You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by ming hsieh <xi...@gmail.com> on 2012/12/10 03:27:15 UTC
Dynamic strategy reconfiguration
Hi Shiro
I have a written a small test program:
public class ShiroTest {
private static final transient Logger log =
LoggerFactory.getLogger(ShiroTest.class);
public static void main(String[] args) {
log.info("My First Apache Shiro Application");
SecurityManager securityManager = null;
securityManager = new DefaultSecurityManager(useTextRealm());
SecurityUtils.setSecurityManager(securityManager);
doLogin("admin", "admin");
List<Realm> realms = new ArrayList<Realm>();
realms.add(useTextRealm());
realms.add(useTextRealm2());
securityManager = new DefaultSecurityManager(realms);
SecurityUtils.setSecurityManager(securityManager);
RealmSecurityManager rsm = (RealmSecurityManager)
SecurityUtils.getSecurityManager();
log.info("{} realm size", rsm.getRealms().size());
DefaultSecurityManager dsm = (DefaultSecurityManager)
SecurityUtils.getSecurityManager();
dsm.setAuthenticator(new ModularRealmAuthenticator());
ModularRealmAuthenticator mra = (ModularRealmAuthenticator)
dsm.getAuthenticator();
log.info("{} realm authenticator", dsm.getAuthenticator());
mra.setAuthenticationStrategy(new AllSuccessfulStrategy());
log.info("{} authentication strategy",
mra.getAuthenticationStrategy());
doLogin("admin", "admin");
}
private static SimpleAccountRealm useTextRealm() {
SimpleAccountRealm simpleRealm = new SimpleAccountRealm();
simpleRealm.addAccount("admin", "admin");
return simpleRealm;
}
private static SimpleAccountRealm useTextRealm2() {
SimpleAccountRealm simpleRealm = new SimpleAccountRealm();
simpleRealm.addAccount("admin", "admin2");
return simpleRealm;
}
private static void doLogin(String username, String password) {
// get the currently executing user:
Subject currentUser = SecurityUtils.getSubject();
// Do some stuff with a Session (no need for a web or EJB
container!!!)
Session session = currentUser.getSession();
session.setAttribute("someKey", "aValue");
String value = (String) session.getAttribute("someKey");
if (value.equals("aValue")) {
log.info("Retrieved the correct value! [" + value + "]");
}
// let's login the current user so we can check against roles and
permissions:
if (!currentUser.isAuthenticated()) {
UsernamePasswordToken token = new
UsernamePasswordToken(username, password);
try {
currentUser.login(token);
} catch (UnknownAccountException uae) {
log.info("There is no user with username of " +
token.getPrincipal());
return;
} catch (IncorrectCredentialsException ice) {
log.info("Password for account " + token.getPrincipal() + "
was incorrect!");
return;
} catch (LockedAccountException lae) {
log.info("The account for username " + token.getPrincipal()
+ " is locked. " +
"Please contact your administrator to unlock it.");
return;
} catch (AuthenticationException ae) {
log.error("authenticationexception;"+ae.getMessage());
return;
}
}
log.info("User [" + currentUser.getPrincipal() + "] logged in
successfully.");
log.info("someattribute;"+session.getAttribute("someKey"));
log.info("is user authenticated;"+currentUser.isAuthenticated());
//all done - log out!
currentUser.logout();
}
}
I am a newbie to Shiro so please help me to understand, thanks in advance.
Re: Dynamic strategy reconfiguration
Posted by Jared Bunting <ja...@peachjean.com>.
It is certainly possible...just don't create a new
ModularRealmAuthenticator - set the strategy on the one already there.
I'll have to look a bit more to answer the other question - my guess is
that something is getting reused that shouldn't be.
