List of usage examples for org.apache.shiro.authc SimpleAuthenticationInfo setCredentials
public void setCredentials(Object credentials)
From source file:ddf.security.realm.sts.AbstractStsRealm.java
License:Open Source License
/** * Perform authentication based on the supplied token. *///ww w. j av a2 s. c o m @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) { String method = "doGetAuthenticationInfo( AuthenticationToken token )"; LOGGER.entry(method); Object credential; if (token instanceof SAMLAuthenticationToken) { credential = token.getCredentials(); } else if (token instanceof BaseAuthenticationToken) { credential = ((BaseAuthenticationToken) token).getCredentialsAsXMLString(); } else { credential = token.getCredentials().toString(); } if (credential == null) { String msg = "Unable to authenticate credential. A NULL credential was provided in the supplied authentication token. This may be due to an error with the SSO server that created the token."; LOGGER.error(msg); throw new AuthenticationException(msg); } else { //removed the credentials from the log message for now, I don't think we should be dumping user/pass into log LOGGER.debug("Received credentials."); } if (!settingsConfigured) { configureStsClient(); settingsConfigured = true; } else { setClaimsOnStsClient(createClaimsElement()); } SecurityToken securityToken; if (token instanceof SAMLAuthenticationToken && credential instanceof SecurityToken) { securityToken = renewSecurityToken((SecurityToken) credential); } else { securityToken = requestSecurityToken(credential); } LOGGER.debug("Creating token authentication information with SAML."); SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(); SimplePrincipalCollection principals = new SimplePrincipalCollection(); SecurityAssertion assertion = new SecurityAssertionImpl(securityToken); principals.add(assertion.getPrincipal(), NAME); principals.add(assertion, NAME); simpleAuthenticationInfo.setPrincipals(principals); simpleAuthenticationInfo.setCredentials(credential); LOGGER.exit(method); return simpleAuthenticationInfo; }
From source file:ddf.security.realm.sts.StsRealm.java
License:Open Source License
/** Perform authentication based on the supplied token. */ @Override/*from ww w . j a va2 s . c o m*/ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) { Object credential; // perform validation if (token instanceof SAMLAuthenticationToken) { try { samlAssertionValidator.validate((SAMLAuthenticationToken) token); credential = token.getCredentials(); } catch (AuthenticationFailureException e) { String msg = "Unable to validate request's authentication."; LOGGER.info(msg); throw new AuthenticationException(msg, e); } } else if (token instanceof STSAuthenticationToken) { credential = ((STSAuthenticationToken) token).getCredentialsAsString(); } else { credential = token.getCredentials().toString(); } if (credential == null) { String msg = "Unable to authenticate credential. A NULL credential was provided in the supplied authentication token. This may be due to an error with the SSO server that created the token."; LOGGER.info(msg); throw new AuthenticationException(msg); } else { // removed the credentials from the log message for now, I don't think we should be dumping // user/pass into log LOGGER.debug("Received credentials."); } SecurityToken securityToken; if (token instanceof SAMLAuthenticationToken) { securityToken = AccessController .doPrivileged((PrivilegedAction<SecurityToken>) () -> checkRenewSecurityToken(credential)); } else { securityToken = AccessController .doPrivileged((PrivilegedAction<SecurityToken>) () -> requestSecurityToken(credential)); } LOGGER.debug("Creating token authentication information with SAML."); SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(); SimplePrincipalCollection principals = createPrincipalFromToken(securityToken); simpleAuthenticationInfo.setPrincipals(principals); simpleAuthenticationInfo.setCredentials(credential); return simpleAuthenticationInfo; }
From source file:eu.forgestore.ws.util.ShiroUTAuthorizingRealm.java
License:Apache License
@Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken at) throws AuthenticationException { logger.info("AuthenticationToken at=" + at.toString()); UsernamePasswordToken token = (UsernamePasswordToken) at; logger.info("tokengetUsername at=" + token.getUsername()); //logger.info("tokengetPassword at=" + String.valueOf(token.getPassword())); //logger.info("tokengetPrincipal at=" + token.getPrincipal()); FStoreUser bu = fstoreRepositoryRef.getUserByUsername(token.getUsername()); if (bu == null) { throw new AuthenticationException("Sorry! No login for you."); }//w ww.j a va2 s. c o m String originalPass = bu.passwordValue(); String suppliedPass = EncryptionUtil.hash(String.valueOf(token.getPassword())); logger.info("originalPass =" + originalPass); logger.info("suppliedPass =" + suppliedPass); if (originalPass.equals(suppliedPass)) { logger.info("======= USER is AUTHENTICATED OK ======="); } else { throw new AuthenticationException("Sorry! No login for you."); } // try { // currentUser.login(token); // } catch (AuthenticationException ex) { // logger.info(ex.getMessage(), ex); // throw new AuthenticationException("Sorry! No login for you."); // } // // Perform authorization check // if (!requiredRoles.isEmpty() && !currentUser.hasAllRoles(requiredRoles)) { // logger.info("Authorization failed for authenticated user"); // throw new AuthenticationException("Sorry! No login for you."); // } SimpleAuthenticationInfo sa = new SimpleAuthenticationInfo(); sa.setCredentials(token.getCredentials()); SimplePrincipalCollection principals = new org.apache.shiro.subject.SimplePrincipalCollection(); principals.add(token.getPrincipal(), "bakerrealm"); sa.setPrincipals(principals); return sa; }
From source file:gr.upatras.ece.nam.baker.util.ShiroUTAuthorizingRealm.java
License:Apache License
@Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken at) throws AuthenticationException { logger.info("AuthenticationToken at=" + at.toString()); UsernamePasswordToken token = (UsernamePasswordToken) at; logger.info("tokengetUsername at=" + token.getUsername()); //logger.info("tokengetPassword at=" + String.valueOf(token.getPassword())); //logger.info("tokengetPrincipal at=" + token.getPrincipal()); BakerUser bu = bakerRepositoryRef.getUserByUsername(token.getUsername()); if (bu == null) { throw new AuthenticationException("Sorry! No login for you."); }// ww w. jav a 2s . com String originalPass = bu.getPassword(); String suppliedPass = EncryptionUtil.hash(String.valueOf(token.getPassword())); logger.info("originalPass =" + originalPass); logger.info("suppliedPass =" + suppliedPass); if (originalPass.equals(suppliedPass)) { logger.info("======= USER is AUTHENTICATED OK ======="); } else { throw new AuthenticationException("Sorry! No login for you."); } // try { // currentUser.login(token); // } catch (AuthenticationException ex) { // logger.info(ex.getMessage(), ex); // throw new AuthenticationException("Sorry! No login for you."); // } // // Perform authorization check // if (!requiredRoles.isEmpty() && !currentUser.hasAllRoles(requiredRoles)) { // logger.info("Authorization failed for authenticated user"); // throw new AuthenticationException("Sorry! No login for you."); // } SimpleAuthenticationInfo sa = new SimpleAuthenticationInfo(); sa.setCredentials(token.getCredentials()); SimplePrincipalCollection principals = new org.apache.shiro.subject.SimplePrincipalCollection(); principals.add(token.getPrincipal(), "bakerrealm"); sa.setPrincipals(principals); return sa; }
From source file:me.buom.shiro.realm.jdbc.HmacJdbcRealm.java
License:Apache License
protected void beforeAssertCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) { SimpleAuthenticationInfo authInfo = (SimpleAuthenticationInfo) info; Object oldCredentials = authInfo.getCredentials(); Object stringToSign = hmacBuilder.buildStringToSign((HmacToken) token); authInfo.setCredentials(stringToSign); if (log.isDebugEnabled()) { log.debug("oldCredentials: {}", oldCredentials); log.debug("credentials: {}", authInfo.getCredentials()); log.debug("credentialsSalt: {}", authInfo.getCredentialsSalt().toHex()); }/*from ww w .j av a 2 s .c o m*/ }
