Search in sources :

Example 1 with UnknownAccountException

use of org.apache.shiro.authc.UnknownAccountException in project camel by apache.

the class ShiroSecurityProcessor method authenticateUser.

private void authenticateUser(Subject currentUser, ShiroSecurityToken securityToken) {
    boolean authenticated = currentUser.isAuthenticated();
    boolean sameUser = securityToken.getUsername().equals(currentUser.getPrincipal());
    LOG.trace("Authenticated: {}, same Username: {}", authenticated, sameUser);
    if (!authenticated || !sameUser) {
        UsernamePasswordToken token = new UsernamePasswordToken(securityToken.getUsername(), securityToken.getPassword());
        if (policy.isAlwaysReauthenticate()) {
            token.setRememberMe(false);
        } else {
            token.setRememberMe(true);
        }
        try {
            currentUser.login(token);
            LOG.debug("Current user {} successfully authenticated", currentUser.getPrincipal());
        } catch (UnknownAccountException uae) {
            throw new UnknownAccountException("Authentication Failed. There is no user with username of " + token.getPrincipal(), uae.getCause());
        } catch (IncorrectCredentialsException ice) {
            throw new IncorrectCredentialsException("Authentication Failed. Password for account " + token.getPrincipal() + " was incorrect!", ice.getCause());
        } catch (LockedAccountException lae) {
            throw new LockedAccountException("Authentication Failed. The account for username " + token.getPrincipal() + " is locked." + "Please contact your administrator to unlock it.", lae.getCause());
        } catch (AuthenticationException ae) {
            throw new AuthenticationException("Authentication Failed.", ae.getCause());
        }
    }
}
Also used : IncorrectCredentialsException(org.apache.shiro.authc.IncorrectCredentialsException) AuthenticationException(org.apache.shiro.authc.AuthenticationException) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) LockedAccountException(org.apache.shiro.authc.LockedAccountException) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)

Example 2 with UnknownAccountException

use of org.apache.shiro.authc.UnknownAccountException in project tesla by linking12.

the class TeslaUserRealm method doGetAuthenticationInfo.

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) {
    UsernamePasswordToken upToken = (UsernamePasswordToken) token;
    String username = upToken.getUsername();
    if (username == null) {
        throw new AccountException("Null usernames are not allowed by this realm.");
    }
    Users user = userDao.findByUserNamed(username);
    Long userId = user.userId();
    String password = user.password();
    int status = user.status();
    if (password == null) {
        throw new UnknownAccountException("No account found for " + username);
    }
    if (!password.equals(new String((char[]) token.getCredentials()))) {
        throw new IncorrectCredentialsException("Password is not right for " + username);
    }
    if (status == 0) {
        throw new LockedAccountException("account is locked for user " + username);
    }
    SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(userId, password.toCharArray(), username);
    info.setCredentialsSalt(ByteSource.Util.bytes(username));
    return info;
}
Also used : IncorrectCredentialsException(org.apache.shiro.authc.IncorrectCredentialsException) AccountException(org.apache.shiro.authc.AccountException) LockedAccountException(org.apache.shiro.authc.LockedAccountException) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) Users(io.github.tesla.authz.domain.Users) LockedAccountException(org.apache.shiro.authc.LockedAccountException) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)

Example 3 with UnknownAccountException

use of org.apache.shiro.authc.UnknownAccountException in project shiro by apache.

the class JdbcRealm method doGetAuthenticationInfo.

