Examples with UsernamePasswordToken org.apache.shiro.authc.UsernamePasswordToken used on opensource projects

Example 81 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project Workload by amoxu.

the class UserController method login.

// 登录表单处理
@RequestMapping(value = "/login", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE + ";charset=utf-8")
@ResponseBody
public String login(User user) throws Exception {
    // Shiro实现登录
    Subject currentUser = SecurityUtils.getSubject();
    Session session = currentUser.getSession();
    if (session.getAttribute("rand") == null || !session.getAttribute("rand").toString().equalsIgnoreCase(user.getMail())) {
        return "{\"status\":1,\"msg\":\"请重新输入验证码！\"}";
    }
    System.out.println(user.getUser() + " " + user.getPassword());
    String psw = ToolKit.psw2pwd(user.getPassword());
    UsernamePasswordToken token = new UsernamePasswordToken(user.getUser(), psw);
    Subject subject = SecurityUtils.getSubject();
    // 如果获取不到用户名就是登录失败，但登录失败的话，会直接抛出异常
    subject.login(token);
    if (subject.hasRole("教师")) {
        return "{\"status\":0,\"msg\":\"/teacher/myzone.html\"}";
    } else if (subject.hasRole("超级管理员")) {
        return "{\"status\":0,\"msg\":\"../index.html\"}";
    }
    return "{\"status\":1,\"msg\":\"/author.html\"}";
}

Example 82 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project springBoot-learn-demo by nbfujx.

the class LoginControllerImpl method ajaxLogin.

/**
 * 登录方法
 * @param name
 * @param password
 * @return
 */
@RequestMapping(value = "/login", method = RequestMethod.POST)
@ResponseBody
public String ajaxLogin(String name, String password) {
    JSONObject jsonObject = new JSONObject();
    Subject subject = SecurityUtils.getSubject();
    String passwordmd5 = new Md5Hash(password, "2").toString();
    UsernamePasswordToken token = new UsernamePasswordToken(name, passwordmd5);
    try {
        subject.login(token);
        jsonObject.put("token", subject.getSession().getId());
        jsonObject.put("msg", "登录成功");
    } catch (IncorrectCredentialsException e) {
        jsonObject.put("msg", "密码错误");
    } catch (AuthenticationException e) {
        jsonObject.put("msg", "该用户不存在");
    } catch (Exception e) {
        e.printStackTrace();
    }
    return jsonObject.toString();
}

Example 83 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project killbill by killbill.

the class TestKillBillJdbcRealm method testCustomPermissionsAcrossRealms.

@Test(groups = "slow")
public void testCustomPermissionsAcrossRealms() throws Exception {
    final String role = "writer_off";
    final ImmutableList<String> rolePermissions = ImmutableList.<String>of(Permission.INVOICE_CAN_DELETE_CBA.toString(), /* Built-in permission */
    "invoice:write_off", /* Built-in group but custom value */
    "acme:kb_dev");
    securityApi.addRoleDefinition(role, rolePermissions, callContext);
    validateUserRoles(securityApi.getRoleDefinition(role, callContext), rolePermissions);
    final List<String> roleDefinitions = securityApi.getRoleDefinition(role, callContext);
    Assert.assertEqualsNoOrder(roleDefinitions.toArray(), rolePermissions.toArray());
    final String username = "tester";
    final String password = "tester";
    securityApi.addUserRoles(username, password, ImmutableList.<String>of(role), callContext);
    final AuthenticationToken goodToken = new UsernamePasswordToken(username, password);
    final Subject subject = securityManager.login(null, goodToken);
    try {
        ThreadContext.bind(subject);
        // JDBC Realm
        subject.checkPermission(Permission.INVOICE_CAN_DELETE_CBA.toString());
        subject.checkPermission("invoice:write_off");
        subject.checkPermission("acme:kb_dev");
        // Shiro Realm
        subject.checkPermission("invoice:credit");
        subject.checkPermission("customx:customy");
        try {
            subject.checkPermission("acme:kb_deployer");
            Assert.fail("Subject should not have rights to deploy Kill Bill");
        } catch (final AuthorizationException e) {
        }
        final Set<String> permissions = securityApi.getCurrentUserPermissions(callContext);
        final Set<String> expectedPermissions = new HashSet<String>(rolePermissions);
        expectedPermissions.add("invoice:credit");
        expectedPermissions.add("customx:customy");
        Assert.assertEquals(permissions, expectedPermissions);
    } finally {
        ThreadContext.unbindSubject();
        subject.logout();
    }
}

