org.apache.shiro.authc.SimpleAuthenticationInfo Maven / Gradle / Ivy
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.shiro.authc;
import org.apache.shiro.subject.MutablePrincipalCollection;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.util.ByteSource;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
/**
* Simple implementation of the {@link org.apache.shiro.authc.MergableAuthenticationInfo} interface that holds the principals and
* credentials.
*
* @see org.apache.shiro.realm.AuthenticatingRealm
* @since 0.9
*/
public class SimpleAuthenticationInfo implements MergableAuthenticationInfo, SaltedAuthenticationInfo {
/**
* The principals identifying the account associated with this AuthenticationInfo instance.
*/
protected PrincipalCollection principals;
/**
* The credentials verifying the account principals.
*/
protected Object credentials;
/**
* Any salt used in hashing the credentials.
*
* @since 1.1
*/
protected ByteSource credentialsSalt;
/**
* Default no-argument constructor.
*/
public SimpleAuthenticationInfo() {
}
/**
* Constructor that takes in a single 'primary' principal of the account and its corresponding credentials,
* associated with the specified realm.
*
* This is a convenience constructor and will construct a {@link PrincipalCollection PrincipalCollection} based
* on the {@code principal} and {@code realmName} argument.
*
* @param principal the 'primary' principal associated with the specified realm.
* @param credentials the credentials that verify the given principal.
* @param realmName the realm from where the principal and credentials were acquired.
*/
public SimpleAuthenticationInfo(Object principal, Object credentials, String realmName) {
this.principals = new SimplePrincipalCollection(principal, realmName);
this.credentials = credentials;
}
/**
* Constructor that takes in a single 'primary' principal of the account, its corresponding hashed credentials,
* the salt used to hash the credentials, and the name of the realm to associate with the principals.
*
* This is a convenience constructor and will construct a {@link PrincipalCollection PrincipalCollection} based
* on the principal and realmName argument.
*
* @param principal the 'primary' principal associated with the specified realm.
* @param hashedCredentials the hashed credentials that verify the given principal.
* @param credentialsSalt the salt used when hashing the given hashedCredentials
* @param realmName the realm from where the principal and credentials were acquired.
* @see org.apache.shiro.authc.credential.HashedCredentialsMatcher HashedCredentialsMatcher
* @since 1.1
*/
public SimpleAuthenticationInfo(Object principal, Object hashedCredentials, ByteSource credentialsSalt, String realmName) {
this.principals = new SimplePrincipalCollection(principal, realmName);
this.credentials = hashedCredentials;
this.credentialsSalt = credentialsSalt;
}
/**
* Constructor that takes in an account's identifying principal(s) and its corresponding credentials that verify
* the principals.
*
* @param principals a Realm's account's identifying principal(s)
* @param credentials the accounts corresponding principals that verify the principals.
*/
public SimpleAuthenticationInfo(PrincipalCollection principals, Object credentials) {
this.principals = new SimplePrincipalCollection(principals);
this.credentials = credentials;
}
/**
* Constructor that takes in an account's identifying principal(s), hashed credentials used to verify the
* principals, and the salt used when hashing the credentials.
*
* @param principals a Realm's account's identifying principal(s)
* @param hashedCredentials the hashed credentials that verify the principals.
* @param credentialsSalt the salt used when hashing the hashedCredentials.
* @see org.apache.shiro.authc.credential.HashedCredentialsMatcher HashedCredentialsMatcher
* @since 1.1
*/
public SimpleAuthenticationInfo(PrincipalCollection principals, Object hashedCredentials, ByteSource credentialsSalt) {
this.principals = new SimplePrincipalCollection(principals);
this.credentials = hashedCredentials;
this.credentialsSalt = credentialsSalt;
}
public PrincipalCollection getPrincipals() {
return principals;
}
/**
* Sets the identifying principal(s) represented by this instance.
*
* @param principals the indentifying attributes of the corresponding Realm account.
*/
public void setPrincipals(PrincipalCollection principals) {
this.principals = principals;
}
public Object getCredentials() {
return credentials;
}
/**
* Sets the credentials that verify the principals/identity of the associated Realm account.
*
* @param credentials attribute(s) that verify the account's identity/principals, such as a password or private key.
