Java Code Examples for org.apache.shiro.authc.UnknownAccountException

The following are top voted examples for showing how to use org.apache.shiro.authc.UnknownAccountException. These examples are extracted from open source projects. You can vote up the examples you like and your votes will be used in our system to generate more good examples.
Example 1
Project: kettle_support_kettle8.0   File: Authorizing2Realm.java   View source code 7 votes vote down vote up
/**
 * 认证回调函数,登录时调用.
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
		AuthenticationToken authcToken) throws AuthenticationException {
	UsernamePassword2Token token = (UsernamePassword2Token) authcToken;
	String username = token.getUsername();
	if (username == null || null == username) {
		throw new AccountException(
				"Null usernames are not allowed by this realm.");
	}
	User entity = new User();
	entity.setEmail(username);
	entity.setStatus(Constant.STATUS_ENABLED);
	entity = (User) service.iUserService.select(entity);
	if (null == entity) {
		throw new UnknownAccountException("No account found for user ["
				+ username + "]");
	}
	byte[] key = Encode.decodeHex(entity.getRandom());
	return new SimpleAuthenticationInfo(new Shiro(entity.getId(),
			entity.getEmail(), entity.getName()), entity.getPassword(),
			ByteSource.Util.bytes(key), getName());
}
 
Example 2
Project: kettle_support_kettle8.0   File: Authorizing2Realm.java   View source code 6 votes vote down vote up
/**
 * 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用.
 */
@Override
protected AuthorizationInfo doGetAuthorizationInfo(
		PrincipalCollection principalCollection) {
	if (principalCollection == null) {
		throw new AuthorizationException("Principal is not null!");
	}
	Shiro shiro = (Shiro) principalCollection.getPrimaryPrincipal();
	User entity = new User();
	entity.setId(shiro.getId());
	entity = (User) service.iUserService.select(entity);
	if (null == entity) {
		throw new UnknownAccountException("No account found for user ["
				+ shiro.getId() + "]");
	}
	SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
	return info;
}
 
Example 3
Project: LazyAdmin   File: AuthController.java   View source code 6 votes vote down vote up
@RequestMapping(value = "/login", method = {
        RequestMethod.POST})
public String dashboard(ModelMap map, Admin admin) {
    String error = null;
    UsernamePasswordToken token = new UsernamePasswordToken(admin.getUsername(), admin.getPassword());
    token.setRememberMe(false);
    try {
        SecurityUtils.getSubject().login(token);
        return "redirect:/video/all";
    } catch (UnknownAccountException uae) {
        error = "用户名错误!";
    } catch (IncorrectCredentialsException ice) {
        error = "密码错误!";
    } catch (LockedAccountException lae) {
        error = "用户被锁定!";
    }
    map.addAttribute("error", error);
    return "login.ftl";
}
 
Example 4
Project: xproject   File: AdminUserRealm.java   View source code 6 votes vote down vote up
/**
 * 用户认证-验证用户是否登录、用户名密码是否匹配
 */
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
	logger.info(">>> 【用户认证】token = {}", token);
	String userName = (String)token.getPrincipal();
	AdminUser user = getPrincipalService().getPrincipalObject(userName);
       if(user == null) {
           throw new UnknownAccountException("Unknown account: " + userName);//没找到帐号
       }
       if(AdminUserStatusEnum.ADMIN_USER_STATUS_DISABLED.getStatusCode().equals(user.getStatus())) {
           throw new LockedAccountException("Account[" + userName + "] has been locked!"); //帐号锁定
       }
       //交给AuthenticatingRealm使用CredentialsMatcher进行密码匹配
       SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
               user.getUserName(), //用户名
               user.getPassword(), //密码
               ByteSource.Util.bytes(user.getPasswordSalt()),//salt
               getName()  //realm name
       );
       return authenticationInfo;
}
 
Example 5
Project: mumu   File: LoginController.java   View source code 6 votes vote down vote up
@RequestMapping(value = "/login")
public String showLoginForm(HttpServletRequest req, Model model) {
    if(req.getMethod().equalsIgnoreCase("get")){
        return "login";
    }
    String exceptionClassName = (String)req.getAttribute("shiroLoginFailure");
    String error = null;
    if(UnknownAccountException.class.getName().equals(exceptionClassName)) {
        error = "用户名/密码错误";
    } else if(IncorrectCredentialsException.class.getName().equals(exceptionClassName)) {
        error = "用户名/密码错误";
    } else if(exceptionClassName != null) {
        error = "其他错误:" + exceptionClassName;
    }
    if(error!=null){
        model.addAttribute("shiroLoginFailure", error);
        return "login";
    }
    return "redirect:/main";

