Search in sources :

Example 26 with SimpleAuthenticationInfo

use of org.apache.shiro.authc.SimpleAuthenticationInfo in project vip by guangdada.

the class ShiroDbRealm method doGetAuthenticationInfo.

/**
 * 登录认证
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException {
    IShiro shiroFactory = ShiroFactroy.me();
    UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
    User user = shiroFactory.user(token.getUsername());
    ShiroUser shiroUser = shiroFactory.shiroUser(user);
    SimpleAuthenticationInfo info = shiroFactory.info(shiroUser, user, super.getName());
    return info;
}
Also used : User(com.ikoori.vip.common.persistence.model.User) SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo) IShiro(com.ikoori.vip.server.core.shiro.factory.IShiro) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)

Example 27 with SimpleAuthenticationInfo

use of org.apache.shiro.authc.SimpleAuthenticationInfo in project spring-boot-examples by ityouknow.

the class MyShiroRealm method doGetAuthenticationInfo.

/*主要是用来进行身份认证的,也就是说验证用户输入的账号和密码是否正确。*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    System.out.println("MyShiroRealm.doGetAuthenticationInfo()");
    // 获取用户的输入的账号.
    String username = (String) token.getPrincipal();
    System.out.println(token.getCredentials());
    // 通过username从数据库中查找 User对象,如果找到,没找到.
    // 实际项目中,这里可以根据实际情况做缓存,如果不做,Shiro自己也是有时间间隔机制,2分钟内不会重复执行该方法
    UserInfo userInfo = userInfoService.findByUsername(username);
    System.out.println("----->>userInfo=" + userInfo);
    if (userInfo == null) {
        return null;
    }
    SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(// 用户名
    userInfo, // 密码
    userInfo.getPassword(), // salt=username+salt
    ByteSource.Util.bytes(userInfo.getCredentialsSalt()), // realm name
    getName());
    return authenticationInfo;
}
Also used : SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo) UserInfo(com.neo.entity.UserInfo)

Example 28 with SimpleAuthenticationInfo

use of org.apache.shiro.authc.SimpleAuthenticationInfo in project pmph by BCSquad.

the class PmphUserRealm method doGetAuthenticationInfo.

/**
 * 认证
 *
 * @param authenticationToken
 * @return
 * @throws AuthenticationException
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
    logger.info("--- MyRealm doGetAuthenticationInfo ---[SecondRealm] doGetAuthenticationInfo " + authenticationToken);
    String username = authenticationToken.getPrincipal().toString();
    String password = new String((char[]) authenticationToken.getCredentials());
    try {
        PmphUser user = userService.login(username, password);
        if (user != null) {
            // 第 1 个参数可以传一个实体对象,然后在认证的环节可以取出
            // 第 2 个参数应该传递在数据库中“正确”的数据,然后和 token 中的数据进行匹配
            SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, user.getPassword(), getName());
            // 设置盐值
            info.setCredentialsSalt(ByteSource.Util.bytes(username.getBytes()));
            return info;
        }
    } catch (Exception e) {
        logger.debug("message => " + e);
    }
    return null;
}
Also used : SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo) PmphUser(com.bc.pmpheep.back.po.PmphUser) AuthenticationException(org.apache.shiro.authc.AuthenticationException)

Example 29 with SimpleAuthenticationInfo

use of org.apache.shiro.authc.SimpleAuthenticationInfo in project dubidubi by lzzzz4.

the class LoginRealm method doGetAuthenticationInfo.

// 认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    String account = (String) token.getPrincipal();
    String dbpassword = userLoginService.getPasswordByAccount(account);
    if (dbpassword == null) {
        return null;
    }
    UserDO userDO = userLoginService.getUserDOToSessionByAccount(account);
    if (!userDO.getEnabled().equals("Y")) {
        throw new LockedAccountException();
    }
    userDO.setAccount(account);
    return new SimpleAuthenticationInfo(userDO, dbpassword, ByteSource.Util.bytes(userDO.getSalt()), this.getName());
}
Also used : SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo) UserDO(cn.dubidubi.model.base.UserDO) LockedAccountException(org.apache.shiro.authc.LockedAccountException)

Example 30 with SimpleAuthenticationInfo

use of org.apache.shiro.authc.SimpleAuthenticationInfo in project shiro by apache.

the class HashedCredentialsMatcherTest method testSaltedAuthenticationInfo.

/**
 * Test new Shiro 1.1 functionality, where the salt is obtained from the stored account information, as it
 * should be.  See <a href="https://issues.apache.org/jira/browse/SHIRO-186">SHIRO-186</a>
 */
@Test
public void testSaltedAuthenticationInfo() {
    // use SHA-1 hashing in this test:
    HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(Sha1Hash.ALGORITHM_NAME);
    // simulate a user account with a SHA-1 hashed and salted password:
    ByteSource salt = new SecureRandomNumberGenerator().nextBytes();
    Object hashedPassword = new Sha1Hash("password", salt);
    SimpleAuthenticationInfo account = new SimpleAuthenticationInfo("username", hashedPassword, salt, "realmName");
    // simulate a username/password (plaintext) token created in response to a login attempt:
    AuthenticationToken token = new UsernamePasswordToken("username", "password");
    // verify the hashed token matches what is in the account:
    assertTrue(matcher.doCredentialsMatch(token, account));
}
Also used : AuthenticationToken(org.apache.shiro.authc.AuthenticationToken) SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo) SecureRandomNumberGenerator(org.apache.shiro.crypto.SecureRandomNumberGenerator) Sha1Hash(org.apache.shiro.crypto.hash.Sha1Hash) ByteSource(org.apache.shiro.util.ByteSource) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) Test(org.junit.Test)

Aggregations

SimpleAuthenticationInfo (org.apache.shiro.authc.SimpleAuthenticationInfo)39 UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)15 AuthenticationException (org.apache.shiro.authc.AuthenticationException)12 SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)9 AuthenticationInfo (org.apache.shiro.authc.AuthenticationInfo)5 AccountException (org.apache.shiro.authc.AccountException)4 Hash (org.apache.shiro.crypto.hash.Hash)4 Test (org.junit.Test)4 AuthenticationToken (org.apache.shiro.authc.AuthenticationToken)3 LockedAccountException (org.apache.shiro.authc.LockedAccountException)3 UnknownAccountException (org.apache.shiro.authc.UnknownAccountException)3 HashRequest (org.apache.shiro.crypto.hash.HashRequest)3 PAM (org.jvnet.libpam.PAM)3 PAMException (org.jvnet.libpam.PAMException)3 UnixUser (org.jvnet.libpam.UnixUser)3 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)2 ByteSource (org.apache.shiro.util.ByteSource)2 UserDO (cn.dubidubi.model.base.UserDO)1 TbUser (cn.exrick.manager.pojo.TbUser)1 PmphUser (com.bc.pmpheep.back.po.PmphUser)1