Search in sources :

Example 6 with IncorrectCredentialsException

use of org.apache.shiro.authc.IncorrectCredentialsException in project wechat by dllwh.

the class ShiroHelper method login.

/**
 * ----------------------------------------------------- Fields end
 */
public static AjaxJson login(String userName, String passWord) {
    // 用户名密码令牌
    UsernamePasswordToken token = new UsernamePasswordToken(userName, passWord);
    token.setRememberMe(false);
    String logMsg = "", resultMsg = "";
    AjaxJson ajaxJson = new AjaxJson();
    boolean suc = false;
    // 获得当前登录用户对象Subject,现在状态为 “未认证”
    Subject subject = SecurityUtils.getSubject();
    try {
        subject.login(token);
    } catch (UnknownAccountException uae) {
        logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,未知账户";
        resultMsg = MessageConstant.LOGIN_USER_UNKNOWN;
    } catch (IncorrectCredentialsException ice) {
        logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,错误的凭证";
        resultMsg = MessageConstant.LOGIN_USER_REEOE;
    } catch (LockedAccountException lae) {
        logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,账户已锁定";
        resultMsg = MessageConstant.LOGIN_USER_LOCK;
    } catch (DisabledAccountException dae) {
        logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,帐号已被禁用";
        resultMsg = MessageConstant.LOGIN_USER_DISABLED;
    } catch (ExpiredCredentialsException ece) {
        logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,帐号已过期";
        resultMsg = MessageConstant.LOGIN_USER_EXPIRED;
    } catch (ExcessiveAttemptsException eae) {
        logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,用户名或密码错误次数过多";
        resultMsg = MessageConstant.LOGIN_USER_MORE;
    } catch (UnauthorizedException e) {
        logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,您没有得到相应的授权!";
        resultMsg = MessageConstant.LOGIN_USER_UNAUTHORIZED;
    } catch (AuthenticationException ae) {
        logMsg = "对用户[" + userName + "]进行登录验证..验证未通过," + ae.getMessage();
        resultMsg = MessageConstant.LOGIN_ERROR;
    }
    if (subject.isAuthenticated()) {
        logMsg = "对用户[" + userName + "]进行登录验证..验证通过";
        suc = true;
    } else {
        token.clear();
    }
    ajaxJson.setSuccess(suc);
    ajaxJson.setMsg(resultMsg);
    ajaxJson.setObj(logMsg);
    return ajaxJson;
}
Also used : DisabledAccountException(org.apache.shiro.authc.DisabledAccountException) IncorrectCredentialsException(org.apache.shiro.authc.IncorrectCredentialsException) AuthenticationException(org.apache.shiro.authc.AuthenticationException) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) ExcessiveAttemptsException(org.apache.shiro.authc.ExcessiveAttemptsException) AjaxJson(com.cdeledu.common.base.AjaxJson) Subject(org.apache.shiro.subject.Subject) ExpiredCredentialsException(org.apache.shiro.authc.ExpiredCredentialsException) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) UnauthorizedException(org.apache.shiro.authz.UnauthorizedException) LockedAccountException(org.apache.shiro.authc.LockedAccountException)

Example 7 with IncorrectCredentialsException

use of org.apache.shiro.authc.IncorrectCredentialsException in project production_ssm by megagao.

the class LoginController method ajaxLogin.

