org.apache.shiro.authc.SimpleAuthenticationInfo Java Examples

The following examples show how to use org.apache.shiro.authc.SimpleAuthenticationInfo. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ApiRealm.java    From flash-waimai with MIT License 6 votes vote down vote up
/**
 * 默认使用此方法进行用户名正确与否验证,错误抛出异常即可。
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken auth) throws AuthenticationException {
    String token = (String) auth.getCredentials();
    // 解密获得username,用于和数据库进行对比
    String username = JwtUtil.getUsername(token);
    if (username == null) {
        throw new AuthenticationException("token invalid");
    }

    ShiroUser userBean =  ShiroFactroy.me().shiroUser(userService.findByAccount(username));
    if (userBean == null) {
        throw new AuthenticationException("User didn't existed!");
    }

    if (! JwtUtil.verify(token, username, userBean.getPassword())) {
        throw new AuthenticationException("Username or password error");
    }

    return new SimpleAuthenticationInfo(token, token, "my_realm");
}
 
Example #2
Source File: UserRealm.java    From cjs_ssms with GNU General Public License v2.0 6 votes vote down vote up
/**
 * 登录认证,在权限认证前执行
 *
 * @param token
 * @return AuthenticationInfo
 * @throws AuthenticationException
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
  String userName = token.getPrincipal().toString();
  UUser user = userFService.findUserByUsername(userName);
  if (null == user) {
    return null;
  } else {
    /**
     * info中principal选择方案:1.username, 2.User, 3.UserWithRoleAndPermission
     * 各有优劣,这里选择使用username
     *
     * EAO isssue: 新建对象WholeUser,有属性roles,permissions,登录时产生此对象作为principals,则authorization时无需再和sql交互
     * 1.优势: 减少sql交互,
     * 2.劣势:缓存大,对变更的用户信息反馈不及时
     * 适用: 变化不大信息量少,但权限校验频繁的用户类型.
     *
     * SimpleAuthorizationInfo: param: principal检查源码最后被强转为Collection不知何意??
     */
    SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), "UserRealm");
    return info;
  }
}
 
Example #3
Source File: UUserRealm.java    From cjs_ssms with GNU General Public License v2.0 6 votes vote down vote up
/**
 * 登录认证,在权限认证前执行
 *
 * @param token
 * @return AuthenticationInfo
 * @throws AuthenticationException
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
  String username = token.getPrincipal().toString();
  UUser user = userMService.findUserByUserName(username);
  if (null == user) {
    return null;
  } else {
    /**
     * info中principal选择方案:1.username, 2.User, 3.UserWithRoleAndPermission
     * 各有优劣,这里选择使用username
     *
     * EAO isssue: 新建对象WholeUser,有属性roles,permissions,登录时产生此对象作为principals,则authorization时无需再和sql交互
     * 1.优势: 减少sql交互,
     * 2.劣势:缓存大,对变更的用户信息反馈不及时
     * 适用: 变化不大信息量少,但权限校验频繁的用户类型.
     *
     * SimpleAuthorizationInfo: param: principal检查源码最后被强转为Collection不知何意??
     */
    SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), "UserRealm");
    return info;
  }
}
 
Example #4
Source File: DatabaseRealm.java    From java-platform with Apache License 2.0 6 votes vote down vote up
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
	if (token instanceof UsernamePasswordToken) {
		String username = ((UsernamePasswordToken) token).getUsername();
		char[] password = ((UsernamePasswordToken) token).getPassword();

		if (Strings.isNullOrEmpty(username) || password == null) {
			return null;
		}

		User user = userRepository.findByUsername(username);
		if (user == null) {
			throw new UnknownAccountException();
		}

		return new SimpleAuthenticationInfo(new Principal(user.getId(), username), user.getPassword(), new SimpleByteSource(user.getUsername()),
				getName());
	}
	return null;
}
 