*/
public void setCredentials(Object credentials) {
this.credentials = credentials;
}
/**
* Returns the salt used to hash the credentials, or {@code null} if no salt was used or credentials were not
* hashed at all.
*
* Note that this attribute is NOT handled in the
* {@link #merge(AuthenticationInfo) merge} method - a hash salt is only useful within a single realm (as each
* realm will perform it's own Credentials Matching logic), and once finished in that realm, Shiro has no further
* use for salts. Therefore it doesn't make sense to 'merge' salts in a multi-realm scenario.
*
* @return the salt used to hash the credentials, or {@code null} if no salt was used or credentials were not
* hashed at all.
* @since 1.1
*/
public ByteSource getCredentialsSalt() {
return credentialsSalt;
}
/**
* Sets the salt used to hash the credentials, or {@code null} if no salt was used or credentials were not
* hashed at all.
*
* Note that this attribute is NOT handled in the
* {@link #merge(AuthenticationInfo) merge} method - a hash salt is only useful within a single realm (as each
* realm will perform it's own Credentials Matching logic), and once finished in that realm, Shiro has no further
* use for salts. Therefore it doesn't make sense to 'merge' salts in a multi-realm scenario.
*
* @param salt the salt used to hash the credentials, or {@code null} if no salt was used or credentials were not
* hashed at all.
* @since 1.1
*/
public void setCredentialsSalt(ByteSource salt) {
this.credentialsSalt = salt;
}
/**
* Takes the specified info argument and adds its principals and credentials into this instance.
*
* @param info the AuthenticationInfo to add into this instance.
*/
@SuppressWarnings("unchecked")
public void merge(AuthenticationInfo info) {
if (info == null || info.getPrincipals() == null || info.getPrincipals().isEmpty()) {
return;
}
if (this.principals == null) {
this.principals = info.getPrincipals();
} else {
if (!(this.principals instanceof MutablePrincipalCollection)) {
this.principals = new SimplePrincipalCollection(this.principals);
}
((MutablePrincipalCollection) this.principals).addAll(info.getPrincipals());
}
//only mess with a salt value if we don't have one yet. It doesn't make sense
//to merge salt values from different realms because a salt is used only within
//the realm's credential matching process. But if the current instance's salt
//is null, then it can't hurt to pull in a non-null value if one exists.
//
//since 1.1:
if (this.credentialsSalt == null && info instanceof SaltedAuthenticationInfo) {
this.credentialsSalt = ((SaltedAuthenticationInfo) info).getCredentialsSalt();
}
Object thisCredentials = getCredentials();
Object otherCredentials = info.getCredentials();
if (otherCredentials == null) {
return;
}
if (thisCredentials == null) {
this.credentials = otherCredentials;
return;
}
if (!(thisCredentials instanceof Collection)) {
Set newSet = new HashSet();
newSet.add(thisCredentials);
setCredentials(newSet);
}
// At this point, the credentials should be a collection
Collection credentialCollection = (Collection) getCredentials();
if (otherCredentials instanceof Collection) {
credentialCollection.addAll((Collection) otherCredentials);
} else {
credentialCollection.add(otherCredentials);
}
}
/**
* Returns true if the Object argument is an instanceof SimpleAuthenticationInfo and
* its {@link #getPrincipals() principals} are equal to this instance's principals, false otherwise.
*
* @param o the object to compare for equality.
* @return true if the Object argument is an instanceof SimpleAuthenticationInfo and
* its {@link #getPrincipals() principals} are equal to this instance's principals, false otherwise.
*/
public boolean equals(Object o) {
if (this == o) return true;
if (!(o instanceof SimpleAuthenticationInfo)) return false;
SimpleAuthenticationInfo that = (SimpleAuthenticationInfo) o;
//noinspection RedundantIfStatement
if (principals != null ? !principals.equals(that.principals) : that.principals != null) return false;
return true;
}
/**
* Returns the hashcode of the internal {@link #getPrincipals() principals} instance.
*
* @return the hashcode of the internal {@link #getPrincipals() principals} instance.
*/
public int hashCode() {
return (principals != null ? principals.hashCode() : 0);
}
/**
* Simple implementation that merely returns {@link #getPrincipals() principals}.toString()
*
* @return {@link #getPrincipals() principals}.toString()
*/
public String toString() {
return principals.toString();
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy