Google Git
Sign in
apache / shiro-site / 01016f43374d9b054f3ea1e568b015d5d69428f9 / . / src / site / assets / static / 1.7.0 / shiro-core / apidocs / src-html / org / apache / shiro / realm / AuthenticatingRealm.html
blob: bc10516ca0583aeb8aa4f069fbf98b09ce1d7804 [file] [log] [blame]
<!DOCTYPE HTML>
<html lang="fr">
<head>
<title>Source code</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="Style">
</head>
<body>
<main role="main">
<div class="sourceContainer">
<pre><span class="sourceLineNo">001</span><a id="line.1">/*</a>
<span class="sourceLineNo">002</span><a id="line.2"> * Licensed to the Apache Software Foundation (ASF) under one</a>
<span class="sourceLineNo">003</span><a id="line.3"> * or more contributor license agreements. See the NOTICE file</a>
<span class="sourceLineNo">004</span><a id="line.4"> * distributed with this work for additional information</a>
<span class="sourceLineNo">005</span><a id="line.5"> * regarding copyright ownership. The ASF licenses this file</a>
<span class="sourceLineNo">006</span><a id="line.6"> * to you under the Apache License, Version 2.0 (the</a>
<span class="sourceLineNo">007</span><a id="line.7"> * "License"); you may not use this file except in compliance</a>
<span class="sourceLineNo">008</span><a id="line.8"> * with the License. You may obtain a copy of the License at</a>
<span class="sourceLineNo">009</span><a id="line.9"> *</a>
<span class="sourceLineNo">010</span><a id="line.10"> * http://www.apache.org/licenses/LICENSE-2.0</a>
<span class="sourceLineNo">011</span><a id="line.11"> *</a>
<span class="sourceLineNo">012</span><a id="line.12"> * Unless required by applicable law or agreed to in writing,</a>
<span class="sourceLineNo">013</span><a id="line.13"> * software distributed under the License is distributed on an</a>
<span class="sourceLineNo">014</span><a id="line.14"> * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY</a>
<span class="sourceLineNo">015</span><a id="line.15"> * KIND, either express or implied. See the License for the</a>
<span class="sourceLineNo">016</span><a id="line.16"> * specific language governing permissions and limitations</a>
<span class="sourceLineNo">017</span><a id="line.17"> * under the License.</a>
<span class="sourceLineNo">018</span><a id="line.18"> */</a>
<span class="sourceLineNo">019</span><a id="line.19">package org.apache.shiro.realm;</a>
<span class="sourceLineNo">020</span><a id="line.20"></a>
<span class="sourceLineNo">021</span><a id="line.21">import org.apache.shiro.authc.AuthenticationException;</a>
<span class="sourceLineNo">022</span><a id="line.22">import org.apache.shiro.authc.AuthenticationInfo;</a>
<span class="sourceLineNo">023</span><a id="line.23">import org.apache.shiro.authc.AuthenticationToken;</a>
<span class="sourceLineNo">024</span><a id="line.24">import org.apache.shiro.authc.IncorrectCredentialsException;</a>
<span class="sourceLineNo">025</span><a id="line.25">import org.apache.shiro.authc.UsernamePasswordToken;</a>
<span class="sourceLineNo">026</span><a id="line.26">import org.apache.shiro.authc.credential.AllowAllCredentialsMatcher;</a>
<span class="sourceLineNo">027</span><a id="line.27">import org.apache.shiro.authc.credential.CredentialsMatcher;</a>
<span class="sourceLineNo">028</span><a id="line.28">import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;</a>
<span class="sourceLineNo">029</span><a id="line.29">import org.apache.shiro.cache.Cache;</a>
<span class="sourceLineNo">030</span><a id="line.30">import org.apache.shiro.cache.CacheManager;</a>
<span class="sourceLineNo">031</span><a id="line.31">import org.apache.shiro.subject.PrincipalCollection;</a>
