You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tapestry.apache.org by csckid <te...@gmail.com> on 2011/12/29 08:01:04 UTC

shiro authentication

I am stuck with authenticating user from database table.

In this function doGetAuthenticationInfo() don't we need to set the Subject?

What is the purpose of SimpleAuthenticationInfo?

package com.kids.crm.services;

import java.util.HashSet;
import java.util.Set;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AccountException;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.SimpleByteSource;
import org.apache.tapestry5.ioc.annotations.Inject;
import org.springframework.beans.factory.annotation.Autowired;

import com.kids.crm.dao.DatabaseDao;
import com.kids.crm.dao.UserAccountDao;
import com.kids.crm.dao.impl.UserAccountDaoImpl;
import com.kids.crm.db.Role;
import com.kids.crm.db.UserAccount;


public class UserRealm extends AuthorizingRealm {
	@Inject UserAccountDao userAccountDao;
	public UserRealm() {
		setName("localaccounts");
		setAuthenticationTokenClass(UsernamePasswordToken.class);
	}

	private UserAccount findByUsername(String userName) {
		return (UserAccount) userAccountDao.getUserByUserName(userName);
	}

	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken
token) throws AuthenticationException {
		//Subject currentUser = SecurityUtils.getSubject();
		UsernamePasswordToken upToken = (UsernamePasswordToken) token;
	
			String username = upToken.getUsername();
			upToken.setRememberMe(true);
			// Null username is invalid
			if (username == null) { throw new AccountException("Null usernames are
not allowed by this realm."); }			
			UserAccount user = findByUsername(username);

		return new SimpleAuthenticationInfo(username, user.getEncodedPassword(),
new SimpleByteSource(user.getPasswordSalt()), getName());
	}

}


--
View this message in context: http://tapestry.1045711.n5.nabble.com/shiro-authentication-tp5106945p5106945.html
Sent from the Tapestry - User mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org

Re: shiro authentication

Posted by Kalle Korhonen <ka...@gmail.com>.

On Wed, Dec 28, 2011 at 11:01 PM, csckid <te...@gmail.com> wrote:
> I am stuck with authenticating user from database table.
> In this function doGetAuthenticationInfo() don't we need to set the Subject?
> What is the purpose of SimpleAuthenticationInfo?

No better source for answers than [Shiro's javadoc][1].
doGetAuthenticationInfo() returns an AuthenticationInfo. A
SimpleAuthenticationInfo is an implementation of AuthenticationInfo.
[Subject][2] "represents state and security operations for a single
application user" as the javadoc states, so no, we don't set the
subject here, but the framework repeatedly sets it up for each
request. The purpose of the (Simple)[AuthenticationInfo][3] is to
represent "a Subject's (aka user's) stored account information
relevant to the authentication/log-in process only". The realm's
responsibility is to create an AuthenticationInfo (if the user is
found) and the CredentialsMatcher then compares the
AuthenticationToken to AuthenticationInfo to detemine whether the
given credentials are valid or not.

You don't explain how you "are stuck", but assuming your
findByUsername() returns an appropriate UserAccount, you probably
don't have the right CredentialsMatcher configured. Perhaps you need
to [set a HashedCredentialsMatcher to your realm][4].

  [1]: http://shiro.apache.org/static/current/apidocs/org/apache/shiro/realm/AuthenticatingRealm.html
  [2]: http://shiro.apache.org/static/current/apidocs/org/apache/shiro/subject/Subject.html
  [3]: http://shiro.apache.org/static/current/apidocs/org/apache/shiro/authc/AuthenticationInfo.html
  [4]: http://shiro.apache.org/static/current/apidocs/org/apache/shiro/realm/AuthenticatingRealm.html#setCredentialsMatcher%28org.apache.shiro.authc.credential.CredentialsMatcher%29

Kalle

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org