List of usage examples for org.apache.shiro.subject Subject login
void login(AuthenticationToken token) throws AuthenticationException;
From source file:beans.ShiroLoginBean.java
/** * Try and authenticate the user// www .ja v a 2 s . c o m */ public void doLogin() { Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken(username, password); try { subject.login(token); if (subject.hasRole("admin")) { FacesContext.getCurrentInstance().getExternalContext().redirect("admin/index.xhtml"); } else { FacesContext.getCurrentInstance().getExternalContext().redirect("index.xhtml"); } } catch (UnknownAccountException ex) { facesError("Unknown account"); //log.error(ex.getMessage(), ex); } catch (IncorrectCredentialsException ex) { facesError("Wrong password"); //log.error(ex.getMessage(), ex); } catch (LockedAccountException ex) { facesError("Locked account"); //log.error(ex.getMessage(), ex); } catch (AuthenticationException | IOException ex) { facesError("Unknown error: " + ex.getMessage()); //log.error(ex.getMessage(), ex); } finally { token.clear(); } }
From source file:blade.authenticator.shiro.ShiroAuthenticatorPre.java
License:Apache License
@Override public int authenticateByEmailAddress(long companyId, String emailAddress, String password, Map<String, String[]> headerMap, Map<String, String[]> parameterMap) throws AuthException { _log.info("authenticateByEmailAddress"); UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(emailAddress, password); Subject currentUser = SecurityUtils.getSubject(); try {//w w w .ja v a 2s . co m currentUser.login(usernamePasswordToken); boolean authenticated = currentUser.isAuthenticated(); if (authenticated) { _log.info("authenticated"); return SKIP_LIFERAY_CHECK; } else { return FAILURE; } } catch (AuthenticationException e) { _log.error(e.getMessage(), e); throw new AuthException(e.getMessage(), e); } }
From source file:br.com.arsmachina.eloquentia.tapestry.pages.SignUp.java
License:Apache License
Object onSuccess() throws MalformedURLException { Subject currentUser = securityService.getSubject(); if (currentUser == null) { throw new IllegalStateException("Subject cannot be null"); }// w w w .j ava 2 s .c o m final String password = user.getPassword(); userController.save(user); currentUser.login(new UsernamePasswordToken(user.getName(), password)); return returnUrl != null ? new java.net.URL(returnUrl) : null; }
From source file:br.com.criativasoft.opendevice.restapi.resources.AccountRest.java
License:Open Source License
@GET @Path("loginAs/{id}") @RequiresRoles(AccountType.ROLES.CLOUD_MANAGER) public Response loginAs(@PathParam("id") long id, @Auth Subject currentUser) { String uid = TenantProvider.getCurrentID(); Account account = dao.getById(id);/*from ww w . j a v a 2 s . c o m*/ if (account == null) ErrorResponse.status(Response.Status.NOT_FOUND, "Account not found !"); if (account != null && account.getUuid().equals(uid)) { return ErrorResponse.BAD_REQUEST("You already logged !"); } Set<UserAccount> userAccounts = account.getUserAccounts(); for (UserAccount userAccount : userAccounts) { if (userAccount.getType() == AccountType.ACCOUNT_MANAGER) { User user = userAccount.getUser(); // Logout currentUser.logout(); // Relogin... AccountAuth token = new AccountAuth(userAccount.getId(), user.getId()); currentUser.login(token); if (currentUser.isAuthenticated()) { String authtoken = account.getUuid(); return Response.ok("{\"token\":\"" + authtoken + "\"}").build(); } else { return Response.ok().build(); } } } return Response.ok().build(); }
From source file:br.com.criativasoft.opendevice.wsrest.filter.AuthenticationFilter.java
License:Open Source License