-Jared
On Dec 10, 2012 8:25 PM, "Ming Hsieh" <xi...@gmail.com> wrote:
> Hi Jared
>
> If I comment out the line
> dsm.setAuthenticator(new ModularRealmAuthenticator());
> and the first login attempt the example works as expected:
> org.apache.shiro.authc.pam.AllSuccessfulStrategy - Account successfully
> authenticated using realm [org.apache.shiro.realm.SimpleAccountRealm@19f953d
> ]
> ...
> org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm
> [org.apache.shiro.realm.SimpleAccountRealm@1fee6fc] threw an exception
> during a multi-realm authentication attempt:
> org.apache.shiro.authc.IncorrectCredentialsException: Submitted
> credentials for token [org.apache.shiro.authc.UsernamePasswordToken -
> admin, rememberMe=false] did not match the expected credentials.
>
> But if I include the first login attempt both login attempt passes:
> org.apache.shiro.authc.AbstractAuthenticator - Authentication successful
> for token [org.apache.shiro.authc.UsernamePasswordToken - admin,
> rememberMe=false]. Returned account [admin]
> ...
> example.ShiroTest - User [admin] logged in successfully.
>
> Does this mean that I cannot change the Authenticator and thus the
> Strategy dynamically?
>
> This is what I am trying to acheive:
> Initially the user sets up one realm for authentication then later he
> decides to add another realm and to also set the AuthenticationStrategy.
> All this without having to restart the program.
> Does this mean it is not possible with Shiro?
>
> Thanks for your help.
>
> Ming
>
>
>
> On Tue, Dec 11, 2012 at 2:10 AM, Jared Bunting <
> jared.bunting@peachjean.com> wrote:
>
>> Stupid Ctrl+Enter...
>>
>> Try:
>>
>>
>>
>> On Mon 10 Dec 2012 12:04:29 PM CST, Jared Bunting wrote:
>> >
>> > I believe that this will behave as you expect if you remove the line:
>> >
>> > dsm.setAuthenticator(new ModularRealmAuthenticator());
>> >
>> > The reason being that the security manager doesn't expect you to change
>> > out the authenticator after adding realms. This is really just an
>> > implementation detail of how the security manager is setup, but your
>> > new authenticator has no realms. Try:
>>
>> If you try using a debugger to look at "mra", you will see that the
>> "realms" field has an empty Collection (I believe).
>>
>>
>>
>
Re: Dynamic strategy reconfiguration
Posted by Ming Hsieh <xi...@gmail.com>.
Hi Jared
If I comment out the line
dsm.setAuthenticator(new ModularRealmAuthenticator());
and the first login attempt the example works as expected:
org.apache.shiro.authc.pam.AllSuccessfulStrategy - Account successfully
authenticated using realm [org.apache.shiro.realm.SimpleAccountRealm@19f953d
]
...
org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm
[org.apache.shiro.realm.SimpleAccountRealm@1fee6fc] threw an exception
during a multi-realm authentication attempt:
org.apache.shiro.authc.IncorrectCredentialsException: Submitted credentials
for token [org.apache.shiro.authc.UsernamePasswordToken - admin,
rememberMe=false] did not match the expected credentials.
But if I include the first login attempt both login attempt passes:
org.apache.shiro.authc.AbstractAuthenticator - Authentication successful
for token [org.apache.shiro.authc.UsernamePasswordToken - admin,
rememberMe=false]. Returned account [admin]
...
example.ShiroTest - User [admin] logged in successfully.
Does this mean that I cannot change the Authenticator and thus the Strategy
dynamically?
This is what I am trying to acheive:
Initially the user sets up one realm for authentication then later he
decides to add another realm and to also set the AuthenticationStrategy.
All this without having to restart the program.
Does this mean it is not possible with Shiro?
Thanks for your help.
Ming
On Tue, Dec 11, 2012 at 2:10 AM, Jared Bunting
<ja...@peachjean.com>wrote:
> Stupid Ctrl+Enter...
