Examples of org.apache.shiro.authc.AuthenticationInfo

• org.apache.shiro.authc.AuthenticationInfo
  AuthenticationInfo represents a Subject's (aka user's) stored account information relevant to the authentication/log-in process only.

  It is important to understand the differnce between this interface and the {@link AuthenticationToken AuthenticationToken} interface. AuthenticationInfo implementationsrepresent already-verified and stored account data, whereas an AuthenticationToken represents data submitted for any given login attempt (which may or may not successfully match the verified and stored account AuthenticationInfo).

  Because the act of authentication (log-in) is orthoganal to authorization (access control), this interface is intended to represent only the account data needed by Shiro during an authentication attempt. Shiro also has a parallel {@link org.apache.shiro.authz.AuthorizationInfo AuthorizationInfo} interface for use during theauthorization process that references access control data such as roles and permissions.

  But because many if not most {@link org.apache.shiro.realm.Realm Realm}s store both sets of data for a Subject, it might be convenient for a Realm implementation to utilize an implementation of the {@link Account Account}interface instead, which is a convenience interface that combines both AuthenticationInfo and AuthorizationInfo. Whether you choose to implement these two interfaces separately or implement the one Account interface for a given Realm is entirely based on your application's needs or your preferences.

  Pleae note: Since Shiro sometimes logs authentication operations, please ensure your AuthenticationInfo's toString() implementation does not print out account credentials (password, etc), as these might be viewable to someone reading your logs. This is good practice anyway, and account credentials should rarely (if ever) be printed out for any reason. If you're using Shiro's default implementations of this interface, they only ever print the account {@link #getPrincipals() principals}, so you do not need to do anything additional.

  @author Jeremy Haile @author Les Hazlewood @see org.apache.shiro.authz.AuthorizationInfo AuthorizationInfo @see Account @since 0.9

    PublicKey testUsersKey = new MockPublicKey("key1");
    publicKeyRepository.addPublicKey("test-user", testUsersKey);

    PublicKeyAuthenticatingRealm realm = new PublicKeyAuthenticatingRealm(publicKeyRepository);

    AuthenticationInfo authInfo =
        realm.getAuthenticationInfo(new PublicKeyAuthenticationToken("test-user", testUsersKey));
    Assert.assertEquals("test-user", authInfo.getPrincipals().getPrimaryPrincipal());
  }

    publicKeyRepository.addPublicKey("foo-bar", foosKey);

    PublicKeyAuthenticatingRealm realm = new PublicKeyAuthenticatingRealm(publicKeyRepository);

    for (PublicKey publicKey : keySet) {
      AuthenticationInfo authInfo =
          realm.getAuthenticationInfo(new PublicKeyAuthenticationToken("test-user", publicKey));
      Assert.assertEquals("test-user", authInfo.getPrincipals().getPrimaryPrincipal());
    }

    try {
      realm.getAuthenticationInfo(new PublicKeyAuthenticationToken("test-user", foosKey));
      Assert.fail("expected AuthenticationException");

  public void testValidAuthentication()
      throws Exception
  {
    SecuritySystem plexusSecurity = this.lookup(SecuritySystem.class);
    AuthenticationToken token = new UsernamePasswordToken("admin-simple", "admin123");
    AuthenticationInfo authInfo = plexusSecurity.authenticate(token);

    // check
    Assert.assertNotNull(authInfo);
  }

    @Test
    public void testConfigure() {
        final MockRealm mockRealm = createMock(MockRealm.class);
        AuthenticationToken authToken = createMock(AuthenticationToken.class);
        AuthenticationInfo info = new SimpleAuthenticationInfo("mockUser", "password", "mockRealm");

        expect(mockRealm.supports(authToken)).andReturn(true);
        expect(mockRealm.getAuthenticationInfo(authToken)).andReturn(info);

        replay(mockRealm);

     * @return the {@link AuthenticationInfo} acquired after a successful authentication attempt
     * @throws AuthenticationException if the authentication attempt fails or if a
     *                                 {@link NamingException} occurs.
     */
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        AuthenticationInfo info;
        try {
            info = queryForAuthenticationInfo(token, getContextFactory());
        } catch (AuthenticationNotSupportedException e) {
            String msg = "Unsupported configured authentication mechanism";
            throw new UnsupportedAuthenticationMechanismException(msg, e);

        expect(cookie.isSecure()).andReturn(false);
        expect(cookie.isHttpOnly()).andReturn(true);

        UsernamePasswordToken token = new UsernamePasswordToken("user", "secret");
        token.setRememberMe(true);
        AuthenticationInfo account = new SimpleAuthenticationInfo("user", "secret", "test");

        replay(mockSubject);
        replay(mockRequest);
        replay(cookie);

        for (final Realm realm : realms) {
            // only obtain roles from those realm(s) that authenticated this subject
            if(!realmNames.contains(realm.getName())) {
                continue;
            }
            final AuthenticationInfo authenticationInfo = realm.getAuthenticationInfo(token);
            if(authenticationInfo instanceof AuthorizationInfo) {
                final AuthorizationInfo authorizationInfo = (AuthorizationInfo) authenticationInfo;
                final Collection<String> realmRoles = authorizationInfo.getRoles();
                for (final String role : realmRoles) {
                    roles.add(realm.getName() + ":" + role);

        strategy = new AllSuccessfulStrategy();
    }

    @Test
    public void beforeAllAttempts() {
        AuthenticationInfo info = strategy.beforeAllAttempts(null, null);
        assertNotNull(info);
    }

    @Test
    public void testBasic() {
        CredentialsMatcher matcher = (CredentialsMatcher) ClassUtils.newInstance(getMatcherClass());
        byte[] hashed = hash("password").getBytes();
        AuthenticationInfo account = new SimpleAuthenticationInfo("username", hashed, "realmName");
        AuthenticationToken token = new UsernamePasswordToken("username", "password");
        assertTrue(matcher.doCredentialsMatch(token, account));
    }

        //simulate an account with SHA-1 hashed password (no salt)
        final String username = "username";
        final String password = "password";
        final Object hashedPassword = new Sha1Hash(password).getBytes();
        AuthenticationInfo account = new AuthenticationInfo() {
            public PrincipalCollection getPrincipals() {
                return new SimplePrincipalCollection(username, "realmName");
            }

            public Object getCredentials() {