/*

  * Licensed to the Apache Software Foundation (ASF) under one

  * or more contributor license agreements.  See the NOTICE file

  * distributed with this work for additional information

  * regarding copyright ownership.  The ASF licenses this file

  * to you under the Apache License, Version 2.0 (the

  * "License"); you may not use this file except in compliance

  * with the License.  You may obtain a copy of the License at

  *

  *     http://www.apache.org/licenses/LICENSE-2.0

  *

  * Unless required by applicable law or agreed to in writing,

  * software distributed under the License is distributed on an

  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

  * KIND, either express or implied.  See the License for the

  * specific language governing permissions and limitations

  * under the License.

  */

 package org.apache.shiro.authc.pam;

 import org.apache.shiro.authc.AuthenticationException;

 import org.apache.shiro.authc.AuthenticationInfo;

 import org.apache.shiro.authc.AuthenticationToken;

 import org.apache.shiro.util.CollectionUtils;

 /**

  * <tt>AuthenticationStrategy</tt> implementation that requires <em>at least one</em> configured realm to

  * successfully process the submitted <tt>AuthenticationToken</tt> during the log-in attempt.

  * <p/>

  * <p>This means any number of configured realms do not have to support the submitted log-in token, or they may

  * be unable to acquire <tt>AuthenticationInfo</tt> for the token, but as long as at least one can do both, this

  * Strategy implementation will allow the log-in process to be successful.

  * <p/>

  * <p>Note that this implementation will aggregate the account data from <em>all</em> successfully consulted

  * realms during the authentication attempt. If you want only the account data from the first successfully

  * consulted realm and want to ignore all subsequent realms, use the

  * {@link FirstSuccessfulStrategy FirstSuccessfulAuthenticationStrategy} instead.

  *

  * @see FirstSuccessfulStrategy FirstSuccessfulAuthenticationStrategy

  * @since 0.2

  */

 public class AtLeastOneSuccessfulStrategy extends AbstractAuthenticationStrategy {

     /**

      * Ensures that the <code>aggregate</code> method argument is not <code>null</code> and

      * <code>aggregate.{@link org.apache.shiro.authc.AuthenticationInfo#getPrincipals() getPrincipals()}</code>

      * is not <code>null</code>, and if either is <code>null</code>, throws an AuthenticationException to indicate

      * that none of the realms authenticated successfully.

      */

     public AuthenticationInfo afterAllAttempts(AuthenticationToken token, AuthenticationInfo aggregate) throws AuthenticationException {

         //we know if one or more were able to succesfully authenticate if the aggregated account object does not

         //contain null or empty data:

         if (aggregate == null || CollectionUtils.isEmpty(aggregate.getPrincipals())) {

             throw new AuthenticationException("Authentication token of type [" + token.getClass() + "] " +

                     "could not be authenticated by any configured realms.  Please ensure that at least one realm can " +

                     "authenticate these tokens.");

         }

         return aggregate;

     }

 }