Search in sources :

Example 56 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project ssm_shiro_blog by Mandelo.

the class MainController method login.

/**
 * 登录功能
 *
 * @param user
 * @param model
 * @return
 */
@RequestMapping(value = "/user/login", method = RequestMethod.POST)
public String login(User user, HttpSession session, Model model) {
    UsernamePasswordToken token = new UsernamePasswordToken(user.getUsername(), user.getPassword());
    Subject subject = SecurityUtils.getSubject();
    subject.login(token);
    User loginUser = userService.selectByUsername(user.getUsername());
    session.setAttribute("loginUser", loginUser);
    return "/loginSuccess";
}
Also used : User(com.luoxiao.model.User) Subject(org.apache.shiro.subject.Subject) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 57 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project knox by apache.

the class KnoxPamRealmTest method testDoGetAuthenticationInfo.

@Test
public void testDoGetAuthenticationInfo() {
    KnoxPamRealm realm = new KnoxPamRealm();
    // pam settings being used: /etc/pam.d/sshd
    realm.setService("sshd");
    // use environment variables and skip the test if not set.
    String pamuser = System.getenv("PAMUSER");
    String pampass = System.getenv("PAMPASS");
    assumeTrue(pamuser != null);
    assumeTrue(pampass != null);
    // mock shiro auth token
    UsernamePasswordToken authToken = createMock(UsernamePasswordToken.class);
    expect(authToken.getUsername()).andReturn(pamuser);
    expect(authToken.getPassword()).andReturn(pampass.toCharArray());
    expect(authToken.getCredentials()).andReturn(pampass);
    replay(authToken);
    // login
    AuthenticationInfo authInfo = realm.doGetAuthenticationInfo(authToken);
    // verify success
    assertNotNull(authInfo.getCredentials());
}
Also used : AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) Test(org.junit.Test)

Example 58 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project mage by magefree.

the class AuthorizedUser method doCredentialsMatch.

public boolean doCredentialsMatch(String name, String password) {
    HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(this.hashAlgorithm);
    matcher.setHashIterations(this.hashIterations);
    AuthenticationToken token = new UsernamePasswordToken(name, password);
    AuthenticationInfo info = new SimpleAuthenticationInfo(this.name, ByteSource.Util.bytes(Base64.decode(this.password)), ByteSource.Util.bytes(Base64.decode(this.salt)), "");
    return matcher.doCredentialsMatch(token, info);
}
Also used : AuthenticationToken(org.apache.shiro.authc.AuthenticationToken) SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo) HashedCredentialsMatcher(org.apache.shiro.authc.credential.HashedCredentialsMatcher) AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo) SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)

Example 59 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project graylog2-server by Graylog2.

the class LdapUserAuthenticator method doGetAuthenticationInfo.

