/* 无需做链接,这是OpenID的回调地址 */
@RequiresGuest
@At("/login/?/callback")
public View returnPoint(String providerId, HttpServletRequest request, HttpSession session)
throws Exception {
SocialAuthManager manager = (SocialAuthManager) session.getAttribute("openid.manager");
if (manager == null) throw new SocialAuthException("Not manager found!");
session.removeAttribute("openid.manager"); // 防止重复登录的可能性
Map<String, String> paramsMap = SocialAuthUtil.getRequestParametersMap(request);
AuthProvider provider = manager.connect(paramsMap);
Profile p = provider.getUserProfile();
Subject currentUser = SecurityUtils.getSubject();
ThreadContext.bind(currentUser);
OAuthToken token = new OAuthToken(p, request.getRemoteAddr());
try {
currentUser.login(token);
} catch (UnknownAccountException uae) {
return new ViewWrapper(new ForwardView("/admin/index"), "帐号不存在");
} catch (IncorrectCredentialsException ice) {
return new ViewWrapper(new ForwardView("/admin/index"), "证书验证失败");
} catch (LockedAccountException lae) {
return new ViewWrapper(new ForwardView("/admin/index"), "帐号已被锁定");
} catch (ExcessiveAttemptsException eae) {
return new ViewWrapper(new ForwardView("/admin/index"), "尝试的次数太多");
} catch (AuthenticationException ae) {
return new ViewWrapper(new ForwardView("/admin/index"), ae.getMessage());
}
return new ViewWrapper(new ServerRedirectView("/admin/main.rk"), null);
}
/**
* 根据角色id获取角色菜单关系测试方法.
*
* @throws Exception 普通异常.
*/
@Test
public final void testQueryRoleMenuItemMap() throws Exception {
Subject currentUser = ShiroHelper.getSubject(this.request, this.response);
UsernamePasswordToken token =
new UsernamePasswordToken("user1", "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
token.setRememberMe(true);
try {
currentUser.login(token);
UserPo uPo = new UserPo();
uPo.setUserId(Long.valueOf("1"));
uPo.setLoginName("user1");
uPo.setPassword("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
Date date = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").parse("2012-01-12 23:30:20");
uPo.setCreateTime(date);
uPo.setCreatorId(Long.valueOf("1"));
uPo.setIsDelete(false);
uPo.setIsLockUp(false);
uPo.setVersion(Long.valueOf("0"));
currentUser.getSession().setAttribute("user", uPo);
} catch (Exception se) {
se.printStackTrace();
}
request.setParameter("roleMenuItemMap", "{\"roleId\":\"2\"}");
String resultMessage = executeAction("/SuperW/queryRoleMenuItemMap.action");
boolean rs =
-1
!= resultMessage.indexOf(
"{\"userToken\":true,\"serviceResult\":true," + "\"resultInfo\":\"查询角色菜单关系列表成功\"");
assertTrue("返回服務信息錯誤失敗", rs);
}
/**
* 获取淘宝的授权 code,并换取访问 token
*
* @return
*/
@RequestMapping(value = "/callback", method = RequestMethod.GET)
public String callback(
@RequestParam(required = false) String code,
@RequestParam(required = false) String error,
@RequestParam(required = false) String error_description,
@RequestParam(required = false) String state)
throws TaobaoOauthException {
if (null != code) {
Subject currentSubject = SecurityUtils.getSubject();
if (!currentSubject.isAuthenticated()) {
ShiroTaobaoAuthenticationToken token = new ShiroTaobaoAuthenticationToken();
token.setClientId(taobaoApiService.getAppKey());
token.setCode(code);
token.setState(state);
token.setAppKey(taobaoApiService.getAppKey());
token.setRedirectUri(appService.getTaobaoCallbackUrl());
try {
currentSubject.login(token);
} catch (UnknownAccountException uae) {
throw new AuthenticationException("UnknownAccountException occurred.", uae);
} catch (IncorrectCredentialsException ice) {
throw new AuthenticationException("IncorrectCredentialsException occurred.", ice);
} catch (LockedAccountException lae) {
throw new AuthenticationException("LockedAccountException occurred.", lae);
}
}
return "redirect:/"; // 返回首页
} else {
return "redirect:/400"; // 返回首页
}
}
@RequestMapping(value = "/manual", method = RequestMethod.GET)
public Subject manualCallback(
@RequestParam Long userId,
@RequestParam String appKey,
@RequestParam String accessToken,
@RequestParam String refreshToken)
throws TaobaoOauthException {
Subject currentSubject = SecurityUtils.getSubject();
if (!currentSubject.isAuthenticated()) {
ShiroTaobaoAuthenticationToken token = new ShiroTaobaoAuthenticationToken();
token.setUserId(userId);
token.setAppKey(appKey);