@Override public ContainerRequest filter(ContainerRequest request) { // Ignore Web Resources. String path = request.getPath(); if (WebUtils.isWebResource(path)) { return request; }/*w w w. ja v a2 s .c om*/ Subject subject = SecurityUtils.getSubject(); Session session = subject.getSession(false); if (session != null && subject.isAuthenticated()) { session.touch(); return request; } if (!subject.isAuthenticated()) { // Google OAuth ( Ex.: Alexa Skill ) String authorizationHeader = request.getHeaderValue(HttpHeaders.AUTHORIZATION); if (authorizationHeader != null && authorizationHeader.startsWith("Google")) { String token = authorizationHeader.substring("Google".length()).trim(); // Token GoogleAuthToken bearerToken = new GoogleAuthToken(token); try { subject.login(bearerToken); // Use BearerTokenRealm return request; } catch (AuthenticationException e) { throw new AuthenticationException("Invalid AuthToken"); } } // Extract the token from the HTTP Authorization header (OAuth2) authorizationHeader = request.getHeaderValue(HttpHeaders.AUTHORIZATION); if (authorizationHeader != null && authorizationHeader.startsWith("Bearer")) { String token = authorizationHeader.substring("Bearer".length()).trim(); // API_KEY BearerAuthToken bearerToken = new BearerAuthToken(token); try { subject.login(bearerToken); // Use BearerTokenRealm return request; } catch (AuthenticationException e) { throw new AuthenticationException("Invalid AuthToken"); } } // ApiKey in Header (no 2 step auth) String header = request.getHeaderValue("ApiKey"); if ((authorizationHeader != null && authorizationHeader.startsWith("ApiKey")) || header != null) { String apiKey = null; if (header != null) { apiKey = header; } else { apiKey = authorizationHeader.substring("ApiKey".length()).trim(); // API_KEY } if (StringUtils.isEmpty(apiKey)) { log.warn("ApiKey not found in Request"); throw new AuthenticationException("ApiKey Required"); } BearerAuthToken bearerToken = new BearerAuthToken(apiKey, true); try { subject.login(bearerToken); // Use BearerTokenRealm return request; } catch (AuthenticationException e) { throw new AuthenticationException("Invalid AuthToken"); } } // WebSocket HttpHeader Upgrade (JavaScript Library). header = request.getHeaderValue("Upgrade"); if (header != null && header.contains("websocket")) { String apiKey = path.substring(path.lastIndexOf('/') + 1, path.length()); BearerAuthToken bearerToken = new BearerAuthToken(apiKey, true); try { subject.login(bearerToken); // Use BearerTokenRealm return request; } catch (AuthenticationException e) { throw new AuthenticationException("Invalid AuthToken"); } } // Query Param (in URL) MultivaluedMap<String, String> queryParameters = request.getQueryParameters(); List<String> apiKeyParams = queryParameters.get("ApiKey"); if (apiKeyParams != null) { BearerAuthToken bearerToken = new BearerAuthToken(apiKeyParams.get(0), true); try { subject.login(bearerToken); // Use BearerTokenRealm return request; } catch (AuthenticationException e) { throw new AuthenticationException("Invalid AuthToken"); } } // GoogleAssistant / Dialogflow Integration header = request.getHeaderValue("GoogleAssistant"); if (header != null && header.contains("Dialogflow")) { JsonNode entity = request.getEntity(JsonNode.class); JsonNode userNode = entity.get("originalDetectIntentRequest").get("payload").get("user"); if (userNode == null) { log.warn("User not found in Request"); throw new AuthenticationException("Invalid User / Token"); } String token = userNode.get("accessToken").asText(); BearerAuthToken bearerToken = new BearerAuthToken(token); // request.setEntityInputStream(new ByteArrayInputStream(entity.toString().getBytes())); request.setEntityInputStream(new ByteArrayInputStream(entity.toString().getBytes())); try { subject.login(bearerToken); // Use BearerTokenRealm return request; } catch (AuthenticationException e) { throw new AuthenticationException("Invalid AuthToken"); } } } // NOTE: if not Autenticated, the UnauthenticatedException will throw (AuthorizationExceptionMap) return request; }