/**
 * shiro ajax登录
 */
@RequestMapping(value = "/ajaxLogin")
@ResponseBody
public Map<String, Object> ajaxLogin(@RequestParam String username, @RequestParam String password, @RequestParam(required = false) String randomcode, HttpSession session) throws Exception {
    Map<String, Object> map = CollectionsFactory.newHashMap();
    if (randomcode != null && !randomcode.equals("")) {
        // 取出session的验证码(正确的验证码)
        String validateCode = (String) session.getAttribute(VALIDATE_CODE);
        // 页面中输入的验证和session中的验证进行对比
        if (validateCode != null && !randomcode.equals(validateCode)) {
            // 如果校验失败,将验证码错误失败信息放入map中
            map.put("msg", "randomcode_error");
            // 直接返回,不再校验账号和密码
            return map;
        }
    }
    Subject currentUser = SecurityUtils.getSubject();
    if (!currentUser.isAuthenticated()) {
        UsernamePasswordToken token = new UsernamePasswordToken(username, password);
        try {
            currentUser.login(token);
        } catch (UnknownAccountException ex) {
            map.put("msg", "account_error");
        } catch (IncorrectCredentialsException ex) {
            map.put("msg", "password_error");
        } catch (AuthenticationException ex) {
            map.put("msg", "authentication_error");
        }
    }
    // 返回json数据
    return map;
}
Also used : IncorrectCredentialsException(org.apache.shiro.authc.IncorrectCredentialsException) AuthenticationException(org.apache.shiro.authc.AuthenticationException) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) Subject(org.apache.shiro.subject.Subject) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) ResponseBody(org.springframework.web.bind.annotation.ResponseBody)

Example 8 with IncorrectCredentialsException

use of org.apache.shiro.authc.IncorrectCredentialsException in project neo4j by neo4j.

the class InternalFlatFileRealm method doGetAuthenticationInfo.

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    if (!authenticationEnabled) {
        return null;
    }
    ShiroAuthToken shiroAuthToken = (ShiroAuthToken) token;
    String username;
    String password;
    try {
        username = AuthToken.safeCast(AuthToken.PRINCIPAL, shiroAuthToken.getAuthTokenMap());
        password = AuthToken.safeCast(AuthToken.CREDENTIALS, shiroAuthToken.getAuthTokenMap());
    } catch (InvalidAuthTokenException e) {
        throw new UnsupportedTokenException(e);
    }
    User user = userRepository.getUserByName(username);
    if (user == null) {
        throw new UnknownAccountException();
    }
    AuthenticationResult result = authenticationStrategy.authenticate(user, password);
    switch(result) {
        case FAILURE:
            throw new IncorrectCredentialsException();
        case TOO_MANY_ATTEMPTS:
            throw new ExcessiveAttemptsException();
        default:
            break;
    }
    if (user.hasFlag(InternalFlatFileRealm.IS_SUSPENDED)) {
        throw new DisabledAccountException("User '" + user.name() + "' is suspended.");
    }
    if (user.passwordChangeRequired()) {
        result = AuthenticationResult.PASSWORD_CHANGE_REQUIRED;
    }
    // and we do not need to store hashed credentials in the AuthenticationInfo.
    return new ShiroAuthenticationInfo(user.name(), getName(), result);
}
Also used : DisabledAccountException(org.apache.shiro.authc.DisabledAccountException) IncorrectCredentialsException(org.apache.shiro.authc.IncorrectCredentialsException) User(org.neo4j.kernel.impl.security.User) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) ExcessiveAttemptsException(org.apache.shiro.authc.ExcessiveAttemptsException) UnsupportedTokenException(org.apache.shiro.authc.pam.UnsupportedTokenException) InvalidAuthTokenException(org.neo4j.kernel.api.security.exception.InvalidAuthTokenException) AuthenticationResult(org.neo4j.kernel.api.security.AuthenticationResult)

Example 9 with IncorrectCredentialsException

use of org.apache.shiro.authc.IncorrectCredentialsException in project Workload by amoxu.

the class CustomExceptionResolver method resolveException.

