| <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en"><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/><link rel="stylesheet" href="../jacoco-resources/report.css" type="text/css"/><link rel="shortcut icon" href="../jacoco-resources/report.gif" type="image/gif"/><title>SimpleCredentialsMatcher.java</title><link rel="stylesheet" href="../jacoco-resources/prettify.css" type="text/css"/><script type="text/javascript" src="../jacoco-resources/prettify.js"></script></head><body onload="window['PR_TAB_WIDTH']=4;prettyPrint()"><div class="breadcrumb" id="breadcrumb"><span class="info"><a href="../jacoco-sessions.html" class="el_session">Sessions</a></span><a href="../index.html" class="el_report">Apache Shiro :: Core</a> > <a href="index.source.html" class="el_package">org.apache.shiro.authc.credential</a> > <span class="el_source">SimpleCredentialsMatcher.java</span></div><h1>SimpleCredentialsMatcher.java</h1><pre class="source lang-java linenums">/* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| package org.apache.shiro.authc.credential; |
| |
| import org.apache.shiro.authc.AuthenticationInfo; |
| import org.apache.shiro.authc.AuthenticationToken; |
| import org.apache.shiro.codec.CodecSupport; |
| import org.slf4j.Logger; |
| import org.slf4j.LoggerFactory; |
| |
| import java.security.MessageDigest; |
| import java.util.Arrays; |
| |
| |
| /** |
| * Simple CredentialsMatcher implementation. Supports direct (plain) comparison for credentials of type |
| * byte[], char[], and Strings, and if the arguments do not match these types, then reverts back to simple |
| * <code>Object.equals</code> comparison. |
| * <p/> |
| * <p>Hashing comparisons (the most common technique used in secure applications) are not supported by this class, but |
| * instead by the {@link org.apache.shiro.authc.credential.HashedCredentialsMatcher HashedCredentialsMatcher}. |
| * |
| * @see org.apache.shiro.authc.credential.HashedCredentialsMatcher |
| * @since 0.9 |
| */ |
| <span class="fc" id="L42">public class SimpleCredentialsMatcher extends CodecSupport implements CredentialsMatcher {</span> |
| |
| <span class="fc" id="L44"> private static final Logger log = LoggerFactory.getLogger(SimpleCredentialsMatcher.class);</span> |
| |
| /** |
| * Returns the {@code token}'s credentials. |
| * <p/> |
| * <p>This default implementation merely returns |
| * {@link AuthenticationToken#getCredentials() authenticationToken.getCredentials()} and exists as a template hook |
| * if subclasses wish to obtain the credentials in a different way or convert them to a different format before |
| * returning. |
| * |
| * @param token the {@code AuthenticationToken} submitted during the authentication attempt. |
| * @return the {@code token}'s associated credentials. |
| */ |
| protected Object getCredentials(AuthenticationToken token) { |
| <span class="fc" id="L58"> return token.getCredentials();</span> |
| } |
| |
| /** |
| * Returns the {@code account}'s credentials. |
| * <p/> |
| * <p>This default implementation merely returns |
| * {@link AuthenticationInfo#getCredentials() account.getCredentials()} and exists as a template hook if subclasses |
| * wish to obtain the credentials in a different way or convert them to a different format before |
| * returning. |
| * |
| * @param info the {@code AuthenticationInfo} stored in the data store to be compared against the submitted authentication |
| * token's credentials. |
| * @return the {@code account}'s associated credentials. |
| */ |
| protected Object getCredentials(AuthenticationInfo info) { |
| <span class="fc" id="L74"> return info.getCredentials();</span> |
| } |
| |
| /** |
| * Returns {@code true} if the {@code tokenCredentials} argument is logically equal to the |
| * {@code accountCredentials} argument. |
| * <p/> |
| * <p>If both arguments are either a byte array (byte[]), char array (char[]) or String, they will be both be |
| * converted to raw byte arrays via the {@link #toBytes toBytes} method first, and then resulting byte arrays |
| * are compared via {@link Arrays#equals(byte[], byte[]) Arrays.equals(byte[],byte[])}.</p> |
| * <p/> |
| * <p>If either argument cannot be converted to a byte array as described, a simple Object <code>equals</code> |
| * comparison is made.</p> |
| * <p/> |
| * <p>Subclasses should override this method for more explicit equality checks. |
| * |
| * @param tokenCredentials the {@code AuthenticationToken}'s associated credentials. |
| * @param accountCredentials the {@code AuthenticationInfo}'s stored credentials. |
| * @return {@code true} if the {@code tokenCredentials} are equal to the {@code accountCredentials}. |
| */ |
| protected boolean equals(Object tokenCredentials, Object accountCredentials) { |
| <span class="pc bpc" id="L95" title="1 of 2 branches missed."> if (log.isDebugEnabled()) {</span> |
| <span class="fc" id="L96"> log.debug("Performing credentials equality check for tokenCredentials of type [" +</span> |
| <span class="fc" id="L97"> tokenCredentials.getClass().getName() + " and accountCredentials of type [" +</span> |
| <span class="fc" id="L98"> accountCredentials.getClass().getName() + "]");</span> |
| } |
| <span class="pc bpc" id="L100" title="2 of 4 branches missed."> if (isByteSource(tokenCredentials) && isByteSource(accountCredentials)) {</span> |
| <span class="pc bpc" id="L101" title="1 of 2 branches missed."> if (log.isDebugEnabled()) {</span> |
| <span class="fc" id="L102"> log.debug("Both credentials arguments can be easily converted to byte arrays. Performing " +</span> |
| "array equals comparison"); |
| } |
| <span class="fc" id="L105"> byte[] tokenBytes = toBytes(tokenCredentials);</span> |
| <span class="fc" id="L106"> byte[] accountBytes = toBytes(accountCredentials);</span> |
| <span class="fc" id="L107"> return MessageDigest.isEqual(tokenBytes, accountBytes);</span> |
| } else { |
| <span class="nc" id="L109"> return accountCredentials.equals(tokenCredentials);</span> |
| } |
| } |
| |
| /** |
| * This implementation acquires the {@code token}'s credentials |
| * (via {@link #getCredentials(AuthenticationToken) getCredentials(token)}) |
| * and then the {@code account}'s credentials |
| * (via {@link #getCredentials(org.apache.shiro.authc.AuthenticationInfo) getCredentials(account)}) and then passes both of |
| * them to the {@link #equals(Object,Object) equals(tokenCredentials, accountCredentials)} method for equality |
| * comparison. |
| * |
| * @param token the {@code AuthenticationToken} submitted during the authentication attempt. |
| * @param info the {@code AuthenticationInfo} stored in the system matching the token principal. |
| * @return {@code true} if the provided token credentials are equal to the stored account credentials, |
| * {@code false} otherwise |
| */ |
| public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) { |
| <span class="fc" id="L127"> Object tokenCredentials = getCredentials(token);</span> |
| <span class="fc" id="L128"> Object accountCredentials = getCredentials(info);</span> |
| <span class="fc" id="L129"> return equals(tokenCredentials, accountCredentials);</span> |
| } |
| |
| } |
| </pre><div class="footer"><span class="right">Created with <a href="http://www.jacoco.org/jacoco">JaCoCo</a> 0.8.3.201901230119</span></div></body></html> |
