1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 */ 19 package org.apache.shiro.authc.pam; 20 21 import org.apache.shiro.authc.AuthenticationException; 22 import org.apache.shiro.authc.AuthenticationInfo; 23 import org.apache.shiro.authc.AuthenticationToken; 24 import org.apache.shiro.util.CollectionUtils; 25 26 /** 27 * <tt>AuthenticationStrategy</tt> implementation that requires <em>at least one</em> configured realm to 28 * successfully process the submitted <tt>AuthenticationToken</tt> during the log-in attempt. 29 * <p/> 30 * <p>This means any number of configured realms do not have to support the submitted log-in token, or they may 31 * be unable to acquire <tt>AuthenticationInfo</tt> for the token, but as long as at least one can do both, this 32 * Strategy implementation will allow the log-in process to be successful. 33 * <p/> 34 * <p>Note that this implementation will aggregate the account data from <em>all</em> successfully consulted 35 * realms during the authentication attempt. If you want only the account data from the first successfully 36 * consulted realm and want to ignore all subsequent realms, use the 37 * {@link FirstSuccessfulStrategy FirstSuccessfulAuthenticationStrategy} instead. 38 * 39 * @see FirstSuccessfulStrategy FirstSuccessfulAuthenticationStrategy 40 * @since 0.2 41 */ 42 public class AtLeastOneSuccessfulStrategy extends AbstractAuthenticationStrategy { 43 44 /** 45 * Ensures that the <code>aggregate</code> method argument is not <code>null</code> and 46 * <code>aggregate.{@link org.apache.shiro.authc.AuthenticationInfo#getPrincipals() getPrincipals()}</code> 47 * is not <code>null</code>, and if either is <code>null</code>, throws an AuthenticationException to indicate 48 * that none of the realms authenticated successfully. 49 */ 50 public AuthenticationInfo afterAllAttempts(AuthenticationToken token, AuthenticationInfo aggregate) throws AuthenticationException { 51 //we know if one or more were able to succesfully authenticate if the aggregated account object does not 52 //contain null or empty data: 53 if (aggregate == null || CollectionUtils.isEmpty(aggregate.getPrincipals())) { 54 throw new AuthenticationException("Authentication token of type [" + token.getClass() + "] " + 55 "could not be authenticated by any configured realms. Please ensure that at least one realm can " + 56 "authenticate these tokens."); 57 } 58 59 return aggregate; 60 } 61 }