@Override public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) { JwtToken jwtToken = (JwtToken) token; Object accountCredentials = getCredentials(info); if(jwtToken.getPassword()!=null){ Object tokenCredentials = MD5EncryptUtil.encrypt(String.valueOf( jwtToken.getPassword())+jwtToken.getUsername()); if(!accountCredentials.equals(tokenCredentials)){ throw new DisabledAccountException("密码不正确!"); } }else{ boolean verify = JwtUtil.verify(jwtToken.getToken(), jwtToken.getUsername(), accountCredentials.toString()); if(!verify){ throw new DisabledAccountException("verifyFail"); } } return true; }
public static boolean executeLogin(ServletRequest request){ HttpServletRequest httpServletRequest = (HttpServletRequest) request; String authorization = httpServletRequest.getHeader("Authorization"); if(authorization==null || "".equals(authorization.trim())){ throw RequestException.fail("未含授权标示,禁止访问"); } JwtToken token = new JwtToken(authorization,null,null); // 提交给realm进行登入,如果错误他会抛出异常并被捕获 Subject subject = SecurityUtils.getSubject(); try { subject.login(token); }catch (DisabledAccountException e){ if(e.getMessage().equals("verifyFail")){ throw new RequestException(ResponseCode.NOT_SING_IN.code,"身份已过期,请重新登录",e); } throw new RequestException(ResponseCode.SIGN_IN_INPUT_FAIL.code,e.getMessage(),e); }catch (Exception e){ e.printStackTrace(); throw new RequestException(ResponseCode.SIGN_IN_FAIL,e); } // 如果没有抛出异常则代表登入成功,返回true return true; }
@Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { log.info("Shiro权限验证执行"); JwtToken jwtToken = new JwtToken(); BeanUtils.copyProperties(principalCollection.getPrimaryPrincipal(),jwtToken); if(jwtToken.getUsername()!=null){ SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); SysUser findUser = userService.findUserByName(jwtToken.getUsername(),true); if(findUser!=null){ if(findUser.getRoles()!=null){ findUser.getRoles().forEach(role->{ info.addRole(role.getName()); if(role.getResources()!=null){ role.getResources().forEach(v->{ if(!"".equals(v.getPermission().trim())){ info.addStringPermission(v.getPermission()); } }); } }); } return info; } } throw new DisabledAccountException("用户信息异常,请重新登录!"); }
@Override public void signIn(SignInDTO signInDTO) { if( "".equals(signInDTO.getUsername()) || "".equals(signInDTO.getPassword()) ){ throw new RequestException(ResponseCode.SING_IN_INPUT_EMPTY); } JwtToken token = new JwtToken(null,signInDTO.getUsername(),signInDTO.getPassword()); Subject subject = SecurityUtils.getSubject(); try { subject.login(token); if(!subject.isAuthenticated()){ throw new RequestException(ResponseCode.SIGN_IN_INPUT_FAIL); } }catch (DisabledAccountException e){ throw new RequestException(ResponseCode.SIGN_IN_INPUT_FAIL.code,e.getMessage(),e); }catch (Exception e){ throw new RequestException(ResponseCode.SIGN_IN_FAIL,e); } }
@Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { JwtToken token = (JwtToken) authenticationToken; SysUser user; String username = token.getUsername()!=null ? token.getUsername() : JwtUtil.getUsername(token.getToken()); try { user = userService.selectOne(new EntityWrapper<SysUser>() .eq("username",username) .setSqlSelect("id,username,status,password")); }catch (RequestException e){ throw new DisabledAccountException(e.getMsg()); } if(user==null){ throw new DisabledAccountException("用户不存在!"); } if(user.getStatus()!=1){ throw new DisabledAccountException("用户账户已锁定,暂无法登陆!"); } if(token.getUsername()==null) token.setUsername(user.getUsername()); String sign = JwtUtil.sign(user.getId(), user.getUsername(), user.getPassword()); if(token.getToken()==null) token.setToken(sign); token.setUid(user.getId()); return new SimpleAuthenticationInfo(token,user.getPassword(),user.getId()); }
String errMsg = ElementsThreadLocals.getText("user._.is.not.active", userName); SessionMessages.addErrorMessage(errMsg); logger.warn("Login failed for '" + userName + "': " + e.getMessage()); } catch (IncorrectCredentialsException e) { String errMsg = ElementsThreadLocals.getText("login.failed.for.user._", userName);
