|
||||||||||
| PREV NEXT | FRAMES NO FRAMES | |||||||||
| Packages that use AuthenticationToken | |
|---|---|
| org.apache.shiro.authc | Core interfaces and exceptions concerning Authentication (the act of logging-in). |
| org.apache.shiro.authc.credential | Support for validating credentials (such as passwords or X509 certificates) during
authentication via the CredentialsMatcher
interface and its supporting implementations. |
| org.apache.shiro.authc.pam | Support for PAM, or Pluggable Authentication Modules, which is
the capability to authenticate a user against multiple configurable (pluggable) modules (Shiro
calls these Realms). |
| org.apache.shiro.mgt | Provides the master SecurityManager interface and a default implementation
hierarchy for managing all aspects of Shiro's functionality in an application. |
| org.apache.shiro.realm | Components and sub-packages used in supporting the core Realm interface. |
| org.apache.shiro.realm.activedirectory | Realms that acquire security data from a Microsoft Active Directory. |
| org.apache.shiro.realm.jdbc | Realms that acquire security data from an RDBMS (Relational Database Management System) using the JDBC API. |
| org.apache.shiro.realm.ldap | Realms that acquire security data from an LDAP (Lightweight Directory Access Protocol) server utilizing LDAP/Naming APIs. |
| org.apache.shiro.subject | Components supporting the Subject interface, the most important concept in
Shiro's API. |
| org.apache.shiro.subject.support | Concrete support implementations of most of the org.apache.shiro.subject interfaces. |
| Uses of AuthenticationToken in org.apache.shiro.authc |
|---|
| Subinterfaces of AuthenticationToken in org.apache.shiro.authc | |
|---|---|
interface |
HostAuthenticationToken
A HostAuthenticationToken retains the host information from where
an authentication attempt originates. |
interface |
RememberMeAuthenticationToken
An AuthenticationToken that indicates if the user wishes their identity to be remembered across sessions. |
| Classes in org.apache.shiro.authc that implement AuthenticationToken | |
|---|---|
class |
UsernamePasswordToken
A simple username/password authentication token to support the most widely-used authentication mechanism. |
| Methods in org.apache.shiro.authc with parameters of type AuthenticationToken | |
|---|---|
AuthenticationInfo |
Authenticator.authenticate(AuthenticationToken authenticationToken)
Authenticates a user based on the submitted AuthenticationToken. |
AuthenticationInfo |
AbstractAuthenticator.authenticate(AuthenticationToken token)
Implementation of the Authenticator interface that functions in the following manner:
Calls template doAuthenticate method for subclass execution of the actual
authentication behavior.
If an AuthenticationException is thrown during doAuthenticate,
notify any registered
AuthenticationListeners of the exception and then propogate the exception
for the caller to handle.
If no exception is thrown (indicating a successful login),
notify any registered
AuthenticationListeners of the successful attempt.
