org.apache.shiro.authc.credential.CredentialsMatcher Java Examples

The following examples show how to use org.apache.shiro.authc.credential.CredentialsMatcher. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ShiroAutoConfiguration.java    From utils with Apache License 2.0 6 votes vote down vote up 
@Bean(name = "mainRealm")
@ConditionalOnMissingBean(name = "mainRealm")
@ConditionalOnProperty(prefix = "shiro.realm.jdbc", name = "enabled", havingValue = "true")
@DependsOn(value = {"dataSource", "lifecycleBeanPostProcessor", "credentialsMatcher"})
public Realm jdbcRealm(DataSource dataSource, CredentialsMatcher credentialsMatcher) {
    JdbcRealm realm = new JdbcRealm();

    if (shiroJdbcRealmProperties.getAuthenticationQuery() != null) {
        realm.setAuthenticationQuery(shiroJdbcRealmProperties.getAuthenticationQuery());
    }
    if (shiroJdbcRealmProperties.getUserRolesQuery() != null) {
        realm.setUserRolesQuery(shiroJdbcRealmProperties.getUserRolesQuery());
    }
    if (shiroJdbcRealmProperties.getPermissionsQuery() != null) {
        realm.setPermissionsQuery(shiroJdbcRealmProperties.getPermissionsQuery());
    }
    if (shiroJdbcRealmProperties.getSalt() != null) {
        realm.setSaltStyle(shiroJdbcRealmProperties.getSalt());
    }
    realm.setPermissionsLookupEnabled(shiroJdbcRealmProperties.isPermissionsLookupEnabled());
    realm.setDataSource(dataSource);
    realm.setCredentialsMatcher(credentialsMatcher);

    return realm;
}
Example #2
Source File: IniShiroRealmModule.java    From attic-aurora with Apache License 2.0 6 votes vote down vote up 
@Override
protected void configure() {
  if (ini.isPresent()) {
    bind(Ini.class).toInstance(ini.get());
  } else {
    addError("shiro.ini is required.");
  }

  if (shiroCredentialsMatcher.isPresent()) {
    bind(CredentialsMatcher.class).to(shiroCredentialsMatcher.get()).in(Singleton.class);
  } else {
    addError("shiro_credentials_matcher is required.");
  }

  ShiroUtils.addRealmBinding(binder()).to(IniRealm.class);
}
Example #3
Source File: ShiroDbRealm.java    From MeetingFilm with Apache License 2.0 5 votes vote down vote up 
/**
 * 设置认证加密方式
 */
@Override
public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {
    HashedCredentialsMatcher md5CredentialsMatcher = new HashedCredentialsMatcher();
    md5CredentialsMatcher.setHashAlgorithmName(ShiroKit.hashAlgorithmName);
    md5CredentialsMatcher.setHashIterations(ShiroKit.hashIterations);
    super.setCredentialsMatcher(md5CredentialsMatcher);
}
Example #4
Source File: AuthenticatingRealmImpl.java    From nexus-public with Eclipse Public License 1.0 5 votes vote down vote up 
/**
 * Checks to see if the credentials in token match the credentials stored on user
 *
 * @param token the username/password token containing the credentials to verify
 * @param user  object containing the stored credentials
 * @return true if credentials match, false otherwise
 */
private boolean isValidCredentials(final UsernamePasswordToken token, final CUser user) {
  boolean credentialsValid = false;

  AuthenticationInfo info = createAuthenticationInfo(user);
  CredentialsMatcher matcher = getCredentialsMatcher();
  if (matcher != null) {
    if (matcher.doCredentialsMatch(token, info)) {
      credentialsValid = true;
    }
  }

