You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Henry Suryawirawan <he...@gmail.com> on 2010/05/04 16:49:26 UTC
Get AuthenticationInfo From Subject
Hi,
Is there a way to retrieve the AuthenticationInfo from the current Subject?
I have a scenario in which when the user logs in, if his password is about
to expire, the system can forward the user to a change password screen
automatically after login.
Currently what I've done is to extend SimpleAccount and add some properties
to indicate the expiring status which is populated in my custom Realm.
However, in the filter (onLoginSuccess), how can I read this information
since I can only get the Subject object.
Is there any other way to implement this scenario?
Thanks.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Get-AuthenticationInfo-From-Subject-tp5003710p5003710.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Get AuthenticationInfo From Subject
Posted by Henry Suryawirawan <he...@gmail.com>.
btw, this is not actually an ExpiredPasswordException.
i would call it ExpiringPasswordException since actually the password hasn't
been expired.
the system would only give a reminder to the user to change the password.
he might or might not change the password after the login.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Get-AuthenticationInfo-From-Subject-tp5003710p5006358.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Get AuthenticationInfo From Subject
Posted by Les Hazlewood <lh...@apache.org>.
Glad it worked!
Cheers,
Les
On Sun, May 9, 2010 at 4:33 PM, Henry Suryawirawan <he...@gmail.com> wrote:
>
> I opt for the session approach and it works fine for my scenario.
> Thanks for your advice.
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Get-AuthenticationInfo-From-Subject-tp5003710p5028200.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>
Re: Get AuthenticationInfo From Subject
Posted by Henry Suryawirawan <he...@gmail.com>.
I opt for the session approach and it works fine for my scenario.
Thanks for your advice.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Get-AuthenticationInfo-From-Subject-tp5003710p5028200.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Get AuthenticationInfo From Subject
Posted by Les Hazlewood <lh...@apache.org>.
The AuthenticationInfo contains two things: Principals and
Credentials. The credentials are only used to verify identity. But
all of the principals across all realms are aggregated into the
Subject and are available as Subject.getPrincipals(), so anything you
put in the principals can be accessed later on. You could have one of
those principals represent the data indicating to ask them to update
their password.
Another easy approach is to just put that flag/token/whatever in the
session (Subject.getSession()), check it after log-in, and if present,
redirect them to the reset password page. Then remove the token from
the session once they've updated their password. That could probably
work as well.
How about those two approaches?
- Les
On Tue, May 4, 2010 at 4:13 PM, Henry Suryawirawan <he...@gmail.com> wrote:
>
> hmm yeah that might work.
> however, the user has the option of continuing using the system without
> updating the password.
> i think it would then break the logic, since subsequent login will also
> throw the ExpiredPasswordException.
>
> do you have any other idea how to solve this problem?
>
> btw, is it confirmed that we cannot retrieve the AuthenticationInfo from a
> Subject?
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Get-AuthenticationInfo-From-Subject-tp5003710p5006311.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>
Re: Get AuthenticationInfo From Subject
Posted by Henry Suryawirawan <he...@gmail.com>.
hmm yeah that might work.
however, the user has the option of continuing using the system without
updating the password.
i think it would then break the logic, since subsequent login will also
throw the ExpiredPasswordException.
do you have any other idea how to solve this problem?
btw, is it confirmed that we cannot retrieve the AuthenticationInfo from a
Subject?
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Get-AuthenticationInfo-From-Subject-tp5003710p5006311.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Get AuthenticationInfo From Subject
Posted by Les Hazlewood <lh...@apache.org>.
I've handled this in the past by throwing an AuthenticationException
subclass from my realm - something like a ExpiredPasswordException.
Then if the subject.login call catches that exception, it forwards the
user to the change password screen. After hitting submit, and the
change password process is successful, I'll immediately call
subject.login again in that screen's controller to log them in
automatically under the new password.
That always seemed to work well for me.
- Les
On Tue, May 4, 2010 at 7:49 AM, Henry Suryawirawan <he...@gmail.com> wrote:
>
> Hi,
>
> Is there a way to retrieve the AuthenticationInfo from the current Subject?
>
> I have a scenario in which when the user logs in, if his password is about
> to expire, the system can forward the user to a change password screen
> automatically after login.
> Currently what I've done is to extend SimpleAccount and add some properties
> to indicate the expiring status which is populated in my custom Realm.
>
> However, in the filter (onLoginSuccess), how can I read this information
> since I can only get the Subject object.
>
> Is there any other way to implement this scenario?
>
> Thanks.
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Get-AuthenticationInfo-From-Subject-tp5003710p5003710.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>