Exemplo n.º 1
0
 @ValidateParams({
   @ValidateParam(value = "user.name", minLen = 4, maxLen = 12),
   @ValidateParam(value = "user.password", minLen = 6, maxLen = 20),
   @ValidateParam(value = "captcha", defaultValue = "@@@@", maxLen = 4, minLen = 4),
   @ValidateParam(value = "rememberMe", type = Boolean.class)
 })
 @RequestMethod(Method.POST)
 public void signin() {
   User user = getModel(User.class, "user");
   Sys_Common_Variable captcha = ComVarService.service.getComVarByName(Key.CAPTCHA);
   if (captcha != null
       && captcha.getToBoolean(Sys_Common_Variable.S_VALUE)
       && !validateCaptcha(getPara("captcha"))) {
     renderJson(new Message(captcha.getStr(Sys_Common_Variable.S_ERROR)));
     return;
   }
   Subject subject = SecurityUtils.getSubject();
   if (!subject.isAuthenticated()) {
     UsernamePasswordToken token =
         new UsernamePasswordToken(user.getStr(User.S_NAME), user.getStr(User.S_PASSWORD));
     token.setRememberMe(getParaToBoolean("rememberMe"));
     subject.login(token);
     if (subject.isAuthenticated()) {
       subject.getSession().setAttribute(Lc4eCaptchaRender.captcha_code, Const.DEFAULT_NONE);
     } else {
       renderJson(new Message("Login failed"));
     }
   }
   renderJson(new Message(true, "Login Success"));
 }
Exemplo n.º 2
0
 /**
  * 验证当前登录的Subject
  *
  * @see 经测试:本例中该方法的调用时机为LoginController.login()方法中执行Subject.login()时
  */
 @Override
 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
     throws AuthenticationException {
   // 获取基于用户名和密码的令牌
   // 实际上这个authcToken是从LoginController里面currentUser.login(token)传过来的
   // 两个token的引用都是一样的
   UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
   System.out.println(
       "验证当前Subject时获取到token为"
           + ReflectionToStringBuilder.toString(token, ToStringStyle.MULTI_LINE_STYLE));
   User user = userService.getByUsername(token.getUsername());
   if (user == null) {
     throw new UnknownAccountException(); // 没找到帐号
   }
   if (UserUtil.STATUS_LOCK == user.getStatus()) {
     throw new LockedAccountException(); // 帐号锁定
   }
   // 交给AuthenticatingRealm使用CredentialsMatcher进行密码匹配
   AuthenticationInfo authenticationInfo =
       new SimpleAuthenticationInfo(
           user.getAccount(), // 用户名
           user.getPassword(), // 密码
           ByteSource.Util.bytes(user.getCredentialsSalt()), // salt=username+salt
           getName() // realm name
           );
   // AuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(user.getAccount(),
   // user.getPassword().toCharArray(), getName());
   this.setSession(WebConstant.SESSION_CURRRENT_USER, user);
   return authenticationInfo;
 }
  @Override
  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken)
      throws AuthenticationException {
    if (!(authenticationToken instanceof UsernamePasswordToken)) {
      throw new UnsupportedTokenException(
          "Token of type "
              + authenticationToken.getClass().getName()
              + " is not supported.  A "
              + UsernamePasswordToken.class.getName()
              + " is required.");
    }
    UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;

    String password = new String(token.getPassword());