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authtoken) throws AuthenticationException {
    // safe, we only handle this type
    final UsernamePasswordToken token = (UsernamePasswordToken) authtoken;
    final LdapSettings ldapSettings = ldapSettingsService.load();
    if (ldapSettings == null || !ldapSettings.isEnabled()) {
        LOG.trace("LDAP is disabled, skipping");
        return null;
    }
    final LdapConnectionConfig config = new LdapConnectionConfig();
    config.setLdapHost(ldapSettings.getUri().getHost());
    config.setLdapPort(ldapSettings.getUri().getPort());
    config.setUseSsl(ldapSettings.getUri().getScheme().startsWith("ldaps"));
    config.setUseTls(ldapSettings.isUseStartTls());
    if (ldapSettings.isTrustAllCertificates()) {
        config.setTrustManagers(new TrustAllX509TrustManager());
    }
    config.setName(ldapSettings.getSystemUserName());
    config.setCredentials(ldapSettings.getSystemPassword());
    final String principal = (String) token.getPrincipal();
    final char[] tokenPassword = firstNonNull(token.getPassword(), new char[0]);
    final String password = String.valueOf(tokenPassword);
    // do not try to look a token up in LDAP if there is no principal or password
    if (isNullOrEmpty(principal) || isNullOrEmpty(password)) {
        LOG.debug("Principal or password were empty. Not trying to look up a token in LDAP.");
        return null;
    }
    try (final LdapNetworkConnection connection = ldapConnector.connect(config)) {
        if (null == connection) {
            LOG.error("Couldn't connect to LDAP directory");
            return null;
        }
        final LdapEntry userEntry = ldapConnector.search(connection, ldapSettings.getSearchBase(), ldapSettings.getSearchPattern(), ldapSettings.getDisplayNameAttribute(), principal, ldapSettings.isActiveDirectory(), ldapSettings.getGroupSearchBase(), ldapSettings.getGroupIdAttribute(), ldapSettings.getGroupSearchPattern());
        if (userEntry == null) {
            LOG.debug("User {} not found in LDAP", principal);
            return null;
        }
        // needs to use the DN of the entry, not the parameter for the lookup filter we used to find the entry!
        final boolean authenticated = ldapConnector.authenticate(connection, userEntry.getDn(), password);
        if (!authenticated) {
            LOG.info("Invalid credentials for user {} (DN {})", principal, userEntry.getDn());
            return null;
        }
        // user found and authenticated, sync the user entry with mongodb
        final User user = syncFromLdapEntry(userEntry, ldapSettings, principal);
        if (user == null) {
            // in case there was an error reading, creating or modifying the user in mongodb, we do not authenticate the user.
            LOG.error("Unable to sync LDAP user {} (DN {})", userEntry.getBindPrincipal(), userEntry.getDn());
            return null;
        }
        return new SimpleAccount(principal, null, "ldap realm");
    } catch (LdapException e) {
        LOG.error("LDAP error", e);
    } catch (CursorException e) {
        LOG.error("Unable to read LDAP entry", e);
    } catch (Exception e) {
        LOG.error("Error during LDAP user account sync. Cannot log in user {}", principal, e);
    }
    // Return null by default to ensure a login failure if anything goes wrong.
    return null;
}
Also used : SimpleAccount(org.apache.shiro.authc.SimpleAccount) User(org.graylog2.plugin.database.users.User) LdapConnectionConfig(org.apache.directory.ldap.client.api.LdapConnectionConfig) LdapEntry(org.graylog2.shared.security.ldap.LdapEntry) LdapNetworkConnection(org.apache.directory.ldap.client.api.LdapNetworkConnection) TrustAllX509TrustManager(org.graylog2.security.TrustAllX509TrustManager) CursorException(org.apache.directory.api.ldap.model.cursor.CursorException) NotFoundException(org.graylog2.database.NotFoundException) AuthenticationException(org.apache.shiro.authc.AuthenticationException) ValidationException(org.graylog2.plugin.database.ValidationException) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) CursorException(org.apache.directory.api.ldap.model.cursor.CursorException) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) LdapSettings(org.graylog2.shared.security.ldap.LdapSettings)

Example 60 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project graylog2-server by Graylog2.

the class LdapUserAuthenticatorTest method testDoGetAuthenticationInfoDeniesEmptyPassword.

@Test
public void testDoGetAuthenticationInfoDeniesEmptyPassword() throws Exception {
    final LdapUserAuthenticator authenticator = new LdapUserAuthenticator(ldapConnector, ldapSettingsService, userService, mock(RoleService.class), DateTimeZone.UTC);
    when(ldapSettingsService.load()).thenReturn(ldapSettings);
    assertThat(authenticator.doGetAuthenticationInfo(new UsernamePasswordToken("john", (char[]) null))).isNull();
    assertThat(authenticator.doGetAuthenticationInfo(new UsernamePasswordToken("john", new char[0]))).isNull();
}
Also used : RoleService(org.graylog2.users.RoleService) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) Test(org.junit.Test)

Aggregations

UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)118 Subject (org.apache.shiro.subject.Subject)52 Test (org.junit.Test)30 AuthenticationException (org.apache.shiro.authc.AuthenticationException)28 AuthenticationToken (org.apache.shiro.authc.AuthenticationToken)28 SimpleAuthenticationInfo (org.apache.shiro.authc.SimpleAuthenticationInfo)19 AuthenticationInfo (org.apache.shiro.authc.AuthenticationInfo)16 HttpServletRequest (javax.servlet.http.HttpServletRequest)11 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)11 Test (org.testng.annotations.Test)11 LockedAccountException (org.apache.shiro.authc.LockedAccountException)10 IncorrectCredentialsException (org.apache.shiro.authc.IncorrectCredentialsException)9 UnknownAccountException (org.apache.shiro.authc.UnknownAccountException)9 HttpServletResponse (javax.servlet.http.HttpServletResponse)8 DelegatingSubject (org.apache.shiro.subject.support.DelegatingSubject)7 Session (org.apache.shiro.session.Session)6 SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)6 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)6 DisabledAccountException (org.apache.shiro.authc.DisabledAccountException)4 AuthorizationInfo (org.apache.shiro.authz.AuthorizationInfo)4