org.jasig.cas.authentication.PreventedException Java Examples
The following examples show how to use
org.jasig.cas.authentication.PreventedException.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: SearchModeSearchDatabaseAuthenticationHandler.java From springboot-shiro-cas-mybatis with MIT License | 6 votes |
|
/**
* {@inheritDoc}
*/
@Override
protected final HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential)
throws GeneralSecurityException, PreventedException {
final String username = credential.getUsername();
final String encyptedPassword = getPasswordEncoder().encode(credential.getPassword());
final int count;
try {
count = getJdbcTemplate().queryForObject(this.sql, Integer.class, username, encyptedPassword);
} catch (final DataAccessException e) {
throw new PreventedException("SQL exception while executing query for " + username, e);
}
if (count == 0) {
throw new FailedLoginException(username + " not found with SQL query.");
}
return createHandlerResult(credential, this.principalFactory.createPrincipal(username), null);
}
Example #2
| Source File: RadiusAuthenticationHandler.java From cas4.0.x-server-wechat with Apache License 2.0 | 6 votes |
|
@Override
protected final HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential)
throws GeneralSecurityException, PreventedException {
final String username = credential.getUsername();
for (final RadiusServer radiusServer : this.servers) {
logger.debug("Attempting to authenticate {} at {}", username, radiusServer);
try {
if (radiusServer.authenticate(username, credential.getPassword())) {
return createHandlerResult(credential, new SimplePrincipal(username), null);
}
if (!this.failoverOnAuthenticationFailure) {
throw new FailedLoginException();
}
logger.debug("failoverOnAuthenticationFailure enabled -- trying next server");
} catch (final PreventedException e) {
if (!this.failoverOnException) {
throw e;
}
logger.warn("failoverOnException enabled -- trying next server.", e);
}
}
throw new FailedLoginException();
}
Example #3
| Source File: FileAuthenticationHandler.java From springboot-shiro-cas-mybatis with MIT License | 6 votes |
|
/**
* {@inheritDoc}
*/
@Override
protected final HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential)
throws GeneralSecurityException, PreventedException {
try {
final String username = credential.getUsername();
final String passwordOnRecord = getPasswordOnRecord(username);
if (StringUtils.isBlank(passwordOnRecord)) {
throw new AccountNotFoundException(username + " not found in backing file.");
}
final String password = credential.getPassword();
if (StringUtils.isNotBlank(password) && this.getPasswordEncoder().encode(password).equals(passwordOnRecord)) {
return createHandlerResult(credential, this.principalFactory.createPrincipal(username), null);
}
} catch (final IOException e) {
throw new PreventedException("IO error reading backing file", e);
}
throw new FailedLoginException();
}
Example #4
| Source File: ClientAuthenticationHandler.java From springboot-shiro-cas-mybatis with MIT License | 6 votes |
|
/**
* {@inheritDoc}
*/
@Override
protected HandlerResult createResult(final ClientCredential credentials, final UserProfile profile)
throws GeneralSecurityException, PreventedException {
final String id;
if (typedIdUsed) {
id = profile.getTypedId();
} else {
id = profile.getId();
}
if (StringUtils.isNotBlank(id)) {
credentials.setUserProfile(profile);
return new DefaultHandlerResult(
this,
new BasicCredentialMetaData(credentials),
this.principalFactory.createPrincipal(id, profile.getAttributes()));
}
throw new FailedLoginException("No identifier found for this user profile: " + profile);
}
Example #5
| Source File: FileAuthenticationHandler.java From cas4.0.x-server-wechat with Apache License 2.0 | 6 votes |
|
/** {@inheritDoc} */
@Override
protected final HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential)
throws GeneralSecurityException, PreventedException {
try {
final String username = credential.getUsername();
final String passwordOnRecord = getPasswordOnRecord(username);
if (passwordOnRecord == null) {
throw new AccountNotFoundException(username + " not found in backing file.");
}
if (credential.getPassword() != null
&& this.getPasswordEncoder().encode(credential.getPassword()).equals(passwordOnRecord)) {
