Search in sources :

Example 96 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project shiro by apache.

the class JDBCRealmTest method testSaltColumnWrongPassword.

@Test
public void testSaltColumnWrongPassword() throws Exception {
    String testMethodName = name.getMethodName();
    JdbcRealm realm = realmMap.get(testMethodName);
    createSaltColumnSchema(testMethodName);
    realm.setSaltStyle(JdbcRealm.SaltStyle.COLUMN);
    Subject.Builder builder = new Subject.Builder(securityManager);
    Subject currentUser = builder.buildSubject();
    UsernamePasswordToken token = new UsernamePasswordToken(username, "passwrd");
    try {
        currentUser.login(token);
    } catch (IncorrectCredentialsException ex) {
    // Expected
    }
}
Also used : IncorrectCredentialsException(org.apache.shiro.authc.IncorrectCredentialsException) Subject(org.apache.shiro.subject.Subject) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)

Example 97 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project shiro by apache.

the class SignupController method showSignupForm.

@RequestMapping(value = "/signup", method = RequestMethod.POST)
public String showSignupForm(Model model, @ModelAttribute SignupCommand command, BindingResult errors) {
    signupValidator.validate(command, errors);
    if (errors.hasErrors()) {
        return showSignupForm(model, command);
    }
    // Create the user
    userService.createUser(command.getUsername(), command.getEmail(), command.getPassword());
    // Login the newly created user
    SecurityUtils.getSubject().login(new UsernamePasswordToken(command.getUsername(), command.getPassword()));
    return "redirect:/s/home";
}
Also used : UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 98 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project shiro by apache.

the class BasicHttpFilterAuthenticationTest method createTokenNoAuthorizationHeader.

@Test
public void createTokenNoAuthorizationHeader() throws Exception {
    testFilter = new BasicHttpAuthenticationFilter();
    HttpServletRequest request = createMock(HttpServletRequest.class);
    expect(request.getHeader("Authorization")).andReturn(null);
    expect(request.getRemoteHost()).andReturn("localhost");
    HttpServletResponse response = createMock(HttpServletResponse.class);
    replay(request);
    replay(response);
    AuthenticationToken token = testFilter.createToken(request, response);
    assertNotNull(token);
    assertTrue("Token is not a username and password token.", token instanceof UsernamePasswordToken);
    assertEquals("", token.getPrincipal());
    verify(request);
    verify(response);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) AuthenticationToken(org.apache.shiro.authc.AuthenticationToken) HttpServletResponse(javax.servlet.http.HttpServletResponse) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) Test(org.junit.Test)

Example 99 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project shiro by apache.

the class BasicHttpFilterAuthenticationTest method createTokenColonInPassword.

@Test
public void createTokenColonInPassword() throws Exception {
    testFilter = new BasicHttpAuthenticationFilter();
    HttpServletRequest request = createMock(HttpServletRequest.class);
    expect(request.getHeader("Authorization")).andReturn(createAuthorizationHeader("pedro", "pass:word"));
    expect(request.getRemoteHost()).andReturn("localhost");
    HttpServletResponse response = createMock(HttpServletResponse.class);
    replay(request);
    replay(response);
    AuthenticationToken token = testFilter.createToken(request, response);
    assertNotNull(token);
    assertTrue("Token is not a username and password token.", token instanceof UsernamePasswordToken);
    UsernamePasswordToken upToken = (UsernamePasswordToken) token;
    assertEquals("pedro", upToken.getUsername());
    assertEquals("pass:word", new String(upToken.getPassword()));
    verify(request);
    verify(response);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) AuthenticationToken(org.apache.shiro.authc.AuthenticationToken) HttpServletResponse(javax.servlet.http.HttpServletResponse) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) Test(org.junit.Test)

Example 100 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project shiro by apache.

the class BasicHttpFilterAuthenticationTest method createTokenNoUsername.

@Test
public void createTokenNoUsername() throws Exception {
    testFilter = new BasicHttpAuthenticationFilter();
    HttpServletRequest request = createMock(HttpServletRequest.class);
    expect(request.getHeader("Authorization")).andReturn(createAuthorizationHeader("", ""));
    expect(request.getRemoteHost()).andReturn("localhost");
    HttpServletResponse response = createMock(HttpServletResponse.class);
    replay(request);
    replay(response);
    AuthenticationToken token = testFilter.createToken(request, response);
    assertNotNull(token);
    assertTrue("Token is not a username and password token.", token instanceof UsernamePasswordToken);
    assertEquals("", token.getPrincipal());
    verify(request);
    verify(response);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) AuthenticationToken(org.apache.shiro.authc.AuthenticationToken) HttpServletResponse(javax.servlet.http.HttpServletResponse) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) Test(org.junit.Test)

Aggregations

UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)118 Subject (org.apache.shiro.subject.Subject)52 Test (org.junit.Test)30 AuthenticationException (org.apache.shiro.authc.AuthenticationException)28 AuthenticationToken (org.apache.shiro.authc.AuthenticationToken)28 SimpleAuthenticationInfo (org.apache.shiro.authc.SimpleAuthenticationInfo)19 AuthenticationInfo (org.apache.shiro.authc.AuthenticationInfo)16 HttpServletRequest (javax.servlet.http.HttpServletRequest)11 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)11 Test (org.testng.annotations.Test)11 LockedAccountException (org.apache.shiro.authc.LockedAccountException)10 IncorrectCredentialsException (org.apache.shiro.authc.IncorrectCredentialsException)9 UnknownAccountException (org.apache.shiro.authc.UnknownAccountException)9 HttpServletResponse (javax.servlet.http.HttpServletResponse)8 DelegatingSubject (org.apache.shiro.subject.support.DelegatingSubject)7 Session (org.apache.shiro.session.Session)6 SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)6 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)6 DisabledAccountException (org.apache.shiro.authc.DisabledAccountException)4 AuthorizationInfo (org.apache.shiro.authz.AuthorizationInfo)4