Example 16 with SimpleAccount
use of org.apache.shiro.authc.SimpleAccount in project graylog2-server by Graylog2.
the class AccessTokenAuthenticator method doGetAuthenticationInfo.
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
AccessTokenAuthToken authToken = (AccessTokenAuthToken) token;
final AccessToken accessToken = accessTokenService.load(String.valueOf(authToken.getToken()));
if (accessToken == null) {
return null;
}
// TODO should be using IDs
final User user = userService.load(accessToken.getUserName());
if (user == null) {
return null;
}
if (!user.getAccountStatus().equals(User.AccountStatus.ENABLED)) {
LOG.warn("Account for user <{}> is disabled.", user.getName());
return null;
}
if (LOG.isDebugEnabled()) {
LOG.debug("Found user {} for access token.", user);
}
try {
accessTokenService.touch(accessToken);
} catch (ValidationException e) {
LOG.warn("Unable to update access token's last access date.", e);
}
ShiroSecurityContext.requestSessionCreation(false);
return new SimpleAccount(user.getId(), null, "access token realm");
}
Also used :
SimpleAccount(org.apache.shiro.authc.SimpleAccount)
User(org.graylog2.plugin.database.users.User)
ValidationException(org.graylog2.plugin.database.ValidationException)
AccessTokenAuthToken(org.graylog2.shared.security.AccessTokenAuthToken)
AccessToken(org.graylog2.security.AccessToken)
Example 17 with SimpleAccount
use of org.apache.shiro.authc.SimpleAccount in project graylog2-server by Graylog2.
the class SessionAuthenticator method doGetAuthenticationInfo.
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
SessionIdToken sessionIdToken = (SessionIdToken) token;
final Subject subject = new Subject.Builder().sessionId(sessionIdToken.getSessionId()).buildSubject();
final Session session = subject.getSession(false);
if (session == null) {
LOG.debug("Invalid session. Either it has expired or did not exist.");
return null;
}
final Object userId = subject.getPrincipal();
final User user = userService.loadById(String.valueOf(userId));
if (user == null) {
LOG.debug("No user with userId {} found for session", userId);
return null;
}
if (LOG.isDebugEnabled()) {
LOG.debug("Found session for userId {}", userId);
}
final String sessionUsername = (String) session.getAttribute(HTTPHeaderAuthenticationRealm.SESSION_AUTH_HEADER);
if (sessionUsername != null) {
final HTTPHeaderAuthConfig httpHeaderConfig = loadHTTPHeaderConfig();
final Optional<String> usernameHeader = ShiroRequestHeadersBinder.getHeaderFromThreadContext(httpHeaderConfig.usernameHeader());
if (httpHeaderConfig.enabled() && usernameHeader.isPresent() && !usernameHeader.get().equalsIgnoreCase(sessionUsername)) {
LOG.warn("Terminating session where user <{}> does not match trusted HTTP header <{}>.", sessionUsername, usernameHeader.get());
session.stop();
return null;
}
}
final Optional<String> noSessionExtension = ShiroRequestHeadersBinder.getHeaderFromThreadContext(X_GRAYLOG_NO_SESSION_EXTENSION);
if (noSessionExtension.isPresent() && "true".equalsIgnoreCase(noSessionExtension.get())) {
LOG.debug("Not extending session because the request indicated not to.");
} else {
session.touch();
}
ThreadContext.bind(subject);
return new SimpleAccount(user.getId(), null, "session authenticator");
}
Also used :
SimpleAccount(org.apache.shiro.authc.SimpleAccount)
HTTPHeaderAuthConfig(org.graylog2.security.headerauth.HTTPHeaderAuthConfig)
User(org.graylog2.plugin.database.users.User)
SessionIdToken(org.graylog2.shared.security.SessionIdToken)
Subject(org.apache.shiro.subject.Subject)
Session(org.apache.shiro.session.Session)
Example 18 with SimpleAccount
use of org.apache.shiro.authc.SimpleAccount in project nutzboot by nutzam.
the class SimpleAuthorizingRealm method doGetAuthenticationInfo.
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
SimpleShiroToken upToken = (SimpleShiroToken) token;
User user = dao().fetch(User.class, (Long) upToken.getPrincipal());
if (user == null)
return null;
return new SimpleAccount(user.getId(), user.getPassword(), getName());
}
Also used :
SimpleAccount(org.apache.shiro.authc.SimpleAccount)
User(io.nutz.demo.simple.bean.User)
SimpleShiroToken(org.nutz.integration.shiro.SimpleShiroToken)
Aggregations
SimpleAccount (org.apache.shiro.authc.SimpleAccount)18
Test (org.junit.Test)6
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)6
SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)5
Settings (com.artezio.arttime.config.Settings)4
UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)3
AuthorizationInfo (org.apache.shiro.authz.AuthorizationInfo)3
PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)3
User (org.graylog2.plugin.database.users.User)3
Project (com.artezio.arttime.datamodel.Project)2
AuthenticationInfo (org.apache.shiro.authc.AuthenticationInfo)2
ValidationException (org.graylog2.plugin.database.ValidationException)2
User (io.nutz.demo.simple.bean.User)1
ParseException (java.text.ParseException)1
ArrayList (java.util.ArrayList)1
CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)1
LdapException (org.apache.directory.api.ldap.model.exception.LdapException)1
LdapConnectionConfig (org.apache.directory.ldap.client.api.LdapConnectionConfig)1
LdapNetworkConnection (org.apache.directory.ldap.client.api.LdapNetworkConnection)1
AuthenticationException (org.apache.shiro.authc.AuthenticationException)1
