use of org.apache.shiro.authc.UnknownAccountException in project wechat by dllwh.
the class ShiroRealm method doGetAuthenticationInfo.
/**
* @方法描述: 验证当前登录的Subject
* @说明: 该方法的调用时机为LoginController.login()方法中执行Subject.login()时
* @param token
* @return
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authtoken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authtoken;
// ① 获取当前登录的用户名
String currentUsername = token.getUsername();
String passWord = String.valueOf(token.getPassword());
SysUser sysUser = new SysUser();
SysUser currentUser = null;
SimpleAuthenticationInfo authcInfo = null;
try {
sysUser.setUserName(currentUsername);
int userCount = userService.getCountForJdbcParam(sysUser);
if (userCount <= 0) {
throw new UnknownAccountException();
}
currentUser = userService.checkUserExits(currentUsername, passWord);
} catch (Exception e) {
throw new UnknownAccountException();
}
if (currentUser != null) {
// 账号未通过审核
if (currentUser.getIfEnabled() != 1) {
throw new DisabledAccountException();
}
// 账号未通过审核
if (currentUser.getIfVisible() != 1) {
throw new DisabledAccountException("账号未通过审核");
}
// 账号不允许登录
if (currentUser.getLoginFlag() != 1) {
throw new AuthenticationException("账号不允许登录");
}
// 账号被锁定
if (currentUser.getIfLocked() != 1) {
throw new ExcessiveAttemptsException("账号被锁定");
}
WebUtilHelper.setCurrentLoginUser(currentUser);
authcInfo = new SimpleAuthenticationInfo(currentUser, currentUser.getPassword(), getName());
} else {
throw new LockedAccountException("用户名或密码错误");
}
return authcInfo;
}
use of org.apache.shiro.authc.UnknownAccountException in project production_ssm by megagao.
the class LoginController method ajaxLogin.
/**
* shiro ajax登录
*/
@RequestMapping(value = "/ajaxLogin")
@ResponseBody
public Map<String, Object> ajaxLogin(@RequestParam String username, @RequestParam String password, @RequestParam(required = false) String randomcode, HttpSession session) throws Exception {
Map<String, Object> map = CollectionsFactory.newHashMap();
if (randomcode != null && !randomcode.equals("")) {
// 取出session的验证码(正确的验证码)
String validateCode = (String) session.getAttribute(VALIDATE_CODE);
// 页面中输入的验证和session中的验证进行对比
if (validateCode != null && !randomcode.equals(validateCode)) {
// 如果校验失败,将验证码错误失败信息放入map中
map.put("msg", "randomcode_error");
// 直接返回,不再校验账号和密码
return map;
}
}
Subject currentUser = SecurityUtils.getSubject();
if (!currentUser.isAuthenticated()) {
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
try {
currentUser.login(token);
} catch (UnknownAccountException ex) {
map.put("msg", "account_error");
} catch (IncorrectCredentialsException ex) {
map.put("msg", "password_error");
} catch (AuthenticationException ex) {
map.put("msg", "authentication_error");
}
}
// 返回json数据
return map;
}
use of org.apache.shiro.authc.UnknownAccountException in project neo4j by neo4j.
the class InternalFlatFileRealm method doGetAuthenticationInfo.
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
if (!authenticationEnabled) {
return null;
}
ShiroAuthToken shiroAuthToken = (ShiroAuthToken) token;
String username;
String password;
try {
username = AuthToken.safeCast(AuthToken.PRINCIPAL, shiroAuthToken.getAuthTokenMap());
password = AuthToken.safeCast(AuthToken.CREDENTIALS, shiroAuthToken.getAuthTokenMap());
} catch (InvalidAuthTokenException e) {
throw new UnsupportedTokenException(e);
}
User user = userRepository.getUserByName(username);
if (user == null) {
throw new UnknownAccountException();
}
AuthenticationResult result = authenticationStrategy.authenticate(user, password);
switch(result) {
case FAILURE:
throw new IncorrectCredentialsException();
case TOO_MANY_ATTEMPTS:
throw new ExcessiveAttemptsException();
default:
break;
}
if (user.hasFlag(InternalFlatFileRealm.IS_SUSPENDED)) {
throw new DisabledAccountException("User '" + user.name() + "' is suspended.");
}
if (user.passwordChangeRequired()) {
result = AuthenticationResult.PASSWORD_CHANGE_REQUIRED;
}
// and we do not need to store hashed credentials in the AuthenticationInfo.
