Search in sources :

Example 6 with UnknownAccountException

use of org.apache.shiro.authc.UnknownAccountException in project wechat by dllwh.

the class ShiroRealm method doGetAuthenticationInfo.

/**
 * @方法描述: 验证当前登录的Subject
 * @说明: 该方法的调用时机为LoginController.login()方法中执行Subject.login()时
 * @param token
 * @return
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authtoken) throws AuthenticationException {
    UsernamePasswordToken token = (UsernamePasswordToken) authtoken;
    // ① 获取当前登录的用户名
    String currentUsername = token.getUsername();
    String passWord = String.valueOf(token.getPassword());
    SysUser sysUser = new SysUser();
    SysUser currentUser = null;
    SimpleAuthenticationInfo authcInfo = null;
    try {
        sysUser.setUserName(currentUsername);
        int userCount = userService.getCountForJdbcParam(sysUser);
        if (userCount <= 0) {
            throw new UnknownAccountException();
        }
        currentUser = userService.checkUserExits(currentUsername, passWord);
    } catch (Exception e) {
        throw new UnknownAccountException();
    }
    if (currentUser != null) {
        // 账号未通过审核
        if (currentUser.getIfEnabled() != 1) {
            throw new DisabledAccountException();
        }
        // 账号未通过审核
        if (currentUser.getIfVisible() != 1) {
            throw new DisabledAccountException("账号未通过审核");
        }
        // 账号不允许登录
        if (currentUser.getLoginFlag() != 1) {
            throw new AuthenticationException("账号不允许登录");
        }
        // 账号被锁定
        if (currentUser.getIfLocked() != 1) {
            throw new ExcessiveAttemptsException("账号被锁定");
        }
        WebUtilHelper.setCurrentLoginUser(currentUser);
        authcInfo = new SimpleAuthenticationInfo(currentUser, currentUser.getPassword(), getName());
    } else {
        throw new LockedAccountException("用户名或密码错误");
    }
    return authcInfo;
}
Also used : DisabledAccountException(org.apache.shiro.authc.DisabledAccountException) SysUser(com.cdeledu.model.rbac.SysUser) SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo) AuthenticationException(org.apache.shiro.authc.AuthenticationException) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) ExcessiveAttemptsException(org.apache.shiro.authc.ExcessiveAttemptsException) AuthenticationException(org.apache.shiro.authc.AuthenticationException) DisabledAccountException(org.apache.shiro.authc.DisabledAccountException) ExcessiveAttemptsException(org.apache.shiro.authc.ExcessiveAttemptsException) LockedAccountException(org.apache.shiro.authc.LockedAccountException) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) LockedAccountException(org.apache.shiro.authc.LockedAccountException) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)

Example 7 with UnknownAccountException

use of org.apache.shiro.authc.UnknownAccountException in project production_ssm by megagao.

the class LoginController method ajaxLogin.

/**
 * shiro ajax登录
 */
@RequestMapping(value = "/ajaxLogin")
@ResponseBody
public Map<String, Object> ajaxLogin(@RequestParam String username, @RequestParam String password, @RequestParam(required = false) String randomcode, HttpSession session) throws Exception {
    Map<String, Object> map = CollectionsFactory.newHashMap();
    if (randomcode != null && !randomcode.equals("")) {
        // 取出session的验证码(正确的验证码)
        String validateCode = (String) session.getAttribute(VALIDATE_CODE);
        // 页面中输入的验证和session中的验证进行对比
        if (validateCode != null && !randomcode.equals(validateCode)) {
            // 如果校验失败,将验证码错误失败信息放入map中
            map.put("msg", "randomcode_error");
            // 直接返回,不再校验账号和密码
            return map;
        }
    }
    Subject currentUser = SecurityUtils.getSubject();
    if (!currentUser.isAuthenticated()) {
        UsernamePasswordToken token = new UsernamePasswordToken(username, password);
        try {
            currentUser.login(token);
        } catch (UnknownAccountException ex) {
            map.put("msg", "account_error");
        } catch (IncorrectCredentialsException ex) {
            map.put("msg", "password_error");
        } catch (AuthenticationException ex) {
            map.put("msg", "authentication_error");
        }
    }
    // 返回json数据
    return map;
}
Also used : IncorrectCredentialsException(org.apache.shiro.authc.IncorrectCredentialsException) AuthenticationException(org.apache.shiro.authc.AuthenticationException) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) Subject(org.apache.shiro.subject.Subject) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) ResponseBody(org.springframework.web.bind.annotation.ResponseBody)

Example 8 with UnknownAccountException

use of org.apache.shiro.authc.UnknownAccountException in project neo4j by neo4j.

the class InternalFlatFileRealm method doGetAuthenticationInfo.

