Examples of org.apache.shiro.authc.AuthenticationToken

org.apache.shiro.authc.AuthenticationToken

An AuthenticationToken is a consolidation of an account's principals and supporting credentials submitted by a user during an authentication attempt.

The token is submitted to an {@link Authenticator Authenticator} via the{@link Authenticator#authenticate(AuthenticationToken) authenticate(token)} method. TheAuthenticator then executes the authentication/log-in process.

Common implementations of an AuthenticationToken would have username/password pairs, X.509 Certificate, PGP key, or anything else you can think of. The token can be anything needed by an {@link Authenticator} to authenticate properly.

Because applications represent user data and credentials in different ways, implementations of this interface are application-specific. You are free to acquire a user's principals and credentials however you wish (e.g. web form, Swing form, fingerprint identification, etc) and then submit them to the Shiro framework in the form of an implementation of this interface.

If your application's authentication process is username/password based (like most), instead of implementing this interface yourself, take a look at the {@link UsernamePasswordToken UsernamePasswordToken} class, as it is probably sufficient for your needs.

RememberMe services are enabled for a token if they implement a sub-interface of this one, called {@link RememberMeAuthenticationToken RememberMeAuthenticationToken}. Implement that interfac if you need RememberMe services (the UsernamePasswordToken already implements this interface).

If you are familiar with JAAS, an AuthenticationToken replaces the concept of a {@link javax.security.auth.callback.Callback}, and defines meaningful behavior (Callback is just a marker interface, and of little use). We also think the name AuthenticationToken more accurately reflects its true purpose in a login framework, whereas Callback is less obvious. @author Les Hazlewood @see RememberMeAuthenticationToken @see HostAuthenticationToken @see UsernamePasswordToken @since 0.1

    @Test
    public void testSubjectReuseAfterLogout() {


        Subject subject = SecurityUtils.getSubject();


        AuthenticationToken token = new UsernamePasswordToken("guest", "guest");
        subject.login(token);
        assertTrue(subject.isAuthenticated());
        assertTrue("guest".equals(subject.getPrincipal()));
        assertTrue(subject.hasRole("guest"));

View Full Code Here

        sm.setRealm(new IniRealm(ini));
        SecurityUtils.setSecurityManager(sm);


        Subject subject = SecurityUtils.getSubject();


        AuthenticationToken token = new UsernamePasswordToken("guest", "guest");
        subject.login(token);
        subject.getSession().setAttribute("key", "value");
        assertTrue(subject.getSession().getAttribute("key").equals("value"));


        subject = SecurityUtils.getSubject();

View Full Code Here

public abstract class AuthenticatingFilter extends AuthenticationFilter {


    //TODO - complete JavaDoc


    protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception {
        AuthenticationToken token = createToken(request, response);
        if (token == null) {
            String msg = "createToken method implementation returned null. A valid non-null AuthenticationToken " +
                    "must be created in order to execute a login attempt.";
            throw new IllegalStateException(msg);
        }

View Full Code Here

        HttpServletResponse response = createMock(HttpServletResponse.class);
        
        replay(request);
        replay(response);
        
    AuthenticationToken token = testFilter.createToken(request, response);
    assertNotNull(token);
    assertTrue("Token is not a username and password token.", token instanceof UsernamePasswordToken);
    assertEquals("", token.getPrincipal());
    
    verify(request);
    verify(response);
    }

View Full Code Here

        HttpServletResponse response = createMock(HttpServletResponse.class);
        
        replay(request);
        replay(response);
        
    AuthenticationToken token = testFilter.createToken(request, response);
    assertNotNull(token);
    assertTrue("Token is not a username and password token.", token instanceof UsernamePasswordToken);
    assertEquals("", token.getPrincipal());
    
    verify(request);
    verify(response);
    }

View Full Code Here

        HttpServletResponse response = createMock(HttpServletResponse.class);
        
        replay(request);
        replay(response);
        
    AuthenticationToken token = testFilter.createToken(request, response);
    assertNotNull(token);
    assertTrue("Token is not a username and password token.", token instanceof UsernamePasswordToken);
    
    UsernamePasswordToken upToken = (UsernamePasswordToken) token;
    assertEquals("pedro", upToken.getUsername());

View Full Code Here

    public String resolveHost() {
        String host = getHost();


        if (host == null) {
            //check to see if there is an AuthenticationToken from which to retrieve it:
            AuthenticationToken token = getAuthenticationToken();
            if (token instanceof HostAuthenticationToken) {
                host = ((HostAuthenticationToken) token).getHost();
            }
        }

View Full Code Here

@ApplicationScoped
public class AuthenticationService {


    public boolean reauthenticate(String password) {
        UserPrincipal principal = (UserPrincipal) SecurityUtils.getSubject().getPrincipal();
        AuthenticationToken token = new UsernamePasswordToken(principal.getUserName(), password);
        boolean result = true;
        try {
            SecurityUtils.getSecurityManager().authenticate(token);
        } catch (AuthenticationException e) {
            result = false;

View Full Code Here

    public AuthenticationSession authenticate(final AuthenticationRequest request, final String code) {
        RealmSecurityManager securityManager = getSecurityManager();
        if(securityManager == null) {
            return null;
        }
        final AuthenticationToken token = asAuthenticationToken(request);
        
        Subject currentUser = SecurityUtils.getSubject();
        if(currentUser.isAuthenticated()) {
            // TODO: verify the code passed in that this session is still alive?

View Full Code Here

        this.realm.setGroupRolesMap(Collections.singletonMap("Users", ROLE_NAME));
    }


    @Test
    public void testValidUsernamePassword() {
        AuthenticationToken token = new UsernamePasswordToken(getCurrentUserName(), "somePassword");
        AuthenticationInfo authcInfo = this.realm.getAuthenticationInfo(token);
        PrincipalCollection principals = authcInfo.getPrincipals();
        assertFalse(principals.isEmpty());
        Object primaryPrincipal = principals.getPrimaryPrincipal();
        assertNotNull(primaryPrincipal);

View Full Code Here

0 1 2 3 4 5

TOP

Related Classes of org.apache.shiro.authc.AuthenticationToken

be.c4j.ee.security.service.AuthenticationService

com.google.code.lightssh.project.web.action.GenericAction

org.apache.activemq.shiro.authc.AuthenticationFilter

org.apache.airavata.security.userstore.JDBCUserStore

org.apache.airavata.security.userstore.LDAPUserStore

org.apache.isis.security.shiro.ShiroAuthenticatorOrAuthorizor

org.apache.shiro.authc.credential.AbstractHashedCredentialsMatcherTest

org.apache.shiro.authc.credential.HashedCredentialsMatcherTest

org.apache.shiro.cas.CasSubjectFactory

org.apache.shiro.guice.ShiroModuleTest

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.