Example #5
Source File: OAuth2Realm.java    From kitty with GNU Lesser General Public License v3.0 6 votes vote down vote up
/**
 * 认证(登录时调用)
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
    String token = (String) authenticationToken.getPrincipal();
    // 根据accessToken,查询用户token信息
    SysUserToken sysUserToken = sysUserTokenService.findByToken(token);
    if(sysUserToken == null || sysUserToken.getExpireTime().getTime() < System.currentTimeMillis()){
    	// token已经失效
        throw new IncorrectCredentialsException("token失效,请重新登录");
    }
    // 查询用户信息
    SysUser user = sysUserService.findById(sysUserToken.getUserId());
    // 账号被锁定
    if(user.getStatus() == 0){
        throw new LockedAccountException("账号已被锁定,请联系管理员");
    }
    SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, token, getName());
    return info;
}
 
Example #6
Source File: ApiRealm.java    From web-flash with MIT License 6 votes vote down vote up
/**
 * 默认使用此方法进行用户名正确与否验证,错误抛出异常即可。
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken auth) throws AuthenticationException {
    String token = (String) auth.getCredentials();
    // 解密获得username,用于和数据库进行对比
    String username = JwtUtil.getUsername(token);
    if (username == null) {
        throw new AuthenticationException("token invalid");
    }

    ShiroUser userBean =  ShiroFactroy.me().shiroUser(userService.findByAccount(username));
    if (userBean == null) {
        throw new AuthenticationException("User didn't existed!");
    }
    try {
        if (!JwtUtil.verify(token, username, userBean.getPassword())) {
            throw new AuthenticationException("Username or password error");
        }
    }catch (Exception e){
        throw  new AuthenticationException(e.getMessage());
    }

    return new SimpleAuthenticationInfo(token, token, "my_realm");
}
 
Example #7
Source File: DbRealm.java    From dpCms with Apache License 2.0 6 votes vote down vote up
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
        final AuthenticationToken token)
        throws AuthenticationException {
    final UsernamePasswordToken credentials = (UsernamePasswordToken) token;
    final String userName = credentials.getUsername();
    if (userName == null) {
        throw new UnknownAccountException("userName not provided");
    }
    Account account = accountRepository.findByLoginName(userName);
    if (account == null) {
        throw new UnknownAccountException("Account does not exist");
    }
    return new SimpleAuthenticationInfo(userName, account.getPassword().toCharArray(),
            ByteSource.Util.bytes(userName), getName());
}
 
Example #8
Source File: LdapRealm.java    From Moss with Apache License 2.0 6 votes vote down vote up
@Override
protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken authenticationToken,
                                                        LdapContextFactory ldapContextFactory) throws NamingException {
    String token = (String) authenticationToken.getCredentials();
    // 解密获得username,用于和数据库进行对比
    String username = JwtUtil.getUsername(token);

    if (null==username  || !JwtUtil.verify(token, username)) {
        throw new AuthenticationException("token认证失败!");
    }
    LdapContext ctx = null;
    try {
        ctx = ldapContextFactory.getLdapContext(username, null);
    } catch (Throwable e) {
        LOGGER.error(e.getMessage(), e);
        return null;
    } finally {
        LdapUtils.closeContext(ctx);
    }
    return new SimpleAuthenticationInfo(token, token, "MyRealm");
}
 
Example #9
Source File: DBRealm.java    From Moss with Apache License 2.0 6 votes vote down vote up
@Override
protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken authenticationToken,
                                                        LdapContextFactory ldapContextFactory) throws NamingException {
    String token = (String) authenticationToken.getCredentials();
    // 解密获得username,用于和数据库进行对比
    String username = JwtUtil.getUsername(token);

    if (null==username  || !JwtUtil.verify(token, username)) {
        throw new AuthenticationException("token认证失败!");
    }
    UserModel userModel= userService.getUserByUserName(username);
    if(null==userModel){
        return null;
    }
    return new SimpleAuthenticationInfo(token, token, "MyRealm");
}
 
