@Override protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException ae, ServletRequest request, ServletResponse response) { final OAuthResponse oAuthResponse; try { oAuthResponse = OAuthRSResponse.errorResponse(401) .setError(OAuthError.ResourceResponse.INVALID_TOKEN) .setErrorDescription(ae.getMessage()) .buildJSONMessage(); com.monkeyk.os.web.WebUtils.writeOAuthJsonResponse((HttpServletResponse) response, oAuthResponse); } catch (OAuthSystemException e) { LOGGER.error("Build JSON message error", e); throw new IllegalStateException(e); } return false; }
/** * 认证回调函数,登录时调用. */ @Override protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken authcToken) throws AuthenticationException { UsernamePassword2Token token = (UsernamePassword2Token) authcToken; String username = token.getUsername(); if (username == null || null == username) { throw new AccountException( "Null usernames are not allowed by this realm."); } User entity = new User(); entity.setEmail(username); entity.setStatus(Constant.STATUS_ENABLED); entity = (User) service.iUserService.select(entity); if (null == entity) { throw new UnknownAccountException("No account found for user [" + username + "]"); } byte[] key = Encode.decodeHex(entity.getRandom()); return new SimpleAuthenticationInfo(new Shiro(entity.getId(), entity.getEmail(), entity.getName()), entity.getPassword(), ByteSource.Util.bytes(key), getName()); }
/** * 覆盖默认实现,用sendRedirect直接跳出框架,以免造成js框架重复加载js出错。 * * @param token * @param subject * @param request * @param response * @return * @throws Exception */ @Override protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception { HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse = (HttpServletResponse) response; if (!"XMLHttpRequest".equalsIgnoreCase(httpRequest .getHeader("X-Requested-With"))) { httpResponse.sendRedirect(httpRequest.getContextPath() + this.getSuccessUrl()); } else { httpRequest.getRequestDispatcher("/CN").forward(httpRequest, httpResponse); } return false; }
@Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { //UsernamePasswordToken对象用来存放提交的登录信息 UsernamePasswordToken token=(UsernamePasswordToken) authenticationToken; log.info("验证当前Subject时获取到token为:" + ReflectionToStringBuilder.toString(token, ToStringStyle.MULTI_LINE_STYLE)); // return new SimpleAuthenticationInfo("hsjhsj","8e24137dee97c9bbddb9a0cd6e043be4" , getName()); return new SimpleAuthenticationInfo("hsjhsj","" , getName()); //查出是否有此用户 // TbUser user=null; // if(user!=null){ // 若存在,将此用户存放到登录认证info中,无需自己做密码对比,Shiro会为我们进行密码对比校验 // return new SimpleAuthenticationInfo(user.getUsername(), , getName()); // } // return null; }
@Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken auth) throws AuthenticationException { String token = (String) auth.getCredentials(); Cache<String, String> authCache = CacheController.getAuthCache(); if (! authCache.containsKey(token)) { // get user info from database int uid = JWTUtil.getUid(token); UserEntity userEntity = userService.getUserByUid(uid); authCache.put(token, String.valueOf(userEntity.getPassword())); } String secret = authCache.get(token); if (!JWTUtil.decode(token, secret)) { throw new AuthenticationException("Token invalid"); } return new SimpleAuthenticationInfo(token, token, "jwt_realm"); }
@Override protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) { HttpServletResponse httpResponse = (HttpServletResponse) response; httpResponse.setContentType("application/json;charset=utf-8"); try { //处理登录失败的异常 Throwable throwable = e.getCause() == null ? e : e.getCause(); R r = R.error(HttpStatus.SC_UNAUTHORIZED, throwable.getMessage()); String json = new Gson().toJson(r); httpResponse.getWriter().print(json); } catch (IOException e1) { } return false; }