<span class="sourceLineNo">032</span><a id="line.32">import org.apache.shiro.util.Initializable;</a>
<span class="sourceLineNo">033</span><a id="line.33">import org.slf4j.Logger;</a>
<span class="sourceLineNo">034</span><a id="line.34">import org.slf4j.LoggerFactory;</a>
<span class="sourceLineNo">035</span><a id="line.35"></a>
<span class="sourceLineNo">036</span><a id="line.36">import java.util.concurrent.atomic.AtomicInteger;</a>
<span class="sourceLineNo">037</span><a id="line.37"></a>
<span class="sourceLineNo">038</span><a id="line.38"></a>
<span class="sourceLineNo">039</span><a id="line.39">/**</a>
<span class="sourceLineNo">040</span><a id="line.40"> * A top-level abstract implementation of the &lt;tt&gt;Realm&lt;/tt&gt; interface that only implements authentication support</a>
<span class="sourceLineNo">041</span><a id="line.41"> * (log-in) operations and leaves authorization (access control) behavior to subclasses.</a>
<span class="sourceLineNo">042</span><a id="line.42"> * &lt;h2&gt;Authentication Caching&lt;/h2&gt;</a>
<span class="sourceLineNo">043</span><a id="line.43"> * For applications that perform frequent repeated authentication of the same accounts (e.g. as is often done in</a>
<span class="sourceLineNo">044</span><a id="line.44"> * REST or Soap applications that authenticate on every request), it might be prudent to enable authentication</a>
<span class="sourceLineNo">045</span><a id="line.45"> * caching to alleviate constant load on any back-end data sources.</a>
<span class="sourceLineNo">046</span><a id="line.46"> * &lt;p/&gt;</a>
<span class="sourceLineNo">047</span><a id="line.47"> * This feature is disabled by default to retain backwards-compatibility with Shiro 1.1 and earlier. It may be</a>
<span class="sourceLineNo">048</span><a id="line.48"> * enabled by setting {@link #setAuthenticationCachingEnabled(boolean) authenticationCachingEnabled} = {@code true}</a>
<span class="sourceLineNo">049</span><a id="line.49"> * (and configuring Shiro with a {@link CacheManager} of course), but &lt;b&gt;NOTE:&lt;/b&gt;</a>
<span class="sourceLineNo">050</span><a id="line.50"> * &lt;p/&gt;</a>
<span class="sourceLineNo">051</span><a id="line.51"> * &lt;b&gt;ONLY enable authentication caching if either of the following is true for your realm implementation:&lt;/b&gt;</a>
<span class="sourceLineNo">052</span><a id="line.52"> * &lt;ul&gt;</a>
<span class="sourceLineNo">053</span><a id="line.53"> * &lt;li&gt;The {@link #doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken) doGetAuthenticationInfo}</a>
<span class="sourceLineNo">054</span><a id="line.54"> * implementation returns {@code AuthenticationInfo} instances where the</a>
<span class="sourceLineNo">055</span><a id="line.55"> * {@link org.apache.shiro.authc.AuthenticationInfo#getCredentials() credentials} are securely obfuscated and NOT</a>
<span class="sourceLineNo">056</span><a id="line.56"> * plaintext (raw) credentials. For example,</a>
<span class="sourceLineNo">057</span><a id="line.57"> * if your realm references accounts with passwords, that the {@code AuthenticationInfo}'s</a>
<span class="sourceLineNo">058</span><a id="line.58"> * {@link org.apache.shiro.authc.AuthenticationInfo#getCredentials() credentials} are safely hashed and salted or otherwise</a>
<span class="sourceLineNo">059</span><a id="line.59"> * fully encrypted.&lt;br/&gt;&lt;br/&gt;&lt;/li&gt;</a>
<span class="sourceLineNo">060</span><a id="line.60"> * &lt;li&gt;The {@link #doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken) doGetAuthenticationInfo}</a>
