Java Code Examples for org.apache.shiro.authc.AuthenticationToken#getCredentials()
The following examples show how to use
org.apache.shiro.authc.AuthenticationToken#getCredentials() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ShiroRealm.java From SpringAll with MIT License | 6 votes |
/** * 登录认证 */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { String userName = (String) token.getPrincipal(); String password = new String((char[]) token.getCredentials()); System.out.println("用户" + userName + "认证-----ShiroRealm.doGetAuthenticationInfo"); User user = userMapper.findByUserName(userName); if (user == null) { throw new UnknownAccountException("用户名或密码错误!"); } if (!password.equals(user.getPassword())) { throw new IncorrectCredentialsException("用户名或密码错误!"); } if (user.getStatus().equals("0")) { throw new LockedAccountException("账号已被锁定,请联系管理员!"); } SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password, getName()); return info; }
Example 2
Source File: ShiroRealm.java From SpringAll with MIT License | 6 votes |
/** * 登录认证 */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { String userName = (String) token.getPrincipal(); String password = new String((char[]) token.getCredentials()); System.out.println("用户" + userName + "认证-----ShiroRealm.doGetAuthenticationInfo"); User user = userMapper.findByUserName(userName); if (user == null) { throw new UnknownAccountException("用户名或密码错误!"); } if (!password.equals(user.getPassword())) { throw new IncorrectCredentialsException("用户名或密码错误!"); } if (user.getStatus().equals("0")) { throw new LockedAccountException("账号已被锁定,请联系管理员!"); } SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password, getName()); return info; }
Example 3
Source File: ShiroRealm.java From SpringAll with MIT License | 6 votes |
/** * 用户认证 * * @param authenticationToken 身份认证 token * @return AuthenticationInfo 身份认证信息 * @throws AuthenticationException 认证相关异常 */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { // 这里的 token是从 JWTFilter 的 executeLogin 方法传递过来的,已经经过了解密 String token = (String) authenticationToken.getCredentials(); String username = JWTUtil.getUsername(token); if (StringUtils.isBlank(username)) throw new AuthenticationException("token校验不通过"); // 通过用户名查询用户信息 User user = SystemUtils.getUser(username); if (user == null) throw new AuthenticationException("用户名或密码错误"); if (!JWTUtil.verify(token, username, user.getPassword())) throw new AuthenticationException("token校验不通过"); return new SimpleAuthenticationInfo(token, token, "shiro_realm"); }
Example 4
Source File: ShiroRealm.java From SpringAll with MIT License | 6 votes |
/** * 登录认证 */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { String userName = (String) token.getPrincipal(); String password = new String((char[]) token.getCredentials()); System.out.println("用户" + userName + "认证-----ShiroRealm.doGetAuthenticationInfo"); User user = userMapper.findByUserName(userName); if (user == null) { throw new UnknownAccountException("用户名或密码错误!"); } if (!password.equals(user.getPassword())) { throw new IncorrectCredentialsException("用户名或密码错误!"); } if (user.getStatus().equals("0")) { throw new LockedAccountException("账号已被锁定,请联系管理员!"); } SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password, getName()); return info; }
Example 5
Source File: ShiroRealm.java From SpringAll with MIT License | 6 votes |
/** * 登录认证 */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { String userName = (String) token.getPrincipal(); String password = new String((char[]) token.getCredentials()); System.out.println("用户" + userName + "认证-----ShiroRealm.doGetAuthenticationInfo"); User user = userMapper.findByUserName(userName); if (user == null) { throw new UnknownAccountException("用户名或密码错误!"); } if (!password.equals(user.getPassword())) { throw new IncorrectCredentialsException("用户名或密码错误!"); } if (user.getStatus().equals("0")) { throw new LockedAccountException("账号已被锁定,请联系管理员!"); } SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password, getName()); return info; }