/*--------------------------------------------
    |               M E T H O D S               |
    ============================================*/
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    UsernamePasswordToken upToken = (UsernamePasswordToken) token;
    String username = upToken.getUsername();
    // Null username is invalid
    if (username == null) {
        throw new AccountException("Null usernames are not allowed by this realm.");
    }
    Connection conn = null;
    SimpleAuthenticationInfo info = null;
    try {
        conn = dataSource.getConnection();
        String password = null;
        String salt = null;
        switch(saltStyle) {
            case NO_SALT:
                password = getPasswordForUser(conn, username)[0];
                break;
            case CRYPT:
                // TODO: separate password and hash from getPasswordForUser[0]
                throw new ConfigurationException("Not implemented yet");
            // break;
            case COLUMN:
                String[] queryResults = getPasswordForUser(conn, username);
                password = queryResults[0];
                salt = queryResults[1];
                break;
            case EXTERNAL:
                password = getPasswordForUser(conn, username)[0];
                salt = getSaltForUser(username);
        }
        if (password == null) {
            throw new UnknownAccountException("No account found for user [" + username + "]");
        }
        info = new SimpleAuthenticationInfo(username, password.toCharArray(), getName());
        if (salt != null) {
            info.setCredentialsSalt(ByteSource.Util.bytes(salt));
        }
    } catch (SQLException e) {
        final String message = "There was a SQL error while authenticating user [" + username + "]";
        if (log.isErrorEnabled()) {
            log.error(message, e);
        }
        // Rethrow any SQL errors as an authentication exception
        throw new AuthenticationException(message, e);
    } finally {
        JdbcUtils.closeConnection(conn);
    }
    return info;
}
Also used : AccountException(org.apache.shiro.authc.AccountException) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo) ConfigurationException(org.apache.shiro.config.ConfigurationException) SQLException(java.sql.SQLException) AuthenticationException(org.apache.shiro.authc.AuthenticationException) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) Connection(java.sql.Connection) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)

Example 4 with UnknownAccountException

use of org.apache.shiro.authc.UnknownAccountException in project qi4j-sdk by Qi4j.

the class StandaloneShiroTest method test.

@Test
public void test() {
    // get the currently executing user:
    Subject currentUser = SecurityUtils.getSubject();
    // Do some stuff with a Session (no need for a web or EJB container!!!)
    Session session = currentUser.getSession();
    session.setAttribute("someKey", "aValue");
    String value = (String) session.getAttribute("someKey");
    assertEquals("aValue", value);
    LOG.info("Retrieved the correct value! [" + value + "]");
    // let's login the current user so we can check against roles and permissions:
    if (!currentUser.isAuthenticated()) {
        UsernamePasswordToken token = new UsernamePasswordToken("lonestarr", "vespa");
        token.setRememberMe(true);
        try {
            currentUser.login(token);
        } catch (UnknownAccountException uae) {
            fail("There is no user with username of " + token.getPrincipal());
        } catch (IncorrectCredentialsException ice) {
            fail("Password for account " + token.getPrincipal() + " was incorrect!");
        } catch (LockedAccountException lae) {
            fail("The account for username " + token.getPrincipal() + " is locked.  " + "Please contact your administrator to unlock it.");
        }// ... catch more exceptions here (maybe custom ones specific to your application?
         catch (AuthenticationException ae) {
            // unexpected condition?  error?
            throw ae;
        }
    }
    // say who they are:
    // print their identifying principal (in this case, a username):
    assertNotNull(currentUser.getPrincipal());
    LOG.info("User [" + currentUser.getPrincipal() + "] logged in successfully.");
    // test a role:
    if (currentUser.hasRole("schwartz")) {
        LOG.info("May the Schwartz be with you!");
    } else {
        fail("Hello, mere mortal.");
    }
    // test a typed permission (not instance-level)
    if (currentUser.isPermitted("lightsaber:weild")) {
        LOG.info("You may use a lightsaber ring.  Use it wisely.");
    } else {
        fail("Sorry, lightsaber rings are for schwartz masters only.");
    }
    // a (very powerful) Instance Level permission:
    if (currentUser.isPermitted("winnebago:drive:eagle5")) {
        LOG.info("You are permitted to 'drive' the winnebago with license plate (id) 'eagle5'.  " + "Here are the keys - have fun!");
    } else {
        fail("Sorry, you aren't allowed to drive the 'eagle5' winnebago!");
    }
    // all done - log out!
    currentUser.logout();
}
Also used : IncorrectCredentialsException(org.apache.shiro.authc.IncorrectCredentialsException) AuthenticationException(org.apache.shiro.authc.AuthenticationException) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) Subject(org.apache.shiro.subject.Subject) LockedAccountException(org.apache.shiro.authc.LockedAccountException) Session(org.apache.shiro.session.Session) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) AbstractQi4jTest(org.qi4j.test.AbstractQi4jTest) Test(org.junit.Test)

Example 5 with UnknownAccountException

use of org.apache.shiro.authc.UnknownAccountException in project wechat by dllwh.

the class ShiroHelper method login.