    try {
      crowdClientHolder.getAuthenticationManager().authenticate(token.getUsername(), password);
      return new SimpleAuthenticationInfo(token.getPrincipal(), token.getCredentials(), getName());
    } catch (RemoteException e) {
      throw new AuthenticationException(DEFAULT_MESSAGE, e);
    } catch (com.atlassian.crowd.exception.InactiveAccountException e) {
      throw new AuthenticationException(DEFAULT_MESSAGE, e);
    } catch (com.atlassian.crowd.exception.ExpiredCredentialException e) {
      throw new AuthenticationException(DEFAULT_MESSAGE, e);
    } catch (com.atlassian.crowd.exception.InvalidAuthenticationException e) {
      throw new AuthenticationException(DEFAULT_MESSAGE, e);
    } catch (com.atlassian.crowd.exception.InvalidAuthorizationTokenException e) {
      throw new AuthenticationException(DEFAULT_MESSAGE, e);
    } catch (com.atlassian.crowd.exception.ApplicationAccessDeniedException e) {
      throw new AuthenticationException(DEFAULT_MESSAGE, e);
    }
  }
 /** 认证回调函数, 登录时调用. */
 @Override
 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
     throws AuthenticationException {
   logger.info("authentication: 认证回调函数");
   UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token;
   return new SimpleAuthenticationInfo(usernamePasswordToken.getUsername(), "world", getName());
 }
Exemplo n.º 5
0
 @RequestMapping("/login")
 public ModelAndView login(
     HttpServletRequest request,
     HttpServletResponse response,
     @RequestParam String userName,
     @RequestParam String password,
     Boolean isRemeberMe)
     throws Exception {
   UsernamePasswordToken token = new UsernamePasswordToken(userName, password);
   Subject subject = SecurityUtils.getSubject();
   subject.login(token);
   if (null != isRemeberMe && isRemeberMe) token.setRememberMe(true);
   if (subject.isAuthenticated()) {
     AuthenticationInfo info = new SimpleAuthenticationInfo(userName, password, userName);
     Subject currentUser = SecurityUtils.getSubject();
     Session session = currentUser.getSession();
     User user = new User();
     user.setUserName(userName);
     user.setPassword(password);
     Env env = new Env();
     env.setUser(user);
     session.setAttribute("env", env);
     GlobalConfigHolder.setEnv(env);
     ModelAndView view = createLayoutView("admin/index", request, response);
     return view;
   } else return createSingleView("login/login", request, response);
 }
Exemplo n.º 6
0
  @Override
  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
      throws AuthenticationException {
    if (accountDAO == null) {
      accountDAO = new AccountDAO();
    }

    UsernamePasswordToken upToken = (UsernamePasswordToken) token;

    String username = upToken.getUsername();
    if (username == null) {
      throw new AccountException("Null usernames are not allowed by this realm.");
    }

    byte[] password = null;
    try {
      password = accountDAO.getPasswordForUser(username);
      if (password == null) {
        throw new UnknownAccountException("No account found for user [" + username + "]");
      }
    } catch (SQLException e) {
      throw new AuthenticationException(
          "An error occured while authenticating user [" + username + "]", e);
    }
    return new SimpleAuthenticationInfo(username, password, getName());
  }
Exemplo n.º 7
0
  @Override
  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
      throws AuthenticationException {
    /** WHEN USER LOGS IN !!! */
    logger.info("doGetAuthorizationInfo(token)...");
    UsernamePasswordToken upToken = (UsernamePasswordToken) token;
    String login = upToken.getUsername();
    logger.info("doGetAuthorizationInfo(token) : login = "******"doGetAuthorizationInfo(token) : password = "******"OK")) {
      // Authentication OK

      User user = new User(UserType.TELOSYS_USER, login);

      //			Constructor that takes in a single 'primary' principal of the account and
      //			its corresponding credentials, associated with the specified realm.
      //
      //			This is a convenience constructor and will construct a PrincipalCollection
      //			based on the principal and realmName argument.
      //			Parameters:principal the 'primary' principal associated with the specified
      // realm.credentials
      //			the credentials that verify the given principal.realmName the realm from where the
      // principal and credentials were acquired.
      return new SimpleAuthenticationInfo(user, password, REALM_NAME);
    } else {
      // Authentication INVALID
      throw new AuthenticationException("Invalid user/password");
    }
  }
  @Override
  @Transactional
  public User createUser(User user) throws UserExistsException, DatabaseException {
    if (userRepository.findByEmailAddress(user.getEmailAddress()) != null) {
      throw new UserExistsException();
    }

    if (user.isNew()) {
      String hash = new Sha512Hash(user.getPassword(), getSalt(), HASH_ITERATIONS).toBase64();
      user.setDbPassword(hash);
      user.setActive(true);
    }

    try {
      userRepository.save(user);
    } catch (Exception e) {
      throw new DatabaseException(e);
    }

