Examples of org.apache.shiro.authc.UsernamePasswordToken

• org.apache.shiro.authc.UsernamePasswordToken
  sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html#PBEEx"> Java Cryptography Extension Reference Guide.

  To avoid this possibility of later memory access, the application developer should always call {@link #clear() clear()} after using the token to perform a login attempt.

  @author Jeremy Haile @author Les Hazlewood @since 0.1

        //Session session = currentUser.getSession();
        if ( !currentUser.isAuthenticated() ) {
            //collect user principals and credentials in a gui specific manner
            //such as username/password html form, X509 certificate, OpenID, etc.
            //We'll use the username/password example here since it is the most common.
            UsernamePasswordToken token = new UsernamePasswordToken("lonestarr", "vespa");

            //this is all you have to do to support 'remember me' (no config - built in!):
            //token.setRememberMe(false);

            try {
                currentUser.login( token );
                //if no exception, that's it, we're done!
                log.info("username logged in is: " + token.getUsername());
            } catch ( UnknownAccountException uae ) {
                //username wasn't in the system, show them an error message?
              log.info("Username wasn't in the system");
            } catch ( IncorrectCredentialsException ice ) {
                //password didn't match, try again?

  @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
            throws AuthenticationException {
        UsernamePasswordToken upToken = (UsernamePasswordToken) token;
        //System.out.println("Is log.isDebugEnabled()? " + log.isDebugEnabled());
        String username = upToken.getUsername();
        System.out.print("submitted username is: " + username);
        System.out.println(", submitted password is: " + upToken.getPassword().toString());
        checkNotNull(username, "Null usernames are not allowed by this realm.");
        String password = null;
        try {
          password = Safe.getPassword(username);
        } catch (Exception e) {System.out.println(e);}

  /**
   * 认证信息
   */
  protected AuthenticationInfo doGetAuthenticationInfo(
      AuthenticationToken authcToken ) throws AuthenticationException {
    UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
    String accountName = token.getUsername();

    if( accountName != null && !"".equals(accountName) ){
      LoginAccount account = accountManager.get( token.getUsername() );

      if( account != null ){
        return new SimpleAuthenticationInfo(
            account.getLoginName(),account.getPassword(), getName() );
      }

  protected void login( LoginAccount account ){
    if( account == null || account.getLoginName() == null
        || account.getPassword() == null )
      return;

    AuthenticationToken token = new UsernamePasswordToken(
        account.getLoginName(),account.getPassword());

    SecurityUtils.getSubject().login(token);

    //记录Session

        boolean authenticated = currentUser.isAuthenticated();
        boolean sameUser = securityToken.getUsername().equals(currentUser.getPrincipal());
        LOG.debug("Authenticated: {}, same Username: {}", authenticated, sameUser);

        if (!authenticated || !sameUser) {
            UsernamePasswordToken token = new UsernamePasswordToken(securityToken.getUsername(), securityToken.getPassword());
            if (alwaysReauthenticate) {
                token.setRememberMe(false);
            } else {
                token.setRememberMe(true);
            }

            try {
                currentUser.login(token);
                LOG.debug("Current User {} successfully authenticated", currentUser.getPrincipal());
            } catch (UnknownAccountException uae) {
                throw new UnknownAccountException("Authentication Failed. There is no user with username of " + token.getPrincipal(), uae.getCause());
            } catch (IncorrectCredentialsException ice) {
                throw new IncorrectCredentialsException("Authentication Failed. Password for account " + token.getPrincipal() + " was incorrect!", ice.getCause());
            } catch (LockedAccountException lae) {
                throw new LockedAccountException("Authentication Failed. The account for username " + token.getPrincipal() + " is locked."
                    + "Please contact your administrator to unlock it.", lae.getCause());
            } catch (AuthenticationException ae) {
                throw new AuthenticationException("Authentication Failed.", ae.getCause());
            }
        }

        };
    }

    private void authenticateUser(Subject currentUser, ShiroSecurityToken securityToken) {
        if (!currentUser.isAuthenticated()) {
            UsernamePasswordToken token = new UsernamePasswordToken(securityToken.getUsername(), securityToken.getPassword());
            if (alwaysReauthenticate) {
                token.setRememberMe(false);
            } else {
                token.setRememberMe(true);
            }

            try {
                currentUser.login(token);
                LOG.debug("Current User {} successfully authenticated", currentUser.getPrincipal());
            } catch (UnknownAccountException uae) {
                throw new UnknownAccountException("Authentication Failed. There is no user with username of " + token.getPrincipal(), uae.getCause());
            } catch (IncorrectCredentialsException ice) {
                throw new IncorrectCredentialsException("Authentication Failed. Password for account " + token.getPrincipal() + " was incorrect!", ice.getCause());
            } catch (LockedAccountException lae) {
                throw new LockedAccountException("Authentication Failed. The account for username " + token.getPrincipal() + " is locked."
                    + "Please contact your administrator to unlock it.", lae.getCause());
            } catch (AuthenticationException ae) {
                throw new AuthenticationException("Authentication Failed.", ae.getCause());
            }
        }

        jdbcRealm = new JdbcRealm();
    }

    @Override
    public boolean authenticate(String userName, Object credentials) throws UserStoreException {
        AuthenticationToken authenticationToken = new UsernamePasswordToken(userName,
                passwordDigester.getPasswordHashValue((String) credentials));

        AuthenticationInfo authenticationInfo;
        try {

    this.userDAO = userDAO;
  }

  protected AuthenticationInfo doGetAuthenticationInfo(
      AuthenticationToken authcToken) throws AuthenticationException {
    UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
    User user = userDAO.findUser(token.getUsername());
    if (user != null) {
      return new SimpleAuthenticationInfo(user.getId(),
          user.getPassword(), getName());
    } else {
      return null;

        if( errors.hasErrors() ) {
            return showLoginForm(model, command);
        }

        UsernamePasswordToken token = new UsernamePasswordToken(command.getUsername(), command.getPassword(), command.isRememberMe());
        try {
            SecurityUtils.getSubject().login(token);
        } catch (AuthenticationException e) {
            errors.reject( "error.login.generic", "Invalid username or password.  Please try again." );
        }

        // Create the user
        userService.createUser( command.getUsername(), command.getEmail(), command.getPassword() );

        // Login the newly created user
        SecurityUtils.getSubject().login(new UsernamePasswordToken(command.getUsername(), command.getPassword()));

        return "redirect:/s/home";
    }