}
 
Example 6
Project: bibliometrics   File: BibliometricReportRetrievalServlet.java   View source code 6 votes vote down vote up
public boolean tryLogin(String email, String password, Boolean rememberMe) {
    org.apache.shiro.subject.Subject currentUser = SecurityUtils.getSubject();
    UsernamePasswordToken token = new UsernamePasswordToken(email, password);
    token.setRememberMe(rememberMe);

    try {
        currentUser.login(token);
        System.out.println("User [" + currentUser.getPrincipal().toString() + "] logged in successfully.");
        // save username in the session
        currentUser.getSession().setAttribute("username", email);
        return true;
    } catch (UnknownAccountException uae) {
        System.out.println("There is no user with username of " + token.getPrincipal());
    } catch (IncorrectCredentialsException ice) {
        System.out.println("Password for account " + token.getPrincipal() + " was incorrect!");
    } catch (LockedAccountException lae) {
        System.out.println("The account for username " + token.getPrincipal() + " is locked.  " + "Please contact your administrator to unlock it.");
    }

    return false;
}
 
Example 7
Project: bibliometrics   File: BibliometricReportDisplayServlet.java   View source code 6 votes vote down vote up
public boolean tryLogin(String email, String password, Boolean rememberMe) {
    org.apache.shiro.subject.Subject currentUser = SecurityUtils.getSubject();
    UsernamePasswordToken token = new UsernamePasswordToken(email, password);
    token.setRememberMe(rememberMe);

    try {
        currentUser.login(token);
        System.out.println("User [" + currentUser.getPrincipal().toString() + "] logged in successfully.");
        // save username in the session
        currentUser.getSession().setAttribute("username", email);
        return true;
    } catch (UnknownAccountException uae) {
        System.out.println("There is no user with username of " + token.getPrincipal());
    } catch (IncorrectCredentialsException ice) {
        System.out.println("Password for account " + token.getPrincipal() + " was incorrect!");
    } catch (LockedAccountException lae) {
        System.out.println("The account for username " + token.getPrincipal() + " is locked.  " + "Please contact your administrator to unlock it.");
    }

    return false;
}
 
Example 8
Project: SSMShiro   File: IndexController.java   View source code 6 votes vote down vote up
@RequestMapping("/login")
public String login(HttpServletRequest request) throws Exception{
	String exceptionClassName = (String) request.getAttribute("shiroLoginFailure");
	//根据shiro返回的异常类路径判断,抛出指定异常信息
	if(exceptionClassName!=null){
		if (UnknownAccountException.class.getName().equals(exceptionClassName)) {
			//最终会抛给异常处理器
			throw new UnknownAccountException("账号不存在");
		} else if (IncorrectCredentialsException.class.getName().equals(
				exceptionClassName)) {
			throw new IncorrectCredentialsException("用户名/密码错误");
		}else {
			throw new Exception();//最终在异常处理器生成未知错误
		}
	}
	return "login";
}
 
Example 9
Project: easyweb   File: FormAuthenticationFilter.java   View source code 6 votes vote down vote up
/**
 * 登录失败调用事件
 */
@Override
protected boolean onLoginFailure(AuthenticationToken token,
                                    AuthenticationException e, ServletRequest request, ServletResponse response) {
	String className = e.getClass().getName(), message = "";
	if (IncorrectCredentialsException.class.getName().equals(className)
			|| UnknownAccountException.class.getName().equals(className)){
		message = "用户或密码错误, 请重试.";
	}
	else if (e.getMessage() != null && StringUtils.startsWith(e.getMessage(), "msg:")){
		message = StringUtils.replace(e.getMessage(), "msg:", "");
	}
	else{
		message = "系统出现点问题,请稍后再试!";
		e.printStackTrace(); // 输出到控制台
	}
       request.setAttribute(getFailureKeyAttribute(), className);
       request.setAttribute(getMessageParam(), message);
       return true;
}
 