From source file:br.com.criativasoft.opendevice.wsrest.resource.AuthRest.java
License:Open Source License
private Response doLogin(Subject currentUser, String username, String password, boolean isApiKey) { LOG.debug("Using ApiKey (" + isApiKey + "), username : " + username); Account account = null;/* ww w . j a v a 2 s.c o m*/ String authtoken = null; boolean logged = false; // Login using: ApiKey if (isApiKey) { account = accountDao.getAccountByApiKey(username); // Generate and cache the 'AuthToken', this will be used in AuthenticationFilter // This token will be used in BearerTokenRealm // TODO: Need configure expire using EhCache if (account != null) { // NOTE(RR): To simplify the development of clients, AuthToken and API Key will be the AccountUUID. // This can be changed in the future (issues #57) // authtoken = UUID.randomUUID().toString(); authtoken = account.getUuid(); // Add token to cache (thid will be used in BearerTokenRealm) DefaultSecurityManager securityManager = (DefaultSecurityManager) SecurityUtils .getSecurityManager(); Cache<Object, Object> cache = securityManager.getCacheManager().getCache(TOKEN_CACHE); cache.put(authtoken, username); // username (is Api_Key in this case) logged = true; } // login using: Form } else if (!currentUser.isAuthenticated()) { try { User user = userDao.getUser(username); if (user == null) throw new AuthenticationException("Incorrect username"); // ckeck plain version (loaded from database) boolean passwordsMatch = password.equals(user.getPassword()); // Check encryption version (provided by user) if (!passwordsMatch) { HashingPasswordService service = new DefaultPasswordService(); passwordsMatch = service.passwordsMatch(password, user.getPassword()); } if (!passwordsMatch) throw new AuthenticationException("Incorrect password"); Set<UserAccount> uaccounts = user.getAccounts(); // Filter normal accounts uaccounts = uaccounts.stream().filter(accountx -> accountx.getType() != AccountType.DEVICE) .collect(Collectors.toSet()); if (uaccounts.isEmpty()) throw new AuthenticationException("No accounts for user"); if (uaccounts.size() > 1) { // TODO: Need return list and redirect to annother page... return ErrorResponse.status(Status.FORBIDDEN, "Multiple Accounts not supported for now !! (open ticket !)"); } AccountAuth token = new AccountAuth(uaccounts.iterator().next().getId(), user.getId()); //token.setRememberMe(false); // to be remembered across sessions currentUser.login(token); // currentUser.getSession(true).setTimeout(xxxxx); if (currentUser.isAuthenticated()) { AccountPrincipal principal = (AccountPrincipal) currentUser.getPrincipal(); logged = true; authtoken = principal.getAccountUUID(); user.setLastLogin(new Date()); } } catch (UnknownAccountException e) { return ErrorResponse.UNAUTHORIZED("Unknown Account"); } catch (IncorrectCredentialsException e) { return ErrorResponse.status(Status.FORBIDDEN, "Incorrect Credentials"); } catch (AuthenticationException e) { return ErrorResponse.UNAUTHORIZED(e.getMessage()); } } if (logged) { return noCache(Response.status(Status.OK).entity("{\"token\":\"" + authtoken + "\"}")); } else { return ErrorResponse.UNAUTHORIZED("Authentication Fail"); } }
From source file:br.uff.ic.security.ShiroLoginBean.java
