Search in sources :

Example 1 with LockedAccountException

use of org.apache.shiro.authc.LockedAccountException in project qi4j-sdk by Qi4j.

the class StandaloneShiroTest method test.

@Test
public void test() {
    // get the currently executing user:
    Subject currentUser = SecurityUtils.getSubject();
    // Do some stuff with a Session (no need for a web or EJB container!!!)
    Session session = currentUser.getSession();
    session.setAttribute("someKey", "aValue");
    String value = (String) session.getAttribute("someKey");
    assertEquals("aValue", value);
    LOG.info("Retrieved the correct value! [" + value + "]");
    // let's login the current user so we can check against roles and permissions:
    if (!currentUser.isAuthenticated()) {
        UsernamePasswordToken token = new UsernamePasswordToken("lonestarr", "vespa");
        token.setRememberMe(true);
        try {
            currentUser.login(token);
        } catch (UnknownAccountException uae) {
            fail("There is no user with username of " + token.getPrincipal());
        } catch (IncorrectCredentialsException ice) {
            fail("Password for account " + token.getPrincipal() + " was incorrect!");
        } catch (LockedAccountException lae) {
            fail("The account for username " + token.getPrincipal() + " is locked.  " + "Please contact your administrator to unlock it.");
        }// ... catch more exceptions here (maybe custom ones specific to your application?
         catch (AuthenticationException ae) {
            //unexpected condition?  error?
            throw ae;
        }
    }
    //say who they are:
    //print their identifying principal (in this case, a username):
    assertNotNull(currentUser.getPrincipal());
    LOG.info("User [" + currentUser.getPrincipal() + "] logged in successfully.");
    //test a role:
    if (currentUser.hasRole("schwartz")) {
        LOG.info("May the Schwartz be with you!");
    } else {
        fail("Hello, mere mortal.");
    }
    //test a typed permission (not instance-level)
    if (currentUser.isPermitted("lightsaber:weild")) {
        LOG.info("You may use a lightsaber ring.  Use it wisely.");
    } else {
        fail("Sorry, lightsaber rings are for schwartz masters only.");
    }
    //a (very powerful) Instance Level permission:
    if (currentUser.isPermitted("winnebago:drive:eagle5")) {
        LOG.info("You are permitted to 'drive' the winnebago with license plate (id) 'eagle5'.  " + "Here are the keys - have fun!");
    } else {
        fail("Sorry, you aren't allowed to drive the 'eagle5' winnebago!");
    }
    //all done - log out!
    currentUser.logout();
}
Also used : IncorrectCredentialsException(org.apache.shiro.authc.IncorrectCredentialsException) AuthenticationException(org.apache.shiro.authc.AuthenticationException) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) Subject(org.apache.shiro.subject.Subject) LockedAccountException(org.apache.shiro.authc.LockedAccountException) Session(org.apache.shiro.session.Session) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) AbstractQi4jTest(org.qi4j.test.AbstractQi4jTest) Test(org.junit.Test)

Example 2 with LockedAccountException

use of org.apache.shiro.authc.LockedAccountException in project camel by apache.

the class ShiroSecurityProcessor method authenticateUser.

private void authenticateUser(Subject currentUser, ShiroSecurityToken securityToken) {
    boolean authenticated = currentUser.isAuthenticated();
    boolean sameUser = securityToken.getUsername().equals(currentUser.getPrincipal());
    LOG.trace("Authenticated: {}, same Username: {}", authenticated, sameUser);
    if (!authenticated || !sameUser) {
        UsernamePasswordToken token = new UsernamePasswordToken(securityToken.getUsername(), securityToken.getPassword());
        if (policy.isAlwaysReauthenticate()) {
            token.setRememberMe(false);
        } else {
            token.setRememberMe(true);
        }
        try {
            currentUser.login(token);
            LOG.debug("Current user {} successfully authenticated", currentUser.getPrincipal());
        } catch (UnknownAccountException uae) {
            throw new UnknownAccountException("Authentication Failed. There is no user with username of " + token.getPrincipal(), uae.getCause());
        } catch (IncorrectCredentialsException ice) {
            throw new IncorrectCredentialsException("Authentication Failed. Password for account " + token.getPrincipal() + " was incorrect!", ice.getCause());
        } catch (LockedAccountException lae) {
            throw new LockedAccountException("Authentication Failed. The account for username " + token.getPrincipal() + " is locked." + "Please contact your administrator to unlock it.", lae.getCause());
        } catch (AuthenticationException ae) {
            throw new AuthenticationException("Authentication Failed.", ae.getCause());
        }
    }
}
Also used : IncorrectCredentialsException(org.apache.shiro.authc.IncorrectCredentialsException) AuthenticationException(org.apache.shiro.authc.AuthenticationException) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) LockedAccountException(org.apache.shiro.authc.LockedAccountException) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)