token.setAccessToken(accessToken);
token.setRefreshToken(refreshToken);
token.setAppKey(taobaoApiService.getAppKey());
try {
currentSubject.login(token);
} catch (UnknownAccountException uae) {
throw new AuthenticationException("UnknownAccountException occurred.", uae);
} catch (IncorrectCredentialsException ice) {
throw new AuthenticationException("IncorrectCredentialsException occurred.", ice);
} catch (LockedAccountException lae) {
throw new AuthenticationException("LockedAccountException occurred.", lae);
}
}
return SecurityUtils.getSubject();
}
@Override
public int authenticateByEmailAddress(
long companyId,
String emailAddress,
String password,
Map<String, String[]> headerMap,
Map<String, String[]> parameterMap)
throws AuthException {
_log.info("authenticateByEmailAddress");
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(emailAddress, password);
Subject currentUser = SecurityUtils.getSubject();
try {
currentUser.login(usernamePasswordToken);
boolean authenticated = currentUser.isAuthenticated();
if (authenticated) {
_log.info("authenticated");
return SKIP_LIFERAY_CHECK;
} else {
return FAILURE;
}
} catch (AuthenticationException e) {
_log.error(e.getMessage(), e);
throw new AuthException(e.getMessage(), e);
}
}
@Override
protected boolean executeLogin(ServletRequest request, ServletResponse response)
throws Exception {
SourceUsernamePasswordToken token =
(SourceUsernamePasswordToken) createToken(request, response);
try {
String username = getUsername(request);
// 写入登录账号名称用于回显
request.setAttribute(KEY_AUTH_USERNAME_VALUE, username);
User authAccount = userService.findByAuthTypeAndAuthUid(User.AuthTypeEnum.SYS, username);
if (authAccount != null) {
// 失败LOGON_FAILURE_LIMIT次,强制要求验证码验证
if (authAccount.getLogonFailureTimes() > LOGON_FAILURE_LIMIT) {
String captcha = request.getParameter(captchaParam);
if (StringUtils.isBlank(captcha)
|| !ImageCaptchaServlet.validateResponse((HttpServletRequest) request, captcha)) {
throw new CaptchaValidationException("验证码不正确");
}
}
Subject subject = getSubject(request, response);
subject.login(token);
return onLoginSuccess(token, subject, request, response);
} else {
return onLoginFailure(token, new UnknownAccountException("登录账号或密码不正确"), request, response);
}
} catch (AuthenticationException e) {
return onLoginFailure(token, e, request, response);
}
}
@ValidateParams({
@ValidateParam(value = "user.name", minLen = 4, maxLen = 12),
@ValidateParam(value = "user.password", minLen = 6, maxLen = 20),
@ValidateParam(value = "captcha", defaultValue = "@@@@", maxLen = 4, minLen = 4),
@ValidateParam(value = "rememberMe", type = Boolean.class)
})
@RequestMethod(Method.POST)
public void signin() {
User user = getModel(User.class, "user");
Sys_Common_Variable captcha = ComVarService.service.getComVarByName(Key.CAPTCHA);
if (captcha != null
&& captcha.getToBoolean(Sys_Common_Variable.S_VALUE)
&& !validateCaptcha(getPara("captcha"))) {
renderJson(new Message(captcha.getStr(Sys_Common_Variable.S_ERROR)));
return;
}
Subject subject = SecurityUtils.getSubject();
if (!subject.isAuthenticated()) {
UsernamePasswordToken token =
new UsernamePasswordToken(user.getStr(User.S_NAME), user.getStr(User.S_PASSWORD));
token.setRememberMe(getParaToBoolean("rememberMe"));
subject.login(token);
if (subject.isAuthenticated()) {
subject.getSession().setAttribute(Lc4eCaptchaRender.captcha_code, Const.DEFAULT_NONE);
} else {
renderJson(new Message("Login failed"));
}
}
renderJson(new Message(true, "Login Success"));
}
@Test
public void test() {
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(u1.getUsername(), password);
subject.login(token);
Assert.assertTrue(subject.isAuthenticated());
subject.checkRole("admin");
subject.checkPermission("user:create");
userService.changePassword(u1.getId(), password + "1");
userRealm.clearCache(subject.getPrincipals());
token = new UsernamePasswordToken(u1.getUsername(), password + "1");
subject.login(token);
}
@RequestMapping("/login")
public ModelAndView login(
HttpServletRequest request,
HttpServletResponse response,
@RequestParam String userName,
@RequestParam String password,
Boolean isRemeberMe)
throws Exception {
UsernamePasswordToken token = new UsernamePasswordToken(userName, password);