Example 10
Project: PowerApi   File: AuthController.java   View source code 6 votes vote down vote up
@RequestMapping(value = "/signin", method = {
        RequestMethod.POST})
public String signin(ModelMap map, User user, HttpServletRequest request) {

    String error;
    UsernamePasswordToken token = new UsernamePasswordToken(user.getUsername(), user.getPasswd());
    token.setRememberMe(null != request.getParameter("rememberme") ? true : false);
    try {
        Subject subject = SecurityUtils.getSubject();
        subject.login(token);
        subject.getSession().setAttribute("curUser", userService.findByUsername((String) subject.getPrincipal()));
        return "redirect:/dashboard/console";
    } catch (UnknownAccountException uae) {
        error = "用户名错误!";
    } catch (IncorrectCredentialsException ice) {
        error = "密码错误!";
    } catch (LockedAccountException lae) {
        error = "用户被锁定!";
    }
    map.addAttribute("error", error);
    return "signin";
}
 
Example 11
Project: PowerApi   File: DashboardController.java   View source code 6 votes vote down vote up
@RequestMapping(value = "/changepwd", method = {
        RequestMethod.POST})
public String changepwd(ModelMap map, User user, @RequestParam(value = "passwdnew", required = true) String passwdnew) {

    //验证当前账号
    UsernamePasswordToken token = new UsernamePasswordToken(user.getUsername(), user.getPasswd());
    token.setRememberMe(false);
    try {
        SecurityUtils.getSubject().login(token);
        //验证通过更新用户密码
        user.setId(getCurrentUser().getId());
        user.setPasswd(passwdnew);
        passwordHelper.encryptPassword(user);
        userService.updateById(user);
        return "redirect:/dashboard/console";
    } catch (UnknownAccountException | IncorrectCredentialsException | LockedAccountException e) {
        map.addAttribute("exception", e.getMessage());
        return "common/error";
    }
}
 
Example 12
Project: melon   File: FormAuthenticationFilter.java   View source code 6 votes vote down vote up
/**
 * 登录失败调用事件
 */
@Override
protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request,
                                 ServletResponse response) {
    String className = e.getClass().getName(), message = "";
    if (IncorrectCredentialsException.class.getName().equals(className)
            || UnknownAccountException.class.getName().equals(className)) {
        message = "用户或密码错误, 请重试.";
    } else if (e.getMessage() != null && StringUtils.startsWith(e.getMessage(), "msg:")) {
        message = StringUtils.replace(e.getMessage(), "msg:", "");
    } else {
        message = "系统出现点问题,请稍后再试!";
        e.printStackTrace(); // 输出到控制台
    }
    request.setAttribute(getFailureKeyAttribute(), className);
    request.setAttribute(getMessageParam(), message);
    return true;
}
 
Example 13
Project: mblog   File: CallbackController.java   View source code 6 votes vote down vote up
/**
 * 执行登录请求
 *
 * @param username
 * @param request
 * @return
 */
private String login(String username, String accessToken, HttpServletRequest request) {
    String ret = getView(Views.LOGIN);

    if (StringUtils.isNotBlank(username)) {
        AuthenticationToken token = createToken(username, accessToken);

        try {
            SecurityUtils.getSubject().login(token);

            ret = Views.REDIRECT_HOME;
        } catch (AuthenticationException e) {
            logger.error(e);
            if (e instanceof UnknownAccountException) {
                throw new MtonsException("用户不存在");
            } else if (e instanceof LockedAccountException) {
                throw new MtonsException("用户被禁用");
            } else {
                throw new MtonsException("用户认证失败");
            }
        }
        return ret;
    }
    throw new MtonsException("登录失败!");
}
 
Example 14
Project: dms-webapp   File: MemberRealm.java   View source code 6 votes vote down vote up
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
	String phoneNumber = (String)token.getPrincipal();
       if(StringUtils.trimToNull(phoneNumber) == null){
           throw new IncorrectCredentialsException();//账号或密码错误
       }
	CdMember query = new CdMember();
	query.setPhoneNumber(phoneNumber);
       CdMember member = memberService.findMember(query);
       if(member == null) {
           throw new UnknownAccountException();//没找到帐号
       }
       SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
               phoneNumber, //用户名
               member.getPassword(), //密码
               ByteSource.Util.bytes(AppConstants.PC_PASSWORD_SALT),//salt=phoneNumber
               getName()  //realm name
       );
       return authenticationInfo;
}
 
