Java Code Examples for org.apache.shiro.authc.credential.CredentialsMatcher

The following examples show how to use org.apache.shiro.authc.credential.CredentialsMatcher. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: utils   Source File: ShiroAutoConfiguration.java    License: Apache License 2.0 6 votes vote down vote up
@Bean(name = "mainRealm")
@ConditionalOnMissingBean(name = "mainRealm")
@ConditionalOnProperty(prefix = "shiro.realm.jdbc", name = "enabled", havingValue = "true")
@DependsOn(value = {"dataSource", "lifecycleBeanPostProcessor", "credentialsMatcher"})
public Realm jdbcRealm(DataSource dataSource, CredentialsMatcher credentialsMatcher) {
    JdbcRealm realm = new JdbcRealm();

    if (shiroJdbcRealmProperties.getAuthenticationQuery() != null) {
        realm.setAuthenticationQuery(shiroJdbcRealmProperties.getAuthenticationQuery());
    }
    if (shiroJdbcRealmProperties.getUserRolesQuery() != null) {
        realm.setUserRolesQuery(shiroJdbcRealmProperties.getUserRolesQuery());
    }
    if (shiroJdbcRealmProperties.getPermissionsQuery() != null) {
        realm.setPermissionsQuery(shiroJdbcRealmProperties.getPermissionsQuery());
    }
    if (shiroJdbcRealmProperties.getSalt() != null) {
        realm.setSaltStyle(shiroJdbcRealmProperties.getSalt());
    }
    realm.setPermissionsLookupEnabled(shiroJdbcRealmProperties.isPermissionsLookupEnabled());
    realm.setDataSource(dataSource);
    realm.setCredentialsMatcher(credentialsMatcher);

    return realm;
}
 
Example 2
Source Project: attic-aurora   Source File: IniShiroRealmModule.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected void configure() {
  if (ini.isPresent()) {
    bind(Ini.class).toInstance(ini.get());
  } else {
    addError("shiro.ini is required.");
  }

  if (shiroCredentialsMatcher.isPresent()) {
    bind(CredentialsMatcher.class).to(shiroCredentialsMatcher.get()).in(Singleton.class);
  } else {
    addError("shiro_credentials_matcher is required.");
  }

  ShiroUtils.addRealmBinding(binder()).to(IniRealm.class);
}
 
Example 3
Source Project: MeetingFilm   Source File: ShiroDbRealm.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * 设置认证加密方式
 */
@Override
public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {
    HashedCredentialsMatcher md5CredentialsMatcher = new HashedCredentialsMatcher();
    md5CredentialsMatcher.setHashAlgorithmName(ShiroKit.hashAlgorithmName);
    md5CredentialsMatcher.setHashIterations(ShiroKit.hashIterations);
    super.setCredentialsMatcher(md5CredentialsMatcher);
}
 
Example 4
Source Project: NutzSite   Source File: SimpleAuthorizingRealm.java    License: Apache License 2.0 5 votes vote down vote up
public SimpleAuthorizingRealm(CacheManager cacheManager, CredentialsMatcher matcher) {
	super(cacheManager, matcher);
	HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
	hashedCredentialsMatcher.setHashAlgorithmName("SHA-256");
	hashedCredentialsMatcher.setHashIterations(1024);
	// 这一行决定hex还是base64
	hashedCredentialsMatcher.setStoredCredentialsHexEncoded(false);
	// 设置token类型是关键!!!
	setCredentialsMatcher(hashedCredentialsMatcher);
	setAuthenticationTokenClass(UsernamePasswordToken.class);
}
 
Example 5
Source Project: WebStack-Guns   Source File: ShiroDbRealm.java    License: MIT License 5 votes vote down vote up
/**
 * 设置认证加密方式
 */
@Override
public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {
    HashedCredentialsMatcher md5CredentialsMatcher = new HashedCredentialsMatcher();
    md5CredentialsMatcher.setHashAlgorithmName(ShiroKit.hashAlgorithmName);
    md5CredentialsMatcher.setHashIterations(ShiroKit.hashIterations);
    super.setCredentialsMatcher(md5CredentialsMatcher);
}
 