>
> Try:
>
>
>
> On Mon 10 Dec 2012 12:04:29 PM CST, Jared Bunting wrote:
> >
> > I believe that this will behave as you expect if you remove the line:
> >
> > dsm.setAuthenticator(new ModularRealmAuthenticator());
> >
> > The reason being that the security manager doesn't expect you to change
> > out the authenticator after adding realms. This is really just an
> > implementation detail of how the security manager is setup, but your
> > new authenticator has no realms. Try:
>
> If you try using a debugger to look at "mra", you will see that the
> "realms" field has an empty Collection (I believe).
>
>
>
Re: Dynamic strategy reconfiguration
Posted by Jared Bunting <ja...@peachjean.com>.
Stupid Ctrl+Enter...
Try:
On Mon 10 Dec 2012 12:04:29 PM CST, Jared Bunting wrote:
>
> I believe that this will behave as you expect if you remove the line:
>
> dsm.setAuthenticator(new ModularRealmAuthenticator());
>
> The reason being that the security manager doesn't expect you to change
> out the authenticator after adding realms. This is really just an
> implementation detail of how the security manager is setup, but your
> new authenticator has no realms. Try:
If you try using a debugger to look at "mra", you will see that the
"realms" field has an empty Collection (I believe).
>
>
> On Sun 09 Dec 2012 08:32:17 PM CST, ming hsieh wrote:
>>
>> Sorry about the previous message, I forgot to add what I wanted to ask.
>> Here is what I wanted to ask:
>> The second login attempt passes even though I specified
>> AllSuccessfulStrategy, why?
>> If I commented out the first few lines for the first login attempt the
>> second login attempt fails :
>> 2012-12-10 10:30:28,586 [main] INFO example.ShiroTest - My First
>> Apache Shiro Application
>> 2012-12-10 10:30:28,617 [main] INFO example.ShiroTest - 2 realm size
>> 2012-12-10 10:30:28,617 [main] INFO example.ShiroTest -
>> org.apache.shiro.authc.pam.ModularRealmAuthenticator@578088c0 realm
>> authenticator
>> 2012-12-10 10:30:28,617 [main] INFO example.ShiroTest -
>> org.apache.shiro.authc.pam.AllSuccessfulStrategy@5afec107
>> authentication strategy
>> 2012-12-10 10:30:28,617 [main] DEBUG
>> org.apache.shiro.session.mgt.AbstractValidatingSessionManager - No
>> sessionValidationScheduler set. Attempting to create default instance.
>> 2012-12-10 10:30:28,617 [main] INFO
>> org.apache.shiro.session.mgt.AbstractValidatingSessionManager -
>> Enabling session validation scheduler...
>> 2012-12-10 10:30:28,617 [main] DEBUG
>> org.apache.shiro.session.mgt.DefaultSessionManager - Creating new EIS
>> record for new session instance
>> [org.apache.shiro.session.mgt.SimpleSession,id=null]
>> 2012-12-10 10:30:28,648 [main] INFO example.ShiroTest - Retrieved the
>> correct value! [aValue]
>> 2012-12-10 10:30:28,648 [main] ERROR example.ShiroTest -
>> authenticationexception;Authentication failed for token submission
>> [org.apache.shiro.authc.UsernamePasswordToken - admin,
>> rememberMe=false]. Possible unexpected error? (Typical or expected
>> login exceptions should extend from AuthenticationException).
>> What does this mean?