  return credentialsValid;
}
Example #5
Source File: UserRealm.java    From seezoon-framework-all with Apache License 2.0 5 votes vote down vote up 
@Override
public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {
	HashedCredentialsMatcher shaCredentialsMatcher = new HashedCredentialsMatcher();
	shaCredentialsMatcher.setHashAlgorithmName(ShiroUtils.hashAlgorithmName);
	shaCredentialsMatcher.setHashIterations(ShiroUtils.hashIterations);
	super.setCredentialsMatcher(shaCredentialsMatcher);
}
Example #6
Source File: MyShiroRealm.java    From SpringBootBucket with MIT License 5 votes vote down vote up 
/**
 * 设置认证加密方式
 */
@Override
public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {
    HashedCredentialsMatcher md5CredentialsMatcher = new HashedCredentialsMatcher();
    md5CredentialsMatcher.setHashAlgorithmName(ShiroKit.HASH_ALGORITHM_NAME);
    md5CredentialsMatcher.setHashIterations(ShiroKit.HASH_ITERATIONS);
    super.setCredentialsMatcher(md5CredentialsMatcher);
}
Example #7
Source File: SecurityGuiceConfigurer.java    From seed with Mozilla Public License 2.0 5 votes vote down vote up 
public void configure(Binder binder) {
    // Subject
    SecurityConfig.SubjectConfig subjectConfig = securityConfig.subject();
    Optional.ofNullable(subjectConfig.getContext()).ifPresent(c -> binder.bind(SubjectContext.class).to(c));
    Optional.ofNullable(subjectConfig.getFactory()).ifPresent(f -> binder.bind(SubjectFactory.class).to(f));
    Class<? extends SubjectDAO> subjectDao = subjectConfig.getDao();
    binder.bind(SubjectDAO.class).to(subjectDao != null ? subjectDao : DefaultSubjectDAO.class);

    // Authentication
    SecurityConfig.AuthenticationConfig authenticationConfig = securityConfig.authentication();
    binder.bind(Authenticator.class).to(authenticationConfig.getAuthenticator());
    binder.bind(AuthenticationStrategy.class).to(authenticationConfig.getStrategy());
    binder.bind(CredentialsMatcher.class).to(authenticationConfig.getCredentialsMatcher());

    // Cache configuration
    SecurityConfig.CacheConfig cacheConfig = securityConfig.cache();
    binder.bind(CacheManager.class).to(cacheConfig.getManager());

    // Sessions
    SecurityConfig.SessionConfig sessionConfig = securityConfig.sessions();
    binder.bind(SessionStorageEvaluator.class).to(sessionConfig.getStorageEvaluator());
    Optional.ofNullable(sessionConfig.getValidationScheduler())
            .ifPresent(s -> binder.bind(SessionValidationScheduler.class).to(s));
    binder.bindConstant()
            .annotatedWith(Names.named("shiro.sessionValidationInterval"))
            .to(sessionConfig.getValidationInterval() * 1000);
    binder.bindConstant()
            .annotatedWith(Names.named("shiro.globalSessionTimeout"))
            .to(sessionConfig.getTimeout() * 1000);
}
Example #8
Source File: ShiroBaseConfigure.java    From ueboot with BSD 3-Clause "New" or "Revised" License 5 votes vote down vote up 
/***
 * 密码凭证匹配器,采用redis记录重试次数,超过指定次数则不允许登录
 * @return
 */
@Bean
@Conditional(RedisEnableCondition.class)
public CredentialsMatcher retryLimitHashedCredentialsMatcher(RedisTemplate<Object, Object> redisTemplate) {
    return credentialsMatcher(redisTemplate);

}
Example #9
Source File: IniShiroRealmModule.java    From attic-aurora with Apache License 2.0 5 votes vote down vote up 
@Singleton
@Provides
public IniRealm providesIniReal(Ini providedIni,
    CredentialsMatcher providedShiroCredentialsMatcher) {
  IniRealm result = new IniRealm(providedIni);
  result.setCredentialsMatcher(providedShiroCredentialsMatcher);
  result.init();