Example 3 with LockedAccountException

use of org.apache.shiro.authc.LockedAccountException in project graylog2-server by Graylog2.

the class ShiroAuthenticationFilter method filter.

@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
    final SecurityContext securityContext = requestContext.getSecurityContext();
    if (securityContext instanceof ShiroSecurityContext) {
        final ShiroSecurityContext context = (ShiroSecurityContext) securityContext;
        final Subject subject = context.getSubject();
        LOG.trace("Authenticating... {}", subject);
        if (!subject.isAuthenticated()) {
            try {
                LOG.trace("Logging in {}", subject);
                context.loginSubject();
            } catch (LockedAccountException e) {
                LOG.debug("Unable to authenticate user, account is locked.", e);
                throw new NotAuthorizedException(e, "Basic realm=\"Graylog Server\"");
            } catch (AuthenticationException e) {
                LOG.debug("Unable to authenticate user.", e);
                throw new NotAuthorizedException(e, "Basic realm=\"Graylog Server\"");
            }
        }
    } else {
        throw new NotAuthorizedException("Basic realm=\"Graylog Server\"");
    }
}
Also used : AuthenticationException(org.apache.shiro.authc.AuthenticationException) SecurityContext(javax.ws.rs.core.SecurityContext) NotAuthorizedException(javax.ws.rs.NotAuthorizedException) Subject(org.apache.shiro.subject.Subject) LockedAccountException(org.apache.shiro.authc.LockedAccountException)

Example 4 with LockedAccountException

use of org.apache.shiro.authc.LockedAccountException in project graylog2-server by Graylog2.

the class SessionsResource method validateSession.

@GET
@ApiOperation(value = "Validate an existing session", notes = "Checks the session with the given ID: returns http status 204 (No Content) if session is valid.", code = 204)
public SessionValidationResponse validateSession(@Context ContainerRequestContext requestContext) {
    try {
        this.authenticationFilter.filter(requestContext);
    } catch (NotAuthorizedException | LockedAccountException | IOException e) {
        return SessionValidationResponse.invalid();
    }
    final Subject subject = getSubject();
    if (!subject.isAuthenticated()) {
        return SessionValidationResponse.invalid();
    }
    // there's no valid session, but the authenticator would like us to create one
    if (subject.getSession(false) == null && ShiroSecurityContext.isSessionCreationRequested()) {
        final Session session = subject.getSession();
        LOG.debug("Session created {}", session.getId());
        session.touch();
        // save subject in session, otherwise we can't get the username back in subsequent requests.
        ((DefaultSecurityManager) SecurityUtils.getSecurityManager()).getSubjectDAO().save(subject);
        return SessionValidationResponse.validWithNewSession(String.valueOf(session.getId()), String.valueOf(subject.getPrincipal()));
    }
    return SessionValidationResponse.valid();
}
Also used : NotAuthorizedException(javax.ws.rs.NotAuthorizedException) IOException(java.io.IOException) LockedAccountException(org.apache.shiro.authc.LockedAccountException) Subject(org.apache.shiro.subject.Subject) Session(org.apache.shiro.session.Session) GET(javax.ws.rs.GET) ApiOperation(io.swagger.annotations.ApiOperation)

Example 5 with LockedAccountException

use of org.apache.shiro.authc.LockedAccountException in project cas by apereo.

the class ShiroAuthenticationHandler method authenticateUsernamePasswordInternal.

