Beispiel #1
0
  @Override
  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
      throws AuthenticationException {
    if (accountDAO == null) {
      accountDAO = new AccountDAO();
    }

    UsernamePasswordToken upToken = (UsernamePasswordToken) token;

    String username = upToken.getUsername();
    if (username == null) {
      throw new AccountException("Null usernames are not allowed by this realm.");
    }

    byte[] password = null;
    try {
      password = accountDAO.getPasswordForUser(username);
      if (password == null) {
        throw new UnknownAccountException("No account found for user [" + username + "]");
      }
    } catch (SQLException e) {
      throw new AuthenticationException(
          "An error occured while authenticating user [" + username + "]", e);
    }
    return new SimpleAuthenticationInfo(username, password, getName());
  }
Beispiel #2
0
  @Override
  protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
    if (accountDAO == null) {
      accountDAO = new AccountDAO();
    }

    if (principals == null) {
      throw new AuthorizationException("PrincipalCollection method argument cannot be null.");
    }

    String username = (String) getAvailablePrincipal(principals);

    Set<String> roleNames = new HashSet<>();
    try {
      roleNames.add(accountDAO.getRoleNamesForUser(username));
    } catch (SQLException e) {
      throw new AuthorizationException(
          "An error occured while authorizing user [" + username + "]", e);
    }

    return new SimpleAuthorizationInfo(roleNames);
  }