Java Code Examples for org.apache.shiro.authc.AuthenticationToken#getPrincipal()

The following examples show how to use org.apache.shiro.authc.AuthenticationToken#getPrincipal() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: MyShiroRealm.java    From DouBiNovel with Apache License 2.0 6 votes vote down vote up
@Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
            throws AuthenticationException {
//        System.out.println("com.cn.lucky.morning.model.web.shiro.MyShiroRealm.doGetAuthenticationInfo()");
        //获取用户的输入的账号.
        String account = (String)token.getPrincipal();
//        System.out.println(token.getCredentials());
        //通过username从数据库中查找 User对象,如果找到,没找到.
        //实际项目中,这里可以根据实际情况做缓存,如果不做,Shiro自己也是有时间间隔机制,2分钟内不会重复执行该方法
        User userInfo = userInfoService.getByPhoneOrCodeOrEmail(account);
//        System.out.println("----->>userInfo="+ JSON.toJSONString(userInfo));
        if(userInfo == null){
            return null;
        }
        SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
                userInfo, //用户名
                userInfo.getPassword(), //密码
                ByteSource.Util.bytes(userInfo.getCode()+"salt"),//salt=username+salt
                getName()  //realm name
        );
        return authenticationInfo;
    }
 
Example 2
Source File: ShiroRealm.java    From SpringAll with MIT License 6 votes vote down vote up
/**
 * 登录认证
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
	String userName = (String) token.getPrincipal();
	String password = new String((char[]) token.getCredentials());

	System.out.println("用户" + userName + "认证-----ShiroRealm.doGetAuthenticationInfo");
	User user = userMapper.findByUserName(userName);

	if (user == null) {
		throw new UnknownAccountException("用户名或密码错误!");
	}
	if (!password.equals(user.getPassword())) {
		throw new IncorrectCredentialsException("用户名或密码错误!");
	}
	if (user.getStatus().equals("0")) {
		throw new LockedAccountException("账号已被锁定,请联系管理员!");
	}
	SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password, getName());
	return info;
}
 
Example 3
Source File: AuthRealm.java    From spring-boot-demo with MIT License 6 votes vote down vote up
/**
 * 认证(主要是用来进行身份认证的,也就是说验证用户输入的账号和密码是否正确)
 *
 * @param token
 * @return
 * @throws AuthenticationException
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    log.info("调用认证方法");
    //获取用户的输入的账号.
    String username = (String) token.getPrincipal();
    if (username == null) {
        throw new AuthenticationException("账号名为空,登录失败!");
    }

    log.info("credentials:" + token.getCredentials());
    UserInfo userInfo = userInfoService.findByUsername(username);
    if (userInfo == null) {
        throw new AuthenticationException("不存在的账号,登录失败!");
    }

    SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
            userInfo,                                               //用户
            userInfo.getPassword(),                                 //密码
            ByteSource.Util.bytes(userInfo.getCredentialsSalt()),   //加盐后的密码
            getName()                                               //指定当前 Realm 的类名
    );
    return authenticationInfo;
}
 
Example 4
Source File: OAuth2Realm.java    From kitty with GNU Lesser General Public License v3.0 6 votes vote down vote up
/**
 * 认证(登录时调用)
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
    String token = (String) authenticationToken.getPrincipal();
    // 根据accessToken,查询用户token信息
    SysUserToken sysUserToken = sysUserTokenService.findByToken(token);
    if(sysUserToken == null || sysUserToken.getExpireTime().getTime() < System.currentTimeMillis()){
    	// token已经失效
        throw new IncorrectCredentialsException("token失效,请重新登录");
    }
    // 查询用户信息
    SysUser user = sysUserService.findById(sysUserToken.getUserId());
    // 账号被锁定
    if(user.getStatus() == 0){
        throw new LockedAccountException("账号已被锁定,请联系管理员");
    }
    SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, token, getName());
    return info;
}
 
Example 5
Source File: ShiroRealm.java    From SpringAll with MIT License 6 votes vote down vote up
/**
 * 登录认证
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
	String userName = (String) token.getPrincipal();
	String password = new String((char[]) token.getCredentials());

