Example 11 with RememberMeUsernamePasswordCredential
use of org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential in project cas by apereo.
the class ShiroAuthenticationHandler method authenticateUsernamePasswordInternal.
@Override
protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential transformedCredential, final String originalPassword) throws GeneralSecurityException {
try {
val token = new UsernamePasswordToken(transformedCredential.getUsername(), transformedCredential.getPassword());
if (transformedCredential instanceof RememberMeUsernamePasswordCredential) {
token.setRememberMe(RememberMeUsernamePasswordCredential.class.cast(transformedCredential).isRememberMe());
}
val currentUser = getCurrentExecutingSubject();
currentUser.login(token);
checkSubjectRolesAndPermissions(currentUser);
val strategy = getPasswordPolicyHandlingStrategy();
val messageList = new ArrayList<MessageDescriptor>();
if (strategy != null) {
LOGGER.debug("Attempting to examine and handle password policy via [{}]", strategy.getClass().getSimpleName());
val principal = this.principalFactory.createPrincipal(token.getUsername());
messageList.addAll(strategy.handle(principal, getPasswordPolicyConfiguration()));
}
return createAuthenticatedSubjectResult(transformedCredential, currentUser, messageList);
} catch (final UnknownAccountException uae) {
throw new AccountNotFoundException(uae.getMessage());
} catch (final LockedAccountException | ExcessiveAttemptsException lae) {
throw new AccountLockedException(lae.getMessage());
} catch (final ExpiredCredentialsException eae) {
throw new CredentialExpiredException(eae.getMessage());
} catch (final DisabledAccountException eae) {
throw new AccountDisabledException(eae.getMessage());
} catch (final AuthenticationException ice) {
throw new FailedLoginException(ice.getMessage());
}
}
Also used :
lombok.val(lombok.val)
DisabledAccountException(org.apache.shiro.authc.DisabledAccountException)
AccountLockedException(javax.security.auth.login.AccountLockedException)
AuthenticationException(org.apache.shiro.authc.AuthenticationException)
UnknownAccountException(org.apache.shiro.authc.UnknownAccountException)
ArrayList(java.util.ArrayList)
ExcessiveAttemptsException(org.apache.shiro.authc.ExcessiveAttemptsException)
ExpiredCredentialsException(org.apache.shiro.authc.ExpiredCredentialsException)
UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)
FailedLoginException(javax.security.auth.login.FailedLoginException)
AccountNotFoundException(javax.security.auth.login.AccountNotFoundException)
CredentialExpiredException(javax.security.auth.login.CredentialExpiredException)
RememberMeUsernamePasswordCredential(org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential)
LockedAccountException(org.apache.shiro.authc.LockedAccountException)
AccountDisabledException(org.apereo.cas.authentication.exceptions.AccountDisabledException)
Example 12 with RememberMeUsernamePasswordCredential
use of org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential in project cas by apereo.
the class ShiroAuthenticationHandlerTests method checkAuthenticationSuccessfulRolesAndPermissions.
@Test
public void checkAuthenticationSuccessfulRolesAndPermissions() throws Exception {
val shiro = new ShiroAuthenticationHandler(StringUtils.EMPTY, null, PrincipalFactoryUtils.newPrincipalFactory(), Collections.singleton("admin"), Collections.singleton("superuser:deleteAll"));
shiro.loadShiroConfiguration(new ClassPathResource("shiro.ini"));
val creds = new RememberMeUsernamePasswordCredential();
creds.setRememberMe(true);
creds.setUsername("casuser");
creds.setPassword("Mellon");
assertNotNull(shiro.authenticate(creds));
}
Also used :
lombok.val(lombok.val)
ClassPathResource(org.springframework.core.io.ClassPathResource)
RememberMeUsernamePasswordCredential(org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential)
Test(org.junit.jupiter.api.Test)
Aggregations
lombok.val (lombok.val)12
RememberMeUsernamePasswordCredential (org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential)12
Test (org.junit.jupiter.api.Test)11
RememberMeAuthenticationProperties (org.apereo.cas.configuration.model.core.ticket.RememberMeAuthenticationProperties)5
ClassPathResource (org.springframework.core.io.ClassPathResource)4
ClientInfo (org.apereo.inspektr.common.web.ClientInfo)3
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)3
ArrayList (java.util.ArrayList)1
AccountLockedException (javax.security.auth.login.AccountLockedException)1
AccountNotFoundException (javax.security.auth.login.AccountNotFoundException)1
CredentialExpiredException (javax.security.auth.login.CredentialExpiredException)1
FailedLoginException (javax.security.auth.login.FailedLoginException)1
AuthenticationException (org.apache.shiro.authc.AuthenticationException)1
DisabledAccountException (org.apache.shiro.authc.DisabledAccountException)1
ExcessiveAttemptsException (org.apache.shiro.authc.ExcessiveAttemptsException)1
ExpiredCredentialsException (org.apache.shiro.authc.ExpiredCredentialsException)1
LockedAccountException (org.apache.shiro.authc.LockedAccountException)1
UnknownAccountException (org.apache.shiro.authc.UnknownAccountException)1
UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)1
AccountDisabledException (org.apereo.cas.authentication.exceptions.AccountDisabledException)1