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    if (!authenticationEnabled) {
        return null;
    }
    ShiroAuthToken shiroAuthToken = (ShiroAuthToken) token;
    String username;
    String password;
    try {
        username = AuthToken.safeCast(AuthToken.PRINCIPAL, shiroAuthToken.getAuthTokenMap());
        password = AuthToken.safeCast(AuthToken.CREDENTIALS, shiroAuthToken.getAuthTokenMap());
    } catch (InvalidAuthTokenException e) {
        throw new UnsupportedTokenException(e);
    }
    User user = userRepository.getUserByName(username);
    if (user == null) {
        throw new UnknownAccountException();
    }
    AuthenticationResult result = authenticationStrategy.authenticate(user, password);
    switch(result) {
        case FAILURE:
            throw new IncorrectCredentialsException();
        case TOO_MANY_ATTEMPTS:
            throw new ExcessiveAttemptsException();
        default:
            break;
    }
    if (user.hasFlag(InternalFlatFileRealm.IS_SUSPENDED)) {
        throw new DisabledAccountException("User '" + user.name() + "' is suspended.");
    }
    if (user.passwordChangeRequired()) {
        result = AuthenticationResult.PASSWORD_CHANGE_REQUIRED;
    }
    // and we do not need to store hashed credentials in the AuthenticationInfo.
    return new ShiroAuthenticationInfo(user.name(), getName(), result);
}
Also used : DisabledAccountException(org.apache.shiro.authc.DisabledAccountException) IncorrectCredentialsException(org.apache.shiro.authc.IncorrectCredentialsException) User(org.neo4j.kernel.impl.security.User) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) ExcessiveAttemptsException(org.apache.shiro.authc.ExcessiveAttemptsException) UnsupportedTokenException(org.apache.shiro.authc.pam.UnsupportedTokenException) InvalidAuthTokenException(org.neo4j.kernel.api.security.exception.InvalidAuthTokenException) AuthenticationResult(org.neo4j.kernel.api.security.AuthenticationResult)

Example 9 with UnknownAccountException

use of org.apache.shiro.authc.UnknownAccountException in project cas by apereo.

the class ShiroAuthenticationHandler method authenticateUsernamePasswordInternal.

@Override
protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential transformedCredential, final String originalPassword) throws GeneralSecurityException {
    try {
        val token = new UsernamePasswordToken(transformedCredential.getUsername(), transformedCredential.getPassword());
        if (transformedCredential instanceof RememberMeUsernamePasswordCredential) {
            token.setRememberMe(RememberMeUsernamePasswordCredential.class.cast(transformedCredential).isRememberMe());
        }
        val currentUser = getCurrentExecutingSubject();
        currentUser.login(token);
        checkSubjectRolesAndPermissions(currentUser);
        val strategy = getPasswordPolicyHandlingStrategy();
        val messageList = new ArrayList<MessageDescriptor>();
        if (strategy != null) {
            LOGGER.debug("Attempting to examine and handle password policy via [{}]", strategy.getClass().getSimpleName());
            val principal = this.principalFactory.createPrincipal(token.getUsername());
            messageList.addAll(strategy.handle(principal, getPasswordPolicyConfiguration()));
        }
        return createAuthenticatedSubjectResult(transformedCredential, currentUser, messageList);
    } catch (final UnknownAccountException uae) {
        throw new AccountNotFoundException(uae.getMessage());
    } catch (final LockedAccountException | ExcessiveAttemptsException lae) {
        throw new AccountLockedException(lae.getMessage());
    } catch (final ExpiredCredentialsException eae) {
        throw new CredentialExpiredException(eae.getMessage());
    } catch (final DisabledAccountException eae) {
        throw new AccountDisabledException(eae.getMessage());
    } catch (final AuthenticationException ice) {
        throw new FailedLoginException(ice.getMessage());
    }
}
Also used : lombok.val(lombok.val) DisabledAccountException(org.apache.shiro.authc.DisabledAccountException) AccountLockedException(javax.security.auth.login.AccountLockedException) AuthenticationException(org.apache.shiro.authc.AuthenticationException) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) ArrayList(java.util.ArrayList) ExcessiveAttemptsException(org.apache.shiro.authc.ExcessiveAttemptsException) ExpiredCredentialsException(org.apache.shiro.authc.ExpiredCredentialsException) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) FailedLoginException(javax.security.auth.login.FailedLoginException) AccountNotFoundException(javax.security.auth.login.AccountNotFoundException) CredentialExpiredException(javax.security.auth.login.CredentialExpiredException) RememberMeUsernamePasswordCredential(org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential) LockedAccountException(org.apache.shiro.authc.LockedAccountException) AccountDisabledException(org.apereo.cas.authentication.exceptions.AccountDisabledException)

