@Override public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) { JwtToken jwtToken = (JwtToken) token; Object accountCredentials = getCredentials(info); if(jwtToken.getPassword()!=null){ Object tokenCredentials = MD5EncryptUtil.encrypt(String.valueOf( jwtToken.getPassword())+jwtToken.getUsername()); if(!accountCredentials.equals(tokenCredentials)){ throw new DisabledAccountException("密码不正确!"); } }else{ boolean verify = JwtUtil.verify(jwtToken.getToken(), jwtToken.getUsername(), accountCredentials.toString()); if(!verify){ throw new DisabledAccountException("verifyFail"); } } return true; }
@Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { log.info("Shiro权限验证执行"); JwtToken jwtToken = new JwtToken(); BeanUtils.copyProperties(principalCollection.getPrimaryPrincipal(),jwtToken); if(jwtToken.getUsername()!=null){ SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); SysUser findUser = userService.findUserByName(jwtToken.getUsername(),true); if(findUser!=null){ if(findUser.getRoles()!=null){ findUser.getRoles().forEach(role->{ info.addRole(role.getName()); if(role.getResources()!=null){ role.getResources().forEach(v->{ if(!"".equals(v.getPermission().trim())){ info.addStringPermission(v.getPermission()); } }); } }); } return info; } } throw new DisabledAccountException("用户信息异常,请重新登录!"); }
@Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { JwtToken token = (JwtToken) authenticationToken; SysUser user; String username = token.getUsername()!=null ? token.getUsername() : JwtUtil.getUsername(token.getToken()); try { user = userService.selectOne(new EntityWrapper<SysUser>() .eq("username",username) .setSqlSelect("id,username,status,password")); }catch (RequestException e){ throw new DisabledAccountException(e.getMsg()); } if(user==null){ throw new DisabledAccountException("用户不存在!"); } if(user.getStatus()!=1){ throw new DisabledAccountException("用户账户已锁定,暂无法登陆!"); } if(token.getUsername()==null) token.setUsername(user.getUsername()); String sign = JwtUtil.sign(user.getId(), user.getUsername(), user.getPassword()); if(token.getToken()==null) token.setToken(sign); token.setUid(user.getId()); return new SimpleAuthenticationInfo(token,user.getPassword(),user.getId()); }
@Override protected AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken token) { UsernamePasswordToken upToken = (UsernamePasswordToken) token; CUser user; try { user = configuration.readUser(upToken.getUsername()); } catch (UserNotFoundException e) { throw new AccountException("User '" + upToken.getUsername() + "' cannot be retrieved.", e); } if (user.getPassword() == null) { throw new AccountException("User '" + upToken.getUsername() + "' has no password, cannot authenticate."); } if (CUser.STATUS_ACTIVE.equals(user.getStatus())) { // Check for legacy user that has unsalted password hash // Update if unsalted password hash and valid credentials were specified if (hasLegacyPassword(user) && isValidCredentials(upToken, user)) { reHashPassword(user, new String(upToken.getPassword())); } return createAuthenticationInfo(user); } else if (CUser.STATUS_DISABLED.equals(user.getStatus())) { throw new DisabledAccountException("User '" + upToken.getUsername() + "' is disabled."); } else { throw new AccountException( "User '" + upToken.getUsername() + "' is in illegal status '" + user.getStatus() + "'."); } }
throw new DisabledAccountException( "User '" + upToken.getUsername() + "' is disabled." );
throw new DisabledAccountException(); throw new DisabledAccountException(); throw new DisabledAccountException();
@Override protected boolean executeLogin(ServletRequest request, ServletResponse response) { AuthTypeUsernamePasswordToken token = (AuthTypeUsernamePasswordToken) createToken(request, response); Account account = null; try { String username = getUsername(request); account = accountService.findByUsername(token.getAuthType(), username); if (account != null) { //失败LOGON_FAILURE_LIMIT次,强制要求验证码验证 if (account.getLastFailureTimes() > LOGON_FAILURE_LIMIT) { CaptchaUtils.assetValidateCaptchaCode(request, captchaParam); } if (Boolean.FALSE.equals(account.getAccountNonLocked())) { throw new LockedAccountException("账号已锁定停用"); } LocalDate accountExpireDate = account.getAccountExpireDate(); if (accountExpireDate != null && accountExpireDate.isAfter(DateUtils.currentDateTime().toLocalDate())) { throw new DisabledAccountException("账号已到期停用"); } Subject subject = getSubject(request, response); subject.login(token); return onLoginSuccess(account, token, subject, request, response); } else { return onLoginFailure(account, token, new UnknownAccountException("登录账号或密码不正确"), request, response); } } catch (Exception e) { return onLoginFailure(account, token, new AuthenticationException("登录账号或密码不正确"), request, response); } }
throw new DisabledAccountException(); throw new DisabledAccountException(); throw new DisabledAccountException();
throw new DisabledAccountException();
throw new DisabledAccountException(); throw new DisabledAccountException();
throw new DisabledAccountException();
throw new DisabledAccountException(); throw new DisabledAccountException();
@Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authcToken; UserData user = cmsService.getUser(token.getUsername()); if (null == user) { throw new UnknownAccountException("用户不存在"); } if (user.getStatus() != null && user.getStatus() == 1) { throw new DisabledAccountException("用户被锁定"); } SecurityUtil.getSession().setAttribute(LoginUser.PWD_CHANGE_FLAG, user.getPwdChange()); LoginUser loginUser = new LoginUser(); loginUser.setUserId(user.getId()); loginUser.setUsername(user.getUsername()); loginUser.setNickName(user.getNickname()); return new SimpleAuthenticationInfo(loginUser, user.getPassword(), getName()); }
throw new DisabledAccountException( "User '" + user.name() + "' is suspended." );