/** * Returns {@code info}.{@link org.apache.shiro.authc.AuthenticationInfo#getPrincipals() getPrincipals()} and * ignores the {@link Subject} argument. * * @param subject the subject for which the principals are being remembered. * @param info the authentication info resulting from the successful authentication attempt. * @return the {@code PrincipalCollection} to remember. */ protected PrincipalCollection getIdentityToRemember(Subject subject, AuthenticationInfo info) { return info.getPrincipals(); }
if (info == null || info.getPrincipals() == null || info.getPrincipals().isEmpty()) { return; this.principals = info.getPrincipals(); } else { if (!(this.principals instanceof MutablePrincipalCollection)) { this.principals = new SimplePrincipalCollection(this.principals); ((MutablePrincipalCollection) this.principals).addAll(info.getPrincipals()); Object otherCredentials = info.getCredentials();
/** * Returns the {@code account}'s credentials. * <p/> * <p>This default implementation merely returns * {@link AuthenticationInfo#getCredentials() account.getCredentials()} and exists as a template hook if subclasses * wish to obtain the credentials in a different way or convert them to a different format before * returning. * * @param info the {@code AuthenticationInfo} stored in the data store to be compared against the submitted authentication * token's credentials. * @return the {@code account}'s associated credentials. */ protected Object getCredentials(AuthenticationInfo info) { return info.getCredentials(); }
protected Object getStoredPassword(AuthenticationInfo storedAccountInfo) { Object stored = storedAccountInfo != null ? storedAccountInfo.getCredentials() : null; //fix for https://issues.apache.org/jira/browse/SHIRO-363 if (stored instanceof char[]) { stored = new String((char[])stored); } return stored; }
/** * Returns the specified {@code aggregate} instance if is non null and valid (that is, has principals and they are * not empty) immediately, or, if it is null or not valid, the {@code info} argument is returned instead. * <p/> * This logic ensures that the first valid info encountered is the one retained and all subsequent ones are ignored, * since this strategy mandates that only the info from the first successfully authenticated realm be used. */ protected AuthenticationInfo merge(AuthenticationInfo info, AuthenticationInfo aggregate) { if (aggregate != null && !isEmpty(aggregate.getPrincipals())) { return aggregate; } return info != null ? info : aggregate; } }
if (info == null || info.getPrincipals() == null || info.getPrincipals().isEmpty()) { return; this.principals = info.getPrincipals(); } else { if (!(this.principals instanceof MutablePrincipalCollection)) { this.principals = new SimplePrincipalCollection(this.principals); ((MutablePrincipalCollection) this.principals).addAll(info.getPrincipals()); Object otherCredentials = info.getCredentials();
Object credentials = info.getCredentials();
/** * Ensures that the <code>aggregate</code> method argument is not <code>null</code> and * <code>aggregate.{@link org.apache.shiro.authc.AuthenticationInfo#getPrincipals() getPrincipals()}</code> * is not <code>null</code>, and if either is <code>null</code>, throws an AuthenticationException to indicate * that none of the realms authenticated successfully. */ public AuthenticationInfo afterAllAttempts(AuthenticationToken token, AuthenticationInfo aggregate) throws AuthenticationException { //we know if one or more were able to successfully authenticate if the aggregated account object does not //contain null or empty data: if (aggregate == null || isEmpty(aggregate.getPrincipals())) { throw new AuthenticationException("Authentication token of type [" + token.getClass() + "] " + "could not be authenticated by any configured realms. Please ensure that at least one realm can " + "authenticate these tokens."); } return aggregate; } }
if (info == null || info.getPrincipals() == null || info.getPrincipals().isEmpty()) { return; this.principals = info.getPrincipals(); } else { if (!(this.principals instanceof MutablePrincipalCollection)) { this.principals = new SimplePrincipalCollection(this.principals); ((MutablePrincipalCollection) this.principals).addAll(info.getPrincipals()); Object otherCredentials = info.getCredentials();
/** * Returns the {@code account}'s credentials. * <p/> * <p>This default implementation merely returns * {@link AuthenticationInfo#getCredentials() account.getCredentials()} and exists as a template hook if subclasses * wish to obtain the credentials in a different way or convert them to a different format before * returning. * * @param info the {@code AuthenticationInfo} stored in the data store to be compared against the submitted authentication * token's credentials. * @return the {@code account}'s associated credentials. */ protected Object getCredentials(AuthenticationInfo info) { return info.getCredentials(); }