    Subject currentUserSubject = SecurityUtils.getSubject();

    if (!currentUserSubject.isAuthenticated()) {
      UsernamePasswordToken token =
          new UsernamePasswordToken(user.getEmailAddress(), user.getPassword());
      token.setRememberMe(false);

      try {
        currentUserSubject.login(token);
      } catch (AuthenticationException ae) {
        throw new LoginException();
      }
    }

    return currentUser = user;
  }
Exemplo n.º 9
0
  @Override
  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
      throws AuthenticationException {

    UsernamePasswordToken upToken = (UsernamePasswordToken) token;
    String username = upToken.getUsername().trim();
    String password = "";
    if (upToken.getPassword() != null) {
      password = new String(upToken.getPassword());
    }

    User user = null;
    try {
      user = userService.login(username, password);
    } catch (UserNotExistsException e) {
      throw new UnknownAccountException(e.getMessage(), e);
    } catch (UserPasswordNotMatchException e) {
      throw new AuthenticationException(e.getMessage(), e);
    } catch (UserPasswordRetryLimitExceedException e) {
      throw new ExcessiveAttemptsException(e.getMessage(), e);
    } catch (UserBlockedException e) {
      throw new LockedAccountException(e.getMessage(), e);
    } catch (Exception e) {
      log.error("login error", e);
      throw new AuthenticationException(new UserException("user.unknown.error", null));
    }

    SimpleAuthenticationInfo info =
        new SimpleAuthenticationInfo(user.getUsername(), password.toCharArray(), getName());
    return info;
  }
  /**
   * 根据角色id获取角色菜单关系测试方法.
   *
   * @throws Exception 普通异常.
   */
  @Test
  public final void testQueryRoleMenuItemMap() throws Exception {
    Subject currentUser = ShiroHelper.getSubject(this.request, this.response);
    UsernamePasswordToken token =
        new UsernamePasswordToken("user1", "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
    token.setRememberMe(true);
    try {
      currentUser.login(token);
      UserPo uPo = new UserPo();
      uPo.setUserId(Long.valueOf("1"));
      uPo.setLoginName("user1");
      uPo.setPassword("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
      Date date = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").parse("2012-01-12 23:30:20");
      uPo.setCreateTime(date);
      uPo.setCreatorId(Long.valueOf("1"));
      uPo.setIsDelete(false);
      uPo.setIsLockUp(false);
      uPo.setVersion(Long.valueOf("0"));
      currentUser.getSession().setAttribute("user", uPo);
    } catch (Exception se) {
      se.printStackTrace();
    }