<span class="sourceLineNo">061</span><a id="line.61"> * implementation returns {@code AuthenticationInfo} instances where the</a>
<span class="sourceLineNo">062</span><a id="line.62"> * {@link org.apache.shiro.authc.AuthenticationInfo#getCredentials() credentials} are plaintext (raw) &lt;b&gt;AND&lt;/b&gt; the</a>
<span class="sourceLineNo">063</span><a id="line.63"> * cache region storing the {@code AuthenticationInfo} instances WILL NOT overflow to disk and WILL NOT transmit cache</a>
<span class="sourceLineNo">064</span><a id="line.64"> * entries over an unprotected (non TLS/SSL) network (as might be the case with a networked/distributed enterprise cache).</a>
<span class="sourceLineNo">065</span><a id="line.65"> * This should be the case even in private/trusted/corporate networks.&lt;/li&gt;</a>
<span class="sourceLineNo">066</span><a id="line.66"> * &lt;/ul&gt;</a>
<span class="sourceLineNo">067</span><a id="line.67"> * &lt;p/&gt;</a>
<span class="sourceLineNo">068</span><a id="line.68"> * These points are very important because if authentication caching is enabled, this abstract class implementation</a>
<span class="sourceLineNo">069</span><a id="line.69"> * will place AuthenticationInfo instances returned from the subclass implementations directly into the cache, for</a>
<span class="sourceLineNo">070</span><a id="line.70"> * example:</a>
<span class="sourceLineNo">071</span><a id="line.71"> * &lt;pre&gt;</a>
<span class="sourceLineNo">072</span><a id="line.72"> * cache.put(cacheKey, subclassAuthenticationInfoInstance);</a>
<span class="sourceLineNo">073</span><a id="line.73"> * &lt;/pre&gt;</a>
<span class="sourceLineNo">074</span><a id="line.74"> * &lt;p/&gt;</a>
<span class="sourceLineNo">075</span><a id="line.75"> * Enabling authentication caching is ONLY safe to do if the above two scenarios apply. It is NOT safe to enable under</a>
<span class="sourceLineNo">076</span><a id="line.76"> * any other scenario.</a>
<span class="sourceLineNo">077</span><a id="line.77"> * &lt;p/&gt;</a>
<span class="sourceLineNo">078</span><a id="line.78"> * When possible, always represent and store credentials in a safe form (hash+salt or encrypted) to eliminate plaintext</a>
<span class="sourceLineNo">079</span><a id="line.79"> * visibility.</a>
<span class="sourceLineNo">080</span><a id="line.80"> * &lt;h3&gt;Authentication Cache Invalidation on Logout&lt;/h3&gt;</a>
<span class="sourceLineNo">081</span><a id="line.81"> * If authentication caching is enabled, this implementation will attempt to evict (remove) cached authentication data</a>
<span class="sourceLineNo">082</span><a id="line.82"> * for an account during logout. This can only occur if the</a>
<span class="sourceLineNo">083</span><a id="line.83"> * {@link #getAuthenticationCacheKey(org.apache.shiro.authc.AuthenticationToken)} and</a>
<span class="sourceLineNo">084</span><a id="line.84"> * {@link #getAuthenticationCacheKey(org.apache.shiro.subject.PrincipalCollection)} methods return the exact same value.</a>
<span class="sourceLineNo">085</span><a id="line.85"> * &lt;p/&gt;</a>
<span class="sourceLineNo">086</span><a id="line.86"> * The default implementations of these methods expect that the</a>
<span class="sourceLineNo">087</span><a id="line.87"> * {@link org.apache.shiro.authc.AuthenticationToken#getPrincipal()} (what the user submits during login) and</a>
<span class="sourceLineNo">088</span><a id="line.88"> * {@link #getAvailablePrincipal(org.apache.shiro.subject.PrincipalCollection) getAvailablePrincipal} (what is returned</a>
<span class="sourceLineNo">089</span><a id="line.89"> * by the realm after account lookup) return</a>
