Example usage for org.apache.shiro.authc.pam AuthenticationStrategy beforeAttempt

List of usage examples for org.apache.shiro.authc.pam AuthenticationStrategy beforeAttempt

  1. HOME
  2. Java
  3. org.apache.shiro
  4. org.apache.shiro.authc.pam.*
  5. AuthenticationStrategy
  6. beforeAttempt

Introduction

In this page you can find the example usage for org.apache.shiro.authc.pam AuthenticationStrategy beforeAttempt.

Prototype

AuthenticationInfo beforeAttempt(Realm realm, AuthenticationToken token, AuthenticationInfo aggregate)
        throws AuthenticationException;

Source Link

Document

Method invoked by the ModularAuthenticator just prior to the realm being consulted for account data, allowing pre-authentication-attempt logic for that realm only.

Usage

From source file:org.eclipse.kapua.service.authentication.shiro.KapuaAuthenticator.java

License:Open Source License

@Override
protected AuthenticationInfo doMultiRealmAuthentication(Collection<Realm> realms, AuthenticationToken token) {
    AuthenticationStrategy strategy = getAuthenticationStrategy();
    AuthenticationInfo aggregate = strategy.beforeAllAttempts(realms, token);
    if (loggger.isTraceEnabled()) {
        loggger.trace("Iterating through {} realms for PAM authentication", realms.size());
    }/*from ww w .j  a va 2 s .  c om*/
    List<Throwable> exceptionList = new ArrayList<>();
    boolean loginSucceeded = false;
    boolean supportedRealmFound = false;
    for (Realm realm : realms) {
        aggregate = strategy.beforeAttempt(realm, token, aggregate);
        if (realm.supports(token)) {
            supportedRealmFound = true;
            loggger.trace("Attempting to authenticate token [{}] using realm [{}]", token, realm);
            AuthenticationInfo info = null;
            Throwable t = null;
            try {
                info = realm.getAuthenticationInfo(token);
                loginSucceeded = true;
            } catch (Throwable throwable) {
                t = throwable;
                if (loggger.isDebugEnabled()) {
                    String msg = "Realm [" + realm
                            + "] threw an exception during a multi-realm authentication attempt:";
                    loggger.debug(msg, t);
                }
            }
            aggregate = strategy.afterAttempt(realm, token, info, aggregate, t);
            exceptionList.add(t);
        } else {
            loggger.debug("Realm [{}] does not support token {}.  Skipping realm.", realm, token);
        }
    }
    //modified behavior from the ModularRealmAuthenticator to provide a more significantly exception message to the user if the login fails
    if (supportedRealmFound && !loginSucceeded) {
        //if there is no realm able to authenticate the AuthenticationToken (but at least one realm for this AuthenticationToken was found) lets check the exceptions thrown by the logins
        if (exceptionList.size() <= 0) {
            //login failed and we have no exception to show so throw a ShiroException?
            //TODO move the error message to the message bundle
            throw new ShiroException("Internal Error!");
        }
        if (exceptionList.get(0) instanceof AuthenticationException) {
            throw (AuthenticationException) exceptionList.get(0);
        } else {
            throw new AuthenticationException(exceptionList.get(0));
        }
    } else {
        //otherwise if at least one login succeeded lets proceed with the standard ModularRealmAuthenticator
        aggregate = strategy.afterAllAttempts(token, aggregate);
    }
    return aggregate;
}