    request.setParameter("roleMenuItemMap", "{\"roleId\":\"2\"}");
    String resultMessage = executeAction("/SuperW/queryRoleMenuItemMap.action");
    boolean rs =
        -1
            != resultMessage.indexOf(
                "{\"userToken\":true,\"serviceResult\":true," + "\"resultInfo\":\"查询角色菜单关系列表成功\"");
    assertTrue("返回服務信息錯誤失敗", rs);
  }
Exemplo n.º 11
0
 /** 认证回调函数,登录时调用. */
 @Override
 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
     throws AccountException {
   Subject currentUser = SecurityUtils.getSubject();
   currentUser.getSession();
   System.out.println("============" + this.getAuthenticationCacheName());
   System.out.println("============" + this.getAuthorizationCacheName());
   UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
   ShiroUser user = null;
   try {
     user = shiroUserService.findUserByLoginName(token.getUsername());
   } catch (Exception e) {
     e.printStackTrace();
   }
   if (user != null) {
     if (!user.isEnabled()) {
       throw new DisabledAccountException();
     }
     byte[] salt = EncodeUtils.hexDecode(user.getSalt());
     return new SimpleAuthenticationInfo(
         user, user.getPassword(), ByteSource.Util.bytes(salt), getName());
   } else {
     return null;
   }
 }
Exemplo n.º 12
0
 /**
  * 获取认证信息,会通过realmDao或取用户的id和密码【此2项是必须的】,以及用户状态【非必须,当获取为NULL时不会中断认证】
  *
  * @param authcToken
  * @return
  * @throws AuthenticationException
  */
 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
     throws AuthenticationException {
   UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
   Map<String, Object> info = realmService.getUserUniqueIdentityAndPassword(token.getUsername());
   boolean flag =
       info == null
           || info.isEmpty()
           || info.get(identity_in_map_key) == null
           || info.get(password_in_map_key) == null;
   if (!flag) {
     Object status = info.get(user_status_in_map_key);
     if (status != null) {
       String userStatus = status.toString();
       if (user_status_forbidden.equals(userStatus)) { // 禁用账号
         throw new AccountForbiddenException("AccountForbiddenException");
       }
       if (user_status_locked.equals(userStatus)) { // 账号锁定
         throw new AccountLockedException("AccountLockedException");
       }
     }
     return new SimpleAuthenticationInfo(
         info.get(identity_in_map_key), info.get(password_in_map_key), getName());
   } else {
     throw new UnknownAccountException("UnknownAccountException"); // 没找到帐号;
   }
 }
Exemplo n.º 13
0
  /** 用户登陆 */
  @RequestMapping(
      path = "/login",
      produces = {"application/json;charset=UTF-8"})
  public JsonResult login(String loginName, String password, Boolean rememberMe) {
    JsonResult result = new JsonResult();
    SecurityUtils.setSecurityManager(securityManager);
    Subject subject = SecurityUtils.getSubject();
    UsernamePasswordToken token = new UsernamePasswordToken(loginName, password);
    if (rememberMe != null && rememberMe) {
      token.setRememberMe(true);
    }
    try {
      subject.login(token);
    } catch (AuthenticationException e) {
      subject.logout();
      log.info("登录失败");
      result.setResult(false);
      return result;
    }

    if (subject.isAuthenticated()) {
      result.setResult(true);
    } else {
      result.setResult(false);
    }

    return result;
  }
Exemplo n.º 14
0
  private boolean authenticateViaUrl(final UsernamePasswordToken usernamePasswordToken) {
    final HttpClient client = getHttpClient(null);

    try {
      final String url =
          kenaiRealmConfiguration.getConfiguration().getBaseUrl() + "api/login/authenticate.json";
      final List<NameValuePair> nameValuePairs = Lists.newArrayListWithCapacity(2);
      nameValuePairs.add(new BasicNameValuePair("username", usernamePasswordToken.getUsername()));
      nameValuePairs.add(
          new BasicNameValuePair("password", new String(usernamePasswordToken.getPassword())));
      final HttpPost post = new HttpPost(url);
      post.setEntity(new UrlEncodedFormEntity(nameValuePairs, Consts.UTF_8));
      final HttpResponse response = client.execute(post);

