| Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
| AllSuccessfulStrategy |
|
| 5.0;5 |
| 1 | /* | |
| 2 | * Licensed to the Apache Software Foundation (ASF) under one | |
| 3 | * or more contributor license agreements. See the NOTICE file | |
| 4 | * distributed with this work for additional information | |
| 5 | * regarding copyright ownership. The ASF licenses this file | |
| 6 | * to you under the Apache License, Version 2.0 (the | |
| 7 | * "License"); you may not use this file except in compliance | |
| 8 | * with the License. You may obtain a copy of the License at | |
| 9 | * | |
| 10 | * http://www.apache.org/licenses/LICENSE-2.0 | |
| 11 | * | |
| 12 | * Unless required by applicable law or agreed to in writing, | |
| 13 | * software distributed under the License is distributed on an | |
| 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
| 15 | * KIND, either express or implied. See the License for the | |
| 16 | * specific language governing permissions and limitations | |
| 17 | * under the License. | |
| 18 | */ | |
| 19 | package org.apache.shiro.authc.pam; | |
| 20 | ||
| 21 | import org.slf4j.Logger; | |
| 22 | import org.slf4j.LoggerFactory; | |
| 23 | ||
| 24 | import org.apache.shiro.authc.AuthenticationException; | |
| 25 | import org.apache.shiro.authc.AuthenticationInfo; | |
| 26 | import org.apache.shiro.authc.AuthenticationToken; | |
| 27 | import org.apache.shiro.authc.UnknownAccountException; | |
| 28 | import org.apache.shiro.realm.Realm; | |
| 29 | ||
| 30 | ||
| 31 | /** | |
| 32 | * <tt>AuthenticationStrategy</tt> implementation that requires <em>all</em> configured realms to | |
| 33 | * <b>successfully</b> process the submitted <tt>AuthenticationToken</tt> during the log-in attempt. | |
| 34 | * <p/> | |
| 35 | * <p>If one or more realms do not support the submitted token, or one or more are unable to acquire | |
| 36 | * <tt>AuthenticationInfo</tt> for the token, this implementation will immediately fail the log-in attempt for the | |
| 37 | * associated subject (user). | |
| 38 | * | |
| 39 | * @since 0.2 | |
| 40 | */ | |
| 41 | 3 | public class AllSuccessfulStrategy extends AbstractAuthenticationStrategy { |
| 42 | ||
| 43 | /** Private class log instance. */ | |
| 44 | 1 | private static final Logger log = LoggerFactory.getLogger(AllSuccessfulStrategy.class); |
| 45 | ||
| 46 | /** | |
| 47 | * Because all realms in this strategy must complete successfully, this implementation ensures that the given | |
| 48 | * <code>Realm</code> {@link org.apache.shiro.realm.Realm#supports(org.apache.shiro.authc.AuthenticationToken) supports} the given | |
| 49 | * <code>token</code> argument. If it does not, this method throws an | |
| 50 | * {@link UnsupportedTokenException UnsupportedTokenException} to end the authentication | |
| 51 | * process immediately. If the realm does support the token, the <code>info</code> argument is returned immediately. | |
| 52 | */ | |
| 53 | public AuthenticationInfo beforeAttempt(Realm realm, AuthenticationToken token, AuthenticationInfo info) throws AuthenticationException { | |
| 54 | 1 | if (!realm.supports(token)) { |
| 55 | 1 | String msg = "Realm [" + realm + "] of type [" + realm.getClass().getName() + "] does not support " + |
| 56 | " the submitted AuthenticationToken [" + token + "]. The [" + getClass().getName() + | |
| 57 | "] implementation requires all configured realm(s) to support and be able to process the submitted " + | |
| 58 | "AuthenticationToken."; | |
| 59 | 1 | throw new UnsupportedTokenException(msg); |
| 60 | } | |
| 61 | ||
| 62 | 0 | return info; |
| 63 | } | |
| 64 | ||
| 65 | /** | |
| 66 | * Merges the specified <code>info</code> into the <code>aggregate</code> argument and returns it (just as the | |
| 67 | * parent implementation does), but additionally ensures the following: | |
| 68 | * <ol> | |
| 69 | * <li>if the <code>Throwable</code> argument is not <code>null</code>, re-throws it to immediately cancel the | |
| 70 | * authentication process, since this strategy requires all realms to authenticate successfully.</li> | |
| 71 | * <li>neither the <code>info</code> or <code>aggregate</code> argument is <code>null</code> to ensure that each | |
| 72 | * realm did in fact authenticate successfully</li> | |
| 73 | * </ol> | |
| 74 | */ | |
| 75 | public AuthenticationInfo afterAttempt(Realm realm, AuthenticationToken token, AuthenticationInfo info, AuthenticationInfo aggregate, Throwable t) | |
| 76 | throws AuthenticationException { | |
| 77 | 0 | if (t != null) { |
| 78 | 0 | if (t instanceof AuthenticationException) { |
| 79 | //propagate: | |
| 80 | 0 | throw ((AuthenticationException) t); |
| 81 | } else { | |
| 82 | 0 | String msg = "Unable to acquire account data from realm [" + realm + "]. The [" + |
| 83 | getClass().getName() + " implementation requires all configured realm(s) to operate successfully " + | |
| 84 | "for a successful authentication."; | |
| 85 | 0 | throw new AuthenticationException(msg, t); |
| 86 | } | |
| 87 | } | |
| 88 | 0 | if (info == null) { |
| 89 | 0 | String msg = "Realm [" + realm + "] could not find any associated account data for the submitted " + |
| 90 | "AuthenticationToken [" + token + "]. The [" + getClass().getName() + "] implementation requires " + | |
| 91 | "all configured realm(s) to acquire valid account data for a submitted token during the " + | |
| 92 | "log-in process."; | |
| 93 | 0 | throw new UnknownAccountException(msg); |
| 94 | } | |
| 95 | ||
| 96 | 0 | log.debug("Account successfully authenticated using realm [{}]", realm); |
| 97 | ||
| 98 | // If non-null account is returned, then the realm was able to authenticate the | |
| 99 | // user - so merge the account with any accumulated before: | |
| 100 | 0 | merge(info, aggregate); |
| 101 | ||
| 102 | 0 | return aggregate; |
| 103 | } | |
| 104 | } |