Example 15
Project: dms-webapp   File: UserRealm.java   View source code 6 votes vote down vote up
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

    String username = (String)token.getPrincipal();

    SysUsers user = userService.findByUsername(username);

    if(user == null) {
        throw new UnknownAccountException();//没找到帐号
    }

    if(Boolean.TRUE.equals(user.getLocked())) {
        throw new LockedAccountException(); //帐号锁定
    }

    //交给AuthenticatingRealm使用CredentialsMatcher进行密码匹配,如果觉得人家的不好可以自定义实现
    SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
            username, //用户名
            user.getPassword(), //密码
            ByteSource.Util.bytes(user.getSalt()),//salt=salt
            getName()  //realm name
    );
    return authenticationInfo;
}
 
Example 16
Project: dms-webapp   File: CommonMemberController.java   View source code 6 votes vote down vote up
@RequestMapping(value = "/member/login", method = RequestMethod.POST)
  public ResponseEntity login(HttpServletRequest request, Model model){
Map<String, Object> result = new HashMap<>();
      if(SecurityUtils.getSubject().isAuthenticated()){
	String username = (String) SecurityUtils.getSubject().getPrincipal();
	result.put("status", 200);
	result.put("username", username);
          return new ResponseEntity(result, HttpStatus.OK);
      }
String exceptionClassName = (String) request.getAttribute(FormAuthenticationFilterExt.DEFAULT_ERROR_KEY_ATTRIBUTE_NAME);
      String error = null;
RestError restError = new RestError();
restError.setTimestamp(new Date());
      if(DisabledAccountException.class.getName().equals(exceptionClassName)){
	restError.setMessage("该账号已被锁定,请联系客服。");
}else if(UnknownAccountException.class.getName().equals(exceptionClassName)) {
	restError.setMessage("用户名不存在");
      } else if(IncorrectCredentialsException.class.getName().equals(exceptionClassName)) {
	restError.setMessage("用户名或密码错误");
      } else if(exceptionClassName != null) {
	restError.setMessage( "登录失败:" + exceptionClassName);
      }
restError.setStatus(401);
return new ResponseEntity(restError, HttpStatus.UNAUTHORIZED);
  }
 
Example 17
Project: dms-webapp   File: CoreController.java   View source code 6 votes vote down vote up
@RequestMapping(value = "/login")
public String login(HttpServletRequest request, Model model){
    if(SecurityUtils.getSubject().isAuthenticated()){
        return "redirect:/";
    }
    String exceptionClassName = (String)request.getAttribute("shiroLoginFailure");
    String error = null;
    if(UnknownAccountException.class.getName().equals(exceptionClassName)) {
        error = "用户名/密码错误";
    } else if(IncorrectCredentialsException.class.getName().equals(exceptionClassName)) {
        error = "用户名/密码错误";
    } else if(exceptionClassName != null) {
        error = "其他错误:" + exceptionClassName;
    }
    model.addAttribute("error", error);
    return "login";
}
 
Example 18
Project: dpCms   File: DbRealm.java   View source code 6 votes vote down vote up
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
        final AuthenticationToken token)
        throws AuthenticationException {
    final UsernamePasswordToken credentials = (UsernamePasswordToken) token;
    final String userName = credentials.getUsername();
    if (userName == null) {
        throw new UnknownAccountException("userName not provided");
    }
    Account account = accountRepository.findByLoginName(userName);
    if (account == null) {
        throw new UnknownAccountException("Account does not exist");
    }
    return new SimpleAuthenticationInfo(userName, account.getPassword().toCharArray(),
            ByteSource.Util.bytes(userName), getName());
}
 
Example 19
Project: dpCms   File: DbRealm.java   View source code 6 votes vote down vote up
@Override
    protected AuthorizationInfo doGetAuthorizationInfo(
            final PrincipalCollection principals) {
        // retrieve role names and permission names
        final String userName = (String) principals.getPrimaryPrincipal();
        final Account account = accountRepository.findByLoginName(userName);
        if (account == null) {
            throw new UnknownAccountException("Account does not exist");
        }
        //先保存岗位数量
        final int totalRoles = account.getEmployees().size();
        
        final Set<String> roleNames = new LinkedHashSet<>(totalRoles);
        final Set<String> permissionNames = new LinkedHashSet<>();

        final SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
//        info.setStringPermissions(permissionNames);
        return info;
    }
 