>>
>> Thanks again
>>
>>
>>
>>
>> On Mon, Dec 10, 2012 at 10:27 AM, ming hsieh <xiemingzhi@gmail.com
>> <ma...@gmail.com>> wrote:
>>
>> Hi Shiro
>>
>> I have a written a small test program:
>>
>> public class ShiroTest {
>> private static final transient Logger log =
>> LoggerFactory.getLogger(ShiroTest.class);
>>
>> public static void main(String[] args) {
>> log.info <http://log.info>("My First Apache Shiro
>> Application");
>> SecurityManager securityManager = null;
>>
>> securityManager = new DefaultSecurityManager(useTextRealm());
>> SecurityUtils.setSecurityManager(securityManager);
>> doLogin("admin", "admin");
>>
>> List<Realm> realms = new ArrayList<Realm>();
>> realms.add(useTextRealm());
>> realms.add(useTextRealm2());
>> securityManager = new DefaultSecurityManager(realms);
>> SecurityUtils.setSecurityManager(securityManager);
>> RealmSecurityManager rsm = (RealmSecurityManager)
>> SecurityUtils.getSecurityManager();
>> log.info <http://log.info>("{} realm size",
>> rsm.getRealms().size());
>> DefaultSecurityManager dsm = (DefaultSecurityManager)
>> SecurityUtils.getSecurityManager();
>> dsm.setAuthenticator(new ModularRealmAuthenticator());
>> ModularRealmAuthenticator mra =
>> (ModularRealmAuthenticator) dsm.getAuthenticator();
>> log.info <http://log.info>("{} realm authenticator",
>> dsm.getAuthenticator());
>> mra.setAuthenticationStrategy(new AllSuccessfulStrategy());
>> log.info <http://log.info>("{} authentication strategy",
>> mra.getAuthenticationStrategy());
>> doLogin("admin", "admin");
>>
>> }
>>
>> private static SimpleAccountRealm useTextRealm() {
>> SimpleAccountRealm simpleRealm = new SimpleAccountRealm();
>> simpleRealm.addAccount("admin", "admin");
>> return simpleRealm;
>> }
>>
>> private static SimpleAccountRealm useTextRealm2() {
>> SimpleAccountRealm simpleRealm = new SimpleAccountRealm();
>> simpleRealm.addAccount("admin", "admin2");
>> return simpleRealm;
>> }
>>
>> private static void doLogin(String username, String password) {
>>
>> // get the currently executing user:
>> Subject currentUser = SecurityUtils.getSubject();
>>
>> // Do some stuff with a Session (no need for a web or EJB
>> container!!!)
>> Session session = currentUser.getSession();
>> session.setAttribute("someKey", "aValue");
>> String value = (String) session.getAttribute("someKey");
>> if (value.equals("aValue")) {
>> log.info <http://log.info>("Retrieved the correct
>> value! [" + value + "]");
>> }
>>
>> // let's login the current user so we can check against
>> roles and permissions:
>> if (!currentUser.isAuthenticated()) {
>> UsernamePasswordToken token = new
>> UsernamePasswordToken(username, password);
>> try {
>> currentUser.login(token);
>> } catch (UnknownAccountException uae) {
>> log.info <http://log.info>("There is no user with
>> username of " + token.getPrincipal());
>> return;
>> } catch (IncorrectCredentialsException ice) {
>> log.info <http://log.info>("Password for account "
>> + token.getPrincipal() + " was incorrect!");
>> return;
>> } catch (LockedAccountException lae) {
>> log.info <http://log.info>("The account for
>> username " + token.getPrincipal() + " is locked. " +
>> "Please contact your administrator to
>> unlock it.");
>> return;
>> } catch (AuthenticationException ae) {
>> log.error("authenticationexception;"+ae.getMessage());
>> return;
>> }
>> }
>>
>> log.info <http://log.info>("User [" +
>> currentUser.getPrincipal() + "] logged in successfully.");
>> log.info
>> <http://log.info>("someattribute;"+session.getAttribute("someKey"));
>> log.info <http://log.info>("is user
>> authenticated;"+currentUser.isAuthenticated());
>>
>> //all done - log out!
>> currentUser.logout();
>>
>> }
>>
>> }
>>
>>
>> I am a newbie to Shiro so please help me to understand, thanks in
>> advance.
>>
>>
>
>
>
Re: Dynamic strategy reconfiguration
Posted by Jared Bunting <ja...@peachjean.com>.