	System.out.println("用户" + userName + "认证-----ShiroRealm.doGetAuthenticationInfo");
	User user = userMapper.findByUserName(userName);

	if (user == null) {
		throw new UnknownAccountException("用户名或密码错误!");
	}
	if (!password.equals(user.getPassword())) {
		throw new IncorrectCredentialsException("用户名或密码错误!");
	}
	if (user.getStatus().equals("0")) {
		throw new LockedAccountException("账号已被锁定,请联系管理员!");
	}
	SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password, getName());
	return info;
}
 
Example 6
Source File: CommonShiroRealm.java    From taoshop with Apache License 2.0 6 votes vote down vote up
/**
	 * 登录信息和用户验证信息验证(non-Javadoc)
	 * @see org.apache.shiro.realm.AuthenticatingRealm#doGetAuthenticationInfo(AuthenticationToken)
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

		 String username = (String)token.getPrincipal();  				//得到用户名 
	     String password = new String((char[])token.getCredentials()); 	//得到密码
	     
//	     User user = userService.findByUsername(username);

	     /**检测是否有此用户 **/
//	     if(user == null){
//	    	 throw new UnknownAccountException();//没有找到账号异常
//	     }
	     /**检验账号是否被锁定 **/
//	     if(Boolean.TRUE.equals(user.getLocked())){
//	    	 throw new LockedAccountException();//抛出账号锁定异常
//	     }
	     /**AuthenticatingRealm使用CredentialsMatcher进行密码匹配**/
	     if(null != username && null != password){
	    	 return new SimpleAuthenticationInfo(username, password, getName());
	     }else{
	    	 return null;
	     }
	     
	}
 
Example 7
Source File: ShiroRealm.java    From SpringAll with MIT License 6 votes vote down vote up
/**
 * 登录认证
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
	String userName = (String) token.getPrincipal();
	String password = new String((char[]) token.getCredentials());

	System.out.println("用户" + userName + "认证-----ShiroRealm.doGetAuthenticationInfo");
	User user = userMapper.findByUserName(userName);

	if (user == null) {
		throw new UnknownAccountException("用户名或密码错误!");
	}
	if (!password.equals(user.getPassword())) {
		throw new IncorrectCredentialsException("用户名或密码错误!");
	}
	if (user.getStatus().equals("0")) {
		throw new LockedAccountException("账号已被锁定,请联系管理员!");
	}
	SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password, getName());
	return info;
}
 
Example 8
Source File: MyShiroRealm.java    From EasyReport with Apache License 2.0 6 votes vote down vote up
@Override
protected AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken token)
    throws AuthenticationException {
    final String account = (String)token.getPrincipal();
    final User user = this.membershipFacade.getUser(account);

    if (user == null) {
        throw new UnknownAccountException();
    }
    if (user.getStatus() == 0) {
        throw new LockedAccountException();
    }

    // 交给AuthenticatingRealm使用CredentialsMatcher进行密码匹配
    return new SimpleAuthenticationInfo(
        user.getAccount(), user.getPassword(),
        ByteSource.Util.bytes(user.getCredentialsSalt()),
        getName());
}
 
Example 9
Source File: NexusBasicHttpAuthenticationFilter.java    From nexus-public with Eclipse Public License 1.0 6 votes vote down vote up
@Override
protected boolean onLoginSuccess(AuthenticationToken token,
                                 Subject subject,
                                 ServletRequest request,
                                 ServletResponse response)
    throws Exception
{
  if (request instanceof HttpServletRequest) {
    // Prefer the subject principal over the token's, as these could be different for token-based auth
    Object principal = subject.getPrincipal();
    if (principal == null) {
      principal = token.getPrincipal();
    }
    String userId = principal.toString();

    // Attach principal+userId to request so we can use that in the request-log
    request.setAttribute(ATTR_USER_PRINCIPAL, principal);
    request.setAttribute(ATTR_USER_ID, userId);
  }
  return super.onLoginSuccess(token, subject, request, response);
}
 
Example 10
Source File: ShiroRealm.java    From SpringAll with MIT License 6 votes vote down vote up
/**
 * 登录认证
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
	String userName = (String) token.getPrincipal();
	String password = new String((char[]) token.getCredentials());