      try {
        logger.debug(
            "Kenai Realm user \"{}\" validated against URL={} as {}",
            usernamePasswordToken.getUsername(),
            url,
            response.getStatusLine());
        final boolean success =
            response.getStatusLine().getStatusCode() >= 200
                && response.getStatusLine().getStatusCode() <= 299;
        return success;
      } finally {
        HttpClientUtils.closeQuietly(response);
      }
    } catch (IOException e) {
      logger.info("Kenai Realm was unable to perform authentication", e);
      return false;
    }
  }
Exemplo n.º 15
0
 /**
  * 认证缓存key,登录时调用,默认使用token值,使用缓存时才调用此方法 {@link
  * org.apache.shiro.realm.AuthenticatingRealm#getAuthenticationCacheKey(org.apache.shiro.authc.AuthenticationToken)}
  *
  * @param token token
  * @return key
  */
 protected Object getAuthenticationCacheKey(AuthenticationToken token) {
   UsernamePasswordToken simpleToken = (UsernamePasswordToken) token;
   Object id = realmService.getUniqueIdentity(simpleToken.getUsername().toLowerCase());
   if (id != null) {
     return "DRC_" + id;
   }
   return null;
 }
 @RequestMapping(value = "/auth", method = POST)
 public void authenticate(@RequestBody final UsernamePasswordToken credentials) {
   log.info(
       "Authenticating {} with password {}", credentials.getUsername(), credentials.getPassword());
   final Subject subject = SecurityUtils.getSubject();
   subject.login(credentials);
   // set attribute that will allow session querying
   subject.getSession().setAttribute("email", credentials.getUsername());
 }
Exemplo n.º 17
0
 /** 登录认证 */
 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
     throws AuthenticationException {
   UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
   CmsUser user = cmsUserMng.findByUsername(token.getUsername());
   if (user != null) {
     UnifiedUser unifiedUser = unifiedUserMng.findById(user.getId());
     return new SimpleAuthenticationInfo(user.getUsername(), unifiedUser.getPassword(), getName());
   } else {
     return null;
   }
 }
Exemplo n.º 18
0
 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
     throws AuthenticationException {
   UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
   Useraccount user = userAccountService.getUserAccount(token.getUsername());
   if (user != null) {
     ByteSource salt = ByteSource.Util.bytes(user.getSalt());
     return new SimpleAuthenticationInfo(user, user.getPassword(), salt, getName());
   } else {
     return null;
   }
 }
Exemplo n.º 19
0
 /**
  * login
  *
  * @param userName login userName
  * @param password login password
  * @throws InvalidateLoginUserException userName or password invalidate
  */
 public static void login(String userName, String password) throws InvalidateLoginUserException {
   try {
     Subject subject = getSubject();
     UsernamePasswordToken token = new UsernamePasswordToken();
     token.setUsername(userName);
     token.setPassword(password.toCharArray());
     subject.login(token);
   } catch (Exception e) {
     throw new InvalidateLoginUserException("userName or password error.", e);
   }
 }
 @Override
 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authToken)
     throws AuthenticationException {
   UsernamePasswordToken token = (UsernamePasswordToken) authToken;
   if (StringUtils.isBlank(token.getUsername())) {
     throw new AccountException("Empty usernames are not allowed by this realm.");
   }
   String loginPayload = createLoginPayload(token.getUsername(), token.getPassword());
   User user = authenticateUser(loginPayload);
   LOG.debug("{} successfully login via ZeppelinHub", user.login);
   return new SimpleAuthenticationInfo(user.login, token.getPassword(), name);
 }
Exemplo n.º 21
0
 /** 认证回调函数,登录时调用. */
 @Override
 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
     throws AuthenticationException {
   UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
   SecurityUser<Long> user =
       userHessianService.findUserByAccount(token.getUsername(), UserStaEnum.ENABLE);
   if (user != null) {
     token.setUsername(user.getLoginName());
     return new SimpleAuthenticationInfo(user, user.getPassWord(), getName());
   } else {
     return null;
   }
 }
Exemplo n.º 22
0
  @Override
  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
      throws AuthenticationException {
    UsernamePasswordToken upToken = (UsernamePasswordToken) token;

    User user = userDAO.getUserByUsername(upToken.getUsername());

    if (user == null) {
      throw new AuthenticationException("Login name [" + upToken.getUsername() + "] not found!");
    }

    return new SimpleAuthenticationInfo(user, user.getPassword(), getName());
  }
Exemplo n.º 23
0
  @Override
  protected AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken token)
      throws AuthenticationException {
    final UsernamePasswordToken upToken = (UsernamePasswordToken) token;

    // if the user can authenticate we are good to go
    if (authenticateViaUrl(upToken)) {
      return buildAuthenticationInfo(upToken);
    } else {
      throw new AccountException(
          "User \"" + upToken.getUsername() + "\" cannot be authenticated via Kenai Realm.");
    }
  }
Exemplo n.º 24
0
  @Override
  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
      throws AuthenticationException {
    // only allow jcool/jcool
    UsernamePasswordToken userpass = (UsernamePasswordToken) token;
    if ("jcool".equals(userpass.getUsername())
        && "jcool".equals(new String(userpass.getPassword()))) {
      return new SimpleAuthenticationInfo(
          userpass.getUsername(), new String(userpass.getPassword()), this.getName());
    }

    return null;
  }
Exemplo n.º 25
0
  public void login(String username, String password) {
    UsernamePasswordToken token;

    token = new UsernamePasswordToken(username, password);
    // ”Remember Me” built-in, just do this:
    token.setRememberMe(true);