@Override
protected HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential transformedCredential, final String originalPassword) throws GeneralSecurityException, PreventedException {
    try {
        final UsernamePasswordToken token = new UsernamePasswordToken(transformedCredential.getUsername(), transformedCredential.getPassword());
        if (transformedCredential instanceof RememberMeUsernamePasswordCredential) {
            token.setRememberMe(RememberMeUsernamePasswordCredential.class.cast(transformedCredential).isRememberMe());
        }
        final Subject currentUser = getCurrentExecutingSubject();
        currentUser.login(token);
        checkSubjectRolesAndPermissions(currentUser);
        return createAuthenticatedSubjectResult(transformedCredential, currentUser);
    } catch (final UnknownAccountException uae) {
        throw new AccountNotFoundException(uae.getMessage());
    } catch (final IncorrectCredentialsException ice) {
        throw new FailedLoginException(ice.getMessage());
    } catch (final LockedAccountException | ExcessiveAttemptsException lae) {
        throw new AccountLockedException(lae.getMessage());
    } catch (final ExpiredCredentialsException eae) {
        throw new CredentialExpiredException(eae.getMessage());
    } catch (final DisabledAccountException eae) {
        throw new AccountDisabledException(eae.getMessage());
    } catch (final AuthenticationException e) {
        throw new FailedLoginException(e.getMessage());
    }
}
Also used : DisabledAccountException(org.apache.shiro.authc.DisabledAccountException) IncorrectCredentialsException(org.apache.shiro.authc.IncorrectCredentialsException) AccountLockedException(javax.security.auth.login.AccountLockedException) AuthenticationException(org.apache.shiro.authc.AuthenticationException) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) ExcessiveAttemptsException(org.apache.shiro.authc.ExcessiveAttemptsException) Subject(org.apache.shiro.subject.Subject) ExpiredCredentialsException(org.apache.shiro.authc.ExpiredCredentialsException) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) FailedLoginException(javax.security.auth.login.FailedLoginException) AccountNotFoundException(javax.security.auth.login.AccountNotFoundException) CredentialExpiredException(javax.security.auth.login.CredentialExpiredException) RememberMeUsernamePasswordCredential(org.apereo.cas.authentication.RememberMeUsernamePasswordCredential) LockedAccountException(org.apache.shiro.authc.LockedAccountException) AccountDisabledException(org.apereo.cas.authentication.exceptions.AccountDisabledException)

Aggregations

LockedAccountException (org.apache.shiro.authc.LockedAccountException)5 AuthenticationException (org.apache.shiro.authc.AuthenticationException)4 Subject (org.apache.shiro.subject.Subject)4 IncorrectCredentialsException (org.apache.shiro.authc.IncorrectCredentialsException)3 UnknownAccountException (org.apache.shiro.authc.UnknownAccountException)3 UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)3 NotAuthorizedException (javax.ws.rs.NotAuthorizedException)2 Session (org.apache.shiro.session.Session)2 ApiOperation (io.swagger.annotations.ApiOperation)1 IOException (java.io.IOException)1 AccountLockedException (javax.security.auth.login.AccountLockedException)1 AccountNotFoundException (javax.security.auth.login.AccountNotFoundException)1 CredentialExpiredException (javax.security.auth.login.CredentialExpiredException)1 FailedLoginException (javax.security.auth.login.FailedLoginException)1 GET (javax.ws.rs.GET)1 SecurityContext (javax.ws.rs.core.SecurityContext)1 DisabledAccountException (org.apache.shiro.authc.DisabledAccountException)1 ExcessiveAttemptsException (org.apache.shiro.authc.ExcessiveAttemptsException)1 ExpiredCredentialsException (org.apache.shiro.authc.ExpiredCredentialsException)1 RememberMeUsernamePasswordCredential (org.apereo.cas.authentication.RememberMeUsernamePasswordCredential)1