Example usage for org.apache.shiro.authc AuthenticationException AuthenticationException

List of usage examples for org.apache.shiro.authc AuthenticationException AuthenticationException

  1. HOME
  2. Java
  3. org.apache.shiro
  4. org.apache.shiro.authc.*
  5. AuthenticationException
  6. AuthenticationException

Introduction

In this page you can find the example usage for org.apache.shiro.authc AuthenticationException AuthenticationException.

Prototype

public AuthenticationException()

Source Link

Document

Creates a new AuthenticationException.

Usage

From source file:org.isisaddons.module.security.shiro.IsisModuleSecurityRealm.java

License:Apache License

/**
 * In order to provide an attacker with additional information, the exceptions thrown here deliberately have
 * few (or no) details in their exception message.  Similarly, the generic
 * {@link org.apache.shiro.authc.CredentialsException} is thrown for both a non-existent user and also an
 * invalid password./* w w w .j a  va 2  s .c  om*/
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

    if (!(token instanceof UsernamePasswordToken)) {
        throw new AuthenticationException();
    }

    final UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token;
    String username = usernamePasswordToken.getUsername();
    char[] password = usernamePasswordToken.getPassword();

    // lookup from database, for roles/perms, but also
    // determine how to authenticate (delegate or local), whether disabled
    final PrincipalForApplicationUser principal = lookupPrincipal(username,
            (hasDelegateAuthenticationRealm() && getAutoCreateUser()));
    if (principal == null) {
        // if no delegate authentication
        throw new CredentialsException("Unknown user/password combination");
    }

    if (principal.isDisabled()) {
        // this is the default if delegated account and automatically created
        throw new DisabledAccountException();
    }

    if (principal.getAccountType() == AccountType.DELEGATED) {
        AuthenticationInfo delegateAccount = null;
        if (hasDelegateAuthenticationRealm()) {
            try {
                delegateAccount = delegateAuthenticationRealm.getAuthenticationInfo(token);
            } catch (AuthenticationException ex) {
                // fall through
            }
        }
        if (delegateAccount == null) {
            throw new CredentialsException("Unknown user/password combination");
        }
    } else {
        final CheckPasswordResult result = checkPassword(password, principal.getEncryptedPassword());
        switch (result) {
        case OK:
            break;
        case BAD_PASSWORD:
            throw new CredentialsException("Unknown user/password combination");
        case NO_PASSWORD_ENCRYPTION_SERVICE_CONFIGURED:
            throw new AuthenticationException("No password encryption service is installed");
        default:
            throw new AuthenticationException();
        }
    }

    final Object credentials = token.getCredentials();
    final String realmName = getName();
    return new AuthInfoForApplicationUser(principal, realmName, credentials);
}

From source file:org.obiba.opal.core.runtime.security.AbstractHttpAuthenticatingRealm.java

License:Open Source License

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    Session session = getSession(getSessionId(token));
    if (session != null) {
        // Extract the principals from the session
        PrincipalCollection principals = (PrincipalCollection) session
                .getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
        if (principals != null) {
            return createtAuthenticationInfo(token, principals);
        }// w  ww .j  av  a2 s  .co m
    } else {
        throw new IncorrectCredentialsException();
    }
    throw new AuthenticationException();
}

From source file:org.obiba.shiro.realm.AbstractHttpAuthenticatingRealm.java

License:Open Source License

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    Session session = getSession(getSessionId(token));
    if (session == null) {
        throw new IncorrectCredentialsException();
    }//from   w  w w.jav a2 s.c  om
    // Extract the principals from the session
    PrincipalCollection principals = (PrincipalCollection) session
            .getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
    if (principals != null) {
        return createAuthenticationInfo(token, principals);
    }
    throw new AuthenticationException();
}

From source file:org.ohdsi.webapi.shiro.realms.KerberosAuthRealm.java

License:Apache License

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken)
        throws AuthenticationException {

    SpnegoToken token = (SpnegoToken) authenticationToken;

    if (token.getCredentials() instanceof byte[]) {

        byte[] gssapiData = (byte[]) token.getCredentials();
        String username = validateTicket(this.serviceProviderName, this.keytabPath, gssapiData);

        if (username != null) {
            return new SimpleAuthenticationInfo(username, gssapiData, this.getName());
        }/* ww  w.  ja  v a2  s.c o m*/
    }

    throw new AuthenticationException();
}

From source file:org.seedstack.seed.ws.handlers.server.HttpBasicAuthenticationHandlerUnitTest.java

License:Open Source License

@Test
public void handleMessage_in_inBound_basic_auth_header_login_fail() throws UnsupportedEncodingException {
    SOAPMessageContext messageContext = mock(SOAPMessageContext.class);
    final Map<Object, Object> messaMap = new HashMap<Object, Object>();
    doAnswer(new Answer() {
        @Override/*  w w w .  j  av a 2s.  c  om*/
        public Object answer(InvocationOnMock invocationOnMock) throws Throwable {
            Object[] args = invocationOnMock.getArguments();
            messaMap.put(args[0], args[1]);
            return null;
        }
    }).when(messageContext).put(anyString(), anyString());

    when(messageContext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY)).thenReturn(false);
    Map<String, List<String>> headers = new HashMap<String, List<String>>();
    String token = "basic bG9naW46cGFzc3dvcmQ=";
    List<String> arrayList = new ArrayList<String>();
    arrayList.add(token);
    headers.put("Authorization", arrayList);
    when(messageContext.get(MessageContext.HTTP_REQUEST_HEADERS)).thenReturn(headers);
    Subject subject = mock(Subject.class);
    doThrow(new AuthenticationException()).when(subject).login(any(UsernamePasswordToken.class));
    when(mockSecurityManager.createSubject(any(SubjectContext.class))).thenReturn(subject);
    boolean result = underTest.handleMessage(messageContext);
    assertThat(messaMap.get(MessageContext.HTTP_RESPONSE_CODE)).isEqualTo(401);
    assertThat(result).isFalse();
}

From source file:uk.ac.ox.it.ords.security.SSORealm.java

License:Apache License

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    if (token == null || token.getPrincipal() == null)
        throw new AuthenticationException();
    if (((String) token.getPrincipal()).trim().isEmpty())
        throw new AuthenticationException();
    String affiliation = ((RemoteUserToken) token).getAffiliation();
    return new SimpleAuthenticationInfo(token.getPrincipal(), affiliation, "SSORealm");
}

From source file:uk.q3c.krail.core.shiro.aop.AuthenticatedMethodInterceptor.java

License:Apache License

/**
 * Ensures that the calling <code>Subject</code> is authenticated, and if not, calls {@link #exception()} indicating the method is not allowed to be
 * executed.//from  w  ww .ja  v a 2s . c  o  m
 *
 * @param a
 *         the annotation to inspect
 */
public void assertAuthorized(RequiresAuthentication a) {
    if (!getSubject().isAuthenticated()) {
        throw new AuthenticationException();
    }
}