I believe that this will behave as you expect if you remove the line:
dsm.setAuthenticator(new ModularRealmAuthenticator());
The reason being that the security manager doesn't expect you to change
out the authenticator after adding realms. This is really just an
implementation detail of how the security manager is setup, but your
new authenticator has no realms. Try:
On Sun 09 Dec 2012 08:32:17 PM CST, ming hsieh wrote:
> Sorry about the previous message, I forgot to add what I wanted to ask.
> Here is what I wanted to ask:
> The second login attempt passes even though I specified
> AllSuccessfulStrategy, why?
> If I commented out the first few lines for the first login attempt the
> second login attempt fails :
> 2012-12-10 10:30:28,586 [main] INFO example.ShiroTest - My First
> Apache Shiro Application
> 2012-12-10 10:30:28,617 [main] INFO example.ShiroTest - 2 realm size
> 2012-12-10 10:30:28,617 [main] INFO example.ShiroTest -
> org.apache.shiro.authc.pam.ModularRealmAuthenticator@578088c0 realm
> authenticator
> 2012-12-10 10:30:28,617 [main] INFO example.ShiroTest -
> org.apache.shiro.authc.pam.AllSuccessfulStrategy@5afec107
> authentication strategy
> 2012-12-10 10:30:28,617 [main] DEBUG
> org.apache.shiro.session.mgt.AbstractValidatingSessionManager - No
> sessionValidationScheduler set. Attempting to create default instance.
> 2012-12-10 10:30:28,617 [main] INFO
> org.apache.shiro.session.mgt.AbstractValidatingSessionManager -
> Enabling session validation scheduler...
> 2012-12-10 10:30:28,617 [main] DEBUG
> org.apache.shiro.session.mgt.DefaultSessionManager - Creating new EIS
> record for new session instance
> [org.apache.shiro.session.mgt.SimpleSession,id=null]
> 2012-12-10 10:30:28,648 [main] INFO example.ShiroTest - Retrieved the
> correct value! [aValue]
> 2012-12-10 10:30:28,648 [main] ERROR example.ShiroTest -
> authenticationexception;Authentication failed for token submission
> [org.apache.shiro.authc.UsernamePasswordToken - admin,
> rememberMe=false]. Possible unexpected error? (Typical or expected
> login exceptions should extend from AuthenticationException).
> What does this mean?
>
> Thanks again
>
>
>
>
> On Mon, Dec 10, 2012 at 10:27 AM, ming hsieh <xiemingzhi@gmail.com
> <ma...@gmail.com>> wrote:
>
> Hi Shiro
>
> I have a written a small test program:
>
> public class ShiroTest {
> private static final transient Logger log =
> LoggerFactory.getLogger(ShiroTest.class);
>
> public static void main(String[] args) {
> log.info <http://log.info>("My First Apache Shiro
> Application");
> SecurityManager securityManager = null;
>
> securityManager = new DefaultSecurityManager(useTextRealm());
> SecurityUtils.setSecurityManager(securityManager);
> doLogin("admin", "admin");
>
> List<Realm> realms = new ArrayList<Realm>();
> realms.add(useTextRealm());
> realms.add(useTextRealm2());
> securityManager = new DefaultSecurityManager(realms);
> SecurityUtils.setSecurityManager(securityManager);
> RealmSecurityManager rsm = (RealmSecurityManager)
> SecurityUtils.getSecurityManager();
> log.info <http://log.info>("{} realm size",
> rsm.getRealms().size());
> DefaultSecurityManager dsm = (DefaultSecurityManager)
> SecurityUtils.getSecurityManager();
> dsm.setAuthenticator(new ModularRealmAuthenticator());
> ModularRealmAuthenticator mra =
> (ModularRealmAuthenticator) dsm.getAuthenticator();
> log.info <http://log.info>("{} realm authenticator",
> dsm.getAuthenticator());
> mra.setAuthenticationStrategy(new AllSuccessfulStrategy());
> log.info <http://log.info>("{} authentication strategy",
> mra.getAuthenticationStrategy());
> doLogin("admin", "admin");
>
> }
>
> private static SimpleAccountRealm useTextRealm() {
> SimpleAccountRealm simpleRealm = new SimpleAccountRealm();
> simpleRealm.addAccount("admin", "admin");
> return simpleRealm;
> }
>
> private static SimpleAccountRealm useTextRealm2() {
> SimpleAccountRealm simpleRealm = new SimpleAccountRealm();
> simpleRealm.addAccount("admin", "admin2");
> return simpleRealm;
> }
>
> private static void doLogin(String username, String password) {
>
> // get the currently executing user:
> Subject currentUser = SecurityUtils.getSubject();
>
> // Do some stuff with a Session (no need for a web or EJB
> container!!!)