Subject subject = SecurityUtils.getSubject();
subject.login(token);
if (null != isRemeberMe && isRemeberMe) token.setRememberMe(true);
if (subject.isAuthenticated()) {
AuthenticationInfo info = new SimpleAuthenticationInfo(userName, password, userName);
Subject currentUser = SecurityUtils.getSubject();
Session session = currentUser.getSession();
User user = new User();
user.setUserName(userName);
user.setPassword(password);
Env env = new Env();
env.setUser(user);
session.setAttribute("env", env);
GlobalConfigHolder.setEnv(env);
ModelAndView view = createLayoutView("admin/index", request, response);
return view;
} else return createSingleView("login/login", request, response);
}
@Test(expected = ExcessiveAttemptsException.class)
public void testLoginFailWithRetryLimitExceed() {
createUser(username, password);
for (int i = 0; i < maxtRetryCount; i++) {
try {
UsernamePasswordToken upToken = new UsernamePasswordToken(username, password + "1");
Subject subject = SecurityUtils.getSubject();
subject.login(upToken);
} catch (AuthenticationException e) {
}
}
UsernamePasswordToken upToken = new UsernamePasswordToken(username, password);
Subject subject = SecurityUtils.getSubject();
subject.login(upToken);
}
@Override
@Transactional
public User createUser(User user) throws UserExistsException, DatabaseException {
if (userRepository.findByEmailAddress(user.getEmailAddress()) != null) {
throw new UserExistsException();
}
if (user.isNew()) {
String hash = new Sha512Hash(user.getPassword(), getSalt(), HASH_ITERATIONS).toBase64();
user.setDbPassword(hash);
user.setActive(true);
}
try {
userRepository.save(user);
} catch (Exception e) {
throw new DatabaseException(e);
}
Subject currentUserSubject = SecurityUtils.getSubject();
if (!currentUserSubject.isAuthenticated()) {
UsernamePasswordToken token =
new UsernamePasswordToken(user.getEmailAddress(), user.getPassword());
token.setRememberMe(false);
try {
currentUserSubject.login(token);
} catch (AuthenticationException ae) {
throw new LoginException();
}
}
return currentUser = user;
}
public static void main(String[] args) {
// Using the IniSecurityManagerFactory, which will use the an INI file
// as the security file.
Factory<org.apache.shiro.mgt.SecurityManager> factory =
new IniSecurityManagerFactory("C:\\auth.ini");
// Setting up the SecurityManager...
org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance();
// SecurityUtils 对象是一个 singleton,这意味着不同的对象可以使用它来获得对当前用户的访问
// 一旦成功地设置了这个 SecurityManager,就可以在应用程序不同部分调用 SecurityUtils.getSubject() 来获得当前用户的信息
SecurityUtils.setSecurityManager(securityManager);
// 获得当前用户的信息
Subject user = SecurityUtils.getSubject();
logger.info("User is authenticated: " + user.isAuthenticated()); // false
UsernamePasswordToken token = new UsernamePasswordToken("bjangles11", "dance");
// 如果 token 的验证密码不正确, login() 方法会抛出一个 IncorrectCredentialsException
// 在生产代码内这个异常应被明确捕获以便应用程序在用户提供了不正确的代码时能够进行恰当的响应。
// 如果用户不正确,login() 方法就会抛出一个 UnknownAccountException。我们既要考虑如何处理这个异常,但又不应向用户提供太多信息。
// 一种常见的做法是不要向用户提示用户名有效、只有密码不正确。这是因为如果有人试图通过猜测获得访问,那么您绝对不会想要暗示此人他所猜测的用户名是正确的
user.login(token);
logger.info("User is authenticated: " + user.isAuthenticated()); // true
}
/** 用户登陆 */
@RequestMapping(
path = "/login",
produces = {"application/json;charset=UTF-8"})
public JsonResult login(String loginName, String password, Boolean rememberMe) {
JsonResult result = new JsonResult();
SecurityUtils.setSecurityManager(securityManager);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(loginName, password);
if (rememberMe != null && rememberMe) {
token.setRememberMe(true);
}
try {
subject.login(token);
} catch (AuthenticationException e) {
subject.logout();
log.info("登录失败");
result.setResult(false);
return result;
}
if (subject.isAuthenticated()) {
result.setResult(true);
} else {
result.setResult(false);
}
return result;
}
@Test(expected = AuthenticationException.class)
public void testLoginFailWithUserPasswordNotMatch() {
createUser(username, password);
UsernamePasswordToken upToken = new UsernamePasswordToken(username, password + "1");
Subject subject = SecurityUtils.getSubject();
subject.login(upToken);
}
protected void login(String username, String password) {
// 3、得到Subject及创建用户名/密码身份验证Token(即用户身份/凭证)
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