/** * 用户认证-验证用户是否登录、用户名密码是否匹配 */ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { logger.info(">>> 【用户认证】token = {}", token); String userName = (String)token.getPrincipal(); AdminUser user = getPrincipalService().getPrincipalObject(userName); if(user == null) { throw new UnknownAccountException("Unknown account: " + userName);//没找到帐号 } if(AdminUserStatusEnum.ADMIN_USER_STATUS_DISABLED.getStatusCode().equals(user.getStatus())) { throw new LockedAccountException("Account[" + userName + "] has been locked!"); //帐号锁定 } //交给AuthenticatingRealm使用CredentialsMatcher进行密码匹配 SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo( user.getUserName(), //用户名 user.getPassword(), //密码 ByteSource.Util.bytes(user.getPasswordSalt()),//salt getName() //realm name ); return authenticationInfo; }
public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) { String userName = (String)token.getPrincipal(); final String key = REDIS_KEY_PREFIX + userName; long maxRetry = redisTemplate.opsForValue().increment(key, 1); if(maxRetry == 1){ //首次输入密码 redisTemplate.expire(key, passwordRetryWaitMinutes, TimeUnit.MINUTES); } if(maxRetry >= passwordRetryLimit){ throw new ExcessiveAttemptsException(passwordRetryLimit + ""); } boolean matches = super.doCredentialsMatch(token, info); if(matches) { redisTemplate.delete(key); } return matches; }
@RequestMapping(value = "/tlogin", method = RequestMethod.POST) public String login(String username, String password, HttpServletRequest request) { //String validateCode = (String) ServletActionContext.getRequest().getSession().getAttribute("key"); // if (StringUtils.isNotBlank(checkcode) && checkcode.equals(validateCode)) { // 使用shiri方式 // 获得当前对象的状态:未认证 Subject subject = SecurityUtils.getSubject(); // 用户名密码令牌对象 AuthenticationToken token = new UsernamePasswordToken(username, password); try { subject.login(token); } catch (Exception e) { e.printStackTrace(); return "login"; } User user = (User) subject.getPrincipal(); // user放入session request.getSession().setAttribute("loginUser", user); return "index"; }
@Override protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) throws Exception { HttpServletRequest httpRequest = (HttpServletRequest) request; final String accessToken = getAccessToken(httpRequest); final AccessToken token = rsService.loadAccessTokenByTokenId(accessToken); String username = null; if (token != null) { LOGGER.debug("Set username and clientId from AccessToken: {}", token); username = token.username(); httpRequest.setAttribute(OAuth.OAUTH_CLIENT_ID, token.clientId()); } else { LOGGER.debug("Not found AccessToken by access_token: {}", accessToken); } return new OAuth2Token(accessToken, resourceId) .setUserId(username); }
@Override public Subject createSubject(SubjectContext context) { boolean authenticated = context.isAuthenticated(); if (authenticated) { AuthenticationToken token = context.getAuthenticationToken(); if (token != null && token instanceof OAuth2Token) { OAuth2Token oAuth2Token = (OAuth2Token) token; if (oAuth2Token.isRememberMe()) { context.setAuthenticated(false); } } } return super.createSubject(context); }
/** * Builds an {@link AuthenticationInfo} object by querying the active directory LDAP context for the * specified username. */ @Override protected AuthenticationInfo queryForAuthenticationInfo( AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException { final UsernamePasswordToken upToken = ensureUsernamePasswordToken(token); final String userDn = findUserDn(ldapContextFactory, upToken.getUsername()); LdapContext ctx = null; try { // Binds using the username and password provided by the user. ctx = ldapContextFactory.getLdapContext(userDn, upToken.getPassword()); } finally { LdapUtils.closeContext(ctx); } return buildAuthenticationInfo(upToken.getUsername(), upToken.getPassword()); }
@Override protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception { HttpServletRequest httpServletRequest = (HttpServletRequest) request; HttpServletResponse httpServletResponse = (HttpServletResponse) response; if (!httpServletRequest.getRequestURL().toString().endsWith(".json")) { issueSuccessRedirect(request, response); } else { httpServletResponse.setCharacterEncoding("UTF-8"); response.setContentType("application/json; charset=utf-8"); PrintWriter out = httpServletResponse.getWriter(); out.println("{\"code\":200,\"info\":\"登入成功\"}"); out.flush(); out.close(); } return true; }