/**
 * ----------------------------------------------------- Fields end
 */
public static AjaxJson login(String userName, String passWord) {
    // 用户名密码令牌
    UsernamePasswordToken token = new UsernamePasswordToken(userName, passWord);
    token.setRememberMe(false);
    String logMsg = "", resultMsg = "";
    AjaxJson ajaxJson = new AjaxJson();
    boolean suc = false;
    // 获得当前登录用户对象Subject,现在状态为 “未认证”
    Subject subject = SecurityUtils.getSubject();
    try {
        subject.login(token);
    } catch (UnknownAccountException uae) {
        logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,未知账户";
        resultMsg = MessageConstant.LOGIN_USER_UNKNOWN;
    } catch (IncorrectCredentialsException ice) {
        logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,错误的凭证";
        resultMsg = MessageConstant.LOGIN_USER_REEOE;
    } catch (LockedAccountException lae) {
        logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,账户已锁定";
        resultMsg = MessageConstant.LOGIN_USER_LOCK;
    } catch (DisabledAccountException dae) {
        logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,帐号已被禁用";
        resultMsg = MessageConstant.LOGIN_USER_DISABLED;
    } catch (ExpiredCredentialsException ece) {
        logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,帐号已过期";
        resultMsg = MessageConstant.LOGIN_USER_EXPIRED;
    } catch (ExcessiveAttemptsException eae) {
        logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,用户名或密码错误次数过多";
        resultMsg = MessageConstant.LOGIN_USER_MORE;
    } catch (UnauthorizedException e) {
        logMsg = "对用户[" + userName + "]进行登录验证..验证未通过,您没有得到相应的授权!";
        resultMsg = MessageConstant.LOGIN_USER_UNAUTHORIZED;
    } catch (AuthenticationException ae) {
        logMsg = "对用户[" + userName + "]进行登录验证..验证未通过," + ae.getMessage();
        resultMsg = MessageConstant.LOGIN_ERROR;
    }
    if (subject.isAuthenticated()) {
        logMsg = "对用户[" + userName + "]进行登录验证..验证通过";
        suc = true;
    } else {
        token.clear();
    }
    ajaxJson.setSuccess(suc);
    ajaxJson.setMsg(resultMsg);
    ajaxJson.setObj(logMsg);
    return ajaxJson;
}
Also used : DisabledAccountException(org.apache.shiro.authc.DisabledAccountException) IncorrectCredentialsException(org.apache.shiro.authc.IncorrectCredentialsException) AuthenticationException(org.apache.shiro.authc.AuthenticationException) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) ExcessiveAttemptsException(org.apache.shiro.authc.ExcessiveAttemptsException) AjaxJson(com.cdeledu.common.base.AjaxJson) Subject(org.apache.shiro.subject.Subject) ExpiredCredentialsException(org.apache.shiro.authc.ExpiredCredentialsException) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) UnauthorizedException(org.apache.shiro.authz.UnauthorizedException) LockedAccountException(org.apache.shiro.authc.LockedAccountException)

Aggregations

UnknownAccountException (org.apache.shiro.authc.UnknownAccountException)11 UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)9 AuthenticationException (org.apache.shiro.authc.AuthenticationException)7 IncorrectCredentialsException (org.apache.shiro.authc.IncorrectCredentialsException)7 LockedAccountException (org.apache.shiro.authc.LockedAccountException)6 DisabledAccountException (org.apache.shiro.authc.DisabledAccountException)5 ExcessiveAttemptsException (org.apache.shiro.authc.ExcessiveAttemptsException)4 SimpleAuthenticationInfo (org.apache.shiro.authc.SimpleAuthenticationInfo)4 Subject (org.apache.shiro.subject.Subject)3 AccountException (org.apache.shiro.authc.AccountException)2 ExpiredCredentialsException (org.apache.shiro.authc.ExpiredCredentialsException)2 AjaxJson (com.cdeledu.common.base.AjaxJson)1 SysUser (com.cdeledu.model.rbac.SysUser)1 Users (io.github.tesla.authz.domain.Users)1 Connection (java.sql.Connection)1 SQLException (java.sql.SQLException)1 ArrayList (java.util.ArrayList)1 AccountLockedException (javax.security.auth.login.AccountLockedException)1 AccountNotFoundException (javax.security.auth.login.AccountNotFoundException)1 CredentialExpiredException (javax.security.auth.login.CredentialExpiredException)1