Example #10
Source File: AuthRealm.java    From spring-boot-demo with MIT License 6 votes vote down vote up
/**
 * 认证(主要是用来进行身份认证的,也就是说验证用户输入的账号和密码是否正确)
 *
 * @param token
 * @return
 * @throws AuthenticationException
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    log.info("调用认证方法");
    //获取用户的输入的账号.
    String username = (String) token.getPrincipal();
    if (username == null) {
        throw new AuthenticationException("账号名为空,登录失败!");
    }

    log.info("credentials:" + token.getCredentials());
    UserInfo userInfo = userInfoService.findByUsername(username);
    if (userInfo == null) {
        throw new AuthenticationException("不存在的账号,登录失败!");
    }

    SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
            userInfo,                                               //用户
            userInfo.getPassword(),                                 //密码
            ByteSource.Util.bytes(userInfo.getCredentialsSalt()),   //加盐后的密码
            getName()                                               //指定当前 Realm 的类名
    );
    return authenticationInfo;
}
 
Example #11
Source File: MyShiroRealm.java    From spring-boot-shiro with Apache License 2.0 6 votes vote down vote up
/**
 * create by: leigq
 * description: 主要是用来进行身份认证的,也就是说验证用户输入的账号和密码是否正确。
 * create time: 2019/7/1 09:04
 *
 * @return 身份验证信息
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    log.warn("开始进行身份认证......");

    //获取用户的输入的账号.
    String userName = (String) token.getPrincipal();

    //通过username从数据库中查找 User对象.
    //实际项目中,这里可以根据实际情况做缓存,如果不做,Shiro自己也是有时间间隔机制,2分钟内不会重复执行该方法
    User user = iUserService.findByUsername(userName);
    if (Objects.isNull(user)) {
        return null;
    }

    return new SimpleAuthenticationInfo(
            // 这里传入的是user对象,比对的是用户名,直接传入用户名也没错,但是在授权部分就需要自己重新从数据库里取权限
            user,
            // 密码
            user.getPassword(),
            // salt = username + salt
            ByteSource.Util.bytes(user.getCredentialsSalt()),
            // realm name
            getName()
    );
}
 
Example #12
Source File: MyShiroRealm.java    From DouBiNovel with Apache License 2.0 6 votes vote down vote up
@Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
            throws AuthenticationException {
//        System.out.println("com.cn.lucky.morning.model.web.shiro.MyShiroRealm.doGetAuthenticationInfo()");
        //获取用户的输入的账号.
        String account = (String)token.getPrincipal();
//        System.out.println(token.getCredentials());
        //通过username从数据库中查找 User对象,如果找到,没找到.
        //实际项目中,这里可以根据实际情况做缓存,如果不做,Shiro自己也是有时间间隔机制,2分钟内不会重复执行该方法
        User userInfo = userInfoService.getByPhoneOrCodeOrEmail(account);
//        System.out.println("----->>userInfo="+ JSON.toJSONString(userInfo));
        if(userInfo == null){
            return null;
        }
        SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
                userInfo, //用户名
                userInfo.getPassword(), //密码
                ByteSource.Util.bytes(userInfo.getCode()+"salt"),//salt=username+salt
                getName()  //realm name
        );
        return authenticationInfo;
    }
 
Example #13
Source File: ShiroDbRealm.java    From DWSurvey with GNU Affero General Public License v3.0 6 votes vote down vote up
/**
	 * 认证回调函数,登录时调用.
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException {
		UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
//		User user = accountManager.findUserByLoginName(token.getUsername());
		
		//根据loginToken 看能不查到当前token token有效期就1分钟
		
		String tokenPassword=new String(token.getPassword());

		User user = accountManager.findUserByLoginNameOrEmail(token.getUsername());