Example 20
Project: java-platform   File: DatabaseRealm.java   View source code 6 votes vote down vote up
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
	if (token instanceof UsernamePasswordToken) {
		String username = ((UsernamePasswordToken) token).getUsername();
		char[] password = ((UsernamePasswordToken) token).getPassword();

		if (Strings.isNullOrEmpty(username) || password == null) {
			return null;
		}

		User user = userRepository.findByUsername(username);
		if (user == null) {
			throw new UnknownAccountException();
		}

		return new SimpleAuthenticationInfo(new Principal(user.getId(), username), user.getPassword(), new SimpleByteSource(user.getUsername()),
				getName());
	}
	return null;
}
 
Example 21
Project: report   File: UserRealm.java   View source code 6 votes vote down vote up
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
	log.debug("username[{}]doGetAuthenticationInfo", token.getPrincipal());
    String username = (String)token.getPrincipal();
    ShiroUser user = memberService.findUserModelByAccNo(username);
    if(user == null) {
        throw new UnknownAccountException();
    }
    //交给AuthenticatingRealm使用CredentialsMatcher进行密码匹配
    SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
            user.getAccNo(),
            user.getPassword(),
            ByteSource.Util.bytes(""),//加盐
            getName()  //realm name
    );
    return authenticationInfo;
}
 
Example 22
Project: VideoMeeting   File: AccountController.java   View source code 6 votes vote down vote up
@RequestMapping(value = "/login", method = RequestMethod.POST)
@ResponseBody
public Result<User> login(String username, String password)
		throws IOException {
	// response.setHeader("resetCookie", "true");
	if (TextUtil.isEmpty(username) || TextUtil.isEmpty(password)) {
		return new Result<User>(false, "用户名或密码为空",
				null);
	}
	Result<User> result;
	try {
		User returnUser = accountService.login(username, password);
		if (returnUser != null) {
			// response.setHeader("resetCookie", "true");
			result = new Result<User>(true, null, returnUser);
		} else {
			result = new Result<User>(false, "登录失败.", null);
		}
	} catch (IncorrectCredentialsException e) {
		result = new Result<User>(false, "帐号密码错误", null);
	} catch (UnknownAccountException e1) {
		result = new Result<User>(false, "帐号密码错误", null);
	}
	return result;
}
 
Example 23
Project: spring-boot-sample   File: FormAuthenticationFilter.java   View source code 6 votes vote down vote up
/**
 * 登录失败调用事件
 */
@Override
protected boolean onLoginFailure(AuthenticationToken token,
                                 AuthenticationException e, ServletRequest request, ServletResponse response) {
	String className = e.getClass().getName(), message = "";
	if (IncorrectCredentialsException.class.getName().equals(className)
			|| UnknownAccountException.class.getName().equals(className)){
		message = "用户或密码错误, 请重试.";
	}
	else if (e.getMessage() != null && StringUtils.startsWith(e.getMessage(), "msg:")){
		message = StringUtils.replace(e.getMessage(), "msg:", "");
	}
	else{
		message = "系统出现点问题,请稍后再试!";
		e.printStackTrace(); // 输出到控制台
	}
       request.setAttribute(getFailureKeyAttribute(), className);
       request.setAttribute(getMessageParam(), message);
       return true;
}
 
Example 24
Project: Camel   File: ShiroAuthenticationReauthenticateFalseAndNewUserTest.java   View source code 6 votes vote down vote up
protected RouteBuilder createRouteBuilder() throws Exception {
    final ShiroSecurityPolicy securityPolicy = new ShiroSecurityPolicy("./src/test/resources/securityconfig.ini", passPhrase, false);
    
    return new RouteBuilder() {
        @SuppressWarnings("unchecked")
        public void configure() {
            onException(UnknownAccountException.class, IncorrectCredentialsException.class,
                    LockedAccountException.class, AuthenticationException.class).
                to("mock:authenticationException");

            from("direct:secureEndpoint").
                policy(securityPolicy).
                to("log:incoming payload").
                to("mock:success");
        }
    };
}
 
