@Override protected void assertCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) throws AuthenticationException { CredentialsMatcher cm = getCredentialsMatcher(); if (cm != null) { if (!cm.doCredentialsMatch(token, info)) { //not successful - throw an exception to indicate this: String msg = "Submitted credentials for token [" + token + "] did not match the expected credentials."; throw new IncorrectCredentialsException(msg); }else { //记录登陆日志 /* ShiroUser shiroUser = (ShiroUser)(info.getPrincipals().getPrimaryPrincipal()); Log log = LogBuilder.OP_LOG.buildCommonLog("登陆", shiroUser.getClientIp(), shiroUser.getLoginName()); logService.log(log);*/ } } else { throw new AuthenticationException("A CredentialsMatcher must be configured in order to verify " + "credentials during authentication. If you do not wish for credentials to be examined, you " + "can configure an " + AllowAllCredentialsMatcher.class.getName() + " instance."); } }
@Bean(name = "mainRealm") @ConditionalOnMissingBean(name = "mainRealm") @ConditionalOnProperty(prefix = "shiro.realm.jdbc", name = "enabled", havingValue = "true") @DependsOn(value = {"dataSource", "lifecycleBeanPostProcessor", "credentialsMatcher"}) public Realm jdbcRealm(DataSource dataSource, CredentialsMatcher credentialsMatcher) { JdbcRealm realm = new JdbcRealm(); if (shiroJdbcRealmProperties.getAuthenticationQuery() != null) { realm.setAuthenticationQuery(shiroJdbcRealmProperties.getAuthenticationQuery()); } if (shiroJdbcRealmProperties.getUserRolesQuery() != null) { realm.setUserRolesQuery(shiroJdbcRealmProperties.getUserRolesQuery()); } if (shiroJdbcRealmProperties.getPermissionsQuery() != null) { realm.setPermissionsQuery(shiroJdbcRealmProperties.getPermissionsQuery()); } if (shiroJdbcRealmProperties.getSalt() != null) { realm.setSaltStyle(shiroJdbcRealmProperties.getSalt()); } realm.setPermissionsLookupEnabled(shiroJdbcRealmProperties.isPermissionsLookupEnabled()); realm.setDataSource(dataSource); realm.setCredentialsMatcher(credentialsMatcher); return realm; }
public AuthenticatingRealm(CacheManager cacheManager, CredentialsMatcher matcher) { authenticationTokenClass = UsernamePasswordToken.class; //retain backwards compatibility for Shiro 1.1 and earlier. Setting to true by default will probably cause //unexpected results for existing applications: this.authenticationCachingEnabled = false; int instanceNumber = INSTANCE_COUNT.getAndIncrement(); this.authenticationCacheName = getClass().getName() + DEFAULT_AUTHORIZATION_CACHE_SUFFIX; if (instanceNumber > 0) { this.authenticationCacheName = this.authenticationCacheName + "." + instanceNumber; } if (cacheManager != null) { setCacheManager(cacheManager); } if (matcher != null) { setCredentialsMatcher(matcher); } }
public AuthorizingRealm(CacheManager cacheManager, CredentialsMatcher matcher) { super(); if (cacheManager != null) setCacheManager(cacheManager); if (matcher != null) setCredentialsMatcher(matcher); this.authorizationCachingEnabled = true; this.permissionResolver = new WildcardPermissionResolver(); int instanceNumber = INSTANCE_COUNT.getAndIncrement(); this.authorizationCacheName = getClass().getName() + DEFAULT_AUTHORIZATION_CACHE_SUFFIX; if (instanceNumber > 0) { this.authorizationCacheName = this.authorizationCacheName + "." + instanceNumber; } }
/** * Asserts that the submitted {@code AuthenticationToken}'s credentials match the stored account * {@code AuthenticationInfo}'s credentials, and if not, throws an {@link AuthenticationException}. * * @param token the submitted authentication token * @param info the AuthenticationInfo corresponding to the given {@code token} * @throws AuthenticationException if the token's credentials do not match the stored account credentials. */ protected void assertCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) throws AuthenticationException { CredentialsMatcher cm = getCredentialsMatcher(); if (cm != null) { if (!cm.doCredentialsMatch(token, info)) { //not successful - throw an exception to indicate this: String msg = "Submitted credentials for token [" + token + "] did not match the expected credentials."; throw new IncorrectCredentialsException(msg); } } else { throw new AuthenticationException("A CredentialsMatcher must be configured in order to verify " + "credentials during authentication. If you do not wish for credentials to be examined, you " + "can configure an " + AllowAllCredentialsMatcher.class.getName() + " instance."); } }
/** * Checks to see if the credentials in token match the credentials stored on user * * @param token the username/password token containing the credentials to verify * @param user object containing the stored credentials * @return true if credentials match, false otherwise */ private boolean isValidCredentials(final UsernamePasswordToken token, final CUser user) { boolean credentialsValid = false; AuthenticationInfo info = createAuthenticationInfo(user); CredentialsMatcher matcher = getCredentialsMatcher(); if (matcher != null) { if (matcher.doCredentialsMatch(token, info)) { credentialsValid = true; } } return credentialsValid; }
/** * When annotations activated, you'll need to hash passwords in your configured Realm (i.e.: shiro.ini file) * @return credentialsMatcher singleton implementation for this application */ //@Provides //@Singleton public CredentialsMatcher provideCredentialsMatcher(){ HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(); matcher.setHashAlgorithmName(CREDENTIALS_MATCHER_ALGORITHM_NAME); return matcher; }