@Override protected AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken token) { UsernamePasswordToken upToken = (UsernamePasswordToken) token; CUser user; try { user = configuration.readUser(upToken.getUsername()); } catch (UserNotFoundException e) { throw new AccountException("User '" + upToken.getUsername() + "' cannot be retrieved.", e); } if (user.getPassword() == null) { throw new AccountException("User '" + upToken.getUsername() + "' has no password, cannot authenticate."); } if (CUser.STATUS_ACTIVE.equals(user.getStatus())) { // Check for legacy user that has unsalted password hash // Update if unsalted password hash and valid credentials were specified if (hasLegacyPassword(user) && isValidCredentials(upToken, user)) { reHashPassword(user, new String(upToken.getPassword())); } return createAuthenticationInfo(user); } else if (CUser.STATUS_DISABLED.equals(user.getStatus())) { throw new DisabledAccountException("User '" + upToken.getUsername() + "' is disabled."); } else { throw new AccountException( "User '" + upToken.getUsername() + "' is in illegal status '" + user.getStatus() + "'."); } }
@Override protected final HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential transformedCredential) throws GeneralSecurityException, PreventedException { try { final RememberMeUsernamePasswordCredential credential = (RememberMeUsernamePasswordCredential) transformedCredential; final UsernamePasswordToken token = new UsernamePasswordToken(credential.getUsername(), this.getPasswordEncoder().encode(credential.getPassword())); token.setRememberMe(credential.isRememberMe()); final Subject currentUser = getCurrentExecutingSubject(); currentUser.login(token); checkSubjectRolesAndPermissions(currentUser); return createAuthenticatedSubjectResult(credential, currentUser); } catch (final UnknownAccountException uae) { throw new AccountNotFoundException(uae.getMessage()); } catch (final IncorrectCredentialsException ice) { throw new FailedLoginException(ice.getMessage()); } catch (final LockedAccountException lae) { throw new AccountLockedException(lae.getMessage()); } catch (final ExcessiveAttemptsException eae) { throw new AccountLockedException(eae.getMessage()); } catch (final ExpiredCredentialsException eae) { throw new CredentialExpiredException(eae.getMessage()); } catch (final DisabledAccountException eae) { throw new AccountDisabledException(eae.getMessage()); } catch (final AuthenticationException ae){ throw new FailedLoginException(ae.getMessage()); } }
throw new DisabledAccountException( "User '" + upToken.getUsername() + "' is disabled." );
throw new DisabledAccountException(); throw new DisabledAccountException(); throw new DisabledAccountException();
@Override protected boolean executeLogin(ServletRequest request, ServletResponse response) { AuthTypeUsernamePasswordToken token = (AuthTypeUsernamePasswordToken) createToken(request, response); Account account = null; try { String username = getUsername(request); account = accountService.findByUsername(token.getAuthType(), username); if (account != null) { //失败LOGON_FAILURE_LIMIT次,强制要求验证码验证 if (account.getLastFailureTimes() > LOGON_FAILURE_LIMIT) { CaptchaUtils.assetValidateCaptchaCode(request, captchaParam); } if (Boolean.FALSE.equals(account.getAccountNonLocked())) { throw new LockedAccountException("账号已锁定停用"); } LocalDate accountExpireDate = account.getAccountExpireDate(); if (accountExpireDate != null && accountExpireDate.isAfter(DateUtils.currentDateTime().toLocalDate())) { throw new DisabledAccountException("账号已到期停用"); } Subject subject = getSubject(request, response); subject.login(token); return onLoginSuccess(account, token, subject, request, response); } else { return onLoginFailure(account, token, new UnknownAccountException("登录账号或密码不正确"), request, response); } } catch (Exception e) { return onLoginFailure(account, token, new AuthenticationException("登录账号或密码不正确"), request, response); } }
throw new DisabledAccountException(); throw new DisabledAccountException(); throw new DisabledAccountException();
throw new DisabledAccountException();
throw new DisabledAccountException(); throw new DisabledAccountException();
throw new DisabledAccountException();
throw new DisabledAccountException(); throw new DisabledAccountException();
@Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authcToken; UserData user = cmsService.getUser(token.getUsername()); if (null == user) { throw new UnknownAccountException("用户不存在"); } if (user.getStatus() != null && user.getStatus() == 1) { throw new DisabledAccountException("用户被锁定"); } SecurityUtil.getSession().setAttribute(LoginUser.PWD_CHANGE_FLAG, user.getPwdChange()); LoginUser loginUser = new LoginUser(); loginUser.setUserId(user.getId()); loginUser.setUsername(user.getUsername()); loginUser.setNickName(user.getNickname()); return new SimpleAuthenticationInfo(loginUser, user.getPassword(), getName()); }
throw new DisabledAccountException( "User '" + user.name() + "' is suspended." );