		//user.getStandardLock()==1 
		if (user != null &&  user.getStatus().intValue()!=0 && !user.getLoginName().endsWith("@chacuo.net")) {
			 return new SimpleAuthenticationInfo(user.getLoginName(), user.getShaPassword() , getName());
		} else {
			return null;
		}
	}
 
Example #14
Source File: Realm.java    From permission with Apache License 2.0 6 votes vote down vote up
/**
	 * 认证方法
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
			throws AuthenticationException {
		System.out.println("认证中......");
		UsernamePasswordToken upt = (UsernamePasswordToken)token;
		String pwd = new String(upt.getPassword());
//		// 根据用户名和密码查找用户
		User user = userService.findUserByCodeAndPwd(upt.getUsername(), pwd);
		if(user != null) {
			//返回认证信息
			//参数1:主角,就是登陆的用户
			//参数2:证书,就是凭证,对应密码
			//参数3:当前realm的名称
			return new SimpleAuthenticationInfo(user, pwd, getName());
		}
		return null;
	}
 
Example #15
Source File: AppHandoffRealm.java    From arcusplatform with Apache License 2.0 6 votes vote down vote up
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {		
	SessionHandoff handoff = null;
	try {
		handoff = handoffDao.validate(((AppHandoffToken) token).getToken()).orElseThrow(() -> new IncorrectCredentialsException());
		AppHandoffMetrics.incValidateTokenSuccess();
	}catch(IncorrectCredentialsException e) {
		AppHandoffMetrics.incValidateTokenFailed();
		throw e;
	}
	if(checkSameIp) {
		String tokenHost = ((AppHandoffToken) token).getHost();
		if(StringUtils.isBlank(tokenHost) || StringUtils.isBlank(handoff.getIp()) || !tokenHost.equalsIgnoreCase(handoff.getIp())) {
			if(StringUtils.isBlank(handoff.getIp()) && StringUtils.isBlank(tokenHost)) {
				logger.warn("Both IP in token and app_handoff_token DB is null for person [{}].  Should not happen!", handoff.getPersonId());
			}
			AppHandoffMetrics.incSameIPFailed();
			throw new IncorrectCredentialsException();
		}
		AppHandoffMetrics.incSameIPSuccess();
	}
	Login login = new Login();
	login.setUserId(handoff.getPersonId());
	login.setUsername(handoff.getUsername());
	return new SimpleAuthenticationInfo(principalResolver.resolvePrincipal(login), token, getName()); 
}
 
Example #16
Source File: UpmsRealm.java    From civism-sso with Apache License 2.0 6 votes vote down vote up
/**
 * 认证信息,主要针对用户登录,
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
    SsoUserNameToken ssoUserNameToken = (SsoUserNameToken) authenticationToken;
    LoginEntity loginEntity = ssoUserNameToken.getLoginEntity();
    UserInfo userInfo = null;
    try {
        userInfo = userService.login(loginEntity);
        Serializable id = SecurityUtils.getSubject().getSession().getId();
        userInfo.setToken((String) id);
        redisClient.set((String) id, SerializeUtil.serialize(userInfo), SsoConstants.DEFAULT_LOGIN_EXPIRE);
    } catch (CivismException e) {
        throw new CustomAccountException(e.getErrorCode());
    }
    return new SimpleAuthenticationInfo(userInfo, userInfo.getToken(), getName());
}
 
Example #17
Source File: CommonShiroRealm.java    From taoshop with Apache License 2.0 6 votes vote down vote up
/**
	 * 登录信息和用户验证信息验证(non-Javadoc)
	 * @see org.apache.shiro.realm.AuthenticatingRealm#doGetAuthenticationInfo(AuthenticationToken)
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

		 String username = (String)token.getPrincipal();  				//得到用户名 
	     String password = new String((char[])token.getCredentials()); 	//得到密码
	     
//	     User user = userService.findByUsername(username);