From source file:org.codice.ddf.security.guest.realm.GuestRealm.java
License:Open Source License
@Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { BaseAuthenticationToken baseAuthenticationToken = (BaseAuthenticationToken) authenticationToken; SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(); SimplePrincipalCollection principals = createPrincipalFromToken(baseAuthenticationToken); simpleAuthenticationInfo.setPrincipals(principals); simpleAuthenticationInfo.setCredentials(authenticationToken.getCredentials()); SecurityLogger.audit("Guest assertion generated for IP address: " + baseAuthenticationToken.getIpAddress()); return simpleAuthenticationInfo; }
From source file:org.codice.ddf.security.oidc.realm.OidcRealm.java
License:Open Source License
@Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { // token is guaranteed to be of type OidcAuthenticationToken by the supports() method OidcAuthenticationToken oidcAuthenticationToken = (OidcAuthenticationToken) authenticationToken; OidcCredentials credentials = (OidcCredentials) oidcAuthenticationToken.getCredentials(); OidcConfiguration oidcConfiguration = oidcHandlerConfiguration.getOidcConfiguration(); OIDCProviderMetadata oidcProviderMetadata = oidcConfiguration.findProviderMetadata(); WebContext webContext = (WebContext) oidcAuthenticationToken.getContext(); OidcClient oidcClient = oidcHandlerConfiguration.getOidcClient(webContext.getFullRequestURL()); OidcCredentialsResolver oidcCredentialsResolver = new OidcCredentialsResolver(oidcConfiguration, oidcClient, oidcProviderMetadata);/*w w w.j av a 2 s.c o m*/ oidcCredentialsResolver.resolveIdToken(credentials, webContext); // problem getting id token, invalidate credentials if (credentials.getIdToken() == null) { webContext.getSessionStore().destroySession(webContext); String msg = String.format("Could not fetch id token with Oidc credentials (%s). " + "This may be due to the credentials expiring. " + "Invalidating session in order to acquire valid credentials.", credentials); LOGGER.warn(msg); throw new AuthenticationException(msg); } OidcProfileCreator oidcProfileCreator = new CustomOidcProfileCreator(oidcConfiguration); OidcProfile profile = oidcProfileCreator.create(credentials, webContext); SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(); SimplePrincipalCollection principalCollection = createPrincipalCollectionFromCredentials(profile); simpleAuthenticationInfo.setPrincipals(principalCollection); simpleAuthenticationInfo.setCredentials(credentials); return simpleAuthenticationInfo; }
From source file:org.seedstack.seed.security.internal.realms.ShiroRealmAdapter.java
License:Open Source License
@Override protected AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken token) throws AuthenticationException { org.seedstack.seed.security.api.AuthenticationToken seedToken = convertToken(token); if (seedToken == null) { throw new UnsupportedTokenException("The token " + token.getClass() + " is not supported"); }//from w w w. ja va2 s .c o m org.seedstack.seed.security.api.AuthenticationInfo apiAuthenticationInfo; try { apiAuthenticationInfo = realm.getAuthenticationInfo(seedToken); } catch (org.seedstack.seed.security.api.exceptions.IncorrectCredentialsException e) { throw new IncorrectCredentialsException(e); } catch (org.seedstack.seed.security.api.exceptions.UnknownAccountException e) { throw new UnknownAccountException(e); } catch (org.seedstack.seed.security.api.exceptions.UnsupportedTokenException e) { throw new UnsupportedTokenException(e); } catch (org.seedstack.seed.security.api.exceptions.AuthenticationException e) { throw new AuthenticationException(e); } SimpleAuthenticationInfo authcInfo = new SimpleAuthenticationInfo(); SimplePrincipalCollection principals = new SimplePrincipalCollection( apiAuthenticationInfo.getIdentityPrincipal(), this.getName()); authcInfo.setCredentials(token.getCredentials()); //Realm principals for (PrincipalProvider<?> principal : apiAuthenticationInfo.getOtherPrincipals()) { principals.add(principal, this.getName()); } //Custom principals for (PrincipalCustomizer<?> principalCustomizer : principalCustomizers) { if (principalCustomizer.supportedRealm().isAssignableFrom(getRealm().getClass())) { for (PrincipalProvider<?> principal : principalCustomizer.principalsToAdd( apiAuthenticationInfo.getIdentityPrincipal(), apiAuthenticationInfo.getOtherPrincipals())) { principals.add(principal, this.getName()); } } } authcInfo.setPrincipals(principals); return authcInfo; }
