Examples of org.apache.shiro.authc.AuthenticationInfo

org.apache.shiro.authc.AuthenticationInfo
AuthenticationInfo represents a Subject's (aka user's) stored account information relevant to the authentication/log-in process only.
It is important to understand the differnce between this interface and the {@link AuthenticationToken AuthenticationToken} interface. AuthenticationInfo implementationsrepresent already-verified and stored account data, whereas an AuthenticationToken represents data submitted for any given login attempt (which may or may not successfully match the verified and stored account AuthenticationInfo).
Because the act of authentication (log-in) is orthoganal to authorization (access control), this interface is intended to represent only the account data needed by Shiro during an authentication attempt. Shiro also has a parallel {@link org.apache.shiro.authz.AuthorizationInfo AuthorizationInfo} interface for use during theauthorization process that references access control data such as roles and permissions.
But because many if not most {@link org.apache.shiro.realm.Realm Realm}s store both sets of data for a Subject, it might be convenient for a Realm implementation to utilize an implementation of the {@link Account Account}interface instead, which is a convenience interface that combines both AuthenticationInfo and AuthorizationInfo. Whether you choose to implement these two interfaces separately or implement the one Account interface for a given Realm is entirely based on your application's needs or your preferences.

Pleae note: Since Shiro sometimes logs authentication operations, please ensure your AuthenticationInfo's toString() implementation does not print out account credentials (password, etc), as these might be viewable to someone reading your logs. This is good practice anyway, and account credentials should rarely (if ever) be printed out for any reason. If you're using Shiro's default implementations of this interface, they only ever print the account {@link #getPrincipals() principals}, so you do not need to do anything additional.
@author Jeremy Haile @author Les Hazlewood @see org.apache.shiro.authz.AuthorizationInfo AuthorizationInfo @see Account @since 0.9

    final User blueUser = mock(User.class);
    when(blueUser.getUserId()).thenReturn("joe");
    when(redUserManager.getUser("joe")).thenReturn(redUser);
    when(blueUserManager.getUser("joe")).thenReturn(blueUser);


    final AuthenticationInfo auinfo = testSubject.getAuthenticationInfo(new RutAuthAuthenticationToken("Some-Header",
        "joe", "localhost"));


    assertThat(auinfo, notNullValue());
    assertThat(auinfo.getPrincipals().getPrimaryPrincipal().toString(), equalTo("joe"));
    assertThat(auinfo.getPrincipals().getRealmNames(), hasItems("RED", "BLUE"));
  }

View Full Code Here

    final User redUser = mock(User.class);
    when(redUser.getUserId()).thenReturn("joe");
    when(redUserManager.getUser("joe")).thenReturn(redUser);
    when(blueUserManager.getUser("joe")).thenThrow(UserNotFoundException.class);


    final AuthenticationInfo auinfo = testSubject.getAuthenticationInfo(new RutAuthAuthenticationToken("Some-Header",
        "joe", "localhost"));


    assertThat(auinfo, notNullValue());
    assertThat(auinfo.getPrincipals().getPrimaryPrincipal().toString(), equalTo("joe"));
    assertThat(auinfo.getPrincipals().getRealmNames(), hasItems("RED"));
  }

View Full Code Here

  public void testSuccessfulAuthentication()
      throws Exception
  {
    final Realm realm = this.lookup(Realm.class, "LdapAuthenticatingRealm");
    final UsernamePasswordToken upToken = new UsernamePasswordToken("brianf", "brianf123");
    final AuthenticationInfo ai = realm.getAuthenticationInfo(upToken);
    assertEquals("brianf123".toCharArray(), ai.getCredentials());
  }

View Full Code Here

  public void testAuthenticate()
      throws Exception
  {
    KenaiRealm kenaiRealm = this.getRealm();


    AuthenticationInfo info = kenaiRealm.getAuthenticationInfo(new UsernamePasswordToken(username, password));
    Assert.assertNotNull(info);
  }

View Full Code Here

  public void testSuccessfulAuthentication()
      throws Exception
  {


    final UsernamePasswordToken upToken = new UsernamePasswordToken("brianf", "brianf123");
    final AuthenticationInfo ai = realm.getAuthenticationInfo(upToken);
    assertEquals("brianf123".toCharArray(), ai.getCredentials());
  }

View Full Code Here

              + "]");
        }


        try {
          // try to login
          AuthenticationInfo info = realm.getAuthenticationInfo(token);
          // just make sure are ducks are in a row
          // return the first successful login.
          if (info != null) {
            return info;
          }

View Full Code Here

  {
    buildTestAuthenticationConfig(CUser.STATUS_ACTIVE);


    UsernamePasswordToken upToken = new UsernamePasswordToken("username", "password");


    AuthenticationInfo ai = realm.getAuthenticationInfo(upToken);


    String password = new String((char[]) ai.getCredentials());


    assertThat(this.passwordService.passwordsMatch("password", password), is(true));
  }

View Full Code Here


    configurationManager.createUser(user, clearPassword, roles);


    UsernamePasswordToken upToken = new UsernamePasswordToken("testCreateWithPassowrdEmailUserId", clearPassword);


    AuthenticationInfo ai = realm.getAuthenticationInfo(upToken);


    String password = new String((char[]) ai.getCredentials());


    assertThat(this.passwordService.passwordsMatch(clearPassword, password), is(true));
  }

View Full Code Here

    String password = "password";
    String username = "username";
    buildLegacyTestAuthenticationConfig(password);


    UsernamePasswordToken upToken = new UsernamePasswordToken(username, password);
    AuthenticationInfo ai = realm.getAuthenticationInfo(upToken);
    CUser updatedUser = this.configurationManager.readUser(username);
    String hash = new String((char[]) ai.getCredentials());


    assertThat(this.passwordService.passwordsMatch(password, hash), is(true));
    assertThat(this.passwordService.passwordsMatch(password, updatedUser.getPassword()), is(true));
  }

View Full Code Here

   * @return true if credentials match, false otherwise
   */
  private boolean isValidCredentials(UsernamePasswordToken token, CUser user) {
    boolean credentialsValid = false;


    AuthenticationInfo info = this.createAuthenticationInfo(user);
    CredentialsMatcher matcher = this.getCredentialsMatcher();
    if (matcher != null) {
      if (matcher.doCredentialsMatch(token, info)) {
        credentialsValid = true;
      }

View Full Code Here

0 1 2 3 4 5

TOP

Related Classes of org.apache.shiro.authc.AuthenticationInfo

be.c4j.ee.security.realm.AuthenticationInfoBuilder

com.fengjing.framework.shiro.SimpleJdbcRealm

com.github.zhangkaitao.shiro.chapter2.authenticator.strategy.AtLeastTwoAuthenticatorStrategy

com.github.zhangkaitao.shiro.chapter2.authenticator.strategy.OnlyOneAuthenticatorStrategy

com.sonatype.security.ldap.realms.EnterpriseLdapRealmTest

lib.security.LocalAdminUserRealm

org.apache.airavata.security.userstore.JDBCUserStore

org.apache.airavata.security.userstore.LDAPUserStore

org.apache.isis.security.shiro.ShiroAuthenticatorOrAuthorizor

org.apache.shiro.authc.credential.AbstractHashedCredentialsMatcherTest

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.