Search in sources :

Example 11 with SimpleAuthenticationInfo

use of org.apache.shiro.authc.SimpleAuthenticationInfo in project killbill by killbill.

the class KillbillJdbcTenantRealm method doGetAuthenticationInfo.

@Override
protected AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken token) throws AuthenticationException {
    final SimpleAuthenticationInfo authenticationInfo = (SimpleAuthenticationInfo) super.doGetAuthenticationInfo(token);
    // We store the salt bytes in Base64 (because the JdbcRealm retrieves it as a String)
    final ByteSource base64Salt = authenticationInfo.getCredentialsSalt();
    final byte[] bytes = Base64.decode(base64Salt.getBytes());
    // SimpleByteSource isn't Serializable
    authenticationInfo.setCredentialsSalt(new SerializableSimpleByteSource(bytes));
    return authenticationInfo;
}
Also used : SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo) ByteSource(org.apache.shiro.util.ByteSource)

Example 12 with SimpleAuthenticationInfo

use of org.apache.shiro.authc.SimpleAuthenticationInfo in project killbill by killbill.

the class KillBillAuth0Realm method doGetAuthenticationInfo.

@Override
protected AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken token) throws AuthenticationException {
    if (token instanceof UsernamePasswordToken) {
        final UsernamePasswordToken upToken = (UsernamePasswordToken) token;
        if (doAuthenticate(upToken)) {
            // Credentials are valid
            return new SimpleAuthenticationInfo(token.getPrincipal(), token.getCredentials(), getName());
        }
    } else {
        final String bearerToken = (String) token.getPrincipal();
        final Claims claims = verifyJWT(bearerToken);
        // Credentials are valid
        // This config must match the one in Kaui
        final Object principal = claims.get(securityConfig.getShiroAuth0UsernameClaim());
        // For the JWT to contains the permissions, the `Add Permissions in the Access Token` setting must be turned on in Auth0
        if (claims.containsKey("permissions") && claims.get("permissions") instanceof Iterable) {
            // In order to use the permissions from the JWT (and avoid calling Auth0 later on), we need to eagerly cache them,
            // as doGetAuthorizationInfo won't have access to the token
            final org.apache.shiro.cache.Cache<Object, AuthorizationInfo> authorizationCache = getAuthorizationCache();
            // Should never be null (initialized via init())
            if (authorizationCache != null) {
                final SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo(null);
                final Set<String> permissions = new HashSet<String>();
                for (final Object permission : (Iterable) claims.get("permissions")) {
                    permissions.add(permission.toString());
                }
                simpleAuthorizationInfo.setStringPermissions(permissions);
                final MutablePrincipalCollection principals = new SimplePrincipalCollection();
                principals.add(principal, getName());
                final Object authorizationCacheKey = getAuthorizationCacheKey(principals);
                authorizationCache.put(authorizationCacheKey, simpleAuthorizationInfo);
            }
        }
        return new SimpleAuthenticationInfo(principal, token.getCredentials(), getName());
    }
    throw new AuthenticationException("Auth0 authentication failed");
}
Also used : Claims(io.jsonwebtoken.Claims) SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo) SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo) AuthenticationException(org.apache.shiro.authc.AuthenticationException) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) AuthorizationInfo(org.apache.shiro.authz.AuthorizationInfo) SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) MutablePrincipalCollection(org.apache.shiro.subject.MutablePrincipalCollection) HashSet(java.util.HashSet)

Example 13 with SimpleAuthenticationInfo

use of org.apache.shiro.authc.SimpleAuthenticationInfo in project zeppelin by apache.

the class LdapRealm method createAuthenticationInfo.

@Override
protected AuthenticationInfo createAuthenticationInfo(AuthenticationToken token, Object ldapPrincipal, Object ldapCredentials, LdapContext ldapContext) throws NamingException {
    HashRequest.Builder builder = new HashRequest.Builder();
    Hash credentialsHash = hashService.computeHash(builder.setSource(token.getCredentials()).setAlgorithmName(HASHING_ALGORITHM).build());
    return new SimpleAuthenticationInfo(token.getPrincipal(), credentialsHash.toHex(), credentialsHash.getSalt(), getName());
}
Also used : HashRequest(org.apache.shiro.crypto.hash.HashRequest) SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo) Hash(org.apache.shiro.crypto.hash.Hash)

Example 14 with SimpleAuthenticationInfo

use of org.apache.shiro.authc.SimpleAuthenticationInfo in project SSM by Intel-bigdata.

the class LdapRealm method createAuthenticationInfo.