Example 10 with UnknownAccountException

use of org.apache.shiro.authc.UnknownAccountException in project spring-boot-starter-samples by vindell.

the class AuthzPrincipalRepositoryImpl method getAuthenticationInfo.

@Override
public AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    UsernamePasswordToken upToken = (UsernamePasswordToken) token;
    if (!StringUtils.hasText(upToken.getUsername()) || upToken.getPassword() == null) {
        throw new UnknownAccountException("Username or password is required.");
    }
    // 密码加密
    // Base64.encodeBase64String(new String(upToken.getPassword()).getBytes());
    String pwd = new String(upToken.getPassword());
    // 账号状态
    Map<String, String> statusMap = getAuthzLoginDao().getAccountStatus(upToken.getUsername(), pwd);
    // 账号不存在 或 用户名或密码不正确
    if ("0".equals(statusMap.get("num_1")) || "0".equals(statusMap.get("num_2"))) {
        throw new InvalidAccountException("Username or password is incorrect, please re-enter.");
    } else // 账号被禁用
    if ("0".equals(statusMap.get("num_4"))) {
        throw new DisabledAccountException("Account is disabled.");
    } else // 用户无所属角色
    if ("0".equals(statusMap.get("num_3"))) {
        throw new NoneRoleException();
    }
    // 用户主体对象
    AuthzLoginModel model = getAuthzLoginDao().getAccount(upToken.getUsername(), pwd);
    // 用户角色ID集合
    List<String> roles = getAuthzUserDao().getRoles(model.getUserid());
    model.setRoles(Sets.newHashSet(roles.iterator()));
    model.setRoleid(roles.get(0));
    // 用户权限标记集合
    Set<String> perms = Sets.newHashSet();
    for (String roleid : model.getRoles()) {
        perms.addAll(getAuthzRolePermsDao().getPermissions(roleid));
    }
    model.setPerms(perms);
    // 认证信息
    return new SimpleAuthenticationInfo(model, upToken.getPassword(), "login");
}
Also used : DisabledAccountException(org.apache.shiro.authc.DisabledAccountException) AuthzLoginModel(net.jeebiz.boot.demo.dao.entities.AuthzLoginModel) SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) InvalidAccountException(org.apache.shiro.biz.authc.exception.InvalidAccountException) NoneRoleException(org.apache.shiro.biz.authc.exception.NoneRoleException)

Aggregations

UnknownAccountException (org.apache.shiro.authc.UnknownAccountException)11 UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)9 AuthenticationException (org.apache.shiro.authc.AuthenticationException)7 IncorrectCredentialsException (org.apache.shiro.authc.IncorrectCredentialsException)7 LockedAccountException (org.apache.shiro.authc.LockedAccountException)6 DisabledAccountException (org.apache.shiro.authc.DisabledAccountException)5 ExcessiveAttemptsException (org.apache.shiro.authc.ExcessiveAttemptsException)4 SimpleAuthenticationInfo (org.apache.shiro.authc.SimpleAuthenticationInfo)4 Subject (org.apache.shiro.subject.Subject)3 AccountException (org.apache.shiro.authc.AccountException)2 ExpiredCredentialsException (org.apache.shiro.authc.ExpiredCredentialsException)2 AjaxJson (com.cdeledu.common.base.AjaxJson)1 SysUser (com.cdeledu.model.rbac.SysUser)1 Users (io.github.tesla.authz.domain.Users)1 Connection (java.sql.Connection)1 SQLException (java.sql.SQLException)1 ArrayList (java.util.ArrayList)1 AccountLockedException (javax.security.auth.login.AccountLockedException)1 AccountNotFoundException (javax.security.auth.login.AccountNotFoundException)1 CredentialExpiredException (javax.security.auth.login.CredentialExpiredException)1