Examples of org.apache.shiro.authc.UsernamePasswordToken

• org.apache.shiro.authc.UsernamePasswordToken
  sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html#PBEEx"> Java Cryptography Extension Reference Guide.

  To avoid this possibility of later memory access, the application developer should always call {@link #clear() clear()} after using the token to perform a login attempt.

  @author Jeremy Haile @author Les Hazlewood @since 0.1

    public void testIniFile() {
        IniRealm realm = new IniRealm();
        realm.setResourcePath("classpath:org/apache/shiro/realm/text/IniRealmTest.simple.ini");
        realm.init();
        assertTrue(realm.roleExists("admin"));
        UsernamePasswordToken token = new UsernamePasswordToken("user1", "user1");
        AuthenticationInfo info = realm.getAuthenticationInfo(token);
        assertNotNull(info);
        assertTrue(realm.hasRole(info.getPrincipals(), "admin"));
    }

    @Test
    public void testDefaultConfig() {
        Subject subject = SecurityUtils.getSubject();

        AuthenticationToken token = new UsernamePasswordToken("guest", "guest");
        subject.login(token);
        assertTrue(subject.isAuthenticated());
        assertTrue("guest".equals(subject.getPrincipal()));
        assertTrue(subject.hasRole("guest"));

    @Test
    public void testSubjectReuseAfterLogout() {

        Subject subject = SecurityUtils.getSubject();

        AuthenticationToken token = new UsernamePasswordToken("guest", "guest");
        subject.login(token);
        assertTrue(subject.isAuthenticated());
        assertTrue("guest".equals(subject.getPrincipal()));
        assertTrue(subject.hasRole("guest"));

        Session session = subject.getSession();
        Serializable firstSessionId = session.getId();

        session.setAttribute("key", "value");
        assertEquals(session.getAttribute("key"), "value");

        subject.logout();

        assertNull(subject.getSession(false));
        assertNull(subject.getPrincipal());
        assertNull(subject.getPrincipals());

        subject.login(new UsernamePasswordToken("lonestarr", "vespa"));
        assertTrue(subject.isAuthenticated());
        assertTrue("lonestarr".equals(subject.getPrincipal()));
        assertTrue(subject.hasRole("goodguy"));

        assertNotNull(subject.getSession());

        sm.setRealm(new IniRealm(ini));
        SecurityUtils.setSecurityManager(sm);

        Subject subject = SecurityUtils.getSubject();

        AuthenticationToken token = new UsernamePasswordToken("guest", "guest");
        subject.login(token);
        subject.getSession().setAttribute("key", "value");
        assertTrue(subject.getSession().getAttribute("key").equals("value"));

        subject = SecurityUtils.getSubject();

        return createToken(username, password, rememberMe, host);
    }

    protected AuthenticationToken createToken(String username, String password,
                                              boolean rememberMe, String host) {
        return new UsernamePasswordToken(username, password, rememberMe, host);
    }

        subject.logout();
    }


    private void loginAsGuest() {
        subject.login(new UsernamePasswordToken("john", "doe"));
    }

    private void loginAsGuest() {
        subject.login(new UsernamePasswordToken("john", "doe"));
    }

    private void loginAsUser() {
        subject.login(new UsernamePasswordToken("joe", "bob"));
    }

    private void loginAsUser() {
        subject.login(new UsernamePasswordToken("joe", "bob"));
    }

    private void loginAsAdmin() {
        subject.login(new UsernamePasswordToken("root", "secret"));
    }

        //Session session = currentUser.getSession();
        if ( !currentUser.isAuthenticated() ) {
            //collect user principals and credentials in a gui specific manner
            //such as username/password html form, X509 certificate, OpenID, etc.
            //We'll use the username/password example here since it is the most common.
            UsernamePasswordToken token = new UsernamePasswordToken("testuserdynamic", "doesthiswork");

            //this is all you have to do to support 'remember me' (no config - built in!):
            //token.setRememberMe(false);

            try {
                currentUser.login(token);
                //if no exception, that's it, we're done!
                log.info("username logged in is: " + token.getUsername());
            } catch ( UnknownAccountException uae ) {
                //username wasn't in the system, show them an error message?
              log.info("Username wasn't in the system");
            } catch ( IncorrectCredentialsException ice ) {
                //password didn't match, try again?

  @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
            throws AuthenticationException {
        UsernamePasswordToken upToken = (UsernamePasswordToken) token;
        //System.out.println("Is log.isDebugEnabled()? " + log.isDebugEnabled());
        String username = upToken.getUsername();
        System.out.print("submitted username is: " + username);
        System.out.println(", submitted password is: " + upToken.getPassword().toString());
        checkNotNull(username, "Null usernames are not allowed by this realm.");
        String password = null;
        //try {
          User user =  UserService.getUser(username);
          password = user.getPasswordEnc();