Example 6
Source Project: kvf-admin   Source File: UserRealm.java    License: MIT License 5 votes vote down vote up
@Override
public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {
    HashedCredentialsMatcher shaCredentialsMatcher = new HashedCredentialsMatcher();
    shaCredentialsMatcher.setHashAlgorithmName(ShiroKit.HASH_ALGORITHM_NAME);
    shaCredentialsMatcher.setHashIterations(ShiroKit.HASH_ITERATIONS);
    super.setCredentialsMatcher(shaCredentialsMatcher);
}
 
Example 7
/***
 * 密码凭证匹配器,采用redis记录重试次数,超过指定次数则不允许登录
 * @return
 */
@Bean
@Conditional(RedisEnableCondition.class)
public CredentialsMatcher retryLimitHashedCredentialsMatcher(RedisTemplate<Object, Object> redisTemplate) {
    return credentialsMatcher(redisTemplate);

}
 
Example 8
Source Project: SpringBootBucket   Source File: MyShiroRealm.java    License: MIT License 5 votes vote down vote up
/**
 * 设置认证加密方式
 */
@Override
public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {
    HashedCredentialsMatcher md5CredentialsMatcher = new HashedCredentialsMatcher();
    md5CredentialsMatcher.setHashAlgorithmName(ShiroKit.HASH_ALGORITHM_NAME);
    md5CredentialsMatcher.setHashIterations(ShiroKit.HASH_ITERATIONS);
    super.setCredentialsMatcher(md5CredentialsMatcher);
}
 
Example 9
Source Project: seezoon-framework-all   Source File: UserRealm.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {
	HashedCredentialsMatcher shaCredentialsMatcher = new HashedCredentialsMatcher();
	shaCredentialsMatcher.setHashAlgorithmName(ShiroUtils.hashAlgorithmName);
	shaCredentialsMatcher.setHashIterations(ShiroUtils.hashIterations);
	super.setCredentialsMatcher(shaCredentialsMatcher);
}
 
Example 10
/**
 * Checks to see if the credentials in token match the credentials stored on user
 *
 * @param token the username/password token containing the credentials to verify
 * @param user  object containing the stored credentials
 * @return true if credentials match, false otherwise
 */
private boolean isValidCredentials(final UsernamePasswordToken token, final CUser user) {
  boolean credentialsValid = false;

  AuthenticationInfo info = createAuthenticationInfo(user);
  CredentialsMatcher matcher = getCredentialsMatcher();
  if (matcher != null) {
    if (matcher.doCredentialsMatch(token, info)) {
      credentialsValid = true;
    }
  }

  return credentialsValid;
}
 
Example 11
Source Project: seed   Source File: SecurityGuiceConfigurer.java    License: Mozilla Public License 2.0 5 votes vote down vote up
public void configure(Binder binder) {
    // Subject
    SecurityConfig.SubjectConfig subjectConfig = securityConfig.subject();
    Optional.ofNullable(subjectConfig.getContext()).ifPresent(c -> binder.bind(SubjectContext.class).to(c));
    Optional.ofNullable(subjectConfig.getFactory()).ifPresent(f -> binder.bind(SubjectFactory.class).to(f));
    Class<? extends SubjectDAO> subjectDao = subjectConfig.getDao();
    binder.bind(SubjectDAO.class).to(subjectDao != null ? subjectDao : DefaultSubjectDAO.class);

    // Authentication
    SecurityConfig.AuthenticationConfig authenticationConfig = securityConfig.authentication();
    binder.bind(Authenticator.class).to(authenticationConfig.getAuthenticator());
    binder.bind(AuthenticationStrategy.class).to(authenticationConfig.getStrategy());
    binder.bind(CredentialsMatcher.class).to(authenticationConfig.getCredentialsMatcher());

    // Cache configuration
    SecurityConfig.CacheConfig cacheConfig = securityConfig.cache();
    binder.bind(CacheManager.class).to(cacheConfig.getManager());