Example 25
Project: Camel   File: ShiroAuthenticationBase64Test.java   View source code 6 votes vote down vote up
protected RouteBuilder createRouteBuilder() throws Exception {
    final ShiroSecurityPolicy securityPolicy = new ShiroSecurityPolicy("src/test/resources/securityconfig.ini", passPhrase);
    securityPolicy.setBase64(true);
    
    return new RouteBuilder() {
        @SuppressWarnings("unchecked")
        public void configure() {
            onException(UnknownAccountException.class, IncorrectCredentialsException.class,
                    LockedAccountException.class, AuthenticationException.class).
                to("mock:authenticationException");

            from("direct:secureEndpoint").
                policy(securityPolicy).
                to("log:incoming payload").
                to("mock:success");
        }
    };
}
 
Example 26
Project: Camel   File: ShiroAuthenticationTest.java   View source code 6 votes vote down vote up
protected RouteBuilder createRouteBuilder() throws Exception {
    final ShiroSecurityPolicy securityPolicy = new ShiroSecurityPolicy("src/test/resources/securityconfig.ini", passPhrase);
    
    return new RouteBuilder() {
        @SuppressWarnings("unchecked")
        public void configure() {
            onException(UnknownAccountException.class, IncorrectCredentialsException.class,
                    LockedAccountException.class, AuthenticationException.class).
                to("mock:authenticationException");

            from("direct:secureEndpoint").
                policy(securityPolicy).
                to("log:incoming payload").
                to("mock:success");
        }
    };
}
 
Example 27
Project: nexus-public   File: MockRealm.java   View source code 6 votes vote down vote up
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
  UsernamePasswordToken upToken = (UsernamePasswordToken) token;

  String password = new String(upToken.getPassword());
  String userId = upToken.getUsername();

  // username == password
  try {
    if (userId.endsWith(password) && userManager.getUser(userId) != null) {
      return new SimpleAuthenticationInfo(new SimplePrincipalCollection(token.getPrincipal(),
          this.getName()), userId);
    }
    else {
      throw new IncorrectCredentialsException("User [" + userId + "] bad credentials.");
    }
  }
  catch (UserNotFoundException e) {
    throw new UnknownAccountException("User [" + userId + "] not found.");
  }
}
 
Example 28
Project: MultimediaDesktop   File: CaptchaFormAuthenticationFilter.java   View source code 6 votes vote down vote up
protected void setFailureAttribute(ServletRequest request,
		AuthenticationException ae) {
	String errorMessage = null;

	if (ae instanceof IncorrectCredentialsException) {
		errorMessage = "密码错误,输入错误超过当日限制,将锁定账户";
		// 登录失败日志记录
		logLoginStatus(request, LoginType.登录失败);
	} else if (ae instanceof ValidateCodeException) {
		errorMessage = "验证码错误";
	} else if (ae instanceof UnValidationAccountException) {
		errorMessage = "账号未被验证";
	} else if (ae instanceof LockedAccountException) {
		errorMessage = "密码输入错误超过当日限制,请明天再试";
	} else if (ae instanceof DisabledAccountException) {
		errorMessage = "账号被管理员锁定";
	} else if (ae instanceof UnknownAccountException) {
		errorMessage = "账号不存在";
	} else {
		errorMessage = "未知错误";
		log.fatal("登录错误-未知错误,请管理员检查", ae);
	}

	request.setAttribute(getFailureKeyAttribute(), errorMessage);
}
 
Example 29
Project: jee-restful-web   File: UserRealm.java   View source code 6 votes vote down vote up
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    String username = (String) token.getPrincipal();

    User user = userService.findByName(username);

    if (user == null) {
        throw new UnknownAccountException();// 没找到帐号
    }

    if (Boolean.TRUE.equals(user.getLocked())) {
        throw new LockedAccountException(); // 帐号锁定
    }

    // 交给AuthenticatingRealm使用CredentialsMatcher进行密码匹配,如果觉得不好可以自定义实现
    SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(user, user.getPassword(), // 密码
            ByteSource.Util.bytes(user.getSalt()),// salt
            getName() // realm name
    );
    return authenticationInfo;
}
 