	     /**检测是否有此用户 **/
//	     if(user == null){
//	    	 throw new UnknownAccountException();//没有找到账号异常
//	     }
	     /**检验账号是否被锁定 **/
//	     if(Boolean.TRUE.equals(user.getLocked())){
//	    	 throw new LockedAccountException();//抛出账号锁定异常
//	     }
	     /**AuthenticatingRealm使用CredentialsMatcher进行密码匹配**/
	     if(null != username && null != password){
	    	 return new SimpleAuthenticationInfo(username, password, getName());
	     }else{
	    	 return null;
	     }
	     
	}
 
Example #18
Source File: MyRealm.java    From MyBlog with Apache License 2.0 6 votes vote down vote up
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    if (token == null || StringUtils.isBlank((String) token.getPrincipal())) {
        return null;
    }
    //根据token中的用户名查库,获得user对象
    UserPo userPo = userService.queryUserByName((String) token.getPrincipal());
    if (userPo == null) {
        return null;
    }
    //SimpleAuthenticationInfo代表该用户的认证信息,其实就是数据库中的用户名、密码、加密密码使用的盐
    //存在数据库中的密码是对用户真是密码通过md5加盐加密得到的,保证安全,及时数据泄露,也得不到真正的用户密码
    //getName()返回该realm的名字,代表该认证信息的来源是该realm,作用不大,一般都是单realm
    //该方法返回后,上层会对token和SimpleAuthenticationInfo进行比较,首先比较Principal(),然后将token的Credentials
    //进行md5加上SimpleAuthenticationInfo中的盐加密,加密结果和SimpleAuthenticationInfo的Credentials比较
    return new SimpleAuthenticationInfo(
            userPo.getUserName(), userPo.getPassword(), ByteSource.Util.bytes(userPo.getUserName()), getName());
}
 
Example #19
Source File: OktaRealm.java    From okta-auth-java with Apache License 2.0 6 votes vote down vote up
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

    AuthenticationResponse authenticationResponse = ((OktaSuccessLoginToken) token).getAuthenticationResponse();

    // auth already verified, just check the status
    if (authenticationResponse != null
            && authenticationResponse.getStatus() == AuthenticationStatus.SUCCESS
            && authenticationResponse.getSessionToken() != null) {

        // if we have a valid User (see below) return an AuthenticationInfo
        User result = authenticationResponse.getUser();
        if (result != null) {
            SimplePrincipalCollection principalCollection = new SimplePrincipalCollection(result.getLogin(), getName());
            principalCollection.add(result, getName());

            return new SimpleAuthenticationInfo(principalCollection, null);
        }
    }

    return null; // returning null means the user is NOT authenticated
}
 
Example #20
Source File: UsernameRealm.java    From jsets-shiro-spring-boot-starter with Apache License 2.0 6 votes vote down vote up
/**
 * 认证
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

	if (!(token instanceof UsernameToken)) return null;// 只认证UsernameToken

	if(Objects.isNull(token.getPrincipal()))
		throw new AuthenticationException(this.properties.getMsgAccountPasswordEmpty());
	String account = (String) token.getPrincipal();
	Account accountEntity = this.accountProvider.loadAccount(account);
	Boolean match = Boolean.TRUE;
	if (Objects.isNull(accountEntity)) {
		match = Boolean.FALSE;
		throw new AuthenticationException(this.properties.getMsgAccountNotExist());
	}
	return new SimpleAuthenticationInfo(account,match, getName());
}
 
Example #21
Source File: ShiroRealm.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
		//UsernamePasswordToken对象用来存放提交的登录信息
        UsernamePasswordToken token=(UsernamePasswordToken) authenticationToken;

        log.info("验证当前Subject时获取到token为:" + ReflectionToStringBuilder.toString(token, ToStringStyle.MULTI_LINE_STYLE)); 
//        return new SimpleAuthenticationInfo("hsjhsj","8e24137dee97c9bbddb9a0cd6e043be4" , getName());
        return new SimpleAuthenticationInfo("hsjhsj","" , getName());
        //查出是否有此用户
//        TbUser user=null;
//        if(user!=null){
            // 若存在,将此用户存放到登录认证info中,无需自己做密码对比,Shiro会为我们进行密码对比校验
//            return new SimpleAuthenticationInfo(user.getUsername(), , getName());
//        }
//        return null;
	}
 
