org.apache.shiro.authc.RememberMeAuthenticationToken Java Examples

The following examples show how to use org.apache.shiro.authc.RememberMeAuthenticationToken. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: IamSubjectFactory.java    From super-cloudops with Apache License 2.0 5 votes vote down vote up 
@Override
public Subject createSubject(SubjectContext context) {
	// the authenticated flag is only set by the SecurityManager after a
	// successful authentication attempt.
	//
	// although the SecurityManager 'sees' the submission as a successful
	// authentication, in reality, the
	// login might have been just a CAS rememberMe login. If so, set the
	// authenticated flag appropriately:
	AuthenticationToken token = context.getAuthenticationToken();
	if (!isNull(token) && token instanceof RememberMeAuthenticationToken) {
		RememberMeAuthenticationToken tk = (RememberMeAuthenticationToken) token;
		// set the authenticated flag of the context to true only if the
		// CAS subject is not in a remember me mode
		if (tk.isRememberMe()) {
			context.setAuthenticated(false);
		}
	}

	// Validation of enhanced session additional signature.
	if (isAssertRequestAccessTokens(context)) {
		try {
			assertRequestAccessTokenValidity(context);
		} catch (UnauthenticatedException e) {
			// #Forced sets notauthenticated
			context.setAuthenticated(false);
			context.getSession().setAttribute(AUTHENTICATED_SESSION_KEY, false);
			if (log.isDebugEnabled())
				log.debug("Invalid accesstoken", e);
			else
				log.warn("Invalid accesstoken. - {}", e.getMessage());
		}
	}

	return super.createSubject(context);
}