Example 84 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project killbill by killbill.

the class TestKillBillJdbcRealm method testUpdateRoleDefinition.

@Test(groups = "slow")
public void testUpdateRoleDefinition() throws SecurityApiException {
    final String username = "siskiyou";
    final String password = "siskiyou33";
    securityApi.addRoleDefinition("original", ImmutableList.of("account:*", "invoice", "tag:create_tag_definition"), callContext);
    securityApi.addUserRoles(username, password, ImmutableList.of("restricted"), callContext);
    final AuthenticationToken goodToken = new UsernamePasswordToken(username, password);
    final List<String> roleDefinition = securityApi.getRoleDefinition("original", callContext);
    Assert.assertEquals(roleDefinition.size(), 3);
    Assert.assertTrue(roleDefinition.contains("account:*"));
    Assert.assertTrue(roleDefinition.contains("invoice:*"));
    Assert.assertTrue(roleDefinition.contains("tag:create_tag_definition"));
    securityApi.updateRoleDefinition("original", ImmutableList.of("account:*", "payment", "tag:create_tag_definition", "entitlement:create"), callContext);
    final List<String> updatedRoleDefinition = securityApi.getRoleDefinition("original", callContext);
    Assert.assertEquals(updatedRoleDefinition.size(), 4);
    Assert.assertTrue(updatedRoleDefinition.contains("account:*"));
    Assert.assertTrue(updatedRoleDefinition.contains("payment:*"));
    Assert.assertTrue(updatedRoleDefinition.contains("tag:create_tag_definition"));
    Assert.assertTrue(updatedRoleDefinition.contains("entitlement:create"));
    securityApi.updateRoleDefinition("original", ImmutableList.<String>of(), callContext);
    Assert.assertEquals(securityApi.getRoleDefinition("original", callContext).size(), 0);
}

Example 85 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project killbill by killbill.

the class TestKillBillOktaRealm method testCheckOktaConnection.

@Test(groups = "external", enabled = false)
public void testCheckOktaConnection() throws Exception {
    // Convenience method to verify your Okta connectivity
    final Properties props = new Properties();
    props.setProperty("org.killbill.security.okta.url", "https://dev-XXXXXX.oktapreview.com");
    props.setProperty("org.killbill.security.okta.apiToken", "YYYYYY");
    props.setProperty("org.killbill.security.okta.permissionsByGroup", "support-group: entitlement:*\n" + "finance-group: invoice:*, payment:*\n" + "ops-group: *:*");
    final ConfigSource customConfigSource = new SimplePropertyConfigSource(props);
    final SecurityConfig securityConfig = new ConfigurationObjectFactory(customConfigSource).build(SecurityConfig.class);
    final KillBillOktaRealm oktaRealm = new KillBillOktaRealm(securityConfig);
    final String username = "pierre";
    final String password = "password";
    // Check authentication
    final UsernamePasswordToken token = new UsernamePasswordToken(username, password);
    final AuthenticationInfo authenticationInfo = oktaRealm.getAuthenticationInfo(token);
    System.out.println(authenticationInfo);
    // Check permissions
    final SimplePrincipalCollection principals = new SimplePrincipalCollection(username, username);
    final AuthorizationInfo authorizationInfo = oktaRealm.doGetAuthorizationInfo(principals);
    System.out.println("Roles: " + authorizationInfo.getRoles());
    System.out.println("Permissions: " + authorizationInfo.getStringPermissions());
}