use of org.apache.shiro.authc.SimpleAuthenticationInfo in project vip by guangdada.
the class ShiroDbRealm method doGetAuthenticationInfo.
/**
* 登录认证
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException {
IShiro shiroFactory = ShiroFactroy.me();
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
User user = shiroFactory.user(token.getUsername());
ShiroUser shiroUser = shiroFactory.shiroUser(user);
SimpleAuthenticationInfo info = shiroFactory.info(shiroUser, user, super.getName());
return info;
}
use of org.apache.shiro.authc.SimpleAuthenticationInfo in project spring-boot-examples by ityouknow.
the class MyShiroRealm method doGetAuthenticationInfo.
/*主要是用来进行身份认证的,也就是说验证用户输入的账号和密码是否正确。*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
System.out.println("MyShiroRealm.doGetAuthenticationInfo()");
// 获取用户的输入的账号.
String username = (String) token.getPrincipal();
System.out.println(token.getCredentials());
// 通过username从数据库中查找 User对象,如果找到,没找到.
// 实际项目中,这里可以根据实际情况做缓存,如果不做,Shiro自己也是有时间间隔机制,2分钟内不会重复执行该方法
UserInfo userInfo = userInfoService.findByUsername(username);
System.out.println("----->>userInfo=" + userInfo);
if (userInfo == null) {
return null;
}
SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(// 用户名
userInfo, // 密码
userInfo.getPassword(), // salt=username+salt
ByteSource.Util.bytes(userInfo.getCredentialsSalt()), // realm name
getName());
return authenticationInfo;
}
use of org.apache.shiro.authc.SimpleAuthenticationInfo in project pmph by BCSquad.
the class PmphUserRealm method doGetAuthenticationInfo.
/**
* 认证
*
* @param authenticationToken
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
logger.info("--- MyRealm doGetAuthenticationInfo ---[SecondRealm] doGetAuthenticationInfo " + authenticationToken);
String username = authenticationToken.getPrincipal().toString();
String password = new String((char[]) authenticationToken.getCredentials());
try {
PmphUser user = userService.login(username, password);
if (user != null) {
// 第 1 个参数可以传一个实体对象,然后在认证的环节可以取出
// 第 2 个参数应该传递在数据库中“正确”的数据,然后和 token 中的数据进行匹配
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, user.getPassword(), getName());
// 设置盐值
info.setCredentialsSalt(ByteSource.Util.bytes(username.getBytes()));
return info;
}
} catch (Exception e) {
logger.debug("message => " + e);
}
return null;
}
use of org.apache.shiro.authc.SimpleAuthenticationInfo in project dubidubi by lzzzz4.
the class LoginRealm method doGetAuthenticationInfo.
// 认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String account = (String) token.getPrincipal();
String dbpassword = userLoginService.getPasswordByAccount(account);
if (dbpassword == null) {
return null;
}
UserDO userDO = userLoginService.getUserDOToSessionByAccount(account);
if (!userDO.getEnabled().equals("Y")) {
throw new LockedAccountException();
}
userDO.setAccount(account);
return new SimpleAuthenticationInfo(userDO, dbpassword, ByteSource.Util.bytes(userDO.getSalt()), this.getName());
}
use of org.apache.shiro.authc.SimpleAuthenticationInfo in project shiro by apache.
the class HashedCredentialsMatcherTest method testSaltedAuthenticationInfo.
/**
* Test new Shiro 1.1 functionality, where the salt is obtained from the stored account information, as it
* should be. See <a href="https://issues.apache.org/jira/browse/SHIRO-186">SHIRO-186</a>
*/
@Test
public void testSaltedAuthenticationInfo() {
// use SHA-1 hashing in this test:
HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(Sha1Hash.ALGORITHM_NAME);
// simulate a user account with a SHA-1 hashed and salted password:
ByteSource salt = new SecureRandomNumberGenerator().nextBytes();
Object hashedPassword = new Sha1Hash("password", salt);
SimpleAuthenticationInfo account = new SimpleAuthenticationInfo("username", hashedPassword, salt, "realmName");
// simulate a username/password (plaintext) token created in response to a login attempt:
AuthenticationToken token = new UsernamePasswordToken("username", "password");
// verify the hashed token matches what is in the account:
assertTrue(matcher.doCredentialsMatch(token, account));
}
Aggregations