/** * When annotations activated, you'll need to hash passwords in your configured Realm (i.e.: shiro.ini file) * @return credentialsMatcher singleton implementation for this application */ //@Provides //@Singleton public CredentialsMatcher provideCredentialsMatcher(){ logger.entry(); HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(); matcher.setHashAlgorithmName(CREDENTIALS_MATCHER_ALGORITHM_NAME); logger.exit(matcher); return matcher; }
/** * This test verifies that the AbstractHash and Salt are functioning * correctly. */ @Test public void whenPasswordIsGeneratedTheCredentialsShouldMatch() { final CredentialsMatcher matcher = new SecurityModule(null).matcher(); final String salt = "abc"; final String plainPassword = "password"; final String hashedPassword = new UserFactory().hashPassword(plainPassword, salt); final AuthenticationInfo info = new SimpleAccount("admin", hashedPassword, SaltTool.getFullSalt(salt), "testrealm"); final AuthenticationToken token = new UsernamePasswordToken("admin", plainPassword); assertThat(matcher.doCredentialsMatch(token, info), is(true)); }
protected static void setupShiro() { IniSecurityManagerFactory factory = new IniSecurityManagerFactory(); // ("classpath:shiro.ini"); DefaultSecurityManager dsm = (DefaultSecurityManager) factory.getInstance(); passwordService = (DefaultPasswordService) factory.getBeans().get("passwordService"); passwordMatcher = (CredentialsMatcher) factory.getBeans().get("passwordMatcher"); setSecurityManager(dsm); }
public void setAuthzCredentialsMatcher(CredentialsMatcher authzCredentialsMatcher) { this.authzCredentialsMatcher = authzCredentialsMatcher; }
public void setResourcesCredentialsMatcher(CredentialsMatcher resourcesCredentialsMatcher) { this.resourcesCredentialsMatcher = resourcesCredentialsMatcher; }
public ShiroDbRealm(CacheManager cacheManager, CredentialsMatcher matcher) { super(cacheManager, matcher); }
public SimpleAuthorizingRealm(CacheManager cacheManager, CredentialsMatcher matcher) { super(cacheManager, matcher); setAuthenticationTokenClass(SimpleShiroToken.class); // 非常非常重要,与SecurityUtils.getSubject().login是对应关系!!! }
public SimpleAuthorizingRealm(CredentialsMatcher matcher) { this(null, matcher); }
@Bean(name="credentialsMatcher") public CredentialsMatcher credentialsMatcher(){ return new PasswordMatcher(); }
public NutDaoRealm(CacheManager cacheManager, CredentialsMatcher matcher) { super(cacheManager, matcher); setAuthenticationTokenClass(UsernamePasswordToken.class); }
public NutDaoRealm(CredentialsMatcher matcher) { this(null, matcher); }
private AnonymousCredentialsMatcher(CredentialsMatcher matcher) { _matcher = checkNotNull(matcher, "matcher"); }
public static AnonymousCredentialsMatcher anonymousOrMatchUsing(CredentialsMatcher matcher) { return new AnonymousCredentialsMatcher(matcher); }
public AuthorizingRealm(CredentialsMatcher matcher) { this(null, matcher); }
public AuthenticatingRealm(CredentialsMatcher matcher) { this(null, matcher); }
public Realm( CredentialsMatcher matcher ) { super(new AllowAllCredentialsMatcher()); setPermissionResolver(new CustomPermissionResolver()); }
public Realm( CacheManager cacheManager, CredentialsMatcher matcher ) { super(cacheManager, new AllowAllCredentialsMatcher()); setPermissionResolver( new CustomPermissionResolver() ); setCachingEnabled(true); setAuthenticationCachingEnabled(true); }
/** * Returns the <code>CredentialsMatcher</code> used during an authentication attempt to verify submitted * credentials with those stored in the system. * <p/> * <p>Unless overridden by the {@link #setCredentialsMatcher setCredentialsMatcher} method, the default * value is a {@link org.apache.shiro.authc.credential.SimpleCredentialsMatcher SimpleCredentialsMatcher} instance. * * @return the <code>CredentialsMatcher</code> used during an authentication attempt to verify submitted * credentials with those stored in the system. */ public CredentialsMatcher getCredentialsMatcher() { return credentialsMatcher; }
/** * Sets the CrendialsMatcher used during an authentication attempt to verify submitted credentials with those * stored in the system. The implementation of this matcher can be switched via configuration to * support any number of schemes, including plain text comparisons, hashing comparisons, and others. * <p/> * <p>Unless overridden by this method, the default value is a * {@link org.apache.shiro.authc.credential.SimpleCredentialsMatcher} instance. * * @param credentialsMatcher the matcher to use. */ public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) { this.credentialsMatcher = credentialsMatcher; }
/** * Creates an instance with the specified {@link CredentialsMatcher} and {@link UserSecurityDAO}. * Calls {@link AuthorizingRealm#AuthorizingRealm(org.apache.shiro.authc.credential.CredentialsMatcher)} * passing in {@code matcher}. If {@code userSecurityDAO} is not null, it is set via {@link #setUserSecurityDAO(io.ifar.security.dao.UserSecurityDAO)}}. * * @param matcher the {@link CredentialsMatcher} to use for authenticating users. * @param userSecurityDAO the {@link UserSecurityDAO} to use for looking up {@link io.ifar.security.dao.jdbi.DefaultUserImpl}s. */ public JdbiShiroRealm(CredentialsMatcher matcher, UserSecurityDAO userSecurityDAO) { super(matcher); this.userSecurityDAO = userSecurityDAO; }