    // Sessions
    SecurityConfig.SessionConfig sessionConfig = securityConfig.sessions();
    binder.bind(SessionStorageEvaluator.class).to(sessionConfig.getStorageEvaluator());
    Optional.ofNullable(sessionConfig.getValidationScheduler())
            .ifPresent(s -> binder.bind(SessionValidationScheduler.class).to(s));
    binder.bindConstant()
            .annotatedWith(Names.named("shiro.sessionValidationInterval"))
            .to(sessionConfig.getValidationInterval() * 1000);
    binder.bindConstant()
            .annotatedWith(Names.named("shiro.globalSessionTimeout"))
            .to(sessionConfig.getTimeout() * 1000);
}
 
Example 12
Source Project: attic-aurora   Source File: IniShiroRealmModule.java    License: Apache License 2.0 5 votes vote down vote up
@Singleton
@Provides
public IniRealm providesIniReal(Ini providedIni,
    CredentialsMatcher providedShiroCredentialsMatcher) {
  IniRealm result = new IniRealm(providedIni);
  result.setCredentialsMatcher(providedShiroCredentialsMatcher);
  result.init();

  return result;
}
 
Example 13
Source Project: spring-boot-plus   Source File: ShiroConfig.java    License: Apache License 2.0 4 votes vote down vote up
@Bean
public CredentialsMatcher credentialsMatcher() {
    return new JwtCredentialsMatcher();
}
 
Example 14
Source Project: NutzSite   Source File: SimpleAuthorizingRealm.java    License: Apache License 2.0 4 votes vote down vote up
public SimpleAuthorizingRealm(CredentialsMatcher matcher) {
	this(null, matcher);
}
 
Example 15
@Override
public CredentialsMatcher getCredentialsMatcher() {
   return credentialsMatcher;
}
 
Example 16
@Override
public CredentialsMatcher getCredentialsMatcher() {
   return credentialsMatcher;
}
 
Example 17
@Bean
public Realm realm(CredentialsMatcher credentialsMatcher, UserRealm userRealm) {
    //自定义密码校验器
    userRealm.setCredentialsMatcher(credentialsMatcher);
    return userRealm;
}
 
Example 18
/***
 * 密码凭证匹配器
 * @return
 */
@Bean
@Conditional(RedisDisabledCondition.class)
public CredentialsMatcher hashedCredentialsMatcher() {
    return credentialsMatcher(null);
}
 
Example 19
Source Project: super-cloudops   Source File: AbstractAuthorizingRealm.java    License: Apache License 2.0 4 votes vote down vote up
@Override
protected void assertCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) throws AuthenticationException {
	AbstractIamAuthenticationToken tk = (AbstractIamAuthenticationToken) token;
	IamAuthenticationInfo info0 = (IamAuthenticationInfo) info;

	CredentialsMatcher matcher = getCredentialsMatcher();
	if (isNull(matcher)) {
		throw new AuthenticationException("A CredentialsMatcher must be configured in order to verify "
				+ "credentials during authentication.  If you do not wish for credentials to be examined, you "
				+ "can configure an " + AllowAllCredentialsMatcher.class.getName() + " instance.");
	}

	// Assert credentials match.
	if (!matcher.doCredentialsMatch(tk, info)) {
		throw new IncorrectCredentialsException(bundle.getMessage("AbstractIamAuthorizingRealm.credential.mismatch"));
	}

	// Assert when that no permissions are configured, forbid login.
	if (isBlank(info0.getAccountInfo().getPermissions())) {
		throw new AccessPermissionDeniedException(bundle.getMessage("AbstractIamAuthorizingRealm.permission.denied"));
	}

	// Check if have access to the client application.
	String fromAppName = tk.getRedirectInfo().getFromAppName();
	if (!isBlank(fromAppName)) {
		isTrue(!info.getPrincipals().isEmpty(),
				format("Authentication info principals is empty, please check the configure. [%s]", info));

		// For example: when using wechat scanning code (oauth2)
		// to log in, token.getPrincipal() is empty,
		// info.getPrimaryPrincipal() will not be empty.
		String principal = (String) info.getPrincipals().getPrimaryPrincipal();
		try {
			authHandler.assertApplicationAccessAuthorized(principal, fromAppName);
		} catch (IllegalApplicationAccessException ex) {
			// Disable fallback redirect?
			if (!tk.getRedirectInfo().isFallbackRedirect()) {
				throw ex;
			}