<span class="sourceLineNo">090</span><a id="line.90"> * the same exact value. For example, the user submitted username is also the primary account identifier.</a>
<span class="sourceLineNo">091</span><a id="line.91"> * &lt;p/&gt;</a>
<span class="sourceLineNo">092</span><a id="line.92"> * However, if your application uses, say, a username for end-user login, but returns a primary key ID as the</a>
<span class="sourceLineNo">093</span><a id="line.93"> * primary principal after authentication, then you will need to override either</a>
<span class="sourceLineNo">094</span><a id="line.94"> * {@link #getAuthenticationCacheKey(org.apache.shiro.authc.AuthenticationToken) getAuthenticationCacheKey(token)} or</a>
<span class="sourceLineNo">095</span><a id="line.95"> * {@link #getAuthenticationCacheKey(org.apache.shiro.subject.PrincipalCollection) getAuthenticationCacheKey(principals)}</a>
<span class="sourceLineNo">096</span><a id="line.96"> * (or both) to ensure that the same cache key can be used for either object.</a>
<span class="sourceLineNo">097</span><a id="line.97"> * &lt;p/&gt;</a>
<span class="sourceLineNo">098</span><a id="line.98"> * This guarantees that the same cache key used to cache the data during authentication (derived from the</a>
<span class="sourceLineNo">099</span><a id="line.99"> * {@code AuthenticationToken}) will be used to remove the cached data during logout (derived from the</a>
<span class="sourceLineNo">100</span><a id="line.100"> * {@code PrincipalCollection}).</a>
<span class="sourceLineNo">101</span><a id="line.101"> * &lt;h4&gt;Unmatching Cache Key Values&lt;/h4&gt;</a>
<span class="sourceLineNo">102</span><a id="line.102"> * If the return values from {@link #getAuthenticationCacheKey(org.apache.shiro.authc.AuthenticationToken)} and</a>
<span class="sourceLineNo">103</span><a id="line.103"> * {@link #getAuthenticationCacheKey(org.apache.shiro.subject.PrincipalCollection)} are not identical, cached</a>
<span class="sourceLineNo">104</span><a id="line.104"> * authentication data removal is at the mercy of your cache provider settings. For example, often cache</a>
<span class="sourceLineNo">105</span><a id="line.105"> * implementations will evict cache entries based on a timeToIdle or timeToLive (TTL) value.</a>
<span class="sourceLineNo">106</span><a id="line.106"> * &lt;p/&gt;</a>
<span class="sourceLineNo">107</span><a id="line.107"> * If this lazy eviction capability of the cache product is not sufficient and you want discrete behavior</a>
<span class="sourceLineNo">108</span><a id="line.108"> * (highly recommended for authentication data), ensure that the return values from those two methods are identical in</a>
<span class="sourceLineNo">109</span><a id="line.109"> * the subclass implementation.</a>
<span class="sourceLineNo">110</span><a id="line.110"> *</a>
<span class="sourceLineNo">111</span><a id="line.111"> * @since 0.2</a>
<span class="sourceLineNo">112</span><a id="line.112"> */</a>
<span class="sourceLineNo">113</span><a id="line.113">public abstract class AuthenticatingRealm extends CachingRealm implements Initializable {</a>
<span class="sourceLineNo">114</span><a id="line.114"></a>
<span class="sourceLineNo">115</span><a id="line.115"> //TODO - complete JavaDoc</a>
<span class="sourceLineNo">116</span><a id="line.116"></a>
<span class="sourceLineNo">117</span><a id="line.117"> private static final Logger log = LoggerFactory.getLogger(AuthenticatingRealm.class);</a>
<span class="sourceLineNo">118</span><a id="line.118"></a>
<span class="sourceLineNo">119</span><a id="line.119"> private static final AtomicInteger INSTANCE_COUNT = new AtomicInteger();</a>