Example 6
Source File: ShiroRealm.java From SpringAll with MIT License | 6 votes |
/** * 登录认证 */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { String userName = (String) token.getPrincipal(); String password = new String((char[]) token.getCredentials()); System.out.println("用户" + userName + "认证-----ShiroRealm.doGetAuthenticationInfo"); User user = userMapper.findByUserName(userName); if (user == null) { throw new UnknownAccountException("用户名或密码错误!"); } if (!password.equals(user.getPassword())) { throw new IncorrectCredentialsException("用户名或密码错误!"); } if (user.getStatus().equals("0")) { throw new LockedAccountException("账号已被锁定,请联系管理员!"); } SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password, getName()); return info; }
Example 7
Source File: DBRealm.java From Moss with Apache License 2.0 | 6 votes |
@Override protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken authenticationToken, LdapContextFactory ldapContextFactory) throws NamingException { String token = (String) authenticationToken.getCredentials(); // 解密获得username,用于和数据库进行对比 String username = JwtUtil.getUsername(token); if (null==username || !JwtUtil.verify(token, username)) { throw new AuthenticationException("token认证失败!"); } UserModel userModel= userService.getUserByUserName(username); if(null==userModel){ return null; } return new SimpleAuthenticationInfo(token, token, "MyRealm"); }
Example 8
Source File: BearerTokenRealm.java From nexus-public with Eclipse Public License 1.0 | 6 votes |
@Override protected AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken token) { checkNotNull(token); final PrincipalCollection principals = keyStore.getPrincipals(format, (char[]) token.getCredentials()); if (null != principals) { try { if (anonymousAndSupported(principals) || principalsHelper.getUserStatus(principals).isActive()) { ((NexusApiKeyAuthenticationToken) token).setPrincipal(principals.getPrimaryPrincipal()); if (requestProvider != null) { requestProvider.get().setAttribute(IS_TOKEN_AUTH_KEY, Boolean.TRUE); } return new SimpleAuthenticationInfo(principals, token.getCredentials()); } } catch (final UserNotFoundException e) { log.debug("Realm did not find user", e); keyStore.deleteApiKeys(principals); } } return null; }
Example 9
Source File: ApiRealm.java From flash-waimai with MIT License | 6 votes |
/** * 默认使用此方法进行用户名正确与否验证,错误抛出异常即可。 */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken auth) throws AuthenticationException { String token = (String) auth.getCredentials(); // 解密获得username,用于和数据库进行对比 String username = JwtUtil.getUsername(token); if (username == null) { throw new AuthenticationException("token invalid"); } ShiroUser userBean = ShiroFactroy.me().shiroUser(userService.findByAccount(username)); if (userBean == null) { throw new AuthenticationException("User didn't existed!"); } if (! JwtUtil.verify(token, username, userBean.getPassword())) { throw new AuthenticationException("Username or password error"); } return new SimpleAuthenticationInfo(token, token, "my_realm"); }
Example 10
Source File: ApiRealm.java From web-flash with MIT License | 6 votes |
/** * 默认使用此方法进行用户名正确与否验证,错误抛出异常即可。 */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken auth) throws AuthenticationException { String token = (String) auth.getCredentials(); // 解密获得username,用于和数据库进行对比 String username = JwtUtil.getUsername(token); if (username == null) { throw new AuthenticationException("token invalid"); } ShiroUser userBean = ShiroFactroy.me().shiroUser(userService.findByAccount(username)); if (userBean == null) { throw new AuthenticationException("User didn't existed!"); } try { if (!JwtUtil.verify(token, username, userBean.getPassword())) { throw new AuthenticationException("Username or password error"); } }catch (Exception e){ throw new AuthenticationException(e.getMessage()); } return new SimpleAuthenticationInfo(token, token, "my_realm"); }