/** * Try and authenticate the user/* www .j a va 2 s . c o m*/ */ public void doLogin() { Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken(getUsername(), getPassword(), getRememberMe()); try { subject.login(token); SessionUtil.setParam("usuario", usuarioFacade.autentificar(getUsername(), getPassword())); if (subject.hasRole("ADMINISTRADOR")) { FacesContext.getCurrentInstance().getExternalContext().redirect("admin/index.xhtml"); } else if (subject.hasRole("GERENTE")) { FacesContext.getCurrentInstance().getExternalContext().redirect("gerente/index.xhtml"); } else if (subject.hasRole("ASSISTENTE")) { FacesContext.getCurrentInstance().getExternalContext().redirect("assistente/index.xhtml"); } else if (subject.hasRole("PROFESSOR")) { FacesContext.getCurrentInstance().getExternalContext().redirect("professor/index.xhtml"); } else { FacesContext.getCurrentInstance().getExternalContext().redirect("index.xhtml"); } } catch (UnknownAccountException ex) { facesError("Unknown account"); log.error(ex.getMessage(), ex); } catch (IncorrectCredentialsException ex) { facesError("Wrong password"); log.error(ex.getMessage(), ex); } catch (LockedAccountException ex) { facesError("Locked account"); log.error(ex.getMessage(), ex); } catch (AuthenticationException | IOException ex) { facesError("Unknown error: " + ex.getMessage()); log.error(ex.getMessage(), ex); } catch (Exception ex) { facesError("Unknown error: " + ex.getMessage()); log.error(ex.getMessage(), ex); } finally { token.clear(); } }
From source file:ch.bastiangardel.easypay.rest.UserController.java
License:Open Source License
@RequestMapping(value = "/auth", method = POST) public void authenticate(@RequestBody final CredentialDTO credentials) { final Subject subject = SecurityUtils.getSubject(); log.info("Authenticating {}", credentials.getUsername() + " : " + subject.getSession().getHost()); subject.login(credentials.daoToModel(subject.getSession().getHost())); // set attribute that will allow session querying subject.getSession().setAttribute("email", credentials.getUsername()); }
From source file:ch.reboundsoft.shinobi.authstore.CachedAuthStoreImpl.java
@Override public synchronized boolean login(String name, String password) { log.info("Login using cached auth store"); Subject currentUser; if (subjects.containsKey(name)) { currentUser = subjects.get(name); } else {/* w w w . ja v a2 s. c o m*/ currentUser = SecurityUtils.getSubject(); subjects.put(name, currentUser); } if (!currentUser.isAuthenticated()) { UsernamePasswordToken token = new UsernamePasswordToken(name, password); try { currentUser.login(token); } catch (UnknownAccountException uae) { log.info("There is no user with username of " + token.getPrincipal()); return false; } catch (IncorrectCredentialsException ice) { log.info("Password for account " + token.getPrincipal() + " was incorrect!"); return false; } catch (LockedAccountException lae) { log.info("The account for username " + token.getPrincipal() + " is locked. " + "Please contact your administrator to unlock it."); return false; } catch (AuthenticationException ae) { log.info("Strange auth error: " + ae.toString()); return false; } } cache.add(getCacheKey(name), password); return true; }
From source file:ch.reboundsoft.shinobi.authstore.DefaultAuthStoreImpl.java
@Override public synchronized boolean login(String name, String password) { log.info("Login using default auth store"); Subject currentUser; if (subjects.containsKey(name)) { currentUser = subjects.get(name); } else {/*w w w . j a v a 2 s .c o m*/ currentUser = SecurityUtils.getSubject(); subjects.put(name, currentUser); } if (!currentUser.isAuthenticated()) { UsernamePasswordToken token = new UsernamePasswordToken(name, password); try { currentUser.login(token); } catch (UnknownAccountException uae) { log.info("There is no user with username of " + token.getPrincipal()); return false; } catch (IncorrectCredentialsException ice) { log.info("Password for account " + token.getPrincipal() + " was incorrect!"); return false; } catch (LockedAccountException lae) { log.info("The account for username " + token.getPrincipal() + " is locked. " + "Please contact your administrator to unlock it."); return false; } catch (AuthenticationException ae) { log.info("Strange auth error: " + ae.toString()); return false; } } return true; }