Example #22
Source File: UserRealm.java    From seezoon-framework-all with Apache License 2.0 6 votes vote down vote up
/**
 * 认证(登录时调用)
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
		throws AuthenticationException {
	UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
	// 查询用户信息
	SysUser sysUser = sysUserService.findByLoginName(token.getUsername());
	// 账号不存在
	if (sysUser == null) {
		throw new UnknownAccountException("账号或密码不正确");
	}
	// 禁用状态
	if (SysUser.STATUS_STOP.equals(sysUser.getStatus())) {
		throw new LockedAccountException("账号已被禁用");
	}
	User user = new User(sysUser.getId(), sysUser.getDeptId(), sysUser.getDeptName(), sysUser.getLoginName(),
			sysUser.getName(),sysUser.getStatus());
	//放入角色
	user.setRoles(sysRoleService.findByUserId(user.getUserId()));
	SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, sysUser.getPassword(),
			ByteSource.Util.bytes(sysUser.getSalt()), getName());
	return info;
}
 
Example #23
Source File: ShiroRealm.java    From SpringAll with MIT License 6 votes vote down vote up
/**
 * 登录认证
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
	String userName = (String) token.getPrincipal();
	String password = new String((char[]) token.getCredentials());

	System.out.println("用户" + userName + "认证-----ShiroRealm.doGetAuthenticationInfo");
	User user = userMapper.findByUserName(userName);

	if (user == null) {
		throw new UnknownAccountException("用户名或密码错误!");
	}
	if (!password.equals(user.getPassword())) {
		throw new IncorrectCredentialsException("用户名或密码错误!");
	}
	if (user.getStatus().equals("0")) {
		throw new LockedAccountException("账号已被锁定,请联系管理员!");
	}
	SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password, getName());
	return info;
}
 
Example #24
Source File: ShiroRealm.java    From SpringAll with MIT License 6 votes vote down vote up
/**
 * 登录认证
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
	String userName = (String) token.getPrincipal();
	String password = new String((char[]) token.getCredentials());

	System.out.println("用户" + userName + "认证-----ShiroRealm.doGetAuthenticationInfo");
	User user = userMapper.findByUserName(userName);

	if (user == null) {
		throw new UnknownAccountException("用户名或密码错误!");
	}
	if (!password.equals(user.getPassword())) {
		throw new IncorrectCredentialsException("用户名或密码错误!");
	}
	if (user.getStatus().equals("0")) {
		throw new LockedAccountException("账号已被锁定,请联系管理员!");
	}
	SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password, getName());
	return info;
}
 
Example #25
Source File: ShiroRealm.java    From SpringAll with MIT License 6 votes vote down vote up
/**
 * 登录认证
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
	String userName = (String) token.getPrincipal();
	String password = new String((char[]) token.getCredentials());

	System.out.println("用户" + userName + "认证-----ShiroRealm.doGetAuthenticationInfo");
	User user = userMapper.findByUserName(userName);

	if (user == null) {
		throw new UnknownAccountException("用户名或密码错误!");
	}
	if (!password.equals(user.getPassword())) {
		throw new IncorrectCredentialsException("用户名或密码错误!");
	}
	if (user.getStatus().equals("0")) {
		throw new LockedAccountException("账号已被锁定,请联系管理员!");
	}
	SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password, getName());
	return info;
}
 
Example #26
Source File: ShiroRealm.java    From SpringAll with MIT License 6 votes vote down vote up
/**
 * 登录认证
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
	String userName = (String) token.getPrincipal();
	String password = new String((char[]) token.getCredentials());

