protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { AuthenticationInfo info; try { info = queryForAuthenticationInfo(token, ensureContextFactory()); } catch (javax.naming.AuthenticationException e) { throw new AuthenticationException("LDAP authentication failed.", e); } catch (NamingException e) { String msg = "LDAP naming error while attempting to authenticate user."; throw new AuthenticationException(msg, e); } return info; }
private boolean isAuthenticated(final Response oktaRawResponse) { try { final Map oktaResponse = mapper.readValue(oktaRawResponse.getResponseBodyAsStream(), Map.class); if ("SUCCESS".equals(oktaResponse.get("status"))) { return true; } else { log.warn("Okta authentication failed: " + oktaResponse); return false; } } catch (final IOException e) { log.warn("Unable to read response from Okta"); throw new AuthenticationException(e); } }
/** * Ensures that the <code>aggregate</code> method argument is not <code>null</code> and * <code>aggregate.{@link org.apache.shiro.authc.AuthenticationInfo#getPrincipals() getPrincipals()}</code> * is not <code>null</code>, and if either is <code>null</code>, throws an AuthenticationException to indicate * that none of the realms authenticated successfully. */ public AuthenticationInfo afterAllAttempts(AuthenticationToken token, AuthenticationInfo aggregate) throws AuthenticationException { //we know if one or more were able to successfully authenticate if the aggregated account object does not //contain null or empty data: if (aggregate == null || isEmpty(aggregate.getPrincipals())) { throw new AuthenticationException("Authentication token of type [" + token.getClass() + "] " + "could not be authenticated by any configured realms. Please ensure that at least one realm can " + "authenticate these tokens."); } return aggregate; } }
/** * Delegates to {@link #queryForAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken, LdapContextFactory)}, * wrapping any {@link NamingException}s in a Shiro {@link AuthenticationException} to satisfy the parent method * signature. * * @param token the authentication token containing the user's principal and credentials. * @return the {@link AuthenticationInfo} acquired after a successful authentication attempt * @throws AuthenticationException if the authentication attempt fails or if a * {@link NamingException} occurs. */ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { AuthenticationInfo info; try { info = queryForAuthenticationInfo(token, getContextFactory()); } catch (AuthenticationNotSupportedException e) { String msg = "Unsupported configured authentication mechanism"; throw new UnsupportedAuthenticationMechanismException(msg, e); } catch (javax.naming.AuthenticationException e) { throw new AuthenticationException("LDAP authentication failed.", e); } catch (NamingException e) { String msg = "LDAP naming error while attempting to authenticate user."; throw new AuthenticationException(msg, e); } return info; }
throw new AuthenticationException("More than one user row found for user [" + username + "]. Usernames must be unique.");
getClass().getName() + " implementation requires all configured realm(s) to operate successfully " + "for a successful authentication."; throw new AuthenticationException(msg, t);
String msg = "No account information found for authentication token [" + token + "] by this " + "Authenticator instance. Please check that it is configured correctly."; throw new AuthenticationException(msg); ae = new AuthenticationException(msg, t); if (log.isWarnEnabled()) log.warn(msg, t);
/** * Asserts that the submitted {@code AuthenticationToken}'s credentials match the stored account * {@code AuthenticationInfo}'s credentials, and if not, throws an {@link AuthenticationException}. * * @param token the submitted authentication token * @param info the AuthenticationInfo corresponding to the given {@code token} * @throws AuthenticationException if the token's credentials do not match the stored account credentials. */ protected void assertCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) throws AuthenticationException { CredentialsMatcher cm = getCredentialsMatcher(); if (cm != null) { if (!cm.doCredentialsMatch(token, info)) { //not successful - throw an exception to indicate this: String msg = "Submitted credentials for token [" + token + "] did not match the expected credentials."; throw new IncorrectCredentialsException(msg); } } else { throw new AuthenticationException("A CredentialsMatcher must be configured in order to verify " + "credentials during authentication. If you do not wish for credentials to be examined, you " + "can configure an " + AllowAllCredentialsMatcher.class.getName() + " instance."); } }
@Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { //没有视图的直接跳过过滤器 if (modelAndView == null || modelAndView.getViewName() == null) { return; } //视图结尾不是html的直接跳过 if (!modelAndView.getViewName().endsWith("html")) { return; } ShiroUser user = ShiroKit.getUser(); if (user == null) { throw new AuthenticationException("当前没有登录账号!"); } else { modelAndView.addObject("menus", user.getMenus()); modelAndView.addObject("name", user.getName()); modelAndView.addObject("avatar", DefaultImages.defaultAvatarUrl()); modelAndView.addObject("email", user.getEmail()); } } }
} catch (final JsonProcessingException e) { log.warn("Error while generating Okta payload"); throw new AuthenticationException(e); } catch (final TimeoutException toe) { log.warn("Timeout while connecting to Okta"); throw new AuthenticationException(toe); } catch (final Exception e) { log.warn("Error while connecting to Okta"); throw new AuthenticationException(e);
@Override protected AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken token) throws AuthenticationException { final UsernamePasswordToken upToken = (UsernamePasswordToken) token; if (doAuthenticate(upToken)) { // Credentials are valid return new SimpleAuthenticationInfo(token.getPrincipal(), token.getCredentials(), getName()); } else { throw new AuthenticationException("Okta authentication failed"); } }
throw new AuthenticationException( "Unactivated identity" ); throw new AuthenticationException( "Disabled identity" ); throw new AuthenticationException( "Unable to authenticate" );
