Examples of org.apache.shiro.authc.AuthenticationInfo

org.apache.shiro.authc.AuthenticationInfo
AuthenticationInfo represents a Subject's (aka user's) stored account information relevant to the authentication/log-in process only.
It is important to understand the differnce between this interface and the {@link AuthenticationToken AuthenticationToken} interface. AuthenticationInfo implementationsrepresent already-verified and stored account data, whereas an AuthenticationToken represents data submitted for any given login attempt (which may or may not successfully match the verified and stored account AuthenticationInfo).
Because the act of authentication (log-in) is orthoganal to authorization (access control), this interface is intended to represent only the account data needed by Shiro during an authentication attempt. Shiro also has a parallel {@link org.apache.shiro.authz.AuthorizationInfo AuthorizationInfo} interface for use during theauthorization process that references access control data such as roles and permissions.
But because many if not most {@link org.apache.shiro.realm.Realm Realm}s store both sets of data for a Subject, it might be convenient for a Realm implementation to utilize an implementation of the {@link Account Account}interface instead, which is a convenience interface that combines both AuthenticationInfo and AuthorizationInfo. Whether you choose to implement these two interfaces separately or implement the one Account interface for a given Realm is entirely based on your application's needs or your preferences.

Pleae note: Since Shiro sometimes logs authentication operations, please ensure your AuthenticationInfo's toString() implementation does not print out account credentials (password, etc), as these might be viewable to someone reading your logs. This is good practice anyway, and account credentials should rarely (if ever) be printed out for any reason. If you're using Shiro's default implementations of this interface, they only ever print the account {@link #getPrincipals() principals}, so you do not need to do anything additional.
@author Jeremy Haile @author Les Hazlewood @see org.apache.shiro.authz.AuthorizationInfo AuthorizationInfo @see Account @since 0.9

    }


    public AuthenticationInfo build() {
        UserPrincipal principal = new UserPrincipal(principalId, userName, name);
        principal.addUserInfo(userInfo);
        AuthenticationInfo result;
        if (salt == null) {
            result = new SimpleAuthenticationInfo(principal, password, realmName);
        } else {
            result = new SimpleAuthenticationInfo(principal, password, salt, realmName);
        }

View Full Code Here

        final Collection<Realm> realms = securityManager.getRealms();
        for (final Realm realm : realms) {
            if(!realm.supports(token)) {
                continue;
            }
            final AuthenticationInfo authenticationInfo = realm.getAuthenticationInfo(token);
            if(authenticationInfo instanceof AuthorizationInfo) {
                final AuthorizationInfo authorizationInfo = (AuthorizationInfo) authenticationInfo;
                final Collection<String> realmRoles = authorizationInfo.getRoles();
                for (final String role : realmRoles) {
                    roles.add(realm.getName() + ":" + role);

View Full Code Here

    }


    @Test
    public void testValidUsernamePassword() {
        AuthenticationToken token = new UsernamePasswordToken(getCurrentUserName(), "somePassword");
        AuthenticationInfo authcInfo = this.realm.getAuthenticationInfo(token);
        PrincipalCollection principals = authcInfo.getPrincipals();
        assertFalse(principals.isEmpty());
        Object primaryPrincipal = principals.getPrimaryPrincipal();
        assertNotNull(primaryPrincipal);
        Assertions.assertThat(primaryPrincipal).isInstanceOf(WaffleFqnPrincipal.class);
        WaffleFqnPrincipal fqnPrincipal = (WaffleFqnPrincipal) primaryPrincipal;
        Assertions.assertThat(fqnPrincipal.getFqn()).isEqualTo(getCurrentUserName());
        Assertions.assertThat(fqnPrincipal.getGroupFqns()).contains("Users", "Everyone");
        Object credentials = authcInfo.getCredentials();
        Assertions.assertThat(credentials).isInstanceOf(char[].class);
        Assertions.assertThat(credentials).isEqualTo("somePassword".toCharArray());
        assertTrue(this.realm.hasRole(principals, ROLE_NAME));
    }

View Full Code Here


    private IWindowsAuthProvider provider   = new WindowsAuthProviderImpl();


    @Override
    protected final AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken authToken) {
        AuthenticationInfo authenticationInfo = null;
        if (authToken instanceof UsernamePasswordToken) {
            final UsernamePasswordToken token = (UsernamePasswordToken) authToken;
            final String username = token.getUsername();
            IWindowsIdentity identity = null;
            try {

View Full Code Here

        }
        return authenticationInfo;
    }


    private AuthenticationInfo buildAuthenticationInfo(final UsernamePasswordToken token, final Object principal) {
        AuthenticationInfo authenticationInfo;
        final HashingPasswordService hashService = getHashService();
        if (hashService != null) {
            final Hash hash = hashService.hashPassword(token.getPassword());
            final ByteSource salt = hash.getSalt();
            authenticationInfo = new SimpleAuthenticationInfo(principal, hash, salt, REALM_NAME);

View Full Code Here

        if (username == null) {
            throw new AccountException("Null usernames are not allowed by this realm.");
        }


        Connection conn = null;
        AuthenticationInfo info = null;
        try {
            conn = dataSource.getConnection();


            String password = getPasswordForUser(conn, username);

View Full Code Here

0 1 2 3 4 5

TOP

Related Classes of org.apache.shiro.authc.AuthenticationInfo

be.c4j.ee.security.realm.AuthenticationInfoBuilder

com.fengjing.framework.shiro.SimpleJdbcRealm

com.github.zhangkaitao.shiro.chapter2.authenticator.strategy.AtLeastTwoAuthenticatorStrategy

com.github.zhangkaitao.shiro.chapter2.authenticator.strategy.OnlyOneAuthenticatorStrategy

com.sonatype.security.ldap.realms.EnterpriseLdapRealmTest

lib.security.LocalAdminUserRealm

org.apache.airavata.security.userstore.JDBCUserStore

org.apache.airavata.security.userstore.LDAPUserStore

org.apache.isis.security.shiro.ShiroAuthenticatorOrAuthorizor

org.apache.shiro.authc.credential.AbstractHashedCredentialsMatcherTest

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.