> Session session = currentUser.getSession();
> session.setAttribute("someKey", "aValue");
> String value = (String) session.getAttribute("someKey");
> if (value.equals("aValue")) {
> log.info <http://log.info>("Retrieved the correct
> value! [" + value + "]");
> }
>
> // let's login the current user so we can check against
> roles and permissions:
> if (!currentUser.isAuthenticated()) {
> UsernamePasswordToken token = new
> UsernamePasswordToken(username, password);
> try {
> currentUser.login(token);
> } catch (UnknownAccountException uae) {
> log.info <http://log.info>("There is no user with
> username of " + token.getPrincipal());
> return;
> } catch (IncorrectCredentialsException ice) {
> log.info <http://log.info>("Password for account "
> + token.getPrincipal() + " was incorrect!");
> return;
> } catch (LockedAccountException lae) {
> log.info <http://log.info>("The account for
> username " + token.getPrincipal() + " is locked. " +
> "Please contact your administrator to
> unlock it.");
> return;
> } catch (AuthenticationException ae) {
> log.error("authenticationexception;"+ae.getMessage());
> return;
> }
> }
>
> log.info <http://log.info>("User [" +
> currentUser.getPrincipal() + "] logged in successfully.");
> log.info
> <http://log.info>("someattribute;"+session.getAttribute("someKey"));
> log.info <http://log.info>("is user
> authenticated;"+currentUser.isAuthenticated());
>
> //all done - log out!
> currentUser.logout();
>
> }
>
> }
>
>
> I am a newbie to Shiro so please help me to understand, thanks in
> advance.
>
>
Re: Dynamic strategy reconfiguration
Posted by ming hsieh <xi...@gmail.com>.
Sorry about the previous message, I forgot to add what I wanted to ask.
Here is what I wanted to ask:
The second login attempt passes even though I specified
AllSuccessfulStrategy, why?
If I commented out the first few lines for the first login attempt the
second login attempt fails :
2012-12-10 10:30:28,586 [main] INFO example.ShiroTest - My First Apache
Shiro Application
2012-12-10 10:30:28,617 [main] INFO example.ShiroTest - 2 realm size
2012-12-10 10:30:28,617 [main] INFO example.ShiroTest -
org.apache.shiro.authc.pam.ModularRealmAuthenticator@578088c0 realm
authenticator
2012-12-10 10:30:28,617 [main] INFO example.ShiroTest -
org.apache.shiro.authc.pam.AllSuccessfulStrategy@5afec107 authentication
strategy
2012-12-10 10:30:28,617 [main] DEBUG
org.apache.shiro.session.mgt.AbstractValidatingSessionManager - No
sessionValidationScheduler set. Attempting to create default instance.
2012-12-10 10:30:28,617 [main] INFO
org.apache.shiro.session.mgt.AbstractValidatingSessionManager - Enabling
session validation scheduler...
2012-12-10 10:30:28,617 [main] DEBUG
org.apache.shiro.session.mgt.DefaultSessionManager - Creating new EIS
record for new session instance
[org.apache.shiro.session.mgt.SimpleSession,id=null]
2012-12-10 10:30:28,648 [main] INFO example.ShiroTest - Retrieved the
correct value! [aValue]
2012-12-10 10:30:28,648 [main] ERROR example.ShiroTest -
authenticationexception;Authentication failed for token submission
[org.apache.shiro.authc.UsernamePasswordToken - admin, rememberMe=false].
