Examples with UsernamePasswordToken org.apache.shiro.authc.UsernamePasswordToken used on opensource projects

Example 71 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project moon by gentoo111.

the class EhCacheTokenManager method getToken.

@Override
public UsernamePasswordToken getToken(String key) {
    Cache cache = cacheManager.getCacheManager().getCache("login_user_tokens");
    Element element = cache.get(key);
    if (element != null) {
        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) element.getValue();
        return usernamePasswordToken;
    }
    return null;
}

Example 72 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project Ganster-CMS by Gangster-trio.

the class LoginController method login.

@RequestMapping("/login")
public com.ganster.cms.auth.dto.Message login(Model model, HttpServletRequest request) {
    com.ganster.cms.auth.dto.Message message = new com.ganster.cms.auth.dto.Message();
    Subject subject = SecurityUtils.getSubject();
    logger.info(subject.getSession().toString());
    String username = request.getParameter("userName");
    String password = request.getParameter("password");
    logger.info("用户" + username + "进行登录");
    UsernamePasswordToken token = new UsernamePasswordToken(username, password);
    // token.setRememberMe(true);
    try {
        subject.login(token);
        subject.getSession().setAttribute("status", true);
        message.setCode(100);
        message.setMsg("ok");
    } catch (Exception e) {
        message.setCode(120);
        message.setMsg("抱歉，信息错误");
        return message;
    }
    return message;
}

Example 73 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project fruit-manage by liuzhaozhao.

the class LoginController method auth.

/**
 * 登录操作
 */
public void auth() {
    Object uid = getSessionAttr(Constant.SESSION_UID);
    if (uid != null) {
        renderJson(new DataResult<>(DataResult.CODE_SUCCESS, "登录成功"));
    }
    String userName = getPara("username");
    String password = StringUtils.isNotBlank(getPara("password")) ? HashKit.md5(getPara("password")) : getPara("password");
    Subject subject = SecurityUtils.getSubject();
    UsernamePasswordToken token = new UsernamePasswordToken(userName, password);
    try {
        subject.login(token);
        Session session = subject.getSession();
        session.setAttribute(Constant.SESSION_UID, User.dao.getUser(userName).getId());
        renderNull();
    } catch (Exception e) {
        if (StringUtils.isAllBlank(userName, password)) {
            renderLogin("身份认证失败");
        } else {
            renderErrorText("用户名或密码错误");
        }
    }
}

Example 74 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project cas by apereo.

the class ShiroAuthenticationHandler method authenticateUsernamePasswordInternal.

@Override
protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential transformedCredential, final String originalPassword) throws GeneralSecurityException {
    try {
        val token = new UsernamePasswordToken(transformedCredential.getUsername(), transformedCredential.getPassword());
        if (transformedCredential instanceof RememberMeUsernamePasswordCredential) {
            token.setRememberMe(RememberMeUsernamePasswordCredential.class.cast(transformedCredential).isRememberMe());
        }
        val currentUser = getCurrentExecutingSubject();
        currentUser.login(token);
        checkSubjectRolesAndPermissions(currentUser);
        val strategy = getPasswordPolicyHandlingStrategy();
        val messageList = new ArrayList<MessageDescriptor>();
        if (strategy != null) {
            LOGGER.debug("Attempting to examine and handle password policy via [{}]", strategy.getClass().getSimpleName());
            val principal = this.principalFactory.createPrincipal(token.getUsername());
            messageList.addAll(strategy.handle(principal, getPasswordPolicyConfiguration()));
        }
        return createAuthenticatedSubjectResult(transformedCredential, currentUser, messageList);
    } catch (final UnknownAccountException uae) {
        throw new AccountNotFoundException(uae.getMessage());
    } catch (final LockedAccountException | ExcessiveAttemptsException lae) {
        throw new AccountLockedException(lae.getMessage());
    } catch (final ExpiredCredentialsException eae) {
        throw new CredentialExpiredException(eae.getMessage());
    } catch (final DisabledAccountException eae) {
        throw new AccountDisabledException(eae.getMessage());
    } catch (final AuthenticationException ice) {
        throw new FailedLoginException(ice.getMessage());
    }
}

Example 75 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project spring-boot-starter-samples by vindell.

the class AuthzPrincipalRepositoryImpl method getAuthenticationInfo.

@Override
public AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    UsernamePasswordToken upToken = (UsernamePasswordToken) token;
    if (!StringUtils.hasText(upToken.getUsername()) || upToken.getPassword() == null) {
        throw new UnknownAccountException("Username or password is required.");
    }
    // 密码加密
    // Base64.encodeBase64String(new String(upToken.getPassword()).getBytes());
    String pwd = new String(upToken.getPassword());
    // 账号状态
    Map<String, String> statusMap = getAuthzLoginDao().getAccountStatus(upToken.getUsername(), pwd);
    // 账号不存在 或 用户名或密码不正确
    if ("0".equals(statusMap.get("num_1")) || "0".equals(statusMap.get("num_2"))) {
        throw new InvalidAccountException("Username or password is incorrect, please re-enter.");
    } else // 账号被禁用
    if ("0".equals(statusMap.get("num_4"))) {
        throw new DisabledAccountException("Account is disabled.");
    } else // 用户无所属角色
    if ("0".equals(statusMap.get("num_3"))) {
        throw new NoneRoleException();
    }
    // 用户主体对象
    AuthzLoginModel model = getAuthzLoginDao().getAccount(upToken.getUsername(), pwd);
    // 用户角色ID集合
    List<String> roles = getAuthzUserDao().getRoles(model.getUserid());
    model.setRoles(Sets.newHashSet(roles.iterator()));
    model.setRoleid(roles.get(0));
    // 用户权限标记集合
    Set<String> perms = Sets.newHashSet();
    for (String roleid : model.getRoles()) {
        perms.addAll(getAuthzRolePermsDao().getPermissions(roleid));
    }
    model.setPerms(perms);
    // 认证信息
    return new SimpleAuthenticationInfo(model, upToken.getPassword(), "login");
}