return new ShiroAuthenticationInfo(user.name(), getName(), result);
}
use of org.apache.shiro.authc.UnknownAccountException in project cas by apereo.
the class ShiroAuthenticationHandler method authenticateUsernamePasswordInternal.
@Override
protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential transformedCredential, final String originalPassword) throws GeneralSecurityException {
try {
val token = new UsernamePasswordToken(transformedCredential.getUsername(), transformedCredential.getPassword());
if (transformedCredential instanceof RememberMeUsernamePasswordCredential) {
token.setRememberMe(RememberMeUsernamePasswordCredential.class.cast(transformedCredential).isRememberMe());
}
val currentUser = getCurrentExecutingSubject();
currentUser.login(token);
checkSubjectRolesAndPermissions(currentUser);
val strategy = getPasswordPolicyHandlingStrategy();
val messageList = new ArrayList<MessageDescriptor>();
if (strategy != null) {
LOGGER.debug("Attempting to examine and handle password policy via [{}]", strategy.getClass().getSimpleName());
val principal = this.principalFactory.createPrincipal(token.getUsername());
messageList.addAll(strategy.handle(principal, getPasswordPolicyConfiguration()));
}
return createAuthenticatedSubjectResult(transformedCredential, currentUser, messageList);
} catch (final UnknownAccountException uae) {
throw new AccountNotFoundException(uae.getMessage());
} catch (final LockedAccountException | ExcessiveAttemptsException lae) {
throw new AccountLockedException(lae.getMessage());
} catch (final ExpiredCredentialsException eae) {
throw new CredentialExpiredException(eae.getMessage());
} catch (final DisabledAccountException eae) {
throw new AccountDisabledException(eae.getMessage());
} catch (final AuthenticationException ice) {
throw new FailedLoginException(ice.getMessage());
}
}
use of org.apache.shiro.authc.UnknownAccountException in project spring-boot-starter-samples by vindell.
the class AuthzPrincipalRepositoryImpl method getAuthenticationInfo.
@Override
public AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
if (!StringUtils.hasText(upToken.getUsername()) || upToken.getPassword() == null) {
throw new UnknownAccountException("Username or password is required.");
}
// 密码加密
// Base64.encodeBase64String(new String(upToken.getPassword()).getBytes());
String pwd = new String(upToken.getPassword());
// 账号状态
Map<String, String> statusMap = getAuthzLoginDao().getAccountStatus(upToken.getUsername(), pwd);
// 账号不存在 或 用户名或密码不正确
if ("0".equals(statusMap.get("num_1")) || "0".equals(statusMap.get("num_2"))) {
throw new InvalidAccountException("Username or password is incorrect, please re-enter.");
} else // 账号被禁用
if ("0".equals(statusMap.get("num_4"))) {
throw new DisabledAccountException("Account is disabled.");
} else // 用户无所属角色
if ("0".equals(statusMap.get("num_3"))) {
throw new NoneRoleException();
}
// 用户主体对象
AuthzLoginModel model = getAuthzLoginDao().getAccount(upToken.getUsername(), pwd);
// 用户角色ID集合
List<String> roles = getAuthzUserDao().getRoles(model.getUserid());
model.setRoles(Sets.newHashSet(roles.iterator()));
model.setRoleid(roles.get(0));
// 用户权限标记集合
Set<String> perms = Sets.newHashSet();
for (String roleid : model.getRoles()) {
perms.addAll(getAuthzRolePermsDao().getPermissions(roleid));
}
model.setPerms(perms);
// 认证信息
return new SimpleAuthenticationInfo(model, upToken.getPassword(), "login");
}
Aggregations