List of usage examples for org.apache.shiro.realm Realm supports
boolean supports(AuthenticationToken token);
From source file:ddf.security.service.impl.SecurityManagerImplTest.java
License:Open Source License
/** * Creates mock objects and uses those to pass through the system when an authentication token is * used./*from w w w.j ava2s.c om*/ * * @throws SecurityServiceException */ @Test public void testAuthToken() throws SecurityServiceException { // mock setup SimplePrincipalCollection principals = new SimplePrincipalCollection(); SecurityToken secToken = new SecurityToken(); principals.add(secToken, REALM_NAME); AuthenticationToken authToken = mock(AuthenticationToken.class); when(authToken.getCredentials()).thenReturn("testUser"); AuthenticationInfo info = mock(AuthenticationInfo.class); when(info.getPrincipals()).thenReturn(principals); // realm Realm realm = mock(Realm.class); when(realm.getAuthenticationInfo(authToken)).thenReturn(info); when(realm.supports(authToken)).thenReturn(Boolean.TRUE); when(realm.getName()).thenReturn(REALM_NAME); SecurityManagerImpl manager = new SecurityManagerImpl(); manager.setRealms(Arrays.asList(new Realm[] { realm })); Subject subject = manager.getSubject(authToken); assertNotNull(subject); }
From source file:io.bootique.shiro.ShiroModuleIT.java
License:Apache License
protected Realm mockRealm() { Realm mockRealm = mock(Realm.class); when(mockRealm.getName()).thenReturn("TestRealm"); when(mockRealm.supports(any(AuthenticationToken.class))).then(invocation -> { AuthenticationToken token = invocation.getArgument(0); return token instanceof UsernamePasswordToken; });/*from w w w . j a va2s . c o m*/ when(mockRealm.getAuthenticationInfo(any(AuthenticationToken.class))).then(invocation -> { UsernamePasswordToken token = invocation.getArgument(0); if (!"password".equals(new String(token.getPassword()))) { throw new AuthenticationException("Bad password"); } return new SimpleAuthenticationInfo(token.getPrincipal(), token.getCredentials(), "TestRealm"); }); return mockRealm; }
From source file:org.apache.isis.security.shiro.ShiroAuthenticatorOrAuthorizor.java
License:Apache License
/** * This method has protected visibility to allow for custom implementations * in the future that might obtain the list of roles for a principal from * somewherte other than Shiro's {@link RealmSecurityManager}. *///from w w w . j av a2 s .co m protected List<String> getRoles(final AuthenticationToken token) { final List<String> roles = Lists.newArrayList(); RealmSecurityManager securityManager = getSecurityManager(); if (securityManager == null) { return roles; } final Collection<Realm> realms = securityManager.getRealms(); for (final Realm realm : realms) { if (realm.supports(token)) { continue; } final AuthenticationInfo authenticationInfo = realm.getAuthenticationInfo(token); if (authenticationInfo instanceof AuthorizationInfo) { final AuthorizationInfo authorizationInfo = (AuthorizationInfo) authenticationInfo; final Collection<String> realmRoles = authorizationInfo.getRoles(); for (final String role : realmRoles) { roles.add(realm.getName() + ":" + role); } } } return roles; }
From source file:org.eclipse.kapua.service.authentication.shiro.KapuaAuthenticator.java
License:Open Source License
@Override protected AuthenticationInfo doMultiRealmAuthentication(Collection<Realm> realms, AuthenticationToken token) { AuthenticationStrategy strategy = getAuthenticationStrategy(); AuthenticationInfo aggregate = strategy.beforeAllAttempts(realms, token); if (loggger.isTraceEnabled()) { loggger.trace("Iterating through {} realms for PAM authentication", realms.size()); }//from w ww. j a v a2s . com List<Throwable> exceptionList = new ArrayList<>(); boolean loginSucceeded = false; boolean supportedRealmFound = false; for (Realm realm : realms) { aggregate = strategy.beforeAttempt(realm, token, aggregate); if (realm.supports(token)) { supportedRealmFound = true; loggger.trace("Attempting