@Override protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) throws Exception { HttpServletRequest httpRequest = (HttpServletRequest) request; final String accessToken = httpRequest.getParameter(OAuth.OAUTH_ACCESS_TOKEN); final AccessToken token = rsService.loadAccessTokenByTokenId(accessToken); String username = null; if (token != null) { username = token.username(); logger.debug("Set username[{}] and clientId[{}] to request that from AccessToken: {}", username, token.clientId(), token); httpRequest.setAttribute(OAuth.OAUTH_CLIENT_ID, token.clientId()); } else { logger.debug("Not found AccessToken by access_token: {}", accessToken); } return new OAuth2Token(accessToken, resourceId) .setUserId(username); }
@Override protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException ae, ServletRequest request, ServletResponse response) { // OAuth2Token oAuth2Token = (OAuth2Token) token; final OAuthResponse oAuthResponse; try { oAuthResponse = OAuthRSResponse.errorResponse(401) .setError(OAuthError.ResourceResponse.INVALID_TOKEN) .setErrorDescription(ae.getMessage()) .buildJSONMessage(); com.monkeyk.os.web.WebUtils.writeOAuthJsonResponse((HttpServletResponse) response, oAuthResponse); } catch (OAuthSystemException e) { logger.error("Build JSON message error", e); throw new IllegalStateException(e); } return false; }
@Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { // identify account to log to UsernamePasswordToken userPassToken = (UsernamePasswordToken) token; final String username = userPassToken.getUsername(); if (username == null) { return null; } // read password hash and salt from db final User user = UserDAO.getUser(username); if (user == null) { return null; } // return salted credentials SaltedAuthenticationInfo info = new SaltedAuthInfo(username, user.getPassword(), user.getSalt()); return info; }
public boolean isValid(String value, ConstraintValidatorContext constraintContext) { if (value != null) { UserPage page = (UserPage) WicketUtils.getPage(); AuthenticationToken token = new UsernamePasswordToken(page.getUser().getName(), value); try { if (SecurityUtils.getSecurityManager().authenticate(token) != null) return true; } catch (Exception e) { } constraintContext.disableDefaultConstraintViolation(); constraintContext.buildConstraintViolationWithTemplate("Current password does not match").addConstraintViolation(); return false; } else { return true; } }
/** * 先执行登录验证 * @param token * @return * @throws AuthenticationException */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { //获取用户名密码 String username = token.getPrincipal().toString(); TbUser tbUser = userService.getUserByUsername(username); if (tbUser != null){ //得到用户账号和密码存放到authenticationInfo中用于Controller层的权限判断 第三个参数随意不能为null AuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(tbUser.getUsername(),tbUser.getPassword(), tbUser.getUsername()) ; return authenticationInfo ; }else{ return null ; } }
/** * 登录失败调用事件 */ @Override protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) { String className = e.getClass().getName(), message = ""; if (IncorrectCredentialsException.class.getName().equals(className) || UnknownAccountException.class.getName().equals(className)){ message = "用户或密码错误, 请重试."; } else if (e.getMessage() != null && StringUtils.startsWith(e.getMessage(), "msg:")){ message = StringUtils.replace(e.getMessage(), "msg:", ""); } else{ message = "系统出现点问题,请稍后再试!"; e.printStackTrace(); // 输出到控制台 } request.setAttribute(getFailureKeyAttribute(), className); request.setAttribute(getMessageParam(), message); return true; }
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authcToken; Map<String, Object> params = new HashMap<String, Object>(); params.put("enable", 1); params.put("account", token.getUsername()); Parameter parameter = new Parameter("sysUserService", "queryList").setMap(params); logger.info("{} execute sysUserService.queryList start...", parameter.getNo()); List<?> list = provider.execute(parameter).getList(); logger.info("{} execute sysUserService.queryList end.", parameter.getNo()); if (list.size() == 1) { SysUser user = (SysUser) list.get(0); StringBuilder sb = new StringBuilder(100); for (int i = 0; i < token.getPassword().length; i++) { sb.append(token.getPassword()[i]); } if (user.getPassword().equals(sb.toString())) { WebUtil.saveCurrentUser(user.getId()); saveSession(user.getAccount(), token.getHost()); AuthenticationInfo authcInfo = new SimpleAuthenticationInfo(user.getAccount(), user.getPassword(), user.getUserName()); return authcInfo; } logger.warn("USER [{}] PASSWORD IS WRONG: {}", token.getUsername(), sb.toString()); return null; } else { logger.warn("No user: {}", token.getUsername()); return null; } }
@Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { // token是用户输入的用户名和密码 // 第一步从token中取出用户名 String userCode = (String) token.getPrincipal(); // 如果查询不到返回null //数据库中用户账号是zhangsansan // if(!userCode.equals("zhangsansan")){// // return null; // } // 模拟从数据库查询到密码 String password = "111111"; //将activeUser设置simpleAuthenticationInfo SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo( userCode, password, this.getName()); return simpleAuthenticationInfo; }
@Override protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) { HttpServletResponse httpResponse = (HttpServletResponse) response; httpResponse.setContentType("application/json;charset=utf-8"); try { //处理登录失败的异常 Throwable throwable = e.getCause() == null ? e : e.getCause(); Result result = Result.error(HttpStatus.SC_UNAUTHORIZED, throwable.getMessage()); String json = new Gson().toJson(result); httpResponse.getWriter().print(json); } catch (IOException e1) { e1.printStackTrace(); } return false; }
@Override protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest req, ServletResponse resp) throws Exception { HttpServletRequest req1 = (HttpServletRequest) req; HttpSession session = null; if(req1 != null) session = req1.getSession(); User user = dao().fetch(User.class, Cnd.where(User.USERNAME, "=", subject.getPrincipal())); if(user!=null){ if(session!=null){ subject.getSession().setAttribute("me", user.getId()); subject.getSession().setAttribute("username", user.getUsername()); subject.getSession().setAttribute("sessionId", session.getId()); //session.setAttribute("me", user.getId()); // session.setAttribute("username", user.getUsername()); // session.setAttribute("sessionId",session.getId()); } } NutShiro.rendAjaxResp(req, resp, Response.ok("登陆成功")); return false; }
@Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { String username = (String) token.getPrincipal();// 根据刚刚传过来的token获取用户名 Blogger blogger = bloggerService.findByUsername(username);// 只是根据用户名查询出,不涉及密码 if (blogger != null) { System.out.println("验证信息:" + blogger); // 把获取到的用户存到session中 SecurityUtils.getSubject().getSession().setAttribute("blogger", blogger); // 把从数据库中查询出来的博主信息放到AuthenticationInfo中,即把正确的用户名,密码,交给shiro,再和前台输入的校验。 AuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(blogger.getUsername(), blogger.getPassword(), "MyRealm"); return authenticationInfo; } else { return null; } }
/** * 认证回调函数,登录时调用. */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authcToken; // User user = accountManager.findUserByLoginName(token.getUsername()); //根据loginToken 看能不查到当前token token有效期就1分钟 String tokenPassword=new String(token.getPassword()); User user = accountManager.findUserByLoginNameOrEmail(token.getUsername()); //user.getStandardLock()==1 if (user != null && user.getStatus().intValue()!=0 && !user.getLoginName().endsWith("@chacuo.net")) { return new SimpleAuthenticationInfo(user.getLoginName(), user.getShaPassword() , getName()); } else { return null; } }
@Override public boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception { AuthenticationToken token = createToken(request, response); if (token == null) { String msg = "createToken method implementation returned null. A valid non-null AuthenticationToken " + "must be created in order to execute a login attempt."; throw new IllegalStateException(msg); } if (checkIfAccountLocked(request)) { return onLoginFailure(token, new ExcessiveAttemptsException(), request, response); } else { if (!doLogin(request, response, token)) { resetAccountLock(getUsername(request)); return false; } return true; } }
@Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken arg0) throws AuthenticationException { BearerToken token = (BearerToken)arg0; // assert the bearerToken, and if valid, look up the account data and return //an AuthenticationInfo instance representing that account. String email = (String)token.getPrincipal(); String credentials = (String)token.getCredentials(); Preconditions.checkNotNull(email, "Email can't be null"); Preconditions.checkNotNull(token, "Token can't be null"); DBAuthenticationToken dbToken = tokenRepository.getAuthenticationToken(credentials) ; if (tokenIsInvalid(token, dbToken)) { LOGGER.info("Rejecting token " + credentials + " for user " + email); return null; } return new BearerAuthenticationInfo(this, dbToken); }
/** * 登录认证,在权限认证前执行 * * @param token * @return AuthenticationInfo * @throws AuthenticationException */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { String username = token.getPrincipal().toString(); UUser user = userMService.findUserByUserName(username); if (null == user) { return null; } else { /** * info中principal选择方案:1.username, 2.User, 3.UserWithRoleAndPermission * 各有优劣,这里选择使用username * * EAO isssue: 新建对象WholeUser,有属性roles,permissions,登录时产生此对象作为principals,则authorization时无需再和sql交互 * 1.优势: 减少sql交互, * 2.劣势:缓存大,对变更的用户信息反馈不及时 * 适用: 变化不大信息量少,但权限校验频繁的用户类型. * * SimpleAuthorizationInfo: param: principal检查源码最后被强转为Collection不知何意?? */ SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), "UserRealm"); return info; } }
/** * 登录认证,在权限认证前执行 * * @param token * @return AuthenticationInfo * @throws AuthenticationException */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { String userName = token.getPrincipal().toString(); UUser user = userFService.findUserByUsername(userName); if (null == user) { return null; } else { /** * info中principal选择方案:1.username, 2.User, 3.UserWithRoleAndPermission * 各有优劣,这里选择使用username * * EAO isssue: 新建对象WholeUser,有属性roles,permissions,登录时产生此对象作为principals,则authorization时无需再和sql交互 * 1.优势: 减少sql交互, * 2.劣势:缓存大,对变更的用户信息反馈不及时 * 适用: 变化不大信息量少,但权限校验频繁的用户类型. * * SimpleAuthorizationInfo: param: principal检查源码最后被强转为Collection不知何意?? */ SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), "UserRealm"); return info; } }
@Test public void testLoginFailure401() { subject.login(isA(AuthenticationToken.class)); expectLastCall().andThrow(new AuthenticationException()); replayAndStart(); ClientResponse clientResponse = getRequestBuilder(PATH) .header(HttpHeaders.AUTHORIZATION, ShiroKerberosAuthenticationFilter.NEGOTIATE + " asdf") .get(ClientResponse.class); assertEquals(HttpServletResponse.SC_UNAUTHORIZED, clientResponse.getStatus()); assertEquals( ShiroKerberosAuthenticationFilter.NEGOTIATE, clientResponse.getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE)); }
/** * 认证回调函数,登录时调用 */ protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken authcToken) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authcToken; String accountName = token.getUsername(); String password = new String(token.getPassword()); // 用户名密码验证 if (accountName != null && !"".equals(accountName)) { //UserService userService = BGDispatch.userService; User user = User.dao.findFirst( " select* from user where username= ? and password=?", accountName,password); if (user != null) return new SimpleAuthenticationInfo(new Principal(user), password, accountName); return null; }
private String loginShiro(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { log.debug("Shiro login to session: " + req.getSession().getId()); Subject subject = SecurityUtils.getSubject(); String token = req.getParameter("shiroUser"); int index = token.indexOf(":"); String user = token.substring(0, index); String password = token.substring(index + 1); log.info("authenticate Shiro: " + user); AuthenticationToken auth = new UsernamePasswordToken(user, password); subject.login(auth); if (req.getParameter("TENANT") != null) { Context.sessionScope().setTenant(req.getParameter("TENANT")); } String msg = "Shiro logged in user " + Context.sessionScope().getUser(); log.debug(msg); return msg; }