subject.login(token);
}
@Test(expected = UnknownAccountException.class)
public void testLoginFailWithUserNotExists() {
createUser(username, password);
UsernamePasswordToken upToken = new UsernamePasswordToken(username + "1", password);
Subject subject = SecurityUtils.getSubject();
subject.login(upToken);
}
@Test
public void testLoginSuccess() {
createUser(username, password);
UsernamePasswordToken upToken = new UsernamePasswordToken(username, password);
Subject subject = SecurityUtils.getSubject();
subject.login(upToken);
Assert.assertEquals(username, subject.getPrincipal());
}
@RequestMapping(value = "/auth", method = POST)
public void authenticate(@RequestBody final UsernamePasswordToken credentials) {
log.info(
"Authenticating {} with password {}", credentials.getUsername(), credentials.getPassword());
final Subject subject = SecurityUtils.getSubject();
subject.login(credentials);
// set attribute that will allow session querying
subject.getSession().setAttribute("email", credentials.getUsername());
}
@Before
public void setUp() {
UsernamePasswordToken token =
new UsernamePasswordToken("admin", "admin"); // 采用ini文件中配置的用户名和密码登录测试
Subject currentUser = SecurityUtils.getSubject();
currentUser.login(token);
}
@Test(expected = LockedAccountException.class)
public void testLoginFailWithSysBlocked() {
User user = createUser(username, password);
userService.changeStatus(user, UserStatus.blocked, "test");
UsernamePasswordToken upToken = new UsernamePasswordToken(username, password);
Subject subject = SecurityUtils.getSubject();
subject.login(upToken);
}
/**
* login
*
* @param userName login userName
* @param password login password
* @throws InvalidateLoginUserException userName or password invalidate
*/
public static void login(String userName, String password) throws InvalidateLoginUserException {
try {
Subject subject = getSubject();
UsernamePasswordToken token = new UsernamePasswordToken();
token.setUsername(userName);
token.setPassword(password.toCharArray());
subject.login(token);
} catch (Exception e) {
throw new InvalidateLoginUserException("userName or password error.", e);
}
}
private Subject login(String config) throws AuthenticationException {
Factory<SecurityManager> factory = new IniSecurityManagerFactory(config);
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
Subject subject = SecurityUtils.getSubject();
AuthenticationToken token = new UsernamePasswordToken("zhang", "123");
try {
subject.login(token);
} catch (AuthenticationException e) {
throw e;
}
return subject;
}
/**
* Test that validates functionality for issue <a
* href="https://issues.apache.org/jira/browse/JSEC-22">JSEC-22</a>
*/
@Test
public void testSubjectReuseAfterLogout() {
Subject subject = SecurityUtils.getSubject();
AuthenticationToken token = new UsernamePasswordToken("guest", "guest");
subject.login(token);
assertTrue(subject.isAuthenticated());
assertTrue("guest".equals(subject.getPrincipal()));
assertTrue(subject.hasRole("guest"));
Session session = subject.getSession();
Serializable firstSessionId = session.getId();
session.setAttribute("key", "value");
assertEquals(session.getAttribute("key"), "value");
subject.logout();
assertNull(subject.getSession(false));
assertNull(subject.getPrincipal());
assertNull(subject.getPrincipals());
subject.login(new UsernamePasswordToken("lonestarr", "vespa"));
assertTrue(subject.isAuthenticated());
assertTrue("lonestarr".equals(subject.getPrincipal()));
assertTrue(subject.hasRole("goodguy"));
assertNotNull(subject.getSession());
assertFalse(firstSessionId.equals(subject.getSession().getId()));
subject.logout();
assertNull(subject.getSession(false));
assertNull(subject.getPrincipal());
assertNull(subject.getPrincipals());
}
protected void login(String configFile, String username, String password) {
// 1、获取SecurityManager工厂,此处使用Ini配置文件初始化SecurityManager
Factory<org.apache.shiro.mgt.SecurityManager> factory =
new IniSecurityManagerFactory(configFile);
// 2、得到SecurityManager实例 并绑定给SecurityUtils
org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
// 3、得到Subject及创建用户名/密码身份验证Token(即用户身份/凭证)
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
subject.login(token);
}
public void login(String username, String password) {