Example 11
Source File: LdapRealm.java From Moss with Apache License 2.0 | 6 votes |
@Override protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken authenticationToken, LdapContextFactory ldapContextFactory) throws NamingException { String token = (String) authenticationToken.getCredentials(); // 解密获得username,用于和数据库进行对比 String username = JwtUtil.getUsername(token); if (null==username || !JwtUtil.verify(token, username)) { throw new AuthenticationException("token认证失败!"); } LdapContext ctx = null; try { ctx = ldapContextFactory.getLdapContext(username, null); } catch (Throwable e) { LOGGER.error(e.getMessage(), e); return null; } finally { LdapUtils.closeContext(ctx); } return new SimpleAuthenticationInfo(token, token, "MyRealm"); }
Example 12
Source File: CreateShiroAuthProviderTest.java From vertx-auth with Apache License 2.0 | 5 votes |
@Override public AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { return new AuthenticationInfo() { @Override public PrincipalCollection getPrincipals() { return new SimplePrincipalCollection(token.getPrincipal(), getClass().getName()); } @Override public Object getCredentials() { return token.getCredentials(); } }; }
Example 13
Source File: UserRealm.java From ShiroJwt with MIT License | 5 votes |
/** * 默认使用此方法进行用户名正确与否验证,错误抛出异常即可。 */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { String token = (String) authenticationToken.getCredentials(); // 解密获得account,用于和数据库进行对比 String account = JwtUtil.getClaim(token, Constant.ACCOUNT); // 帐号为空 if (StringUtil.isBlank(account)) { throw new AuthenticationException("Token中帐号为空(The account in Token is empty.)"); } // 查询用户是否存在 UserDto userDto = new UserDto(); userDto.setAccount(account); userDto = userMapper.selectOne(userDto); if (userDto == null) { throw new AuthenticationException("该帐号不存在(The account does not exist.)"); } // 开始认证,要AccessToken认证通过,且Redis中存在RefreshToken,且两个Token时间戳一致 if (JwtUtil.verify(token) && JedisUtil.exists(Constant.PREFIX_SHIRO_REFRESH_TOKEN + account)) { // 获取RefreshToken的时间戳 String currentTimeMillisRedis = JedisUtil.getObject(Constant.PREFIX_SHIRO_REFRESH_TOKEN + account).toString(); // 获取AccessToken时间戳,与RefreshToken的时间戳对比 if (JwtUtil.getClaim(token, Constant.CURRENT_TIME_MILLIS).equals(currentTimeMillisRedis)) { return new SimpleAuthenticationInfo(token, token, "userRealm"); } } throw new AuthenticationException("Token已过期(Token expired or incorrect.)"); }
Example 14
Source File: MyShiroRealm.java From SpringBootBucket with MIT License | 5 votes |
/** * 认证信息(身份验证) * Authentication 是用来验证用户身份 * * @param auth * @return * @throws AuthenticationException */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken auth) throws AuthenticationException { _logger.info("MyShiroRealm.doGetAuthenticationInfo()"); String token = (String) auth.getCredentials(); // 解密获得username,用于和数据库进行对比 String username = JWTUtil.getUsername(token); if (username == null) { throw new AuthenticationException("token invalid"); } //通过username从数据库中查找 ManagerInfo对象 //实际项目中,这里可以根据实际情况做缓存,如果不做,Shiro自己也是有时间间隔机制,2分钟内不会重复执行该方法 ManagerInfo managerInfo = managerInfoService.findByUsername(username); if (managerInfo == null) { throw new AuthenticationException("用户不存在!"); } if (!JWTUtil.verify(token, username, managerInfo.getPassword())) { throw new AuthenticationException("Token认证失败"); } return new SimpleAuthenticationInfo(token, token, "my_realm"); }
Example 15
Source File: UserRealm.java From fastdep with Apache License 2.0 | 5 votes |
@Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken auth) throws AuthenticationException { String token = (String) auth.getCredentials(); String userId = jwtUtil.getUserId(token); if (userId == null) { throw new FastDepShiroJwtException("token invalid"); } if (!fastDepShiroJwtAuthorization.verifyUser(userId, token)) { throw new FastDepShiroJwtException("verify user error!"); } if (!jwtUtil.verify(token, userId)) { throw new FastDepShiroJwtException("token verify error!"); } return new SimpleAuthenticationInfo(token, token, "user_realm"); }
Example 16
Source File: ShiroRealm.java From jeecg-boot-with-activiti with MIT License | 5 votes |
/** * 用户信息认证是在用户进行登录的时候进行验证(不存redis) * 也就是说验证用户输入的账号和密码是否正确,错误抛出异常 * * @param auth 用户登录的账号密码信息 * @return 返回封装了用户信息的 AuthenticationInfo 实例 * @throws AuthenticationException */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken auth) throws AuthenticationException { String token = (String) auth.getCredentials(); if (token == null) { log.info("————————身份认证失败——————————IP地址: "+ oConvertUtils.getIpAddrByRequest(SpringContextUtils.getHttpServletRequest())); throw new AuthenticationException("token为空!"); } // 校验token有效性 LoginUser loginUser = this.checkUserTokenIsEffect(token); return new SimpleAuthenticationInfo(loginUser, token, getName()); }
Example 17
Source File: ShiroRealm.java From JavaWeb with Apache License 2.0 | 5 votes |
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { String username = (String)token.getPrincipal(); //得到用户名 String password = new String((char[])token.getCredentials()); //得到密码 if(null != username && null != password){ return new SimpleAuthenticationInfo(username, password, getName()); }else{ return null; } }
Example 18
Source File: ShiroRealm.java From jeecg-cloud with Apache License 2.0 | 5 votes |
/** * 用户信息认证是在用户进行登录的时候进行验证(不存redis) * 也就是说验证用户输入的账号和密码是否正确,错误抛出异常 * * @param auth 用户登录的账号密码信息 * @return 返回封装了用户信息的 AuthenticationInfo 实例 * @throws AuthenticationException */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken auth) throws AuthenticationException { String token = (String) auth.getCredentials(); if (token == null) { log.info("————————身份认证失败——————————IP地址: "+ oConvertUtils.getIpAddrByRequest(SpringContextUtils.getHttpServletRequest())); throw new AuthenticationException("token为空!"); } // 校验token有效性 LoginUser loginUser = this.checkUserTokenIsEffect(token); return new SimpleAuthenticationInfo(loginUser, token, getName()); }
Example 19
Source File: RoncooRealm.java From roncoo-adminlte-springmvc with Apache License 2.0 | 4 votes |
@Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { String username = (String) token.getPrincipal(); String password = new String((char[]) token.getCredentials()); return new SimpleAuthenticationInfo(username, password, "roncooRealm"); }
Example 20
Source File: UserRealm.java From yyblog with MIT License | 4 votes |
@Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { String username = (String) token.getPrincipal(); String password = new String((char[]) token.getCredentials()); UserMapper userMapper = ApplicationContextRegister.getBean(UserMapper.class); // 查询用户信息 UserDO user = null; if (username.length() > 12) { user = userMapper.getUserByOpenId(username); // 账号不存在 if (user == null) { throw new UnknownAccountException("账号或密码不正确"); } // 账号锁定 if (user.getEnable() == false) { throw new LockedAccountException("账号已被锁定,请联系管理员"); } } else { user = userMapper.getUserByName(username); // 账号不存在 if (user == null) { throw new UnknownAccountException("账号或密码不正确"); } // 密码错误 if (!DigestUtils.md5DigestAsHex(password.getBytes()).equals(user.getPassword())) { throw new IncorrectCredentialsException("账号或密码不正确"); } // 账号锁定 if (user.getEnable() == false) { throw new LockedAccountException("账号已被锁定,请联系管理员"); } } //不使用shiro自带的密码验证 SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password, getName()); return info; }