return createHandlerResult(credential, new SimplePrincipal(username), null);
}
} catch (final IOException e) {
throw new PreventedException("IO error reading backing file", e);
}
throw new FailedLoginException();
}
Example #6
| Source File: SimpleTestUsernamePasswordAuthenticationHandler.java From cas4.0.x-server-wechat with Apache License 2.0 | 6 votes |
|
@Override
public HandlerResult authenticate(final Credential credential)
throws GeneralSecurityException, PreventedException {
final UsernamePasswordCredential usernamePasswordCredential = (UsernamePasswordCredential) credential;
final String username = usernamePasswordCredential.getUsername();
final String password = usernamePasswordCredential.getPassword();
final Exception exception = this.usernameErrorMap.get(username);
if (exception instanceof GeneralSecurityException) {
throw (GeneralSecurityException) exception;
} else if (exception instanceof PreventedException) {
throw (PreventedException) exception;
} else if (exception instanceof RuntimeException) {
throw (RuntimeException) exception;
} else if (exception != null) {
logger.debug("Cannot throw checked exception {} since it is not declared by method signature.", exception);
}
if (StringUtils.hasText(username) && StringUtils.hasText(password) && username.equals(password)) {
logger.debug("User [{}] was successfully authenticated.", username);
return new HandlerResult(this, new BasicCredentialMetaData(credential));
}
logger.debug("User [{}] failed authentication", username);
throw new FailedLoginException();
}
Example #7
| Source File: SimpleTestUsernamePasswordAuthenticationHandler.java From springboot-shiro-cas-mybatis with MIT License | 6 votes |
|
@Override
public HandlerResult authenticate(final Credential credential)
throws GeneralSecurityException, PreventedException {
final UsernamePasswordCredential usernamePasswordCredential = (UsernamePasswordCredential) credential;
final String username = usernamePasswordCredential.getUsername();
final String password = usernamePasswordCredential.getPassword();
final Exception exception = this.usernameErrorMap.get(username);
if (exception instanceof GeneralSecurityException) {
throw (GeneralSecurityException) exception;
} else if (exception instanceof PreventedException) {
throw (PreventedException) exception;
} else if (exception instanceof RuntimeException) {
throw (RuntimeException) exception;
} else if (exception != null) {
logger.debug("Cannot throw checked exception {} since it is not declared by method signature.", exception);
}
if (StringUtils.hasText(username) && StringUtils.hasText(password) && username.equals(password)) {
logger.debug("User [{}] was successfully authenticated.", username);
return new DefaultHandlerResult(this, new BasicCredentialMetaData(credential));
}
logger.debug("User [{}] failed authentication", username);
throw new FailedLoginException();
}
Example #8
| Source File: AbstractUsernamePasswordAuthenticationHandler.java From springboot-shiro-cas-mybatis with MIT License | 6 votes |
|
/**
* {@inheritDoc}
**/
@Override
protected final HandlerResult doAuthentication(final Credential credential)
throws GeneralSecurityException, PreventedException {
final UsernamePasswordCredential userPass = (UsernamePasswordCredential) credential;
if (userPass.getUsername() == null) {
throw new AccountNotFoundException("Username is null.");
}
final String transformedUsername= this.principalNameTransformer.transform(userPass.getUsername());
if (transformedUsername == null) {
throw new AccountNotFoundException("Transformed username is null.");
}
userPass.setUsername(transformedUsername);
return authenticateUsernamePasswordInternal(userPass);
}
Example #9
| Source File: SearchModeSearchDatabaseAuthenticationHandler.java From cas4.0.x-server-wechat with Apache License 2.0 | 6 votes |
|
/** {@inheritDoc} */
@Override
protected final HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential)
throws GeneralSecurityException, PreventedException {
final String username = credential.getUsername();
final String encyptedPassword = getPasswordEncoder().encode(credential.getPassword());
final int count;
try {
count = getJdbcTemplate().queryForObject(this.sql, Integer.class, username, encyptedPassword);