Example 30
Project: maker   File: OperatorRealm.java   View source code 6 votes vote down vote up
protected AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken token)
		throws AuthenticationException {
	Object _principal = token.getPrincipal();
	final String username = ((String) _principal);
	final Operator operator =  commonRepository.findOne("t_operator", "username", username, new OperatorRowMapper());
	boolean _equals = Objects.equal(operator, null);
	if (_equals) {
		throw new UnknownAccountException();
	}
	Boolean _enable = operator.getEnable();
	boolean _equals_1 = Boolean.FALSE.equals(_enable);
	if (_equals_1) {
		throw new LockedAccountException();
	}
	String _username = operator.getUsername();
	String _password = operator.getPassword();
	byte[] _bytes = "I\'m a salt".getBytes();
	ByteSource _bytes_1 = ByteSource.Util.bytes(_bytes);
	String _name = this.getName();
	final SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(_username, _password,
			_bytes_1, _name);
	return authenticationInfo;
}
 
Example 31
Project: kettle   File: Authorizing2Realm.java   View source code 6 votes vote down vote up
/**
 * 认证回调函数,登录时调用.
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
		AuthenticationToken authcToken) throws AuthenticationException {
	UsernamePassword2Token token = (UsernamePassword2Token) authcToken;
	String username = token.getUsername();
	if (username == null || null == username) {
		throw new AccountException(
				"Null usernames are not allowed by this realm.");
	}
	User entity = new User();
	entity.setEmail(username);
	entity.setStatus(Constant.STATUS_ENABLED);
	entity = (User) service.iUserService.select(entity);
	if (null == entity) {
		throw new UnknownAccountException("No account found for user ["
				+ username + "]");
	}
	byte[] key = Encode.decodeHex(entity.getRandom());
	return new SimpleAuthenticationInfo(new Shiro(entity.getId(),
			entity.getEmail(), entity.getName()), entity.getPassword(),
			ByteSource.Util.bytes(key), getName());
}
 
Example 32
Project: kettle   File: Authorizing2Realm.java   View source code 6 votes vote down vote up
/**
 * 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用.
 */
@Override
protected AuthorizationInfo doGetAuthorizationInfo(
		PrincipalCollection principalCollection) {
	if (principalCollection == null) {
		throw new AuthorizationException("Principal is not null!");
	}
	Shiro shiro = (Shiro) principalCollection.getPrimaryPrincipal();
	User entity = new User();
	entity.setId(shiro.getId());
	entity = (User) service.iUserService.select(entity);
	if (null == entity) {
		throw new UnknownAccountException("No account found for user ["
				+ shiro.getId() + "]");
	}
	SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
	return info;
}
 
Example 33
Project: WebAPI   File: PermissionManager.java   View source code 6 votes vote down vote up
public AuthorizationInfo getAuthorizationInfo(final String login) {
  final SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
  
  final UserEntity userEntity = userRepository.findByLogin(login);
  if(userEntity == null) {
    throw new UnknownAccountException("Account does not exist");
  }
  
  final Set<String> permissionNames = new LinkedHashSet<>();
  final Set<PermissionEntity> permissions = this.getUserPermissions(userEntity);

  for (PermissionEntity permission : permissions) {
    permissionNames.add(permission.getValue());
  }

  info.setStringPermissions(permissionNames);
  return info;
}
 
Example 34
Project: spring-boot-shiro-orientdb   File: OrientDbRealm.java   View source code 6 votes vote down vote up
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
        final AuthenticationToken token)
        throws AuthenticationException {
    final UsernamePasswordToken credentials = (UsernamePasswordToken) token;
    final String email = credentials.getUsername();
    if (email == null) {
        throw new UnknownAccountException("Email not provided");
    }
    final User user = userRepository.findByEmailAndActive(email, true);
    if (user == null) {
        throw new UnknownAccountException("Account does not exist");
    }
    return new SimpleAuthenticationInfo(email, user.getPassword().toCharArray(),
            ByteSource.Util.bytes(email), getName());
}
 
