use of org.apache.shiro.authc.UsernamePasswordToken in project shiro by apache.
the class QuickStart method run.
public void run() {
// get the current subject
Subject subject = SecurityUtils.getSubject();
// Subject is not authenticated yet
Assert.isTrue(!subject.isAuthenticated());
// login the subject with a username / password
UsernamePasswordToken token = new UsernamePasswordToken("joe.coder", "password");
subject.login(token);
// joe.coder has the "user" role
subject.checkRole("user");
// joe.coder does NOT have the admin role
Assert.isTrue(!subject.hasRole("admin"));
// joe.coder has the "read" permission
subject.checkPermission("read");
// current user is allowed to execute this method.
simpleService.readRestrictedCall();
try {
// but not this one!
simpleService.writeRestrictedCall();
} catch (AuthorizationException e) {
log.info("Subject was NOT allowed to execute method 'writeRestrictedCall'");
}
// logout
subject.logout();
Assert.isTrue(!subject.isAuthenticated());
}
use of org.apache.shiro.authc.UsernamePasswordToken in project shiro by apache.
the class SecurityController method login.
@RequestMapping(value = "/login", method = RequestMethod.POST)
public String login(Model model, @ModelAttribute LoginCommand command, BindingResult errors) {
loginValidator.validate(command, errors);
if (errors.hasErrors()) {
return showLoginForm(model, command);
}
UsernamePasswordToken token = new UsernamePasswordToken(command.getUsername(), command.getPassword(), command.isRememberMe());
try {
SecurityUtils.getSubject().login(token);
} catch (AuthenticationException e) {
errors.reject("error.login.generic", "Invalid username or password. Please try again.");
}
if (errors.hasErrors()) {
return showLoginForm(model, command);
} else {
return "redirect:/s/home";
}
}
use of org.apache.shiro.authc.UsernamePasswordToken in project shiro by apache.
the class JdbcRealm method doGetAuthenticationInfo.
/*--------------------------------------------
| M E T H O D S |
============================================*/
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
String username = upToken.getUsername();
// Null username is invalid
if (username == null) {
throw new AccountException("Null usernames are not allowed by this realm.");
}
Connection conn = null;
SimpleAuthenticationInfo info = null;
try {
conn = dataSource.getConnection();
String password = null;
String salt = null;
switch(saltStyle) {
case NO_SALT:
password = getPasswordForUser(conn, username)[0];
break;
case CRYPT:
// TODO: separate password and hash from getPasswordForUser[0]
throw new ConfigurationException("Not implemented yet");
// break;
case COLUMN:
String[] queryResults = getPasswordForUser(conn, username);
password = queryResults[0];
salt = queryResults[1];
break;
case EXTERNAL:
password = getPasswordForUser(conn, username)[0];
salt = getSaltForUser(username);
}
if (password == null) {
throw new UnknownAccountException("No account found for user [" + username + "]");
}
info = new SimpleAuthenticationInfo(username, password.toCharArray(), getName());
if (salt != null) {
info.setCredentialsSalt(ByteSource.Util.bytes(salt));
}
} catch (SQLException e) {
final String message = "There was a SQL error while authenticating user [" + username + "]";
if (log.isErrorEnabled()) {
log.error(message, e);
}
// Rethrow any SQL errors as an authentication exception
throw new AuthenticationException(message, e);
} finally {
JdbcUtils.closeConnection(conn);
}
return info;
}
use of org.apache.shiro.authc.UsernamePasswordToken in project shiro by apache.
the class DefaultSecurityManagerTest method testSubjectReuseAfterLogout.
/**
* Test that validates functionality for issue
* <a href="https://issues.apache.org/jira/browse/JSEC-22">JSEC-22</a>
*/
@Test
public void testSubjectReuseAfterLogout() {
Subject subject = SecurityUtils.getSubject();
AuthenticationToken token = new UsernamePasswordToken("guest", "guest");
subject.login(token);
assertTrue(subject.isAuthenticated());
assertTrue("guest".equals(subject.getPrincipal()));
assertTrue(subject.hasRole("guest"));
Session session = subject.getSession();
Serializable firstSessionId = session.getId();
session.setAttribute("key", "value");
assertEquals(session.getAttribute("key"), "value");
subject.logout();
assertNull(subject.getSession(false));
assertNull(subject.getPrincipal());
assertNull(subject.getPrincipals());
subject.login(new UsernamePasswordToken("lonestarr", "vespa"));
assertTrue(subject.isAuthenticated());
assertTrue("lonestarr".equals(subject.getPrincipal()));
assertTrue(subject.hasRole("goodguy"));
assertNotNull(subject.getSession());
assertFalse(firstSessionId.equals(subject.getSession().getId()));
subject.logout();
assertNull(subject.getSession(false));
assertNull(subject.getPrincipal());
assertNull(subject.getPrincipals());
}
use of org.apache.shiro.authc.UsernamePasswordToken in project shiro by apache.
the class VMSingletonDefaultSecurityManagerTest method testVMSingleton.
@Test
public void testVMSingleton() {
DefaultSecurityManager sm = new DefaultSecurityManager();
Ini ini = new Ini();
Ini.Section section = ini.addSection(IniRealm.USERS_SECTION_NAME);
section.put("guest", "guest");
sm.setRealm(new IniRealm(ini));
SecurityUtils.setSecurityManager(sm);
try {
Subject subject = SecurityUtils.getSubject();
AuthenticationToken token = new UsernamePasswordToken("guest", "guest");
subject.login(token);
subject.getSession().setAttribute("key", "value");
assertTrue(subject.getSession().getAttribute("key").equals("value"));
subject = SecurityUtils.getSubject();
assertTrue(subject.isAuthenticated());
assertTrue(subject.getSession().getAttribute("key").equals("value"));
} finally {
sm.destroy();
// SHIRO-270:
SecurityUtils.setSecurityManager(null);
}
}
Aggregations