Return the AuthenticationInfo
|
protected abstract AuthenticationInfo |
AbstractAuthenticator.doAuthenticate(AuthenticationToken token)
Template design pattern hook for subclasses to implement specific authentication behavior. |
protected void |
AbstractAuthenticator.notifyFailure(AuthenticationToken token,
AuthenticationException ae)
Notifies any registered AuthenticationListeners that
authentication failed for the
specified token which resulted in the specified ae exception. |
protected void |
AbstractAuthenticator.notifySuccess(AuthenticationToken token,
AuthenticationInfo info)
Notifies any registered AuthenticationListeners that
authentication was successful for the specified token which resulted in the specified
info. |
void |
AuthenticationListener.onFailure(AuthenticationToken token,
AuthenticationException ae)
Callback triggered when an authentication attempt for a Subject has failed. |
void |
AuthenticationListener.onSuccess(AuthenticationToken token,
AuthenticationInfo info)
Callback triggered when an authentication attempt for a Subject has succeeded. |
| Uses of AuthenticationToken in org.apache.shiro.authc.credential |
|---|
| Methods in org.apache.shiro.authc.credential with parameters of type AuthenticationToken | |
|---|---|
boolean |
SimpleCredentialsMatcher.doCredentialsMatch(AuthenticationToken token,
AuthenticationInfo info)
This implementation acquires the token's credentials
(via getCredentials(token))
and then the account's credentials
(via getCredentials(account)) and then passes both of
them to the equals(tokenCredentials, accountCredentials) method for equality
comparison. |
boolean |
PasswordMatcher.doCredentialsMatch(AuthenticationToken token,
AuthenticationInfo info)
|
boolean |
HashedCredentialsMatcher.doCredentialsMatch(AuthenticationToken token,
AuthenticationInfo info)
This implementation first hashes the token's credentials, potentially using a
salt if the info argument is a
SaltedAuthenticationInfo. |
boolean |
CredentialsMatcher.doCredentialsMatch(AuthenticationToken token,
AuthenticationInfo info)
Returns true if the provided token credentials match the stored account credentials,
false otherwise. |
boolean |
AllowAllCredentialsMatcher.doCredentialsMatch(AuthenticationToken token,
AuthenticationInfo info)
Returns true always no matter what the method arguments are. |
protected Object |
SimpleCredentialsMatcher.getCredentials(AuthenticationToken token)
Returns the token's credentials. |
protected Object |
HashedCredentialsMatcher.getSalt(AuthenticationToken token)
Deprecated. since Shiro 1.1. Hash salting is now expected to be based on if the AuthenticationInfo
returned from the Realm is a SaltedAuthenticationInfo instance and its
getCredentialsSalt() method returns a non-null value.
This method and the 1.0 behavior still exists for backwards compatibility if the Realm does not return
SaltedAuthenticationInfo instances, but it is highly recommended that Realm implementations
that support hashed credentials start returning SaltedAuthenticationInfo
instances as soon as possible.
This is because salts should always be obtained from the stored account information and
never be interpreted based on user/Subject-entered data. User-entered data is easier to compromise for
attackers, whereas account-unique (and secure randomly-generated) salts never disseminated to the end-user
are almost impossible to break. This method will be removed in Shiro 2.0. |
protected Object |
PasswordMatcher.getSubmittedPassword(AuthenticationToken token)
|
protected Object |
HashedCredentialsMatcher.hashProvidedCredentials(AuthenticationToken token,
AuthenticationInfo info)
Hash the provided token's credentials using the salt stored with the account if the
info instance is an instanceof SaltedAuthenticationInfo (see
the class-level JavaDoc for why this is the preferred approach). |
| Uses of AuthenticationToken in org.apache.shiro.authc.pam |
|---|
| Methods in org.apache.shiro.authc.pam with parameters of type AuthenticationToken | |
|---|---|
AuthenticationInfo |
AuthenticationStrategy.afterAllAttempts(AuthenticationToken token,
AuthenticationInfo aggregate)
Method invoked by the ModularAuthenticator signifying that all of its configured Realms have been consulted for account data, allowing post-proccessing after all realms have completed. |
AuthenticationInfo |
AtLeastOneSuccessfulStrategy.afterAllAttempts(AuthenticationToken token,
AuthenticationInfo aggregate)
Ensures that the aggregate method argument is not null and
aggregate.
is not null, and if either is null, throws an AuthenticationException to indicate
that none of the realms authenticated successfully. |
AuthenticationInfo |
AbstractAuthenticationStrategy.afterAllAttempts(AuthenticationToken token,
AuthenticationInfo aggregate)
Simply returns the aggregate argument without modification. |
AuthenticationInfo |
AuthenticationStrategy.afterAttempt(Realm realm,
AuthenticationToken token,
AuthenticationInfo singleRealmInfo,
AuthenticationInfo aggregateInfo,
Throwable t)
Method invoked by the ModularAuthenticator just after the given realm has been consulted for authentication, allowing post-authentication-attempt logic for that realm only. |
AuthenticationInfo |
AllSuccessfulStrategy.afterAttempt(Realm realm,
AuthenticationToken token,
AuthenticationInfo info,
AuthenticationInfo aggregate,
Throwable t)
Merges the specified info into the aggregate argument and returns it (just as the
parent implementation does), but additionally ensures the following:
if the Throwable argument is not null, re-throws it to immediately cancel the
authentication process, since this strategy requires all realms to authenticate successfully.