/** * 在每个Realm之后调用 */ @Override public AuthenticationInfo afterAttempt(Realm realm, AuthenticationToken token, AuthenticationInfo singleRealmInfo, AuthenticationInfo aggregateInfo, Throwable t) throws AuthenticationException { AuthenticationInfo authenticationInfo = null; if(singleRealmInfo == null){//当前没有通过验证 authenticationInfo = aggregateInfo;//保存之前所合并的 }else{//通过验证 if(aggregateInfo== null){//之前没有合并过 authenticationInfo = singleRealmInfo;//初始化 }else{ authenticationInfo = merge(singleRealmInfo, aggregateInfo);//合并 if(authenticationInfo.getPrincipals().getRealmNames().size() > 1){ System.out.println(authenticationInfo.getPrincipals().getRealmNames()); throw new AuthenticationException("[" + token.getClass() + "] " + "这个认证令牌无法通过realm的验证,请确认您提供的令牌只允许通过1个realm验证"); } } } return authenticationInfo; }
/** * 登录失败调用事件 */ @Override protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) { String className = e.getClass().getName(), message = ""; if (IncorrectCredentialsException.class.getName().equals(className) || UnknownAccountException.class.getName().equals(className)) { message = "用户或密码错误, 请重试."; } else if (e.getMessage() != null && StringUtils.startsWith(e.getMessage(), "msg:")) { message = StringUtils.replace(e.getMessage(), "msg:", ""); } else { message = "系统出现点问题,请稍后再试!"; e.printStackTrace(); // 输出到控制台 } request.setAttribute(getFailureKeyAttribute(), className); request.setAttribute(getMessageParam(), message); return true; }
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { UsernamePasswordToken upToken = (UsernamePasswordToken) token; /* if (Strings.isBlank(upToken.getCaptcha())) throw new AuthenticationException("验证码不能为空"); String _captcha = Strings.sBlank(SecurityUtils.getSubject().getSession(true).getAttribute(Toolkit.captcha_attr)); if (!upToken.getCaptcha().equalsIgnoreCase(_captcha)) throw new AuthenticationException("验证码错误");*/ User user = dao().fetch(User.class, Cnd.where("name", "=", upToken.getUsername())); if (user == null) return null; if (user.isLocked()) throw new LockedAccountException("Account [" + upToken.getUsername() + "] is locked."); ByteSource salt = ByteSource.Util.bytes(user.getSalt()); SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, user.getPassword(), getName()); info.setCredentialsSalt(salt); return info; }
@Override public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) { String username = (String) token.getPrincipal(); //retry count + 1 AtomicInteger retryCount = (AtomicInteger) SilentGo.me().getConfig().getCacheManager().get("passwordRetryCache", username); if (retryCount == null) { retryCount = new AtomicInteger(0); SilentGo.me().getConfig().getCacheManager().set("passwordRetryCache", username, retryCount); } if (retryCount.incrementAndGet() > 5) { //if retry count > 5 throw throw new ExcessiveAttemptsException(); } boolean matches = super.doCredentialsMatch(token, info); if (matches) { //clear retry count SilentGo.me().getConfig().getCacheManager().evict("passwordRetryCache", username); } return matches; }
@Override protected void assertCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) throws AuthenticationException { // 如果验证出错,super会抛出异常 super.assertCredentialsMatch(token, info); // 验证通过,走下面,删除旧的subject,不删好像也没事 // 删除其他设备上的这个用户的session // 人多了效率有点危险 String username = (String) token.getPrincipal(); if (token == null || username == null) return; if (SecurityUtils.getSubject() != null) { SecurityUtils.getSubject().logout(); Collection<Session> sessions = sessionDAO.getActiveSessions(); for (Session session : sessions) { if (username.equals(session.getAttribute("username"))) { session.stop(); } } } }
@Override public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) { if (token instanceof UsernamePasswordToken) { String username = ((UsernamePasswordToken) token).getUsername(); AtomicInteger retryCount = passwordRetryCache.get(username); if (retryCount == null) { retryCount = new AtomicInteger(0); passwordRetryCache.put(username, retryCount); } if (retryCount.incrementAndGet() > maxRetryCount) { throw new ExcessiveAttemptsException(); } boolean matched = super.doCredentialsMatch(token, info); if (matched) { passwordRetryCache.remove(username); } return matched; } return super.doCredentialsMatch(token, info); }