public ModelAndView resolveException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) {
    ModelAndView modelAndView = new ModelAndView();
    com.hfut.exception.CustomException customException;
    e.printStackTrace();
    if (e instanceof CustomException) {
        customException = (CustomException) e;
    } else if (e instanceof UnknownAccountException) {
        // 用户名错误异常
        modelAndView.addObject("message", "{\"status\":1,\"msg\":\"用户不存在\"}");
        modelAndView.setViewName("error");
        return modelAndView;
    } else if (e instanceof IncorrectCredentialsException) {
        // 用户名密码异常
        modelAndView.addObject("message", "{\"status\":1,\"msg\":\"密码错误\"}");
        modelAndView.setViewName("error");
        return modelAndView;
    } else if (e instanceof NullPointerException) {
        customException = new com.hfut.exception.CustomException("必填选项不能为空!");
        e.printStackTrace();
    } else {
        customException = new com.hfut.exception.CustomException("未知错误");
        e.printStackTrace();
    }
    // 错误信息
    String message = customException.getMessage();
    // 错误信息传递和错误页面跳转
    modelAndView.addObject("message", message);
    modelAndView.setViewName("error");
    return modelAndView;
}
Also used : IncorrectCredentialsException(org.apache.shiro.authc.IncorrectCredentialsException) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) ModelAndView(org.springframework.web.servlet.ModelAndView)

Example 10 with IncorrectCredentialsException

use of org.apache.shiro.authc.IncorrectCredentialsException in project springBoot-learn-demo by nbfujx.

the class LoginControllerImpl method ajaxLogin.

/**
 * 登录方法
 * @param name
 * @param password
 * @return
 */
@RequestMapping(value = "/login", method = RequestMethod.POST)
@ResponseBody
public String ajaxLogin(String name, String password) {
    JSONObject jsonObject = new JSONObject();
    Subject subject = SecurityUtils.getSubject();
    String passwordmd5 = new Md5Hash(password, "2").toString();
    UsernamePasswordToken token = new UsernamePasswordToken(name, passwordmd5);
    try {
        subject.login(token);
        jsonObject.put("token", subject.getSession().getId());
        jsonObject.put("msg", "登录成功");
    } catch (IncorrectCredentialsException e) {
        jsonObject.put("msg", "密码错误");
    } catch (AuthenticationException e) {
        jsonObject.put("msg", "该用户不存在");
    } catch (Exception e) {
        e.printStackTrace();
    }
    return jsonObject.toString();
}
Also used : IncorrectCredentialsException(org.apache.shiro.authc.IncorrectCredentialsException) JSONObject(com.alibaba.fastjson.JSONObject) AuthenticationException(org.apache.shiro.authc.AuthenticationException) Md5Hash(org.apache.shiro.crypto.hash.Md5Hash) Subject(org.apache.shiro.subject.Subject) AuthenticationException(org.apache.shiro.authc.AuthenticationException) IncorrectCredentialsException(org.apache.shiro.authc.IncorrectCredentialsException) LockedAccountException(org.apache.shiro.authc.LockedAccountException) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) ResponseBody(org.springframework.web.bind.annotation.ResponseBody)

Aggregations

IncorrectCredentialsException (org.apache.shiro.authc.IncorrectCredentialsException)11 UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)9 UnknownAccountException (org.apache.shiro.authc.UnknownAccountException)7 Subject (org.apache.shiro.subject.Subject)7 AuthenticationException (org.apache.shiro.authc.AuthenticationException)5 LockedAccountException (org.apache.shiro.authc.LockedAccountException)5 DisabledAccountException (org.apache.shiro.authc.DisabledAccountException)2 ExcessiveAttemptsException (org.apache.shiro.authc.ExcessiveAttemptsException)2 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)2 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)2 JSONObject (com.alibaba.fastjson.JSONObject)1 AjaxJson (com.cdeledu.common.base.AjaxJson)1 Users (io.github.tesla.authz.domain.Users)1 AccountException (org.apache.shiro.authc.AccountException)1 ExpiredCredentialsException (org.apache.shiro.authc.ExpiredCredentialsException)1 SimpleAuthenticationInfo (org.apache.shiro.authc.SimpleAuthenticationInfo)1 UnsupportedTokenException (org.apache.shiro.authc.pam.UnsupportedTokenException)1 UnauthorizedException (org.apache.shiro.authz.UnauthorizedException)1 Md5Hash (org.apache.shiro.crypto.hash.Md5Hash)1 Session (org.apache.shiro.session.Session)1