  return result;
}
Example #10
Source File: UserRealm.java    From kvf-admin with MIT License 5 votes vote down vote up 
@Override
public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {
    HashedCredentialsMatcher shaCredentialsMatcher = new HashedCredentialsMatcher();
    shaCredentialsMatcher.setHashAlgorithmName(ShiroKit.HASH_ALGORITHM_NAME);
    shaCredentialsMatcher.setHashIterations(ShiroKit.HASH_ITERATIONS);
    super.setCredentialsMatcher(shaCredentialsMatcher);
}
Example #11
Source File: ShiroDbRealm.java    From WebStack-Guns with MIT License 5 votes vote down vote up 
/**
 * 设置认证加密方式
 */
@Override
public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {
    HashedCredentialsMatcher md5CredentialsMatcher = new HashedCredentialsMatcher();
    md5CredentialsMatcher.setHashAlgorithmName(ShiroKit.hashAlgorithmName);
    md5CredentialsMatcher.setHashIterations(ShiroKit.hashIterations);
    super.setCredentialsMatcher(md5CredentialsMatcher);
}
Example #12
Source File: SimpleAuthorizingRealm.java    From NutzSite with Apache License 2.0 5 votes vote down vote up 
public SimpleAuthorizingRealm(CacheManager cacheManager, CredentialsMatcher matcher) {
	super(cacheManager, matcher);
	HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
	hashedCredentialsMatcher.setHashAlgorithmName("SHA-256");
	hashedCredentialsMatcher.setHashIterations(1024);
	// 这一行决定hex还是base64
	hashedCredentialsMatcher.setStoredCredentialsHexEncoded(false);
	// 设置token类型是关键!!!
	setCredentialsMatcher(hashedCredentialsMatcher);
	setAuthenticationTokenClass(UsernamePasswordToken.class);
}
Example #13
Source File: IniShiroRealmModule.java    From attic-aurora with Apache License 2.0 4 votes vote down vote up 
private IniShiroRealmModule(Optional<Ini> ini,
    Optional<Class<? extends CredentialsMatcher>> shiroCredentialsMatcher) {
  this.ini = ini;
  this.shiroCredentialsMatcher = shiroCredentialsMatcher;
}
Example #14
Source File: IniShiroRealmModule.java    From attic-aurora with Apache License 2.0 4 votes vote down vote up 
@VisibleForTesting
IniShiroRealmModule(Ini ini, Class<? extends CredentialsMatcher> shiroCredentialsMatcher) {
  this(Optional.of(ini), Optional.of(shiroCredentialsMatcher));
}
Example #15
Source File: SecurityConfig.java    From seed with Mozilla Public License 2.0 4 votes vote down vote up 
public AuthenticationConfig setCredentialsMatcher(Class<? extends CredentialsMatcher> credentialsMatcher) {
    this.credentialsMatcher = credentialsMatcher;
    return this;
}
Example #16
Source File: Realm.java    From usergrid with Apache License 2.0 4 votes vote down vote up 
public Realm( CredentialsMatcher matcher ) {
    super(new AllowAllCredentialsMatcher());
    setPermissionResolver(new CustomPermissionResolver());
}
Example #17
Source File: SecurityConfig.java    From seed with Mozilla Public License 2.0 4 votes vote down vote up 
public Class<? extends CredentialsMatcher> getCredentialsMatcher() {
    return credentialsMatcher;
}
Example #18
Source File: Realm.java    From usergrid with Apache License 2.0 4 votes vote down vote up 
public Realm( CacheManager cacheManager, CredentialsMatcher matcher ) {
    super(cacheManager, new AllowAllCredentialsMatcher());
    setPermissionResolver( new CustomPermissionResolver() );
    setCachingEnabled(true);
    setAuthenticationCachingEnabled(true);
}
Example #19
Source File: AnonymousCredentialsMatcher.java    From emodb with Apache License 2.0 4 votes vote down vote up 
public static AnonymousCredentialsMatcher anonymousOrMatchUsing(CredentialsMatcher matcher) {
    return new AnonymousCredentialsMatcher(matcher);
}
Example #20
Source File: AnonymousCredentialsMatcher.java    From emodb with Apache License 2.0 4 votes vote down vote up 
private AnonymousCredentialsMatcher(CredentialsMatcher matcher) {
    _matcher = checkNotNull(matcher, "matcher");
}
Example #21
Source File: ShiroDbRealm.java    From xmanager with Apache License 2.0 4 votes vote down vote up 
public ShiroDbRealm(CacheManager cacheManager, CredentialsMatcher matcher) {
    super(cacheManager, matcher);
}
Example #22
Source File: AbstractAuthorizingRealm.java    From super-cloudops with Apache License 2.0 4 votes vote down vote up 
@Override
protected void assertCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) throws AuthenticationException {
	AbstractIamAuthenticationToken tk = (AbstractIamAuthenticationToken) token;
	IamAuthenticationInfo info0 = (IamAuthenticationInfo) info;

	CredentialsMatcher matcher = getCredentialsMatcher();
	if (isNull(matcher)) {
		throw new AuthenticationException("A CredentialsMatcher must be configured in order to verify "
				+ "credentials during authentication.  If you do not wish for credentials to be examined, you "
				+ "can configure an " + AllowAllCredentialsMatcher.class.getName() + " instance.");
	}

