use of org.apache.shiro.authc.LockedAccountException in project qi4j-sdk by Qi4j.
the class StandaloneShiroTest method test.
@Test
public void test() {
// get the currently executing user:
Subject currentUser = SecurityUtils.getSubject();
// Do some stuff with a Session (no need for a web or EJB container!!!)
Session session = currentUser.getSession();
session.setAttribute("someKey", "aValue");
String value = (String) session.getAttribute("someKey");
assertEquals("aValue", value);
LOG.info("Retrieved the correct value! [" + value + "]");
// let's login the current user so we can check against roles and permissions:
if (!currentUser.isAuthenticated()) {
UsernamePasswordToken token = new UsernamePasswordToken("lonestarr", "vespa");
token.setRememberMe(true);
try {
currentUser.login(token);
} catch (UnknownAccountException uae) {
fail("There is no user with username of " + token.getPrincipal());
} catch (IncorrectCredentialsException ice) {
fail("Password for account " + token.getPrincipal() + " was incorrect!");
} catch (LockedAccountException lae) {
fail("The account for username " + token.getPrincipal() + " is locked. " + "Please contact your administrator to unlock it.");
}// ... catch more exceptions here (maybe custom ones specific to your application?
catch (AuthenticationException ae) {
//unexpected condition? error?
throw ae;
}
}
//say who they are:
//print their identifying principal (in this case, a username):
assertNotNull(currentUser.getPrincipal());
LOG.info("User [" + currentUser.getPrincipal() + "] logged in successfully.");
//test a role:
if (currentUser.hasRole("schwartz")) {
LOG.info("May the Schwartz be with you!");
} else {
fail("Hello, mere mortal.");
}
//test a typed permission (not instance-level)
if (currentUser.isPermitted("lightsaber:weild")) {
LOG.info("You may use a lightsaber ring. Use it wisely.");
} else {
fail("Sorry, lightsaber rings are for schwartz masters only.");
}
//a (very powerful) Instance Level permission:
if (currentUser.isPermitted("winnebago:drive:eagle5")) {
LOG.info("You are permitted to 'drive' the winnebago with license plate (id) 'eagle5'. " + "Here are the keys - have fun!");
} else {
fail("Sorry, you aren't allowed to drive the 'eagle5' winnebago!");
}
//all done - log out!
currentUser.logout();
}
use of org.apache.shiro.authc.LockedAccountException in project camel by apache.
the class ShiroSecurityProcessor method authenticateUser.
private void authenticateUser(Subject currentUser, ShiroSecurityToken securityToken) {
boolean authenticated = currentUser.isAuthenticated();
boolean sameUser = securityToken.getUsername().equals(currentUser.getPrincipal());
LOG.trace("Authenticated: {}, same Username: {}", authenticated, sameUser);
if (!authenticated || !sameUser) {
UsernamePasswordToken token = new UsernamePasswordToken(securityToken.getUsername(), securityToken.getPassword());
if (policy.isAlwaysReauthenticate()) {
token.setRememberMe(false);
} else {
token.setRememberMe(true);
}
try {
currentUser.login(token);
LOG.debug("Current user {} successfully authenticated", currentUser.getPrincipal());
} catch (UnknownAccountException uae) {
throw new UnknownAccountException("Authentication Failed. There is no user with username of " + token.getPrincipal(), uae.getCause());
} catch (IncorrectCredentialsException ice) {
throw new IncorrectCredentialsException("Authentication Failed. Password for account " + token.getPrincipal() + " was incorrect!", ice.getCause());
} catch (LockedAccountException lae) {
throw new LockedAccountException("Authentication Failed. The account for username " + token.getPrincipal() + " is locked." + "Please contact your administrator to unlock it.", lae.getCause());
} catch (AuthenticationException ae) {
throw new AuthenticationException("Authentication Failed.", ae.getCause());
}
}
}
use of org.apache.shiro.authc.LockedAccountException in project graylog2-server by Graylog2.
the class ShiroAuthenticationFilter method filter.
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
final SecurityContext securityContext = requestContext.getSecurityContext();
if (securityContext instanceof ShiroSecurityContext) {
final ShiroSecurityContext context = (ShiroSecurityContext) securityContext;
final Subject subject = context.getSubject();
LOG.trace("Authenticating... {}", subject);
if (!subject.isAuthenticated()) {
try {
LOG.trace("Logging in {}", subject);
context.loginSubject();
} catch (LockedAccountException e) {
LOG.debug("Unable to authenticate user, account is locked.", e);
throw new NotAuthorizedException(e, "Basic realm=\"Graylog Server\"");
} catch (AuthenticationException e) {
LOG.debug("Unable to authenticate user.", e);
throw new NotAuthorizedException(e, "Basic realm=\"Graylog Server\"");
}
}
} else {
throw new NotAuthorizedException("Basic realm=\"Graylog Server\"");
}
}
use of org.apache.shiro.authc.LockedAccountException in project graylog2-server by Graylog2.
the class SessionsResource method validateSession.
@GET
@ApiOperation(value = "Validate an existing session", notes = "Checks the session with the given ID: returns http status 204 (No Content) if session is valid.", code = 204)
public SessionValidationResponse validateSession(@Context ContainerRequestContext requestContext) {
try {
this.authenticationFilter.filter(requestContext);
} catch (NotAuthorizedException | LockedAccountException | IOException e) {
return SessionValidationResponse.invalid();
}
final Subject subject = getSubject();
if (!subject.isAuthenticated()) {
return SessionValidationResponse.invalid();
}
// there's no valid session, but the authenticator would like us to create one
if (subject.getSession(false) == null && ShiroSecurityContext.isSessionCreationRequested()) {
final Session session = subject.getSession();
LOG.debug("Session created {}", session.getId());
session.touch();
// save subject in session, otherwise we can't get the username back in subsequent requests.
((DefaultSecurityManager) SecurityUtils.getSecurityManager()).getSubjectDAO().save(subject);
return SessionValidationResponse.validWithNewSession(String.valueOf(session.getId()), String.valueOf(subject.getPrincipal()));
}
return SessionValidationResponse.valid();
}
use of org.apache.shiro.authc.LockedAccountException in project cas by apereo.
the class ShiroAuthenticationHandler method authenticateUsernamePasswordInternal.
@Override
protected HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential transformedCredential, final String originalPassword) throws GeneralSecurityException, PreventedException {
try {
final UsernamePasswordToken token = new UsernamePasswordToken(transformedCredential.getUsername(), transformedCredential.getPassword());
if (transformedCredential instanceof RememberMeUsernamePasswordCredential) {
token.setRememberMe(RememberMeUsernamePasswordCredential.class.cast(transformedCredential).isRememberMe());
}
final Subject currentUser = getCurrentExecutingSubject();
currentUser.login(token);
checkSubjectRolesAndPermissions(currentUser);
return createAuthenticatedSubjectResult(transformedCredential, currentUser);
} catch (final UnknownAccountException uae) {
throw new AccountNotFoundException(uae.getMessage());
} catch (final IncorrectCredentialsException ice) {
throw new FailedLoginException(ice.getMessage());
} catch (final LockedAccountException | ExcessiveAttemptsException lae) {
throw new AccountLockedException(lae.getMessage());
} catch (final ExpiredCredentialsException eae) {
throw new CredentialExpiredException(eae.getMessage());
} catch (final DisabledAccountException eae) {
throw new AccountDisabledException(eae.getMessage());
} catch (final AuthenticationException e) {
throw new FailedLoginException(e.getMessage());
}
}
Aggregations