Example usage for org.apache.shiro.authc.pam AuthenticationStrategy afterAttempt

List of usage examples for org.apache.shiro.authc.pam AuthenticationStrategy afterAttempt

  1. HOME
  2. Java
  3. org.apache.shiro
  4. org.apache.shiro.authc.pam.*
  5. AuthenticationStrategy
  6. afterAttempt

Introduction

In this page you can find the example usage for org.apache.shiro.authc.pam AuthenticationStrategy afterAttempt.

Prototype

AuthenticationInfo afterAttempt(Realm realm, AuthenticationToken token, AuthenticationInfo singleRealmInfo,
        AuthenticationInfo aggregateInfo, Throwable t) throws AuthenticationException;

Source Link

Document

Method invoked by the ModularAuthenticator just after the given realm has been consulted for authentication, allowing post-authentication-attempt logic for that realm only.

Usage

From source file:org.eclipse.kapua.service.authentication.shiro.KapuaAuthenticator.java

License:Open Source License

@Override
protected AuthenticationInfo doMultiRealmAuthentication(Collection<Realm> realms, AuthenticationToken token) {
    AuthenticationStrategy strategy = getAuthenticationStrategy();
    AuthenticationInfo aggregate = strategy.beforeAllAttempts(realms, token);
    if (loggger.isTraceEnabled()) {
        loggger.trace("Iterating through {} realms for PAM authentication", realms.size());
    }// ww w. ja v a  2s.c  om
    List<Throwable> exceptionList = new ArrayList<>();
    boolean loginSucceeded = false;
    boolean supportedRealmFound = false;
    for (Realm realm : realms) {
        aggregate = strategy.beforeAttempt(realm, token, aggregate);
        if (realm.supports(token)) {
            supportedRealmFound = true;
            loggger.trace("Attempting to authenticate token [{}] using realm [{}]", token, realm);
            AuthenticationInfo info = null;
            Throwable t = null;
            try {
                info = realm.getAuthenticationInfo(token);
                loginSucceeded = true;
            } catch (Throwable throwable) {
                t = throwable;
                if (loggger.isDebugEnabled()) {
                    String msg = "Realm [" + realm
                            + "] threw an exception during a multi-realm authentication attempt:";
                    loggger.debug(msg, t);
                }
            }
            aggregate = strategy.afterAttempt(realm, token, info, aggregate, t);
            exceptionList.add(t);
        } else {
            loggger.debug("Realm [{}] does not support token {}.  Skipping realm.", realm, token);
        }
    }
    //modified behavior from the ModularRealmAuthenticator to provide a more significantly exception message to the user if the login fails
    if (supportedRealmFound && !loginSucceeded) {
        //if there is no realm able to authenticate the AuthenticationToken (but at least one realm for this AuthenticationToken was found) lets check the exceptions thrown by the logins
        if (exceptionList.size() <= 0) {
            //login failed and we have no exception to show so throw a ShiroException?
            //TODO move the error message to the message bundle
            throw new ShiroException("Internal Error!");
        }
        if (exceptionList.get(0) instanceof AuthenticationException) {
            throw (AuthenticationException) exceptionList.get(0);
        } else {
            throw new AuthenticationException(exceptionList.get(0));
        }
    } else {
        //otherwise if at least one login succeeded lets proceed with the standard ModularRealmAuthenticator
        aggregate = strategy.afterAllAttempts(token, aggregate);
    }
    return aggregate;
}