All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.shiro.biz.authc.credential.DefaultCredentialsMatcher Maven / Gradle / Ivy

There is a newer version: 2.0.0.RELEASE
Show newest version
/*
 * Copyright (c) 2018 (https://github.com/hiwepy).
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License. You may obtain a copy of
 * the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations under
 * the License.
 */
package org.apache.shiro.biz.authc.credential;


import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.ExcessiveAttemptsException;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.codec.CodecSupport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.util.Arrays;
import java.util.concurrent.atomic.AtomicInteger;

/**
 * MD5加密对比, 密码重试限制, 默认是5次
 * @author hiwepy
 */
public class DefaultCredentialsMatcher extends CodecSupport implements CredentialsMatcher {

	private static final Logger LOG = LoggerFactory.getLogger(DefaultCredentialsMatcher.class);
	
	private static final String DEFAULT_CREDENTIALS_RETRY_CACHE_NAME = "SHIRO_CREDENTIALS_RETRY_CACHE";

	private static final int DEFALUE_CREDENTIALS_RETRY_LIMIT = 5;

	protected int retryLimit = DEFALUE_CREDENTIALS_RETRY_LIMIT;

	protected String credentialsRetryCacheName = DEFAULT_CREDENTIALS_RETRY_CACHE_NAME;

	protected CacheManager cacheManager;

	@Override
	public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
		// check retry
		checkCredentialsRetry(token);
		// credentials match
		boolean matches = credentialsMatch(token, info);
		if (matches) {
			cacheManager.getCache(getCredentialsRetryCacheName()).remove(token.getPrincipal());
		}
		return credentialsMatch(token, info);
	}

	//匹配用户输入的token的凭证(未加密)与系统提供的凭证(已加密) 
	protected boolean credentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
		Object tokenCredentials = token.getCredentials();
		Object accountCredentials = info.getCredentials();
		return equals(tokenCredentials, accountCredentials);
	}

	protected boolean equals(Object tokenCredentials, Object accountCredentials) {
		if (LOG.isDebugEnabled()) {
			LOG.debug("Performing credentials equality check for tokenCredentials of type ["
					+ tokenCredentials.getClass().getName() + " and accountCredentials of type ["
					+ accountCredentials.getClass().getName() + "]");
		}
		if (isByteSource(tokenCredentials) && isByteSource(accountCredentials)) {
			if (LOG.isDebugEnabled()) {
				LOG.debug("Both credentials arguments can be easily converted to byte arrays.  Performing "
						+ "array equals comparison");
			}
			byte[] tokenBytes = toBytes(tokenCredentials);
			byte[] accountBytes = toBytes(accountCredentials);
			return Arrays.equals(tokenBytes, accountBytes);
		} else {
			return accountCredentials.equals(tokenCredentials);
		}
	}

	protected void checkCredentialsRetry(AuthenticationToken token) {
		Cache credentialsRetryCache = cacheManager.getCache(getCredentialsRetryCacheName());
		AtomicInteger retryCount = credentialsRetryCache.get(token.getPrincipal());
		if (retryCount == null) {
			retryCount = new AtomicInteger(0);
			credentialsRetryCache.put(token.getPrincipal(), retryCount);
		}
		if (retryCount.incrementAndGet() >= getRetryLimit()) {
			throw new ExcessiveAttemptsException();
		}
	}

	public int getRetryLimit() {
		return retryLimit;
	}

	public void setRetryLimit(int retryLimit) {
		this.retryLimit = retryLimit;
	}

	public String getCredentialsRetryCacheName() {
		return credentialsRetryCacheName;
	}

	public void setCredentialsRetryCacheName(String credentialsRetryCacheName) {
		this.credentialsRetryCacheName = credentialsRetryCacheName;
	}

	public CacheManager getCacheManager() {
		return cacheManager;
	}

	public void setCacheManager(CacheManager cacheManager) {
		this.cacheManager = cacheManager;
	}

}





© 2015 - 2024 Weber Informatics LLC | Privacy Policy