} catch (final DataAccessException e) {
throw new PreventedException("SQL exception while executing query for " + username, e);
}
if (count == 0) {
throw new FailedLoginException(username + " not found with SQL query.");
}
return createHandlerResult(credential, new SimplePrincipal(username), null);
}
Example #10
| Source File: AbstractUsernamePasswordAuthenticationHandler.java From cas4.0.x-server-wechat with Apache License 2.0 | 6 votes |
|
/** {@inheritDoc} */
@Override
protected final HandlerResult doAuthentication(final Credential credential)
throws GeneralSecurityException, PreventedException {
final UsernamePasswordCredential userPass = (UsernamePasswordCredential) credential;
if (userPass.getUsername() == null) {
throw new AccountNotFoundException("Username is null.");
}
final String transformedUsername= this.principalNameTransformer.transform(userPass.getUsername());
if (transformedUsername == null) {
throw new AccountNotFoundException("Transformed username is null.");
}
userPass.setUsername(transformedUsername);
return authenticateUsernamePasswordInternal(userPass);
}
Example #11
| Source File: RadiusAuthenticationHandler.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
|
@Override
protected final HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential)
throws GeneralSecurityException, PreventedException {
final String password = getPasswordEncoder().encode(credential.getPassword());
final String username = credential.getUsername();
for (final RadiusServer radiusServer : this.servers) {
logger.debug("Attempting to authenticate {} at {}", username, radiusServer);
try {
final RadiusResponse response = radiusServer.authenticate(username, password);
if (response != null) {
return createHandlerResult(credential, this.principalFactory.createPrincipal(username), null);
}
if (!this.failoverOnAuthenticationFailure) {
throw new FailedLoginException("Radius authentication failed for user " + username);
}
logger.debug("failoverOnAuthenticationFailure enabled -- trying next server");
} catch (final PreventedException e) {
if (!this.failoverOnException) {
throw e;
}
logger.warn("failoverOnException enabled -- trying next server.", e);
}
}
throw new FailedLoginException("Radius authentication failed for user " + username);
}
Example #12
| Source File: ClientAuthenticationHandler.java From oxTrust with MIT License | 5 votes |
|
/**
* {@InheritDoc}
*/
@Override
protected HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
final ClientCredential clientCredentials = (ClientCredential) credential;
final OpenIdCredentials openIdCredentials = clientCredentials.getOpenIdCredentials();
logger.debug("Client credentials : '{}'", clientCredentials);
final String clientName = openIdCredentials.getClientName();
logger.debug("Client name : '{}'", clientName);
// Web context
final ServletExternalContext servletExternalContext = (ServletExternalContext) ExternalContextHolder.getExternalContext();
final HttpServletRequest request = (HttpServletRequest) servletExternalContext.getNativeRequest();
final HttpServletResponse response = (HttpServletResponse) servletExternalContext.getNativeResponse();
final WebContext webContext = new J2EContext(request, response);
// Get user profile
final UserProfile userProfile = this.client.getUserProfile(openIdCredentials, webContext);
logger.debug("userProfile : {}", userProfile);
if (userProfile != null) {
final String id = userProfile.getId();
if (StringHelper.isNotEmpty(id)) {
openIdCredentials.setUserProfile(userProfile);
return new HandlerResult(this, clientCredentials, new SimplePrincipal(id, userProfile.getAttributes()));
}
}
throw new FailedLoginException("Provider did not produce profile for " + clientCredentials);
}
Example #13
| Source File: KryoTranscoderTests.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
|
@Override
public DefaultHandlerResult authenticate(final Credential credential) throws GeneralSecurityException, PreventedException {
if (credential instanceof HttpBasedServiceCredential) {
return new DefaultHandlerResult(this, (HttpBasedServiceCredential) credential);
} else {
return new DefaultHandlerResult(this, new BasicCredentialMetaData(credential));
}
}
Example #14
| Source File: X509CredentialsAuthenticationHandler.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