Possible unexpected error? (Typical or expected login exceptions should
extend from AuthenticationException).
What does this mean?
Thanks again
On Mon, Dec 10, 2012 at 10:27 AM, ming hsieh <xi...@gmail.com> wrote:
> Hi Shiro
>
> I have a written a small test program:
>
> public class ShiroTest {
> private static final transient Logger log =
> LoggerFactory.getLogger(ShiroTest.class);
>
> public static void main(String[] args) {
> log.info("My First Apache Shiro Application");
> SecurityManager securityManager = null;
>
> securityManager = new DefaultSecurityManager(useTextRealm());
> SecurityUtils.setSecurityManager(securityManager);
> doLogin("admin", "admin");
>
> List<Realm> realms = new ArrayList<Realm>();
> realms.add(useTextRealm());
> realms.add(useTextRealm2());
> securityManager = new DefaultSecurityManager(realms);
> SecurityUtils.setSecurityManager(securityManager);
> RealmSecurityManager rsm = (RealmSecurityManager)
> SecurityUtils.getSecurityManager();
> log.info("{} realm size", rsm.getRealms().size());
> DefaultSecurityManager dsm = (DefaultSecurityManager)
> SecurityUtils.getSecurityManager();
> dsm.setAuthenticator(new ModularRealmAuthenticator());
> ModularRealmAuthenticator mra = (ModularRealmAuthenticator)
> dsm.getAuthenticator();
> log.info("{} realm authenticator", dsm.getAuthenticator());
> mra.setAuthenticationStrategy(new AllSuccessfulStrategy());
> log.info("{} authentication strategy",
> mra.getAuthenticationStrategy());
> doLogin("admin", "admin");
>
> }
>
> private static SimpleAccountRealm useTextRealm() {
> SimpleAccountRealm simpleRealm = new SimpleAccountRealm();
> simpleRealm.addAccount("admin", "admin");
> return simpleRealm;
> }
>
> private static SimpleAccountRealm useTextRealm2() {
> SimpleAccountRealm simpleRealm = new SimpleAccountRealm();
> simpleRealm.addAccount("admin", "admin2");
> return simpleRealm;
> }
>
> private static void doLogin(String username, String password) {
>
> // get the currently executing user:
> Subject currentUser = SecurityUtils.getSubject();
>
> // Do some stuff with a Session (no need for a web or EJB
> container!!!)
> Session session = currentUser.getSession();
> session.setAttribute("someKey", "aValue");
> String value = (String) session.getAttribute("someKey");
> if (value.equals("aValue")) {
> log.info("Retrieved the correct value! [" + value + "]");
> }
>
> // let's login the current user so we can check against roles and
> permissions:
> if (!currentUser.isAuthenticated()) {
> UsernamePasswordToken token = new
> UsernamePasswordToken(username, password);
> try {
> currentUser.login(token);
> } catch (UnknownAccountException uae) {
> log.info("There is no user with username of " +
> token.getPrincipal());
> return;
> } catch (IncorrectCredentialsException ice) {
> log.info("Password for account " + token.getPrincipal() +
> " was incorrect!");
> return;
> } catch (LockedAccountException lae) {
> log.info("The account for username " +
> token.getPrincipal() + " is locked. " +
> "Please contact your administrator to unlock it.");
> return;
> } catch (AuthenticationException ae) {
> log.error("authenticationexception;"+ae.getMessage());
> return;
> }
> }
>
> log.info("User [" + currentUser.getPrincipal() + "] logged in
> successfully.");
> log.info("someattribute;"+session.getAttribute("someKey"));
> log.info("is user authenticated;"+currentUser.isAuthenticated());
>
> //all done - log out!
> currentUser.logout();
>
> }
>
> }
>
>
> I am a newbie to Shiro so please help me to understand, thanks in advance.
>