From source file:org.seedstack.seed.security.internal.ShiroRealmAdapter.java
License:Mozilla Public License
@Override protected AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken token) throws AuthenticationException { org.seedstack.seed.security.AuthenticationToken seedToken = convertToken(token); if (seedToken == null) { throw new UnsupportedTokenException("The token " + token.getClass() + " is not supported"); }// w ww.jav a 2s. c o m org.seedstack.seed.security.AuthenticationInfo apiAuthenticationInfo; try { apiAuthenticationInfo = realm.getAuthenticationInfo(seedToken); } catch (org.seedstack.seed.security.IncorrectCredentialsException e) { throw new IncorrectCredentialsException(e); } catch (org.seedstack.seed.security.UnknownAccountException e) { throw new UnknownAccountException(e); } catch (org.seedstack.seed.security.UnsupportedTokenException e) { throw new UnsupportedTokenException(e); } catch (org.seedstack.seed.security.AuthenticationException e) { throw new AuthenticationException(e); } SimpleAuthenticationInfo authcInfo = new SimpleAuthenticationInfo(); SimplePrincipalCollection principals = new SimplePrincipalCollection( apiAuthenticationInfo.getIdentityPrincipal(), this.getName()); authcInfo.setCredentials(token.getCredentials()); //Realm principals for (PrincipalProvider<?> principal : apiAuthenticationInfo.getOtherPrincipals()) { principals.add(principal, this.getName()); } //Custom principals for (PrincipalCustomizer<?> principalCustomizer : principalCustomizers) { if (principalCustomizer.supportedRealm().isAssignableFrom(getRealm().getClass())) { for (PrincipalProvider<?> principal : principalCustomizer.principalsToAdd( apiAuthenticationInfo.getIdentityPrincipal(), apiAuthenticationInfo.getOtherPrincipals())) { principals.add(principal, this.getName()); } } } authcInfo.setPrincipals(principals); return authcInfo; }
From source file:portal.api.util.ShiroUTAuthorizingRealm.java
License:Apache License
@Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken at) throws AuthenticationException { logger.info("AuthenticationToken at=" + at.toString()); UsernamePasswordToken token = (UsernamePasswordToken) at; logger.info("tokengetUsername at=" + token.getUsername()); //logger.info("tokengetPassword at=" + String.valueOf(token.getPassword())); //logger.info("tokengetPrincipal at=" + token.getPrincipal()); PortalUser bu = portalRepositoryRef.getUserByUsername(token.getUsername()); if (bu == null) { throw new AuthenticationException("Sorry! No login for you."); }//from w ww .j av a 2s.c o m String originalPass = bu.getPassword(); String suppliedPass = EncryptionUtil.hash(String.valueOf(token.getPassword())); logger.info("originalPass =" + originalPass); logger.info("suppliedPass =" + suppliedPass); if (originalPass.equals(suppliedPass)) { logger.info("======= USER is AUTHENTICATED OK ======="); } else { throw new AuthenticationException("Sorry! No login for you."); } // try { // currentUser.login(token); // } catch (AuthenticationException ex) { // logger.info(ex.getMessage(), ex); // throw new AuthenticationException("Sorry! No login for you."); // } // // Perform authorization check // if (!requiredRoles.isEmpty() && !currentUser.hasAllRoles(requiredRoles)) { // logger.info("Authorization failed for authenticated user"); // throw new AuthenticationException("Sorry! No login for you."); // } SimpleAuthenticationInfo sa = new SimpleAuthenticationInfo(); sa.setCredentials(token.getCredentials()); SimplePrincipalCollection principals = new org.apache.shiro.subject.SimplePrincipalCollection(); principals.add(token.getPrincipal(), "portalrealm"); sa.setPrincipals(principals); return sa; }