|
/**
* {@inheritDoc}
*/
@Override
protected final HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
final X509CertificateCredential x509Credential = (X509CertificateCredential) credential;
final X509Certificate[] certificates = x509Credential.getCertificates();
X509Certificate clientCert = null;
boolean hasTrustedIssuer = false;
for (int i = certificates.length - 1; i >= 0; i--) {
final X509Certificate certificate = certificates[i];
logger.debug("Evaluating {}", CertUtils.toString(certificate));
validate(certificate);
if (!hasTrustedIssuer) {
hasTrustedIssuer = isCertificateFromTrustedIssuer(certificate);
}
// getBasicConstraints returns pathLenContraint which is generally
// >=0 when this is a CA cert and -1 when it's not
final int pathLength = certificate.getBasicConstraints();
if (pathLength < 0) {
logger.debug("Found valid client certificate");
clientCert = certificate;
} else {
logger.debug("Found valid CA certificate");
}
}
if (hasTrustedIssuer && clientCert != null) {
x509Credential.setCertificate(clientCert);
return new DefaultHandlerResult(this, x509Credential, this.principalFactory.createPrincipal(x509Credential.getId()));
}
throw new FailedLoginException();
}
Example #15
| Source File: ClientAuthenticationHandler.java From cas4.0.x-server-wechat with Apache License 2.0 | 5 votes |
|
@Override
protected HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
final ClientCredential clientCredentials = (ClientCredential) credential;
logger.debug("clientCredentials : {}", clientCredentials);
final String clientName = clientCredentials.getCredentials().getClientName();
logger.debug("clientName : {}", clientName);
// get client
final Client<org.pac4j.core.credentials.Credentials, UserProfile> client = this.clients.findClient(clientName);
logger.debug("client : {}", client);
// web context
final ServletExternalContext servletExternalContext = (ServletExternalContext) ExternalContextHolder.getExternalContext();
final HttpServletRequest request = (HttpServletRequest) servletExternalContext.getNativeRequest();
final HttpServletResponse response = (HttpServletResponse) servletExternalContext.getNativeResponse();
final WebContext webContext = new J2EContext(request, response);
// get user profile
final UserProfile userProfile = client.getUserProfile(clientCredentials.getCredentials(), webContext);
logger.debug("userProfile : {}", userProfile);
if (userProfile != null && StringUtils.isNotBlank(userProfile.getTypedId())) {
clientCredentials.setUserProfile(userProfile);
return new HandlerResult(
this,
new BasicCredentialMetaData(credential),
new SimplePrincipal(userProfile.getTypedId(), userProfile.getAttributes()));
}
throw new FailedLoginException("Provider did not produce profile for " + clientCredentials);
}
Example #16
| Source File: AbstractPreAndPostProcessingAuthenticationHandler.java From cas4.0.x-server-wechat with Apache License 2.0 | 5 votes |
|
/** {@inheritDoc} */
@Override
public final HandlerResult authenticate(final Credential credential)
throws GeneralSecurityException, PreventedException {
if (!preAuthenticate(credential)) {
throw new FailedLoginException();
}
return postAuthenticate(credential, doAuthentication(credential));
}
Example #17
| Source File: TestOneTimePasswordAuthenticationHandler.java From cas4.0.x-server-wechat with Apache License 2.0 | 5 votes |
|
@Override
public HandlerResult authenticate(final Credential credential)
throws GeneralSecurityException, PreventedException {
final OneTimePasswordCredential otp = (OneTimePasswordCredential) credential;
final String valueOnRecord = credentialMap.get(otp.getId());
if (otp.getPassword().equals(credentialMap.get(otp.getId()))) {
return new HandlerResult(this, new BasicCredentialMetaData(otp), new SimplePrincipal(otp.getId()));
}
throw new FailedLoginException();
}
Example #18
| Source File: RejectUsersAuthenticationHandler.java From cas4.0.x-server-wechat with Apache License 2.0 | 5 votes |
|
protected final HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential)
throws GeneralSecurityException, PreventedException {
final String username = credential.getUsername();
if (this.users.contains(username)) {
throw new FailedLoginException();
}
return createHandlerResult(credential, new SimplePrincipal(username), null);