UsernamePasswordToken token;
token = new UsernamePasswordToken(username, password);
// ”Remember Me” built-in, just do this:
token.setRememberMe(true);
// With most of Shiro, you'll always want to make sure you're working with the currently
// executing user,
// referred to as the subject
Subject currentUser = SecurityUtils.getSubject();
// Authenticate
currentUser.login(token);
}
@Test
public void jdbcShiro() {
Factory<SecurityManager> securityManagerFactory =
new IniSecurityManagerFactory("classpath:shiro-jdbc-realm.ini");
SecurityManager securityManager = securityManagerFactory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("user", "user");
subject.login(token);
Assert.assertEquals(true, subject.isAuthenticated());
subject.logout();
}
/** 登录认证,失败会捕获相关异常信息 */
protected boolean executeLogin(ServletRequest request, ServletResponse response)
throws Exception {
CaptchaUsernamePasswordToken token =
(CaptchaUsernamePasswordToken) createToken(request, response);
try {
doCaptchaValidate((HttpServletRequest) request, token);
Subject subject = getSubject(request, response);
subject.login(token);
HttpSession session = ((HttpServletRequest) request).getSession(false);
session.setAttribute("currentUser", subject.getPrincipal());
return onLoginSuccess(token, subject, request, response);
} catch (AuthenticationException e) {
return onLoginFailure(token, e, request, response);
}
}
/**
* 实际的登录代码 如果登录成功,跳转至首页;登录失败,则将失败信息反馈对用户
*
* @param request
* @param model
* @return
*/
@RequestMapping(value = "/dologin.do")
public String doLogin(HttpServletRequest request, Model model) {
String msg = "";
String userName = request.getParameter("userName");
String password = request.getParameter("password");
System.out.println(userName);
System.out.println(password);
UsernamePasswordToken token = new UsernamePasswordToken(userName, password);
token.setRememberMe(true);
Subject subject = SecurityUtils.getSubject();
try {
subject.login(token);
if (subject.isAuthenticated()) {
return "index";
} else {
return "login";
}
} catch (IncorrectCredentialsException e) {
msg = "登录密码错误. Password for account " + token.getPrincipal() + " was incorrect.";
model.addAttribute("message", msg);
System.out.println(msg);
} catch (ExcessiveAttemptsException e) {
msg = "登录失败次数过多";
model.addAttribute("message", msg);
System.out.println(msg);
} catch (LockedAccountException e) {
msg = "帐号已被锁定. The account for username " + token.getPrincipal() + " was locked.";
model.addAttribute("message", msg);
System.out.println(msg);
} catch (DisabledAccountException e) {
msg = "帐号已被禁用. The account for username " + token.getPrincipal() + " was disabled.";
model.addAttribute("message", msg);
System.out.println(msg);
} catch (ExpiredCredentialsException e) {
msg = "帐号已过期. the account for username " + token.getPrincipal() + " was expired.";
model.addAttribute("message", msg);
System.out.println(msg);
} catch (UnknownAccountException e) {
msg = "帐号不存在. There is no user with username of " + token.getPrincipal();
model.addAttribute("message", msg);
System.out.println(msg);
} catch (UnauthorizedException e) {
msg = "您没有得到相应的授权!" + e.getMessage();
model.addAttribute("message", msg);
System.out.println(msg);
}
return "login";
}
@RequestMapping(value = "/submit", method = RequestMethod.POST)
public ModelAndView submit(String username, String password) {
User user = new User("shiro", "123456");
user.setRole(new Role("member"));
try {
// 如果登陆成功
if (user.getName().equals(username) && user.getPassword().equals(password)) {
UsernamePasswordToken token =
new UsernamePasswordToken(user.getName(), user.getPassword().toString());
Subject subject = SecurityUtils.getSubject();
subject.login(token);
}
} catch (Exception e) {
e.printStackTrace();
}
return new ModelAndView("redirect:/member/index.html");
}
@Test
public void test() {
Factory<org.apache.shiro.mgt.SecurityManager> factory =
new IniSecurityManagerFactory("classpath:shiro-config.ini");
org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance();
// 将SecurityManager设置到SecurityUtils 方便全局使用
SecurityUtils.setSecurityManager(securityManager);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("zhang", "123");
subject.login(token);
Assert.assertTrue(subject.isAuthenticated());
}