to authenticate token [{}] using realm [{}]", token, realm); AuthenticationInfo info = null; Throwable t = null; try { info = realm.getAuthenticationInfo(token); loginSucceeded = true; } catch (Throwable throwable) { t = throwable; if (loggger.isDebugEnabled()) { String msg = "Realm [" + realm + "] threw an exception during a multi-realm authentication attempt:"; loggger.debug(msg, t); } } aggregate = strategy.afterAttempt(realm, token, info, aggregate, t); exceptionList.add(t); } else { loggger.debug("Realm [{}] does not support token {}. Skipping realm.", realm, token); } } //modified behavior from the ModularRealmAuthenticator to provide a more significantly exception message to the user if the login fails if (supportedRealmFound && !loginSucceeded) { //if there is no realm able to authenticate the AuthenticationToken (but at least one realm for this AuthenticationToken was found) lets check the exceptions thrown by the logins if (exceptionList.size() <= 0) { //login failed and we have no exception to show so throw a ShiroException? //TODO move the error message to the message bundle throw new ShiroException("Internal Error!"); } if (exceptionList.get(0) instanceof AuthenticationException) { throw (AuthenticationException) exceptionList.get(0); } else { throw new AuthenticationException(exceptionList.get(0)); } } else { //otherwise if at least one login succeeded lets proceed with the standard ModularRealmAuthenticator aggregate = strategy.afterAllAttempts(token, aggregate); } return aggregate; }
From source file:org.sonatype.nexus.security.authc.FirstSuccessfulModularRealmAuthenticator.java
License:Open Source License
@Override protected AuthenticationInfo doMultiRealmAuthentication(final Collection<Realm> realms, final AuthenticationToken token) { log.trace("Iterating through [{}] realms for PAM authentication", realms.size()); for (Realm realm : realms) { // check if the realm supports this token if (realm.supports(token)) { log.trace("Attempting to authenticate token [{}] using realm of type [{}]", token, realm); try { AuthenticationInfo info = realm.getAuthenticationInfo(token); if (info != null) { return info; }// ww w . java 2 s. c o m log.trace("Realm [{}] returned null when authenticating token [{}]", realm, token); } catch (Throwable t) { log.trace("Realm [{}] threw an exception during a multi-realm authentication attempt", realm, t); } } else { log.trace("Realm of type [{}] does not support token [{}]; skipping realm", realm, token); } } throw new AuthenticationException("Authentication token of type [" + token.getClass() + "] could not be authenticated by any configured realms. Please ensure that at least one realm can " + "authenticate these tokens."); }
From source file:org.sonatype.security.authentication.FirstSuccessfulModularRealmAuthenticator.java
License:Open Source License
@Override protected AuthenticationInfo doMultiRealmAuthentication(final Collection<Realm> realms, final AuthenticationToken token) { log.trace("Iterating through [{}] realms for PAM authentication", realms.size()); for (Realm realm : realms) { // check if the realm supports this token if (realm.supports(token)) { log.trace("Attempting to authenticate token [{}] using realm of type [{}]", token, realm); try { AuthenticationInfo info = realm.getAuthenticationInfo(token); if (info != null) { return info; }//from w w w . java2 s.c o m log.trace("Realm [{}] returned null when authenticating token [{}]", realm, token); } catch (Throwable t) { log.trace("Realm [{}] threw an exception during a multi-realm authentication attempt", realm, t); } } else { log.trace("Realm of type [{}] does not support token [{}]; skipping realm", realm, token); } } throw new org.apache.shiro.authc.AuthenticationException("Authentication token of type [" + token.getClass() + "] could not be authenticated by any configured realms. Please ensure that at least one realm can " + "authenticate these tokens."); }