}
Example #19
| Source File: FileAuthenticationHandlerTests.java From cas4.0.x-server-wechat with Apache License 2.0 | 5 votes |
|
@Test(expected = PreventedException.class)
public void testAuthenticateNoFileName() throws Exception {
final UsernamePasswordCredential c = new UsernamePasswordCredential();
this.authenticationHandler.setFileName(new ClassPathResource("fff"));
c.setUsername("scott");
c.setPassword("rutgers");
this.authenticationHandler.authenticate(c);
}
Example #20
| Source File: KryoTranscoderTests.java From cas4.0.x-server-wechat with Apache License 2.0 | 5 votes |
|
@Override
public HandlerResult authenticate(final Credential credential) throws GeneralSecurityException, PreventedException {
if (credential instanceof HttpBasedServiceCredential) {
return new HandlerResult(this, (HttpBasedServiceCredential) credential);
} else {
return new HandlerResult(this, new BasicCredentialMetaData(credential));
}
}
Example #21
| Source File: X509CredentialsAuthenticationHandler.java From cas4.0.x-server-wechat with Apache License 2.0 | 5 votes |
|
/** {@inheritDoc} */
@Override
protected final HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
final X509CertificateCredential x509Credential = (X509CertificateCredential) credential;
final X509Certificate[] certificates = x509Credential.getCertificates();
X509Certificate clientCert = null;
boolean hasTrustedIssuer = false;
for (int i = certificates.length - 1; i >= 0; i--) {
final X509Certificate certificate = certificates[i];
logger.debug("Evaluating {}", CertUtils.toString(certificate));
validate(certificate);
if (!hasTrustedIssuer) {
hasTrustedIssuer = isCertificateFromTrustedIssuer(certificate);
}
// getBasicConstraints returns pathLenContraint which is generally
// >=0 when this is a CA cert and -1 when it's not
int pathLength = certificate.getBasicConstraints();
if (pathLength < 0) {
logger.debug("Found valid client certificate");
clientCert = certificate;
} else {
logger.debug("Found valid CA certificate");
}
}
if (hasTrustedIssuer && clientCert != null) {
x509Credential.setCertificate(clientCert);
return new HandlerResult(this, x509Credential, new SimplePrincipal(x509Credential.getId()));
}
throw new FailedLoginException();
}
Example #22
| Source File: QueryDatabaseAuthenticationHandlerTests.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
|
@Test(expected = PreventedException.class)
public void verifyBadQuery() throws Exception {
final QueryDatabaseAuthenticationHandler q = new QueryDatabaseAuthenticationHandler();
q.setDataSource(this.dataSource);
q.setSql(SQL.replace("password", "*"));
q.authenticateUsernamePasswordInternal(
TestUtils.getCredentialsWithDifferentUsernameAndPassword("user0", "psw0"));
}
Example #23
| Source File: QueryAndEncodeDatabaseAuthenticationHandlerTests.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
|
@Test(expected = PreventedException.class)
public void verifyAuthenticationInvalidSql() throws Exception {
final QueryAndEncodeDatabaseAuthenticationHandler q =
new QueryAndEncodeDatabaseAuthenticationHandler(this.dataSource, buildSql("makesNoSenseInSql"),
ALG_NAME);
q.authenticateUsernamePasswordInternal(TestUtils.getCredentialsWithSameUsernameAndPassword());
}
Example #24
| Source File: FileAuthenticationHandlerTests.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
|
@Test(expected = PreventedException.class)
public void verifyAuthenticateNoFileName() throws Exception {
final UsernamePasswordCredential c = new UsernamePasswordCredential();
this.authenticationHandler.setFileName(new ClassPathResource("fff"));
c.setUsername("scott");
c.setPassword("rutgers");
this.authenticationHandler.authenticate(c);
}
Example #25
| Source File: RejectUsersAuthenticationHandler.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
|
@Override
protected final HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential)
throws GeneralSecurityException, PreventedException {
final String username = credential.getUsername();
if (this.users.contains(username)) {
throw new FailedLoginException();
}
return createHandlerResult(credential, this.principalFactory.createPrincipal(username), null);
}
Example #26
| Source File: TestOneTimePasswordAuthenticationHandler.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