@Override
protected AuthenticationInfo createAuthenticationInfo(AuthenticationToken token, Object ldapPrincipal, Object ldapCredentials, LdapContext ldapContext) throws NamingException {
    HashRequest.Builder builder = new HashRequest.Builder();
    Hash credentialsHash = hashService.computeHash(builder.setSource(token.getCredentials()).setAlgorithmName(HASHING_ALGORITHM).build());
    return new SimpleAuthenticationInfo(token.getPrincipal(), credentialsHash.toHex(), credentialsHash.getSalt(), getName());
}
Also used : HashRequest(org.apache.shiro.crypto.hash.HashRequest) SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo) Hash(org.apache.shiro.crypto.hash.Hash)

Example 15 with SimpleAuthenticationInfo

use of org.apache.shiro.authc.SimpleAuthenticationInfo in project wechat by dllwh.

the class ShiroRealm method doGetAuthenticationInfo.

/**
 * @方法描述: 验证当前登录的Subject
 * @说明: 该方法的调用时机为LoginController.login()方法中执行Subject.login()时
 * @param token
 * @return
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authtoken) throws AuthenticationException {
    UsernamePasswordToken token = (UsernamePasswordToken) authtoken;
    // ① 获取当前登录的用户名
    String currentUsername = token.getUsername();
    String passWord = String.valueOf(token.getPassword());
    SysUser sysUser = new SysUser();
    SysUser currentUser = null;
    SimpleAuthenticationInfo authcInfo = null;
    try {
        sysUser.setUserName(currentUsername);
        int userCount = userService.getCountForJdbcParam(sysUser);
        if (userCount <= 0) {
            throw new UnknownAccountException();
        }
        currentUser = userService.checkUserExits(currentUsername, passWord);
    } catch (Exception e) {
        throw new UnknownAccountException();
    }
    if (currentUser != null) {
        // 账号未通过审核
        if (currentUser.getIfEnabled() != 1) {
            throw new DisabledAccountException();
        }
        // 账号未通过审核
        if (currentUser.getIfVisible() != 1) {
            throw new DisabledAccountException("账号未通过审核");
        }
        // 账号不允许登录
        if (currentUser.getLoginFlag() != 1) {
            throw new AuthenticationException("账号不允许登录");
        }
        // 账号被锁定
        if (currentUser.getIfLocked() != 1) {
            throw new ExcessiveAttemptsException("账号被锁定");
        }
        WebUtilHelper.setCurrentLoginUser(currentUser);
        authcInfo = new SimpleAuthenticationInfo(currentUser, currentUser.getPassword(), getName());
    } else {
        throw new LockedAccountException("用户名或密码错误");
    }
    return authcInfo;
}
Also used : DisabledAccountException(org.apache.shiro.authc.DisabledAccountException) SysUser(com.cdeledu.model.rbac.SysUser) SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo) AuthenticationException(org.apache.shiro.authc.AuthenticationException) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) ExcessiveAttemptsException(org.apache.shiro.authc.ExcessiveAttemptsException) AuthenticationException(org.apache.shiro.authc.AuthenticationException) DisabledAccountException(org.apache.shiro.authc.DisabledAccountException) ExcessiveAttemptsException(org.apache.shiro.authc.ExcessiveAttemptsException) LockedAccountException(org.apache.shiro.authc.LockedAccountException) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) LockedAccountException(org.apache.shiro.authc.LockedAccountException) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)

Aggregations

SimpleAuthenticationInfo (org.apache.shiro.authc.SimpleAuthenticationInfo)39 UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)15 AuthenticationException (org.apache.shiro.authc.AuthenticationException)12 SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)9 AuthenticationInfo (org.apache.shiro.authc.AuthenticationInfo)5 AccountException (org.apache.shiro.authc.AccountException)4 Hash (org.apache.shiro.crypto.hash.Hash)4 Test (org.junit.Test)4 AuthenticationToken (org.apache.shiro.authc.AuthenticationToken)3 LockedAccountException (org.apache.shiro.authc.LockedAccountException)3 UnknownAccountException (org.apache.shiro.authc.UnknownAccountException)3 HashRequest (org.apache.shiro.crypto.hash.HashRequest)3 PAM (org.jvnet.libpam.PAM)3 PAMException (org.jvnet.libpam.PAMException)3 UnixUser (org.jvnet.libpam.UnixUser)3 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)2 ByteSource (org.apache.shiro.util.ByteSource)2 UserDO (cn.dubidubi.model.base.UserDO)1 TbUser (cn.exrick.manager.pojo.TbUser)1 PmphUser (com.bc.pmpheep.back.po.PmphUser)1