Example 35
Project: spring-boot-shiro-orientdb   File: OrientDbRealm.java   View source code 6 votes vote down vote up
@Override
protected AuthorizationInfo doGetAuthorizationInfo(
        final PrincipalCollection principals) {
    // retrieve role names and permission names
    final String email = (String) principals.getPrimaryPrincipal();
    final User user = userRepository.findByEmailAndActive(email, true);
    if (user == null) {
        throw new UnknownAccountException("Account does not exist");
    }
    final int totalRoles = user.getRoles().size();
    final Set<String> roleNames = new LinkedHashSet<>(totalRoles);
    final Set<String> permissionNames = new LinkedHashSet<>();
    if (totalRoles > 0) {
        for (Role role : user.getRoles()) {
            roleNames.add(role.getName());
            for (Permission permission : role.getPermissions()) {
                permissionNames.add(permission.getName());
            }
        }
    }
    final SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roleNames);
    info.setStringPermissions(permissionNames);
    return info;
}
 
Example 36
Project: init-spring   File: JpaRealm.java   View source code 6 votes vote down vote up
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException
{
	String username = token.getPrincipal().toString();
	User user = this.jpaRealmRepository.findUserByName(username);

	if (null == user)
	{
		log.error("没有相关用户!");
		throw new UnknownAccountException();
	}

	String principal = username;
	String hashedCredentials = user.getPasswordHash();
	ByteSource credentialsSalt = ByteSource.Util.bytes(user.getName() + new String(user.getPasswordSalt()));
	String realmName = getName();

	SimpleAuthenticationInfo authentication = new SimpleAuthenticationInfo(principal, hashedCredentials, credentialsSalt, realmName);
	return authentication;
}
 
Example 37
Project: agate   File: AgateUserRealm.java   View source code 6 votes vote down vote up
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
  UsernamePasswordToken upToken = (UsernamePasswordToken) token;
  String username = upToken.getUsername();

  // Null username is invalid
  if(username == null) {
    throw new AccountException("Null usernames are not allowed by this realm.");
  }

  User user = userService.findActiveUser(username);
  if(user == null) user = userService.findActiveUserByEmail(username);
  if(user == null || !user.isEnabled() || !user.getRealm().equals(AGATE_REALM))
    throw new UnknownAccountException("No account found for user [" + username + "]");

  username = user.getName();
  UserCredentials userCredentials = userService.findUserCredentials(username);
  if(userCredentials == null) throw new UnknownAccountException("No account found for user [" + username + "]");

  SimpleAuthenticationInfo authInfo = new SimpleAuthenticationInfo(username, userCredentials.getPassword(), getName());
  authInfo.setCredentialsSalt(new SimpleByteSource(salt));
  return authInfo;
}
 
Example 38
Project: EasyReport   File: MyShiroRealm.java   View source code 6 votes vote down vote up
@Override
protected AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken token)
    throws AuthenticationException {
    final String account = (String)token.getPrincipal();
    final User user = this.membershipFacade.getUser(account);

    if (user == null) {
        throw new UnknownAccountException();
    }
    if (user.getStatus() == 0) {
        throw new LockedAccountException();
    }

    // 交给AuthenticatingRealm使用CredentialsMatcher进行密码匹配
    return new SimpleAuthenticationInfo(
        user.getAccount(), user.getPassword(),
        ByteSource.Util.bytes(user.getCredentialsSalt()),
        getName());
}
 
Example 39
Project: MaritimeCloudPortalTestbed   File: AuthenticationResource.java   View source code 6 votes vote down vote up
@GET
@Path("/currentsubject")
@Produces(MediaType.APPLICATION_JSON)
public SubjectDTO currentSubject() {

    try {
        String userIdentifier = authenticationUtil().getUserId();

        // Lookup user
        Identity identity = identityService().findByUserId(userIdentifier);
        assertUserFound(identity);
        return createSubject(identity);
    } catch (UserNotLoggedInException | UnknownAccountException e) {
        reportCurrentSubjectNotAuthenticated(e);
        throw new UserNotAuthenticated();
    }
}
 
Example 40
Project: mix-web   File: MixRealm.java   View source code 6 votes vote down vote up
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
	
	try {
		String userName = (String) token.getPrincipal();
		
		User user = userService.getUserByUserName(userName);
		
		if (null == user) {
			throw new UnknownAccountException();
		}
		
		if(MixConstants.USER_STATUS_LOCKED.equals(user.getUserStatus())) {
			throw new LockedAccountException();
		}
		
		return new SimpleAuthenticationInfo(user.getUserName(), user.getPassword(), 
				ByteSource.Util.bytes(user.getCredentialsSalt()), getName());
	} catch (Exception e) {
		 throw null;
	}
}