neither the info or aggregate argument is null to ensure that each
realm did in fact authenticate successfully
|
AuthenticationInfo |
AbstractAuthenticationStrategy.afterAttempt(Realm realm,
AuthenticationToken token,
AuthenticationInfo singleRealmInfo,
AuthenticationInfo aggregateInfo,
Throwable t)
Base implementation that will aggregate the specified singleRealmInfo into the
aggregateInfo and then returns the aggregate. |
AuthenticationInfo |
FirstSuccessfulStrategy.beforeAllAttempts(Collection<? extends Realm> realms,
AuthenticationToken token)
Returns null immediately, relying on this class's merge implementation to return
only the first info object it encounters, ignoring all subsequent ones. |
AuthenticationInfo |
AuthenticationStrategy.beforeAllAttempts(Collection<? extends Realm> realms,
AuthenticationToken token)
Method invoked by the ModularAuthenticator signifying that the authentication process is about to begin for the specified token - called before any Realm is actually invoked. |
AuthenticationInfo |
AbstractAuthenticationStrategy.beforeAllAttempts(Collection<? extends Realm> realms,
AuthenticationToken token)
Simply returns new , which supports
aggregating account data across realms. |
AuthenticationInfo |
AuthenticationStrategy.beforeAttempt(Realm realm,
AuthenticationToken token,
AuthenticationInfo aggregate)
Method invoked by the ModularAuthenticator just prior to the realm being consulted for account data, allowing pre-authentication-attempt logic for that realm only. |
AuthenticationInfo |
AllSuccessfulStrategy.beforeAttempt(Realm realm,
AuthenticationToken token,
AuthenticationInfo info)
Because all realms in this strategy must complete successfully, this implementation ensures that the given Realm supports the given
token argument. |
AuthenticationInfo |
AbstractAuthenticationStrategy.beforeAttempt(Realm realm,
AuthenticationToken token,
AuthenticationInfo aggregate)
Simply returns the aggregate method argument, without modification. |
protected AuthenticationInfo |
ModularRealmAuthenticator.doAuthenticate(AuthenticationToken authenticationToken)
Attempts to authenticate the given token by iterating over the internal collection of Realms. |
protected AuthenticationInfo |
ModularRealmAuthenticator.doMultiRealmAuthentication(Collection<Realm> realms,
AuthenticationToken token)
Performs the multi-realm authentication attempt by calling back to a AuthenticationStrategy object
as each realm is consulted for AuthenticationInfo for the specified token. |
protected AuthenticationInfo |
ModularRealmAuthenticator.doSingleRealmAuthentication(Realm realm,
AuthenticationToken token)
Performs the authentication attempt by interacting with the single configured realm, which is significantly simpler than performing multi-realm logic. |
| Uses of AuthenticationToken in org.apache.shiro.mgt |
|---|
| Methods in org.apache.shiro.mgt with parameters of type AuthenticationToken | |
|---|---|
AuthenticationInfo |
AuthenticatingSecurityManager.authenticate(AuthenticationToken token)
Delegates to the wrapped Authenticator for authentication. |
protected Subject |
DefaultSecurityManager.createSubject(AuthenticationToken token,
AuthenticationInfo info,
Subject existing)
Creates a Subject instance for the user represented by the given method arguments. |
protected boolean |
AbstractRememberMeManager.isRememberMe(AuthenticationToken token)
Determines whether or not remember me services should be performed for the specified token. |
Subject |
SecurityManager.login(Subject subject,
AuthenticationToken authenticationToken)
Logs in the specified Subject using the given authenticationToken, returning an updated Subject
instance reflecting the authenticated state if successful or throwing AuthenticationException if it is
