Examples of org.apache.shiro.authc.UsernamePasswordToken

org.apache.shiro.authc.UsernamePasswordToken
sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html#PBEEx"> Java Cryptography Extension Reference Guide.

To avoid this possibility of later memory access, the application developer should always call {@link #clear() clear()} after using the token to perform a login attempt.
@author Jeremy Haile @author Les Hazlewood @since 0.1

        };
    }


    private void authenticateUser(Subject currentUser, ShiroSecurityToken securityToken) {
        if (!currentUser.isAuthenticated()) {
            UsernamePasswordToken token = new UsernamePasswordToken(securityToken.getUsername(), securityToken.getPassword());
            if (alwaysReauthenticate) {
                token.setRememberMe(false);
            } else {
                token.setRememberMe(true);
            }
            
            try {
                currentUser.login(token);
                LOG.debug("Current User {} successfully authenticated", currentUser.getPrincipal());
            } catch (UnknownAccountException uae) {
                throw new UnknownAccountException("Authentication Failed. There is no user with username of " + token.getPrincipal(), uae.getCause());
            } catch (IncorrectCredentialsException ice) {
                throw new IncorrectCredentialsException("Authentication Failed. Password for account " + token.getPrincipal() + " was incorrect!", ice.getCause());
            } catch (LockedAccountException lae) {
                throw new LockedAccountException("Authentication Failed. The account for username " + token.getPrincipal() + " is locked."
                    + "Please contact your administrator to unlock it.", lae.getCause());
            } catch (AuthenticationException ae) {
                throw new AuthenticationException("Authentication Failed.", ae.getCause());
            }
        }

View Full Code Here

        
        return auth;
  }


  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    UsernamePasswordToken upToken = (UsernamePasswordToken) token;
    User user = dao().fetch(User.class, Cnd.where("name", "=", upToken.getUsername()));
        if (user == null)
            return null;
        if (user.isLocked()) 
            throw new LockedAccountException("Account [" + upToken.getUsername() + "] is locked.");
        dao().fetchLinks(user, null);
        SimpleAccount account = new SimpleAccount(upToken.getUsername(), user.getPasswd(), name);
        if (user.getSalt() != null)
            account.setCredentialsSalt(ByteSource.Util.bytes(user.getSalt()));
        return account;
  }

View Full Code Here

    // END SNIPPET: realm-service
    @Test
    public void test()
    {
        Subject currentUser = SecurityUtils.getSubject();
        UsernamePasswordToken token = new UsernamePasswordToken( "foo", "bar" );
        currentUser.login( token );
        assertNotNull( "Unable to authenticate against MyRealmService", currentUser.getPrincipal() );
    }

View Full Code Here

        assertEquals( "aValue", value );
        LOG.info( "Retrieved the correct value! [" + value + "]" );


        // let's login the current user so we can check against roles and permissions:
        if ( !currentUser.isAuthenticated() ) {
            UsernamePasswordToken token = new UsernamePasswordToken( "lonestarr", "vespa" );
            token.setRememberMe( true );
            try {
                currentUser.login( token );
            } catch ( UnknownAccountException uae ) {
                fail( "There is no user with username of " + token.getPrincipal() );
            } catch ( IncorrectCredentialsException ice ) {
                fail( "Password for account " + token.getPrincipal() + " was incorrect!" );
            } catch ( LockedAccountException lae ) {
                fail( "The account for username " + token.getPrincipal() + " is locked.  "
                      + "Please contact your administrator to unlock it." );
            } // ... catch more exceptions here (maybe custom ones specific to your application?
            catch ( AuthenticationException ae ) {
                //unexpected condition?  error?
                throw ae;

View Full Code Here

        // END SNIPPET: usage
        // START SNIPPET: usage
        uow = module.newUnitOfWork();


        Subject currentUser = SecurityUtils.getSubject();
        currentUser.login( new UsernamePasswordToken( "foo", "bar" ) );


        if ( !currentUser.hasRole( "role-one" ) ) {
            fail( "User 'foo' must have 'role-one' role." );
        }

View Full Code Here


        uow = module.newUnitOfWork();


        // START SNIPPET: usage
        Subject currentUser = SecurityUtils.getSubject();
        currentUser.login( new UsernamePasswordToken( "foo", "bar" ) );


        // END SNIPPET: usage
        assertNotNull( "Unable to authenticate against PasswordRealmService", currentUser.getPrincipal() );


        assertFalse( currentUser.hasRole( "role-one" ) );

View Full Code Here

      throws Exception
  {
    // so here is the problem, we clear the authz cache when ever config changes happen


    // now log the user in
    Subject subject1 = securitySystem.login(new UsernamePasswordToken(username, password));
    // check authz
    subject1.checkRole(DEFAULT_ROLE);


    // clear the cache
    KenaiRealm realm = (KenaiRealm) this.lookup(Realm.class, "kenai");
    realm.getAuthorizationCache().clear();


    // user should still have the role
    subject1.checkRole(DEFAULT_ROLE);


    // the user should be able to login again as well
    Subject subject2 = securitySystem.login(new UsernamePasswordToken(username, password));
    subject2.checkRole(DEFAULT_ROLE);
  }

View Full Code Here

        }


        Subject subject = securitySystem.getSubject();
        if ((subject == null || !subject.isAuthenticated()) && securitySystem.isAnonymousAccessEnabled()) {
          try {
            securitySystem.login(new UsernamePasswordToken(
                securitySystem.getAnonymousUsername(), securitySystem.getAnonymousPassword()
            ));
          }
          catch (Exception e) {
            log.error("Could not log in anonymous user");

View Full Code Here

  public UserXO signIn(final @NotEmpty(message = "[base64Username] may not be empty") String base64Username,
                       final @NotEmpty(message = "[base64Password] may not be empty") String base64Password,
                       final boolean rememberMe) throws Exception
  {
    try {
      securitySystem.login(new UsernamePasswordToken(
          Tokens.decodeBase64String(base64Username), Tokens.decodeBase64String(base64Password), rememberMe
      ));
    }
    catch (Exception e) {
      throw new Exception("Authentication failed", e);

View Full Code Here

      throw new Exception("Username mismatch");
    }


    // Ask the sec-manager to authenticate, this won't alter the current subject
    try {
      securitySystem.getSecurityManager().authenticate(new UsernamePasswordToken(username, password));
    }
    catch (AuthenticationException e) {
      throw new Exception("Authentication failed", e);
    }

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.apache.shiro.authc.UsernamePasswordToken

be.c4j.ee.security.credentials.OracleCredentialsMatcher

be.c4j.ee.security.service.AuthenticationService

be.c4j.ee.security.view.model.LoginBean

br.com.caelum.vraptor.security.realm.CustomAuthorizingRealm

cn.dreampie.common.util.SubjectUtils

com.adaptrex.core.security.servlet.LogInServlet

com.github.zhangkaitao.shiro.chapter2.LoginLogoutTest

com.google.code.lightssh.project.security.shiro.MyShiroRealm

com.google.code.lightssh.project.web.action.GenericAction

com.ketayao.ketacustom.shiro.ShiroDbRealm

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.