被禁用";
resultMsg = MessageConstant.LOGIN_USER_DISABLED;
} catch (ExpiredCredentialsException ece) {
logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,帐号已过期";
resultMsg = MessageConstant.LOGIN_USER_EXPIRED;
} catch (ExcessiveAttemptsException eae) {
logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,用户名或密码错误次数过多";
resultMsg = MessageConstant.LOGIN_USER_MORE;
} catch (UnauthorizedException e) {
logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,您没有得到相应的授权!";
resultMsg = MessageConstant.LOGIN_USER_UNAUTHORIZED;
} catch (AuthenticationException ae) {
logMsg = "对用户[" + userName + "]进行登录验证..验证未通过," + ae.getMessage();
resultMsg = MessageConstant.LOGIN_ERROR;
}
if (subject.isAuthenticated()) {
logMsg = "对用户[" + userName + "]进行登录验证..验证通过";
suc = true;
} else {
token.clear();
}
ajaxJson.setSuccess(suc);
ajaxJson.setMsg(resultMsg);
ajaxJson.setObj(logMsg);
return ajaxJson;
}
use of org.apache.shiro.authc.IncorrectCredentialsException in project production_ssm by megagao.
the class LoginController method ajaxLogin.
/**
* shiro ajax登录
*/
@RequestMapping(value = "/ajaxLogin")
@ResponseBody
public Map<String, Object> ajaxLogin(@RequestParam String username, @RequestParam String password, @RequestParam(required = false) String randomcode, HttpSession session) throws Exception {
Map<String, Object> map = CollectionsFactory.newHashMap();
if (randomcode != null && !randomcode.equals("")) {
// 取出session的验证码(正确的验证码)
String validateCode = (String) session.getAttribute(VALIDATE_CODE);
// 页面中输入的验证和session中的验证进行对比
if (validateCode != null && !randomcode.equals(validateCode)) {
// 如果校验失败,将验证码错误失败信息放入map中
map.put("msg", "randomcode_error");
// 直接返回,不再校验账号和密码
return map;
}
}
Subject currentUser = SecurityUtils.getSubject();
if (!currentUser.isAuthenticated()) {
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
try {
currentUser.login(token);
} catch (UnknownAccountException ex) {
map.put("msg", "account_error");
} catch (IncorrectCredentialsException ex) {
map.put("msg", "password_error");
} catch (AuthenticationException ex) {
map.put("msg", "authentication_error");
}
}
// 返回json数据
return map;
}
use of org.apache.shiro.authc.IncorrectCredentialsException in project neo4j by neo4j.
the class InternalFlatFileRealm method doGetAuthenticationInfo.
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
if (!authenticationEnabled) {
return null;
}
ShiroAuthToken shiroAuthToken = (ShiroAuthToken) token;
String username;
String password;
try {
username = AuthToken.safeCast(AuthToken.PRINCIPAL, shiroAuthToken.getAuthTokenMap());
password = AuthToken.safeCast(AuthToken.CREDENTIALS, shiroAuthToken.getAuthTokenMap());
} catch (InvalidAuthTokenException e) {
throw new UnsupportedTokenException(e);
}
User user = userRepository.getUserByName(username);
if (user == null) {
throw new UnknownAccountException();
}
AuthenticationResult result = authenticationStrategy.authenticate(user, password);
switch(result) {
case FAILURE:
throw new IncorrectCredentialsException();
case TOO_MANY_ATTEMPTS:
throw new ExcessiveAttemptsException();
default:
break;
}
if (user.hasFlag(InternalFlatFileRealm.IS_SUSPENDED)) {
throw new DisabledAccountException("User '" + user.name() + "' is suspended.");
}
if (user.passwordChangeRequired()) {
result = AuthenticationResult.PASSWORD_CHANGE_REQUIRED;
}
// and we do not need to store hashed credentials in the AuthenticationInfo.
return new ShiroAuthenticationInfo(user.name(), getName(), result);
}
use of org.apache.shiro.authc.IncorrectCredentialsException in project Workload by amoxu.
the class CustomExceptionResolver method resolveException.
public ModelAndView resolveException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) {
ModelAndView modelAndView = new ModelAndView();
com.hfut.exception.CustomException customException;
e.printStackTrace();
if (e instanceof CustomException) {
customException = (CustomException) e;
} else if (e instanceof UnknownAccountException) {
// 用户名错误异常
modelAndView.addObject("message", "{\"status\":1,\"msg\":\"用户不存在\"}");
modelAndView.setViewName("error");
return modelAndView;
} else if (e instanceof IncorrectCredentialsException) {
// 用户名密码异常
modelAndView.addObject("message", "{\"status\":1,\"msg\":\"密码错误\"}");
modelAndView.setViewName("error");
return modelAndView;
} else if (e instanceof NullPointerException) {
customException = new com.hfut.exception.CustomException("必填选项不能为空!");
e.printStackTrace();
} else {
customException = new com.hfut.exception.CustomException("未知错误");
e.printStackTrace();
}
// 错误信息
String message = customException.getMessage();
// 错误信息传递和错误页面跳转
modelAndView.addObject("message", message);
modelAndView.setViewName("error");
return modelAndView;
}
use of org.apache.shiro.authc.IncorrectCredentialsException in project springBoot-learn-demo by nbfujx.
the class LoginControllerImpl method ajaxLogin.
/**
* 登录方法
* @param name
* @param password
* @return
*/
@RequestMapping(value = "/login", method = RequestMethod.POST)
@ResponseBody
public String ajaxLogin(String name, String password) {
JSONObject jsonObject = new JSONObject();
Subject subject = SecurityUtils.getSubject();
String passwordmd5 = new Md5Hash(password, "2").toString();
UsernamePasswordToken token = new UsernamePasswordToken(name, passwordmd5);
try {
subject.login(token);
jsonObject.put("token", subject.getSession().getId());
jsonObject.put("msg", "登录成功");
} catch (IncorrectCredentialsException e) {
jsonObject.put("msg", "密码错误");
} catch (AuthenticationException e) {
jsonObject.put("msg", "该用户不存在");
} catch (Exception e) {
e.printStackTrace();
}
return jsonObject.toString();
}
Aggregations