not. |
Subject |
DefaultSecurityManager.login(Subject subject,
AuthenticationToken token)
First authenticates the AuthenticationToken argument, and if successful, constructs a
Subject instance representing the authenticated account's identity. |
protected void |
DefaultSecurityManager.onFailedLogin(AuthenticationToken token,
AuthenticationException ae,
Subject subject)
|
void |
RememberMeManager.onFailedLogin(Subject subject,
AuthenticationToken token,
AuthenticationException ae)
Reacts to a failed authentication attempt, typically by forgetting any previously remembered principals for the Subject. |
void |
AbstractRememberMeManager.onFailedLogin(Subject subject,
AuthenticationToken token,
AuthenticationException ae)
Reacts to a failed login by immediately forgetting any
previously remembered identity. |
protected void |
DefaultSecurityManager.onSuccessfulLogin(AuthenticationToken token,
AuthenticationInfo info,
Subject subject)
|
void |
RememberMeManager.onSuccessfulLogin(Subject subject,
AuthenticationToken token,
AuthenticationInfo info)
Reacts to a successful authentication attempt, typically saving the principals to be retrieved ('remembered') for future system access. |
void |
AbstractRememberMeManager.onSuccessfulLogin(Subject subject,
AuthenticationToken token,
AuthenticationInfo info)
Reacts to the successful login attempt by first always forgetting any previously
stored identity. |
void |
AbstractRememberMeManager.rememberIdentity(Subject subject,
AuthenticationToken token,
AuthenticationInfo authcInfo)
Remembers a subject-unique identity for retrieval later. |
protected void |
DefaultSecurityManager.rememberMeFailedLogin(AuthenticationToken token,
AuthenticationException ex,
Subject subject)
|
protected void |
DefaultSecurityManager.rememberMeSuccessfulLogin(AuthenticationToken token,
AuthenticationInfo info,
Subject subject)
|
| Uses of AuthenticationToken in org.apache.shiro.realm |
|---|
| Methods in org.apache.shiro.realm with parameters of type AuthenticationToken | |
|---|---|
protected void |
AuthenticatingRealm.assertCredentialsMatch(AuthenticationToken token,
AuthenticationInfo info)
Asserts that the submitted AuthenticationToken's credentials match the stored account
AuthenticationInfo's credentials, and if not, throws an AuthenticationException. |
protected AuthenticationInfo |
SimpleAccountRealm.doGetAuthenticationInfo(AuthenticationToken token)
|
protected abstract AuthenticationInfo |
AuthenticatingRealm.doGetAuthenticationInfo(AuthenticationToken token)
Retrieves authentication data from an implementation-specific datasource (RDBMS, LDAP, etc) for the given authentication token. |
protected Object |
AuthenticatingRealm.getAuthenticationCacheKey(AuthenticationToken token)
Returns the key under which AuthenticationInfo instances are cached if authentication caching is enabled. |
AuthenticationInfo |
Realm.getAuthenticationInfo(AuthenticationToken token)
Returns an account's authentication-specific information for the specified token, or null if no account could be found based on the token. |
AuthenticationInfo |
AuthenticatingRealm.getAuthenticationInfo(AuthenticationToken token)
This implementation functions as follows: It attempts to acquire any cached AuthenticationInfo corresponding to the specified
AuthenticationToken argument. |
protected boolean |
AuthenticatingRealm.isAuthenticationCachingEnabled(AuthenticationToken token,
AuthenticationInfo info)
Returns true if authentication caching should be utilized based on the specified
AuthenticationToken and/or AuthenticationInfo, false otherwise. |
boolean |
Realm.supports(AuthenticationToken token)
Returns true if this realm wishes to authenticate the Subject represented by the given AuthenticationToken instance, false otherwise. |