	System.out.println("用户" + userName + "认证-----ShiroRealm.doGetAuthenticationInfo");
	User user = userMapper.findByUserName(userName);

	if (user == null) {
		throw new UnknownAccountException("用户名或密码错误!");
	}
	if (!password.equals(user.getPassword())) {
		throw new IncorrectCredentialsException("用户名或密码错误!");
	}
	if (user.getStatus().equals("0")) {
		throw new LockedAccountException("账号已被锁定,请联系管理员!");
	}
	SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password, getName());
	return info;
}
 
Example #27
Source File: ShiroRealm.java    From SpringAll with MIT License 6 votes vote down vote up
/**
 * 用户认证
 *
 * @param authenticationToken 身份认证 token
 * @return AuthenticationInfo 身份认证信息
 * @throws AuthenticationException 认证相关异常
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
    // 这里的 token是从 JWTFilter 的 executeLogin 方法传递过来的,已经经过了解密
    String token = (String) authenticationToken.getCredentials();

    String username = JWTUtil.getUsername(token);

    if (StringUtils.isBlank(username))
        throw new AuthenticationException("token校验不通过");

    // 通过用户名查询用户信息
    User user = SystemUtils.getUser(username);

    if (user == null)
        throw new AuthenticationException("用户名或密码错误");
    if (!JWTUtil.verify(token, username, user.getPassword()))
        throw new AuthenticationException("token校验不通过");
    return new SimpleAuthenticationInfo(token, token, "shiro_realm");
}
 
Example #28
Source File: ShiroRealm.java    From SpringAll with MIT License 6 votes vote down vote up
/**
 * 登录认证
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
	String userName = (String) token.getPrincipal();
	String password = new String((char[]) token.getCredentials());

	System.out.println("用户" + userName + "认证-----ShiroRealm.doGetAuthenticationInfo");
	User user = userMapper.findByUserName(userName);

	if (user == null) {
		throw new UnknownAccountException("用户名或密码错误!");
	}
	if (!password.equals(user.getPassword())) {
		throw new IncorrectCredentialsException("用户名或密码错误!");
	}
	if (user.getStatus().equals("0")) {
		throw new LockedAccountException("账号已被锁定,请联系管理员!");
	}
	SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password, getName());
	return info;
}
 
Example #29
Source File: ShiroRealm.java    From SpringAll with MIT License 6 votes vote down vote up
/**
 * 登录认证
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
	String userName = (String) token.getPrincipal();
	String password = new String((char[]) token.getCredentials());

	System.out.println("用户" + userName + "认证-----ShiroRealm.doGetAuthenticationInfo");
	User user = userMapper.findByUserName(userName);

	if (user == null) {
		throw new UnknownAccountException("用户名或密码错误!");
	}
	if (!password.equals(user.getPassword())) {
		throw new IncorrectCredentialsException("用户名或密码错误!");
	}
	if (user.getStatus().equals("0")) {
		throw new LockedAccountException("账号已被锁定,请联系管理员!");
	}
	SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password, getName());
	return info;
}
 
Example #30
Source File: ShiroRealm.java    From SpringAll with MIT License 6 votes vote down vote up
/**
 * 登录认证
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
	String userName = (String) token.getPrincipal();
	String password = new String((char[]) token.getCredentials());

	System.out.println("用户" + userName + "认证-----ShiroRealm.doGetAuthenticationInfo");
	User user = userMapper.findByUserName(userName);

	if (user == null) {
		throw new UnknownAccountException("用户名或密码错误!");
	}
	if (!password.equals(user.getPassword())) {
		throw new IncorrectCredentialsException("用户名或密码错误!");
	}
	if (user.getStatus().equals("0")) {
		throw new LockedAccountException("账号已被锁定,请联系管理员!");
	}
	SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password, getName());
	return info;
}