use of org.apache.shiro.authc.UsernamePasswordToken in project ssm_shiro_blog by Mandelo.
the class MainController method login.
/**
* 登录功能
*
* @param user
* @param model
* @return
*/
@RequestMapping(value = "/user/login", method = RequestMethod.POST)
public String login(User user, HttpSession session, Model model) {
UsernamePasswordToken token = new UsernamePasswordToken(user.getUsername(), user.getPassword());
Subject subject = SecurityUtils.getSubject();
subject.login(token);
User loginUser = userService.selectByUsername(user.getUsername());
session.setAttribute("loginUser", loginUser);
return "/loginSuccess";
}
use of org.apache.shiro.authc.UsernamePasswordToken in project knox by apache.
the class KnoxPamRealmTest method testDoGetAuthenticationInfo.
@Test
public void testDoGetAuthenticationInfo() {
KnoxPamRealm realm = new KnoxPamRealm();
// pam settings being used: /etc/pam.d/sshd
realm.setService("sshd");
// use environment variables and skip the test if not set.
String pamuser = System.getenv("PAMUSER");
String pampass = System.getenv("PAMPASS");
assumeTrue(pamuser != null);
assumeTrue(pampass != null);
// mock shiro auth token
UsernamePasswordToken authToken = createMock(UsernamePasswordToken.class);
expect(authToken.getUsername()).andReturn(pamuser);
expect(authToken.getPassword()).andReturn(pampass.toCharArray());
expect(authToken.getCredentials()).andReturn(pampass);
replay(authToken);
// login
AuthenticationInfo authInfo = realm.doGetAuthenticationInfo(authToken);
// verify success
assertNotNull(authInfo.getCredentials());
}
use of org.apache.shiro.authc.UsernamePasswordToken in project mage by magefree.
the class AuthorizedUser method doCredentialsMatch.
public boolean doCredentialsMatch(String name, String password) {
HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(this.hashAlgorithm);
matcher.setHashIterations(this.hashIterations);
AuthenticationToken token = new UsernamePasswordToken(name, password);
AuthenticationInfo info = new SimpleAuthenticationInfo(this.name, ByteSource.Util.bytes(Base64.decode(this.password)), ByteSource.Util.bytes(Base64.decode(this.salt)), "");
return matcher.doCredentialsMatch(token, info);
}
use of org.apache.shiro.authc.UsernamePasswordToken in project graylog2-server by Graylog2.
the class LdapUserAuthenticator method doGetAuthenticationInfo.
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authtoken) throws AuthenticationException {
// safe, we only handle this type
final UsernamePasswordToken token = (UsernamePasswordToken) authtoken;
final LdapSettings ldapSettings = ldapSettingsService.load();
if (ldapSettings == null || !ldapSettings.isEnabled()) {
LOG.trace("LDAP is disabled, skipping");
return null;
}
final LdapConnectionConfig config = new LdapConnectionConfig();
config.setLdapHost(ldapSettings.getUri().getHost());
config.setLdapPort(ldapSettings.getUri().getPort());
config.setUseSsl(ldapSettings.getUri().getScheme().startsWith("ldaps"));
config.setUseTls(ldapSettings.isUseStartTls());
if (ldapSettings.isTrustAllCertificates()) {
config.setTrustManagers(new TrustAllX509TrustManager());
}
config.setName(ldapSettings.getSystemUserName());
config.setCredentials(ldapSettings.getSystemPassword());
final String principal = (String) token.getPrincipal();
final char[] tokenPassword = firstNonNull(token.getPassword(), new char[0]);
final String password = String.valueOf(tokenPassword);
// do not try to look a token up in LDAP if there is no principal or password
if (isNullOrEmpty(principal) || isNullOrEmpty(password)) {
LOG.debug("Principal or password were empty. Not trying to look up a token in LDAP.");
return null;
}
try (final LdapNetworkConnection connection = ldapConnector.connect(config)) {
if (null == connection) {
LOG.error("Couldn't connect to LDAP directory");
return null;
}
final LdapEntry userEntry = ldapConnector.search(connection, ldapSettings.getSearchBase(), ldapSettings.getSearchPattern(), ldapSettings.getDisplayNameAttribute(), principal, ldapSettings.isActiveDirectory(), ldapSettings.getGroupSearchBase(), ldapSettings.getGroupIdAttribute(), ldapSettings.getGroupSearchPattern());
if (userEntry == null) {
LOG.debug("User {} not found in LDAP", principal);
return null;
}
// needs to use the DN of the entry, not the parameter for the lookup filter we used to find the entry!
final boolean authenticated = ldapConnector.authenticate(connection, userEntry.getDn(), password);
if (!authenticated) {
LOG.info("Invalid credentials for user {} (DN {})", principal, userEntry.getDn());
return null;
}
// user found and authenticated, sync the user entry with mongodb
final User user = syncFromLdapEntry(userEntry, ldapSettings, principal);
if (user == null) {
// in case there was an error reading, creating or modifying the user in mongodb, we do not authenticate the user.
LOG.error("Unable to sync LDAP user {} (DN {})", userEntry.getBindPrincipal(), userEntry.getDn());
return null;
}
return new SimpleAccount(principal, null, "ldap realm");
} catch (LdapException e) {
LOG.error("LDAP error", e);
} catch (CursorException e) {
LOG.error("Unable to read LDAP entry", e);
} catch (Exception e) {
LOG.error("Error during LDAP user account sync. Cannot log in user {}", principal, e);
}
// Return null by default to ensure a login failure if anything goes wrong.
return null;
}
use of org.apache.shiro.authc.UsernamePasswordToken in project graylog2-server by Graylog2.
the class LdapUserAuthenticatorTest method testDoGetAuthenticationInfoDeniesEmptyPassword.
@Test
public void testDoGetAuthenticationInfoDeniesEmptyPassword() throws Exception {
final LdapUserAuthenticator authenticator = new LdapUserAuthenticator(ldapConnector, ldapSettingsService, userService, mock(RoleService.class), DateTimeZone.UTC);
when(ldapSettingsService.load()).thenReturn(ldapSettings);
assertThat(authenticator.doGetAuthenticationInfo(new UsernamePasswordToken("john", (char[]) null))).isNull();
assertThat(authenticator.doGetAuthenticationInfo(new UsernamePasswordToken("john", new char[0]))).isNull();
}
Aggregations