	System.out.println("用户" + userName + "认证-----ShiroRealm.doGetAuthenticationInfo");
	User user = userMapper.findByUserName(userName);

	if (user == null) {
		throw new UnknownAccountException("用户名或密码错误!");
	}
	if (!password.equals(user.getPassword())) {
		throw new IncorrectCredentialsException("用户名或密码错误!");
	}
	if (user.getStatus().equals("0")) {
		throw new LockedAccountException("账号已被锁定,请联系管理员!");
	}
	SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password, getName());
	return info;
}
 
Example 11
Source File: ShiroService.java    From VideoMeeting with Apache License 2.0 6 votes vote down vote up
@Override
protected void assertCredentialsMatch(AuthenticationToken token,
		AuthenticationInfo info) throws AuthenticationException {
	// 如果验证出错,super会抛出异常
	super.assertCredentialsMatch(token, info);
	// 验证通过,走下面,删除旧的subject,不删好像也没事
	// 删除其他设备上的这个用户的session
	// 人多了效率有点危险
	String username = (String) token.getPrincipal();
	if (token == null || username == null)
		return;
	if (SecurityUtils.getSubject() != null) {
		SecurityUtils.getSubject().logout();
		Collection<Session> sessions = sessionDAO.getActiveSessions();
		for (Session session : sessions) {
			if (username.equals(session.getAttribute("username"))) {
				session.stop();
			}
		}
	}
}
 
Example 12
Source File: CustomRealm.java    From Student-Homework-Management-System with MIT License 5 votes vote down vote up
/**
 * 认证
 *
 * @param token {@link AuthenticationToken}
 * @return {@link AuthenticationInfo}
 * @throws AuthenticationException AuthenticationException
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    String username = (String) token.getPrincipal();
    String password = userService.getPasswd(username);
    User user = userService.getUserEntity(username);
    return new SimpleAuthenticationInfo(user, password, "customrealm");
}
 
Example 13
Source File: ShiroRealm.java    From JavaWeb with Apache License 2.0 5 votes vote down vote up
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
	String username = (String)token.getPrincipal();  				//得到用户名 
    String password = new String((char[])token.getCredentials()); 	//得到密码
    if(null != username && null != password){
    	return new SimpleAuthenticationInfo(username, password, getName());
    }else{
    	return null;
    }
}
 
Example 14
Source File: UsernamePasswordRealm.java    From jsets-shiro-spring-boot-starter with Apache License 2.0 5 votes vote down vote up
/**
 * 认证
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

	if (!(token instanceof UsernamePasswordToken)) return null;// 只认证UsernamePasswordToken
	if(Objects.isNull(token.getPrincipal())||Objects.isNull(token.getCredentials()))
		throw new AuthenticationException(this.properties.getMsgAccountPasswordEmpty());
	String account = (String) token.getPrincipal();
	String password = String.valueOf((char[]) token.getCredentials());
	String encrypted = ShiroUtils.password(password);
	Account accountEntity = this.accountProvider.loadAccount(account);
	if (Objects.isNull(accountEntity)) {
		throw new AuthenticationException(this.properties.getMsgAccountNotExist());
	}
	Boolean match = Boolean.TRUE;
	if (!Objects.equals(encrypted, accountEntity.getPassword())) {
		match = Boolean.FALSE;
		if(this.isRetryLimit()) {
			int max = this.properties.getPasswdMaxRetries();
			int retries = this.cacheDelegator.incPasswdRetryCount(account);
			if (retries >= max) {
				this.limitListener.handle(account,max,retries);
			}
			String msg = this.properties.getMsgPasswordRetryError();
			msg = msg.replace("{total}",String.valueOf(max))
					 .replace("{remain}",String.valueOf(max-retries));
			throw new AuthenticationException(msg);
		} else 
			throw new AuthenticationException(this.properties.getMsgAccountPasswordError());
	}
	if(this.isRetryLimit()) 
		this.cacheDelegator.cleanPasswdRetryCount(account);
	
	return new SimpleAuthenticationInfo(account,match, getName());
}
 
Example 15
Source File: MyShiroRealm.java    From springBoot-study with Apache License 2.0 5 votes vote down vote up
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
        throws AuthenticationException {
    System.out.println("MyShiroRealm.doGetAuthenticationInfo()");
    //获取用户的输入的账号.
    String username = (String)token.getPrincipal();
    System.out.println(token.getCredentials());
    SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
            "username", //用户名
            "pwd", //密码
            ByteSource.Util.bytes(""),//加密的数据
            getName()  //realm name
    );
    return authenticationInfo;
}
 