@Test public void testDefaultConfig() { AuthenticationInfo info = realm.getAuthenticationInfo(new UsernamePasswordToken(USERNAME, PASSWORD, localhost)); assertNotNull(info); assertTrue(realm.hasRole(info.getPrincipals(), ROLE)); Object principal = info.getPrincipals().getPrimaryPrincipal(); assertTrue(principal instanceof UserIdPrincipal); UsernamePrincipal usernamePrincipal = info.getPrincipals().oneByType(UsernamePrincipal.class); assertTrue(usernamePrincipal.getUsername().equals(USERNAME)); UserIdPrincipal userIdPrincipal = info.getPrincipals().oneByType(UserIdPrincipal.class); assertTrue(userIdPrincipal.getUserId() == USER_ID); String stringPrincipal = info.getPrincipals().oneByType(String.class); assertTrue(stringPrincipal.equals(USER_ID + USERNAME)); }
@Override public boolean doCredentialsMatch(AuthenticationToken authenticationToken, AuthenticationInfo authenticationInfo) { return authenticationToken.getPrincipal().toString().equals(authenticationInfo.getPrincipals().getPrimaryPrincipal().toString()) && authenticationToken.getCredentials().toString().equals(authenticationInfo.getCredentials().toString()); } }
protected Object getStoredPassword(AuthenticationInfo storedAccountInfo) { Object stored = storedAccountInfo != null ? storedAccountInfo.getCredentials() : null; //fix for https://issues.apache.org/jira/browse/SHIRO-363 if (stored instanceof char[]) { stored = new String((char[])stored); } return stored; }
/** * Returns {@code info}.{@link org.apache.shiro.authc.AuthenticationInfo#getPrincipals() getPrincipals()} and * ignores the {@link Subject} argument. * * @param subject the subject for which the principals are being remembered. * @param info the authentication info resulting from the successful authentication attempt. * @return the {@code PrincipalCollection} to remember. */ protected PrincipalCollection getIdentityToRemember(Subject subject, AuthenticationInfo info) { return info.getPrincipals(); }
if (info == null || info.getPrincipals() == null || info.getPrincipals().isEmpty()) { return; this.principals = info.getPrincipals(); } else { if (!(this.principals instanceof MutablePrincipalCollection)) { this.principals = new SimplePrincipalCollection(this.principals); ((MutablePrincipalCollection) this.principals).addAll(info.getPrincipals()); Object otherCredentials = info.getCredentials();
@Override public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) { // 大坑!!!!!!!!!!!!!!!!!!! // 明明token跟info两个对象的里的Credentials类型都是Object,断点看到的类型都是 char[] // 但是!!!!! token里转成String要先强转成 char[] // 而info里取Credentials就可以直接使用 String.valueOf() 转成String // 醉了。。 String rawPassword = String.valueOf((char[]) token.getCredentials()); String encodedPassword = String.valueOf(info.getCredentials()); return new BCryptPasswordEncoder().matches(rawPassword, encodedPassword); } }
public PrincipalCollection resolvePrincipals() { PrincipalCollection principals = getPrincipals(); if (isEmpty(principals)) { //check to see if they were just authenticated: AuthenticationInfo info = getAuthenticationInfo(); if (info != null) { principals = info.getPrincipals(); } } if (isEmpty(principals)) { Subject subject = getSubject(); if (subject != null) { principals = subject.getPrincipals(); } } if (isEmpty(principals)) { //try the session: Session session = resolveSession(); if (session != null) { principals = (PrincipalCollection) session.getAttribute(PRINCIPALS_SESSION_KEY); } } return principals; }
@Override public boolean doCredentialsMatch(AuthenticationToken authenticationToken, AuthenticationInfo authenticationInfo) { String token = (String) authenticationToken.getCredentials(); Object stored = authenticationInfo.getCredentials(); String salt = stored.toString(); UserDto user = (UserDto)authenticationInfo.getPrincipals().getPrimaryPrincipal(); try { Algorithm algorithm = Algorithm.HMAC256(salt); JWTVerifier verifier = JWT.require(algorithm) .withClaim("username", user.getUsername()) .build(); verifier.verify(token); return true; } catch (UnsupportedEncodingException | JWTVerificationException e) { log.error("Token Error:{}", e.getMessage()); } return false; }
Object credentials = info.getCredentials();
@Test public void testCreateAccountOverride() { AuthorizingRealm realm = new AllowAllRealm() { @Override protected AuthenticationInfo buildAuthenticationInfo(Object principal, Object credentials) { String username = (String) principal; UsernamePrincipal customPrincipal = new UsernamePrincipal(username); return new SimpleAccount(customPrincipal, credentials, getName()); } }; AuthenticationInfo info = realm.getAuthenticationInfo(new UsernamePasswordToken(USERNAME, PASSWORD, localhost)); assertNotNull(info); assertTrue(realm.hasRole(info.getPrincipals(), ROLE)); Object principal = info.getPrincipals().getPrimaryPrincipal(); assertTrue(principal instanceof UsernamePrincipal); assertEquals(USERNAME, ((UsernamePrincipal) principal).getUsername()); }