			// For example: first login to manager service(mp) with
			// 'admin', then logout, and then login to portal
			// service(portal) with user01. At this time, the check will
			// return that 'user01' has no permission to access manager
			// service(mp).
			// e.g.->https://sso.wl4g.com/login.html?service=mp&redirect_url=https%3A%2F%2Fmp.wl4g.com%2Fmp%2Fauthenticator

			// Fallback determine redirect to application.
			RedirectInfo fallbackRedirect = configurer.getFallbackRedirectInfo(tk,
					new RedirectInfo(config.getSuccessService(), config.getSuccessUri(), true));
			notNull(fallbackRedirect, "Fallback redirect info cannot be null");

			/**
			 * See:{@link AuthenticatorAuthenticationFilter#savedRequestParameters()}
			 * See:{@link AbstractIamAuthenticationFilter#getRedirectInfo()}
			 */
			bindKVParameters(KEY_REQ_AUTH_PARAMS, KEY_REQ_AUTH_REDIRECT, fallbackRedirect);
			log.warn("The principal({}) no access to '{}', fallback redirect to:{}, caused by: {}", principal, fromAppName,
					fallbackRedirect, getRootCausesString(ex));
		}
	}

}
 
Example 20
Source Project: xmanager   Source File: ShiroDbRealm.java    License: Apache License 2.0 4 votes vote down vote up
public ShiroDbRealm(CacheManager cacheManager, CredentialsMatcher matcher) {
    super(cacheManager, matcher);
}
 
Example 21
Source Project: emodb   Source File: AnonymousCredentialsMatcher.java    License: Apache License 2.0 4 votes vote down vote up
private AnonymousCredentialsMatcher(CredentialsMatcher matcher) {
    _matcher = checkNotNull(matcher, "matcher");
}
 
Example 22
Source Project: emodb   Source File: AnonymousCredentialsMatcher.java    License: Apache License 2.0 4 votes vote down vote up
public static AnonymousCredentialsMatcher anonymousOrMatchUsing(CredentialsMatcher matcher) {
    return new AnonymousCredentialsMatcher(matcher);
}
 
Example 23
Source Project: seed   Source File: SecurityConfig.java    License: Mozilla Public License 2.0 4 votes vote down vote up
public Class<? extends CredentialsMatcher> getCredentialsMatcher() {
    return credentialsMatcher;
}
 
Example 24
Source Project: seed   Source File: SecurityConfig.java    License: Mozilla Public License 2.0 4 votes vote down vote up
public AuthenticationConfig setCredentialsMatcher(Class<? extends CredentialsMatcher> credentialsMatcher) {
    this.credentialsMatcher = credentialsMatcher;
    return this;
}
 
Example 25
Source Project: attic-aurora   Source File: IniShiroRealmModule.java    License: Apache License 2.0 4 votes vote down vote up
@VisibleForTesting
IniShiroRealmModule(Ini ini, Class<? extends CredentialsMatcher> shiroCredentialsMatcher) {
  this(Optional.of(ini), Optional.of(shiroCredentialsMatcher));
}
 
Example 26
Source Project: attic-aurora   Source File: IniShiroRealmModule.java    License: Apache License 2.0 4 votes vote down vote up
private IniShiroRealmModule(Optional<Ini> ini,
    Optional<Class<? extends CredentialsMatcher>> shiroCredentialsMatcher) {
  this.ini = ini;
  this.shiroCredentialsMatcher = shiroCredentialsMatcher;
}
 
Example 27
Source Project: usergrid   Source File: Realm.java    License: Apache License 2.0 4 votes vote down vote up
public Realm( CredentialsMatcher matcher ) {
    super(new AllowAllCredentialsMatcher());
    setPermissionResolver(new CustomPermissionResolver());
}
 
Example 28
Source Project: usergrid   Source File: Realm.java    License: Apache License 2.0 4 votes vote down vote up
public Realm( CacheManager cacheManager, CredentialsMatcher matcher ) {
    super(cacheManager, new AllowAllCredentialsMatcher());
    setPermissionResolver( new CustomPermissionResolver() );
    setCachingEnabled(true);
    setAuthenticationCachingEnabled(true);
}
 
Example 29
CredentialsMatcher getCredentialsMatcher();