Examples with UsernamePasswordToken org.apache.shiro.authc.UsernamePasswordToken used on opensource projects

Example 46 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project qi4j-sdk by Qi4j.

the class PasswordDomainTest method test.

// END SNIPPET: assembly
@Test
public void test() throws UnitOfWorkCompletionException {
    UnitOfWork uow = module.newUnitOfWork();
    UserFactory userFactory = module.findService(UserFactory.class).get();
    // START SNIPPET: usage
    User user = userFactory.createNewUser("foo", "bar");
    // END SNIPPET: usage
    uow.complete();
    uow = module.newUnitOfWork();
    // START SNIPPET: usage
    Subject currentUser = SecurityUtils.getSubject();
    currentUser.login(new UsernamePasswordToken("foo", "bar"));
    // END SNIPPET: usage
    assertNotNull("Unable to authenticate against PasswordRealmService", currentUser.getPrincipal());
    assertFalse(currentUser.hasRole("role-one"));
    uow.discard();
}

Example 47 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project qi4j-sdk by Qi4j.

the class RealmServiceTest method test.

// END SNIPPET: realm-service
@Test
public void test() {
    Subject currentUser = SecurityUtils.getSubject();
    UsernamePasswordToken token = new UsernamePasswordToken("foo", "bar");
    currentUser.login(token);
    assertNotNull("Unable to authenticate against MyRealmService", currentUser.getPrincipal());
}

Example 48 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project qi4j-sdk by Qi4j.

the class PermissionsDomainTest method test.

@Test
public void test() throws UnitOfWorkCompletionException {
    // START SNIPPET: usage
    UnitOfWork uow = module.newUnitOfWork();
    User user = userFactory.createNewUser("foo", "bar");
    Role role = roleFactory.create("role-one", "permission-one", "permission-two");
    role.assignTo(user);
    uow.complete();
    // END SNIPPET: usage
    // START SNIPPET: usage
    uow = module.newUnitOfWork();
    Subject currentUser = SecurityUtils.getSubject();
    currentUser.login(new UsernamePasswordToken("foo", "bar"));
    if (!currentUser.hasRole("role-one")) {
        fail("User 'foo' must have 'role-one' role.");
    }
    if (!currentUser.isPermitted("permission-one")) {
        fail("User 'foo' must have 'permission-one' permission.");
    }
    // END SNIPPET: usage
    assertThat(currentUser.hasRole("role-one"), is(true));
    assertThat(currentUser.hasRole("role-two"), is(false));
    assertThat(currentUser.isPermitted("permission-one"), is(true));
    assertThat(currentUser.isPermitted("permission-two"), is(true));
    assertThat(currentUser.isPermitted("permission-three"), is(false));
    // START SNIPPET: usage
    uow.discard();
// END SNIPPET: usage
}

Example 49 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project airpal by airbnb.

the class SessionResource method doLogin.

@POST
@Path("/login")
public void doLogin(@Context HttpServletRequest request, @Context HttpServletResponse response, @FormParam("username") String username, @FormParam("password") String password) throws IOException {
    Subject currentUser = SecurityUtils.getSubject();
    if (!currentUser.isAuthenticated()) {
        AuthenticationToken token = new UsernamePasswordToken(username, password);
        currentUser.login(token);
    }
    WebUtils.redirectToSavedRequest(request, response, "/app");
}

Example 50 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project graylog2-server by Graylog2.

the class ShiroSecurityContextFilter method createSecurityContext.

private SecurityContext createSecurityContext(String userName, String credential, boolean isSecure, String authcScheme, String host, String remoteAddr, MultivaluedMap<String, String> headers) {
    final AuthenticationToken authToken;
    if ("session".equalsIgnoreCase(credential)) {
        // we don't want to create a SessionIdToken in that case but fall back to looking at the headers instead
        if ("undefined".equalsIgnoreCase(userName)) {
            authToken = new HttpHeadersToken(headers, host, remoteAddr);
        } else {
            authToken = new SessionIdToken(userName, host);
        }
    } else if ("token".equalsIgnoreCase(credential)) {
        authToken = new AccessTokenAuthToken(userName, host);
    } else if (userName == null) {
        // without a username we default to using the header environment as potentially containing tokens used by plugins
        authToken = new HttpHeadersToken(headers, host, remoteAddr);
    } else {
        // otherwise we use the "standard" username/password combination
        authToken = new UsernamePasswordToken(userName, credential, host);
    }
    final Subject subject = new Subject.Builder(securityManager).host(host).sessionCreationEnabled(true).buildSubject();
    return new ShiroSecurityContext(subject, authToken, isSecure, authcScheme, headers);
}