Example 16
Source File: MyRealm.java    From learnjavabug with MIT License 5 votes vote down vote up
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    String username = (String) token.getPrincipal();
    if (!"threedr3am".equals(username)) {
        throw new UnknownAccountException("账户不存在!");
    }
    return new SimpleAuthenticationInfo(username, "123456", getName());
}
 
Example 17
Source File: RetryLimitHashedCredentialsMatcher.java    From mumu with Apache License 2.0 5 votes vote down vote up
/**
 * 做认证匹配
 */
@Override
public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
	//获取缓存key
	String loginName=(String) token.getPrincipal();
	String cacheName=getCacheName(loginName);
	// retry count + 1
	String retryCount=jedisClient.get(cacheName);
	if (retryCount == null) {
		//缓存两小时
		jedisClient.incr(cacheName);
		jedisClient.expire(cacheName,60*60*2);
	}else{
		int counter=Integer.parseInt(retryCount);
		if(counter<5){
			jedisClient.incr(cacheName);
		}else{
			throw new ExcessiveAttemptsException();
		}
	}
	if(loginCredentialsHandler!=null){
		loginCredentialsHandler.before();
	}
	boolean matches = super.doCredentialsMatch(token, info);
	if (matches) {
		// clear retry count
		jedisClient.del(cacheName);

		//用户认证成功之后 进行相关操作
		if(loginCredentialsHandler!=null){
			loginCredentialsHandler.after();
		}
	}else{
		SysUser unloginUser=new SysUser();
		unloginUser.setUserName(loginName);
		unloginUser.setPassword(token.getCredentials().toString());
		SecurityUtils.getSubject().getSession(true).setAttribute(SysUser.SYS_USER, unloginUser);
	}
	return matches;
}
 
Example 18
Source File: UserRealm.java    From yyblog with MIT License 4 votes vote down vote up
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    String username = (String) token.getPrincipal();

    String password = new String((char[]) token.getCredentials());

    UserMapper userMapper = ApplicationContextRegister.getBean(UserMapper.class);
    // 查询用户信息
    UserDO user = null;
    if (username.length() > 12) {
        user = userMapper.getUserByOpenId(username);
        // 账号不存在
        if (user == null) {
            throw new UnknownAccountException("账号或密码不正确");
        }
        // 账号锁定
        if (user.getEnable() == false) {
            throw new LockedAccountException("账号已被锁定,请联系管理员");
        }
    } else {
        user = userMapper.getUserByName(username);
        // 账号不存在
        if (user == null) {
            throw new UnknownAccountException("账号或密码不正确");
        }
        
        // 密码错误
        if (!DigestUtils.md5DigestAsHex(password.getBytes()).equals(user.getPassword())) {
            throw new IncorrectCredentialsException("账号或密码不正确");
        }
        
        // 账号锁定
        if (user.getEnable() == false) {
            throw new LockedAccountException("账号已被锁定,请联系管理员");
        }
    }

    //不使用shiro自带的密码验证
    SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password, getName());
    return info;
}
 
Example 19
Source File: HashedCredentialsMatcher.java    From nano-framework with Apache License 2.0 2 votes vote down vote up
/**
 *
 * @param token the AuthenticationToken submitted during the authentication attempt.
 * @return a salt value to use to hash the authentication token's credentials.
 */
@Deprecated
protected Object getSalt(AuthenticationToken token) {
    return token.getPrincipal();
}
 
Example 20
Source File: KeycloakAuthenticatingRealm.java    From nexus3-keycloak-plugin with Apache License 2.0 2 votes vote down vote up
/**
 * Creates the simple auth info.
 *
 * @param token
 *         the token
 * @return the simple authentication info
 */
private SimpleAuthenticationInfo createSimpleAuthInfo(AuthenticationToken token) {
    return new SimpleAuthenticationInfo(token.getPrincipal(), token.getCredentials(), getName());
}