boolean |
AuthenticatingRealm.supports(AuthenticationToken token)
Convenience implementation that returns getAuthenticationTokenClass().isAssignableFrom( token.getClass() );. |
| Method parameters in org.apache.shiro.realm with type arguments of type AuthenticationToken | |
|---|---|
void |
AuthenticatingRealm.setAuthenticationTokenClass(Class<? extends AuthenticationToken> authenticationTokenClass)
Sets the authenticationToken class supported by this realm. |
| Uses of AuthenticationToken in org.apache.shiro.realm.activedirectory |
|---|
| Methods in org.apache.shiro.realm.activedirectory with parameters of type AuthenticationToken | |
|---|---|
protected AuthenticationInfo |
ActiveDirectoryRealm.queryForAuthenticationInfo(AuthenticationToken token,
LdapContextFactory ldapContextFactory)
Builds an AuthenticationInfo object by querying the active directory LDAP context for the
specified username. |
| Uses of AuthenticationToken in org.apache.shiro.realm.jdbc |
|---|
| Methods in org.apache.shiro.realm.jdbc with parameters of type AuthenticationToken | |
|---|---|
protected AuthenticationInfo |
JdbcRealm.doGetAuthenticationInfo(AuthenticationToken token)
|
| Uses of AuthenticationToken in org.apache.shiro.realm.ldap |
|---|
| Methods in org.apache.shiro.realm.ldap with parameters of type AuthenticationToken | |
|---|---|
protected AuthenticationInfo |
JndiLdapRealm.createAuthenticationInfo(AuthenticationToken token,
Object ldapPrincipal,
Object ldapCredentials,
LdapContext ldapContext)
Returns the AuthenticationInfo resulting from a Subject's successful LDAP authentication attempt. |
protected AuthenticationInfo |
JndiLdapRealm.doGetAuthenticationInfo(AuthenticationToken token)
Delegates to JndiLdapRealm.queryForAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken, LdapContextFactory),
wrapping any NamingExceptions in a Shiro AuthenticationException to satisfy the parent method
signature. |
protected AuthenticationInfo |
AbstractLdapRealm.doGetAuthenticationInfo(AuthenticationToken token)
|
protected Object |
JndiLdapRealm.getLdapPrincipal(AuthenticationToken token)
Returns the principal to use when creating the LDAP connection for an authentication attempt. |
protected AuthenticationInfo |
JndiLdapRealm.queryForAuthenticationInfo(AuthenticationToken token,
LdapContextFactory ldapContextFactory)
This implementation opens an LDAP connection using the token's discovered principal and provided
credentials. |
protected abstract AuthenticationInfo |
AbstractLdapRealm.queryForAuthenticationInfo(AuthenticationToken token,
LdapContextFactory ldapContextFactory)
Abstract method that should be implemented by subclasses to builds an AuthenticationInfo object by querying the LDAP context for the
specified username. |
| Uses of AuthenticationToken in org.apache.shiro.subject |
|---|
| Methods in org.apache.shiro.subject that return AuthenticationToken | |
|---|---|
AuthenticationToken |
SubjectContext.getAuthenticationToken()
|
| Methods in org.apache.shiro.subject with parameters of type AuthenticationToken | |
|---|---|
void |
Subject.login(AuthenticationToken token)
Performs a login attempt for this Subject/user. |
void |
SubjectContext.setAuthenticationToken(AuthenticationToken token)
|
| Uses of AuthenticationToken in org.apache.shiro.subject.support |
|---|
| Methods in org.apache.shiro.subject.support that return AuthenticationToken | |
|---|---|
AuthenticationToken |
DefaultSubjectContext.getAuthenticationToken()
|
| Methods in org.apache.shiro.subject.support with parameters of type AuthenticationToken | |
|---|---|
void |
DelegatingSubject.login(AuthenticationToken token)
|
void |
DefaultSubjectContext.setAuthenticationToken(AuthenticationToken token)
|
|
||||||||||
| PREV NEXT | FRAMES NO FRAMES | |||||||||