throw new AuthenticationException(message, e); } finally { JdbcUtils.closeConnection(conn);
@Test public void notifyFailureAfterDoAuthenticateThrowsAuthenticationException() { AuthenticationListener mockListener = createMock(AuthenticationListener.class); AuthenticationToken token = newToken(); final AuthenticationException ae = new AuthenticationException("dummy exception to test notification"); abstractAuthenticator = new AbstractAuthenticator() { protected AuthenticationInfo doAuthenticate(AuthenticationToken token) throws AuthenticationException { throw ae; } }; abstractAuthenticator.getAuthenticationListeners().add(mockListener); mockListener.onFailure(token, ae); replay(mockListener); boolean exceptionThrown = false; try { abstractAuthenticator.authenticate(token); } catch (AuthenticationException e) { exceptionThrown = true; assertEquals(e, ae); } verify(mockListener); if (!exceptionThrown) { fail("An AuthenticationException should have been thrown during the notifyFailure test case."); } }
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { AuthenticationInfo info; try { info = queryForAuthenticationInfo(token, ensureContextFactory()); } catch (javax.naming.AuthenticationException e) { throw new AuthenticationException("LDAP authentication failed.", e); } catch (NamingException e) { String msg = "LDAP naming error while attempting to authenticate user."; throw new AuthenticationException(msg, e); } return info; }
/** * Ensures that the <code>aggregate</code> method argument is not <code>null</code> and * <code>aggregate.{@link org.apache.shiro.authc.AuthenticationInfo#getPrincipals() getPrincipals()}</code> * is not <code>null</code>, and if either is <code>null</code>, throws an AuthenticationException to indicate * that none of the realms authenticated successfully. */ public AuthenticationInfo afterAllAttempts(AuthenticationToken token, AuthenticationInfo aggregate) throws AuthenticationException { //we know if one or more were able to successfully authenticate if the aggregated account object does not //contain null or empty data: if (aggregate == null || isEmpty(aggregate.getPrincipals())) { throw new AuthenticationException("Authentication token of type [" + token.getClass() + "] " + "could not be authenticated by any configured realms. Please ensure that at least one realm can " + "authenticate these tokens."); } return aggregate; } }
/** * Delegates to {@link #queryForAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken, LdapContextFactory)}, * wrapping any {@link NamingException}s in a Shiro {@link AuthenticationException} to satisfy the parent method * signature. * * @param token the authentication token containing the user's principal and credentials. * @return the {@link AuthenticationInfo} acquired after a successful authentication attempt * @throws AuthenticationException if the authentication attempt fails or if a * {@link NamingException} occurs. */ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { AuthenticationInfo info; try { info = queryForAuthenticationInfo(token, getContextFactory()); } catch (AuthenticationNotSupportedException e) { String msg = "Unsupported configured authentication mechanism"; throw new UnsupportedAuthenticationMechanismException(msg, e); } catch (javax.naming.AuthenticationException e) { throw new AuthenticationException("LDAP authentication failed.", e); } catch (NamingException e) { String msg = "LDAP naming error while attempting to authenticate user."; throw new AuthenticationException(msg, e); } return info; }
/** * 默认使用此方法进行用户名正确与否验证,错误抛出异常即可。 */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken auth) throws AuthenticationException { String token = (String) auth.getCredentials(); // 解密获得username,用于和数据库进行对比 String username = JWTUtil.getUsername(token); if (username == null) { throw new AuthenticationException("token invalid"); } UserBean userBean = userService.getUser(username); if (userBean == null) { throw new AuthenticationException("User didn't existed!"); } if (! JWTUtil.verify(token, username, userBean.getPassword())) { throw new AuthenticationException("Username or password error"); } return new SimpleAuthenticationInfo(token, token, "my_realm"); } }
/** * Asserts that the submitted {@code AuthenticationToken}'s credentials match the stored account * {@code AuthenticationInfo}'s credentials, and if not, throws an {@link AuthenticationException}. * * @param token the submitted authentication token * @param info the AuthenticationInfo corresponding to the given {@code token} * @throws AuthenticationException if the token's credentials do not match the stored account credentials. */ protected void assertCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) throws AuthenticationException { CredentialsMatcher cm = getCredentialsMatcher(); if (cm != null) { if (!cm.doCredentialsMatch(token, info)) { //not successful - throw an exception to indicate this: String msg = "Submitted credentials for token [" + token + "] did not match the expected credentials."; throw new IncorrectCredentialsException(msg); } } else { throw new AuthenticationException("A CredentialsMatcher must be configured in order to verify " + "credentials during authentication. If you do not wish for credentials to be examined, you " + "can configure an " + AllowAllCredentialsMatcher.class.getName() + " instance."); } }
/** * 用户认证 * * @param authcToken 含登录名密码的信息 * @return 认证信息 */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) { if (authcToken == null) throw new AuthenticationException("parameter token is null"); UsernamePasswordToken token = (UsernamePasswordToken) authcToken; // 校验用户名密码 String password=String.copyValueOf(token.getPassword()); User user= userService.getUserByLoginName(token.getUsername()); if (user!=null) { if(!password.equals(user.getPassword())&& isNeedPassword()){ throw new IncorrectCredentialsException(); } //这样前端页面可取到数据 SecurityUtils.getSubject().getSession().setAttribute("user",user); SecurityUtils.getSubject().getSession().setAttribute("userId",user.getId()); // 注意此处的返回值没有使用加盐方式,如需要加盐,可以在密码参数上加 return new SimpleAuthenticationInfo(user.getId(), token.getPassword(), token.getUsername()); } throw new UnknownAccountException(); }