|
@Override
public HandlerResult authenticate(final Credential credential)
throws GeneralSecurityException, PreventedException {
final OneTimePasswordCredential otp = (OneTimePasswordCredential) credential;
final String valueOnRecord = credentialMap.get(otp.getId());
if (otp.getPassword().equals(credentialMap.get(otp.getId()))) {
return new DefaultHandlerResult(this, new BasicCredentialMetaData(otp),
new DefaultPrincipalFactory().createPrincipal(otp.getId()));
}
throw new FailedLoginException();
}
Example #27
| Source File: AbstractPreAndPostProcessingAuthenticationHandler.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
|
/**
* {@inheritDoc}
**/
@Override
public final HandlerResult authenticate(final Credential credential)
throws GeneralSecurityException, PreventedException {
if (!preAuthenticate(credential)) {
throw new FailedLoginException();
}
return postAuthenticate(credential, doAuthentication(credential));
}
Example #28
| Source File: AbstractClientAuthenticationHandler.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
|
@Override
protected HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
final ClientCredential clientCredentials = (ClientCredential) credential;
logger.debug("clientCredentials : {}", clientCredentials);
final Credentials credentials = clientCredentials.getCredentials();
final String clientName = credentials.getClientName();
logger.debug("clientName : {}", clientName);
// get client
final Client<Credentials, UserProfile> client = this.clients.findClient(clientName);
logger.debug("client : {}", client);
// web context
final ServletExternalContext servletExternalContext = (ServletExternalContext) ExternalContextHolder.getExternalContext();
final HttpServletRequest request = (HttpServletRequest) servletExternalContext.getNativeRequest();
final HttpServletResponse response = (HttpServletResponse) servletExternalContext.getNativeResponse();
final WebContext webContext = new J2EContext(request, response);
// get user profile
final UserProfile userProfile = client.getUserProfile(credentials, webContext);
logger.debug("userProfile : {}", userProfile);
if (userProfile != null) {
return createResult(clientCredentials, userProfile);
}
throw new FailedLoginException("Provider did not produce a user profile for: " + clientCredentials);
}
Example #29
| Source File: ClientAuthenticationHandlerTests.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
|
@Test
public void verifyOk() throws GeneralSecurityException, PreventedException {
final FacebookProfile facebookProfile = new FacebookProfile();
facebookProfile.setId(ID);
this.fbClient.setFacebookProfile(facebookProfile);
final HandlerResult result = this.handler.authenticate(this.clientCredential);
final Principal principal = result.getPrincipal();
assertEquals(FacebookProfile.class.getSimpleName() + "#" + ID, principal.getId());
}
Example #30
| Source File: JaasAuthenticationHandler.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
|
/**
* {@inheritDoc}
*/
@Override
protected final HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential)
throws GeneralSecurityException, PreventedException {
if (this.kerberosKdcSystemProperty != null) {
logger.debug("Setting kerberos system property {} to {}", SYS_PROP_KERB5_KDC, this.kerberosKdcSystemProperty);
System.setProperty(SYS_PROP_KERB5_KDC, this.kerberosKdcSystemProperty);
}
if (this.kerberosRealmSystemProperty != null) {
logger.debug("Setting kerberos system property {} to {}", SYS_PROP_KRB5_REALM, this.kerberosRealmSystemProperty);
System.setProperty(SYS_PROP_KRB5_REALM, this.kerberosRealmSystemProperty);
}
final String username = credential.getUsername();
final String password = getPasswordEncoder().encode(credential.getPassword());
final LoginContext lc = new LoginContext(
this.realm,
new UsernamePasswordCallbackHandler(username, password));
try {
logger.debug("Attempting authentication for: {}", username);
lc.login();
} finally {
lc.logout();
}
Principal principal = null;
final Set<java.security.Principal> principals = lc.getSubject().getPrincipals();
if (principals != null && principals.size() > 0) {
principal = this.principalFactory.createPrincipal(principals.iterator().next().getName());
}
return createHandlerResult(credential, principal, null);
}