	// Assert credentials match.
	if (!matcher.doCredentialsMatch(tk, info)) {
		throw new IncorrectCredentialsException(bundle.getMessage("AbstractIamAuthorizingRealm.credential.mismatch"));
	}

	// Assert when that no permissions are configured, forbid login.
	if (isBlank(info0.getAccountInfo().getPermissions())) {
		throw new AccessPermissionDeniedException(bundle.getMessage("AbstractIamAuthorizingRealm.permission.denied"));
	}

	// Check if have access to the client application.
	String fromAppName = tk.getRedirectInfo().getFromAppName();
	if (!isBlank(fromAppName)) {
		isTrue(!info.getPrincipals().isEmpty(),
				format("Authentication info principals is empty, please check the configure. [%s]", info));

		// For example: when using wechat scanning code (oauth2)
		// to log in, token.getPrincipal() is empty,
		// info.getPrimaryPrincipal() will not be empty.
		String principal = (String) info.getPrincipals().getPrimaryPrincipal();
		try {
			authHandler.assertApplicationAccessAuthorized(principal, fromAppName);
		} catch (IllegalApplicationAccessException ex) {
			// Disable fallback redirect?
			if (!tk.getRedirectInfo().isFallbackRedirect()) {
				throw ex;
			}

			// For example: first login to manager service(mp) with
			// 'admin', then logout, and then login to portal
			// service(portal) with user01. At this time, the check will
			// return that 'user01' has no permission to access manager
			// service(mp).
			// e.g.->https://sso.wl4g.com/login.html?service=mp&redirect_url=https%3A%2F%2Fmp.wl4g.com%2Fmp%2Fauthenticator

			// Fallback determine redirect to application.
			RedirectInfo fallbackRedirect = configurer.getFallbackRedirectInfo(tk,
					new RedirectInfo(config.getSuccessService(), config.getSuccessUri(), true));
			notNull(fallbackRedirect, "Fallback redirect info cannot be null");

			/**
			 * See:{@link AuthenticatorAuthenticationFilter#savedRequestParameters()}
			 * See:{@link AbstractIamAuthenticationFilter#getRedirectInfo()}
			 */
			bindKVParameters(KEY_REQ_AUTH_PARAMS, KEY_REQ_AUTH_REDIRECT, fallbackRedirect);
			log.warn("The principal({}) no access to '{}', fallback redirect to:{}, caused by: {}", principal, fromAppName,
					fallbackRedirect, getRootCausesString(ex));
		}
	}

}
Example #23
Source File: ShiroBaseConfigure.java    From ueboot with BSD 3-Clause "New" or "Revised" License 4 votes vote down vote up 
/***
 * 密码凭证匹配器
 * @return
 */
@Bean
@Conditional(RedisDisabledCondition.class)
public CredentialsMatcher hashedCredentialsMatcher() {
    return credentialsMatcher(null);
}
Example #24
Source File: ShiroBaseConfigure.java    From ueboot with BSD 3-Clause "New" or "Revised" License 4 votes vote down vote up 
@Bean
public Realm realm(CredentialsMatcher credentialsMatcher, UserRealm userRealm) {
    //自定义密码校验器
    userRealm.setCredentialsMatcher(credentialsMatcher);
    return userRealm;
}
Example #25
Source File: Sha256CredentialsHashingStrategy.java    From arcusplatform with Apache License 2.0 4 votes vote down vote up 
@Override
public CredentialsMatcher getCredentialsMatcher() {
   return credentialsMatcher;
}
Example #26
Source File: PlainCredentialsHashingStrategy.java    From arcusplatform with Apache License 2.0 4 votes vote down vote up 
@Override
public CredentialsMatcher getCredentialsMatcher() {
   return credentialsMatcher;
}
Example #27
Source File: SimpleAuthorizingRealm.java    From NutzSite with Apache License 2.0 4 votes vote down vote up 
public SimpleAuthorizingRealm(CredentialsMatcher matcher) {
	this(null, matcher);
}
Example #28
Source File: ShiroConfig.java    From spring-boot-plus with Apache License 2.0 4 votes vote down vote up 
@Bean
public CredentialsMatcher credentialsMatcher() {
    return new JwtCredentialsMatcher();
}
Example #29
Source File: CredentialsHashingStrategy.java    From arcusplatform with Apache License 2.0 votes vote down vote up 
CredentialsMatcher getCredentialsMatcher();