Search in sources :

Example 11 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project tesla by linking12.

the class AbstractAuthorizeHandler method submitLogin.

protected boolean submitLogin() throws ServletException, IOException {
    if (isSubmitLogin()) {
        try {
            UsernamePasswordToken token = createUsernamePasswordToken();
            SecurityUtils.getSubject().login(token);
            LOG.debug("Submit login successful");
            this.userFirstLogged = true;
            return false;
        } catch (Exception ex) {
            LOG.debug("Login failed, back to login page too", ex);
            final HttpServletRequest request = oauthRequest.request();
            request.setAttribute("oauth_login_error", ex.getMessage());
            RequestDispatcher dispatcher = request.getRequestDispatcher(OAUTH_LOGIN_VIEW);
            dispatcher.forward(request, response);
            return true;
        }
    }
    return false;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletException(javax.servlet.ServletException) IOException(java.io.IOException) OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException) RequestDispatcher(javax.servlet.RequestDispatcher) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)

Example 12 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project tesla by linking12.

the class AbstractOauthTokenValidator method invalidUsernamePassword.

protected boolean invalidUsernamePassword() {
    final String username = tokenRequest.getUsername();
    String password = tokenRequest.getPassword();
    password = MD5Utils.encrypt(username, password);
    try {
        SecurityUtils.getSubject().login(new UsernamePasswordToken(username, password));
    } catch (Exception e) {
        LOG.debug("Login failed by username: " + username, e);
        return true;
    }
    return false;
}
Also used : OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)

Example 13 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project tesla by linking12.

the class LoginController method ajaxLogin.

@Log("登录")
@PostMapping("/login")
@ResponseBody
CommonResponse ajaxLogin(String username, String password) {
    password = MD5Utils.encrypt(username, password);
    UsernamePasswordToken token = new UsernamePasswordToken(username, password);
    Subject subject = SecurityUtils.getSubject();
    try {
        subject.login(token);
        return CommonResponse.ok();
    } catch (AuthenticationException e) {
        return CommonResponse.error("用户或密码错误");
    }
}
Also used : AuthenticationException(org.apache.shiro.authc.AuthenticationException) Subject(org.apache.shiro.subject.Subject) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) PostMapping(org.springframework.web.bind.annotation.PostMapping) Log(io.github.tesla.ops.common.Log) ResponseBody(org.springframework.web.bind.annotation.ResponseBody)

Example 14 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project mica2 by obiba.

the class SessionsResource method createSession.

@POST
@Path("/sessions")
public Response createSession(@SuppressWarnings("TypeMayBeWeakened") @Context HttpServletRequest servletRequest, @FormParam("username") String username, @FormParam("password") String password) {
    try {
        authenticationExecutor.login(new UsernamePasswordToken(username, password));
        String sessionId = SecurityUtils.getSubject().getSession().getId().toString();
        log.info("Successful session creation for user '{}' session ID is '{}'.", username, sessionId);
        return Response.created(UriBuilder.fromPath(JerseyConfiguration.WS_ROOT).path(SessionResource.class).build(sessionId)).build();
    } catch (AuthenticationException e) {
        log.info("Authentication failure of user '{}' at ip: '{}': {}", username, servletRequest.getRemoteAddr(), e.getMessage());
        // When a request contains credentials and they are invalid, the a 403 (Forbidden) should be returned.
        return Response.status(Response.Status.FORBIDDEN).cookie().build();
    }
}
Also used : AuthenticationException(org.apache.shiro.authc.AuthenticationException) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST)

Example 15 with UsernamePasswordToken

use of org.apache.shiro.authc.UsernamePasswordToken in project knox by apache.

the class KnoxPamRealmTest method testDoGetAuthenticationInfo.

@Test
public void testDoGetAuthenticationInfo() {
    KnoxPamRealm realm = new KnoxPamRealm();
    // pam settings being used: /etc/pam.d/sshd
    realm.setService("sshd");
    // use environment variables and skip the test if not set.
    String pamuser = System.getenv("PAMUSER");
    String pampass = System.getenv("PAMPASS");
    assumeTrue(pamuser != null);
    assumeTrue(pampass != null);
    // mock shiro auth token
    UsernamePasswordToken authToken = createMock(UsernamePasswordToken.class);
    expect(authToken.getUsername()).andReturn(pamuser);
    expect(authToken.getPassword()).andReturn(pampass.toCharArray());
    expect(authToken.getCredentials()).andReturn(pampass);
    replay(authToken);
    // login
    AuthenticationInfo authInfo = realm.doGetAuthenticationInfo(authToken);
    // verify success
    assertTrue(authInfo.getCredentials() != null);
}
Also used : AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) Test(org.junit.Test)

Aggregations

UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)114 Subject (org.apache.shiro.subject.Subject)50 Test (org.junit.Test)30 AuthenticationException (org.apache.shiro.authc.AuthenticationException)28 AuthenticationToken (org.apache.shiro.authc.AuthenticationToken)27 SimpleAuthenticationInfo (org.apache.shiro.authc.SimpleAuthenticationInfo)17 AuthenticationInfo (org.apache.shiro.authc.AuthenticationInfo)15 HttpServletRequest (javax.servlet.http.HttpServletRequest)11 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)11 Test (org.testng.annotations.Test)11 LockedAccountException (org.apache.shiro.authc.LockedAccountException)10 IncorrectCredentialsException (org.apache.shiro.authc.IncorrectCredentialsException)9 HttpServletResponse (javax.servlet.http.HttpServletResponse)8 UnknownAccountException (org.apache.shiro.authc.UnknownAccountException)7 DelegatingSubject (org.apache.shiro.subject.support.DelegatingSubject)7 Session (org.apache.shiro.session.Session)6 SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)6 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)6 AuthorizationInfo (org.apache.shiro.authz.AuthorizationInfo)4 AbstractQi4jTest (org.qi4j.test.AbstractQi4jTest)4