    // With most of Shiro, you'll always want to make sure you're working with the currently
    // executing user,
    // referred to as the subject
    Subject currentUser = SecurityUtils.getSubject();

    // Authenticate
    currentUser.login(token);
  }
Exemplo n.º 26
0
 /** 认证回调函数,登录时调用. */
 @Override
 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
     throws AuthenticationException {
   UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
   User user = accountService.findUserByLoginName(token.getUsername());
   if (user != null) {
     byte[] salt = Encodes.decodeHex(user.getSalt());
     return new SimpleAuthenticationInfo(
         new ShiroUser(user.getId(), user.getLoginName(), user.getName()),
         user.getPassword(),
         ByteSource.Util.bytes(salt),
         getName());
   } else {
     return null;
   }
 }
Exemplo n.º 27
0
 private HttpClient getHttpClient(final UsernamePasswordToken usernamePasswordToken) {
   // risky, but we must blindly assume it is
   final DefaultHttpClient client = (DefaultHttpClient) hc4Provider.createHttpClient();
   if (usernamePasswordToken != null) {
     final List<String> authorisationPreference = new ArrayList<String>(2);
     authorisationPreference.add(AuthPolicy.DIGEST);
     authorisationPreference.add(AuthPolicy.BASIC);
     final Credentials credentials =
         new UsernamePasswordCredentials(
             usernamePasswordToken.getUsername(),
             String.valueOf(usernamePasswordToken.getPassword()));
     client.getCredentialsProvider().setCredentials(AuthScope.ANY, credentials);
     client.getParams().setParameter(AuthPNames.TARGET_AUTH_PREF, authorisationPreference);
   }
   return client;
 }
Exemplo n.º 28
0
 @Override
 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
     throws AuthenticationException {
   UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
   User user = userService.findByUserName(token.getUsername());
   Session session = SecurityUtils.getSubject().getSession();
   if (user == null) {
     throw new AuthorizationException("用户不存在");
   }
   SimpleAuthenticationInfo info = null;
   if (user.getUsername().equals(token.getUsername())) {
     info = new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), getName());
     session.setAttribute("user", user);
   }
   return info;
 }
  @Override
  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
      throws AuthenticationException {

    UsernamePasswordToken upToken = (UsernamePasswordToken) token;
    String username = upToken.getUsername();

    // Null username is invalid.
    //
    if (username == null) {
      throw new AccountException("Null usernames are not allowed by this realm.");
    }

    // Lookup user.
    //
    UtenteService us = ServiceFactory.createUtenteService();
    Utente utente = us.retrieveByUsername(username);
    if (utente == null)
      throw new UnknownAccountException("No account found for user [" + username + "]");

    // Extract digested password informations.
    //
    String digest = utente.getDigest();
    String salt = utente.getSalt();
    Integer iterations = utente.getIterations();

    // Create authentication info.
    //
    String realm = getName();
    SaltedWithIterationAuthenticationInfo info =
        new SaltedWithIterationAuthenticationInfo(username, digest, realm);

    // Set up digest info.
    //
    info.setIterations(iterations);
    info.setSalt(salt);

    // Set up user details as a secondary principal.
    //
    info.addPrincipal(utente, realm);

    // Always clean up cached authorization after a login.
    //
    clearCachedAuthorizationInfo(info.getPrincipals());

    return info;
  }
 /*
  * 用户验证。
  * @see org.apache.shiro.realm.AuthenticatingRealm#doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)
  */
 @Override
 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
     throws AuthenticationException {
   logger.debug(String.format("token:[%s]", token.getClass()));
   UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token;
   String username = usernamePasswordToken.getUsername(),
       pwd =
           new SimpleHash(
                   "md5",
                   new String(usernamePasswordToken.getPassword()),
                   ByteSource.Util.bytes(username),
                   2)
               .toHex();
   // 交给AuthenticatingRealm使用CredentialsMatcher进行密码匹配。
   return new SimpleAuthenticationInfo(
       username, pwd, ByteSource.Util.bytes(username), this.getName());
 }