<span class="sourceLineNo">120</span><a id="line.120"></a>
<span class="sourceLineNo">121</span><a id="line.121"> /**</a>
<span class="sourceLineNo">122</span><a id="line.122"> * The default suffix appended to the realm name used for caching authentication data.</a>
<span class="sourceLineNo">123</span><a id="line.123"> *</a>
<span class="sourceLineNo">124</span><a id="line.124"> * @since 1.2</a>
<span class="sourceLineNo">125</span><a id="line.125"> */</a>
<span class="sourceLineNo">126</span><a id="line.126"> private static final String DEFAULT_AUTHENTICATION_CACHE_SUFFIX = ".authenticationCache";</a>
<span class="sourceLineNo">127</span><a id="line.127"></a>
<span class="sourceLineNo">128</span><a id="line.128"> /**</a>
<span class="sourceLineNo">129</span><a id="line.129"> * Credentials matcher used to determine if the provided credentials match the credentials stored in the data store.</a>
<span class="sourceLineNo">130</span><a id="line.130"> */</a>
<span class="sourceLineNo">131</span><a id="line.131"> private CredentialsMatcher credentialsMatcher;</a>
<span class="sourceLineNo">132</span><a id="line.132"></a>
<span class="sourceLineNo">133</span><a id="line.133"></a>
<span class="sourceLineNo">134</span><a id="line.134"> private Cache&lt;Object, AuthenticationInfo&gt; authenticationCache;</a>
<span class="sourceLineNo">135</span><a id="line.135"></a>
<span class="sourceLineNo">136</span><a id="line.136"> private boolean authenticationCachingEnabled;</a>
<span class="sourceLineNo">137</span><a id="line.137"> private String authenticationCacheName;</a>
<span class="sourceLineNo">138</span><a id="line.138"></a>
<span class="sourceLineNo">139</span><a id="line.139"> /**</a>
<span class="sourceLineNo">140</span><a id="line.140"> * The class that this realm supports for authentication tokens. This is used by the</a>
<span class="sourceLineNo">141</span><a id="line.141"> * default implementation of the {@link Realm#supports(org.apache.shiro.authc.AuthenticationToken)} method to</a>
<span class="sourceLineNo">142</span><a id="line.142"> * determine whether or not the given authentication token is supported by this realm.</a>
<span class="sourceLineNo">143</span><a id="line.143"> */</a>
<span class="sourceLineNo">144</span><a id="line.144"> private Class&lt;? extends AuthenticationToken&gt; authenticationTokenClass;</a>
<span class="sourceLineNo">145</span><a id="line.145"></a>
<span class="sourceLineNo">146</span><a id="line.146"> /*-------------------------------------------</a>
<span class="sourceLineNo">147</span><a id="line.147"> | C O N S T R U C T O R S |</a>
<span class="sourceLineNo">148</span><a id="line.148"> ============================================*/</a>
<span class="sourceLineNo">149</span><a id="line.149"> public AuthenticatingRealm() {</a>
<span class="sourceLineNo">150</span><a id="line.150"> this(null, new SimpleCredentialsMatcher());</a>
<span class="sourceLineNo">151</span><a id="line.151"> }</a>
<span class="sourceLineNo">152</span><a id="line.152"></a>
<span class="sourceLineNo">153</span><a id="line.153"> public AuthenticatingRealm(CacheManager cacheManager) {</a>
<span class="sourceLineNo">154</span><a id="line.154"> this(cacheManager, new SimpleCredentialsMatcher());</a>
<span class="sourceLineNo">155</span><a id="line.155"> }</a>
<span class="sourceLineNo">156</span><a id="line.156"></a>
<span class="sourceLineNo">157</span><a id="line.157"> public AuthenticatingRealm(CredentialsMatcher matcher) {</a>
<span class="sourceLineNo">158</span><a id="line.158"> this(null, matcher);</a>
<span class="sourceLineNo">159</span><a id="line.159"> }</a>
<span class="sourceLineNo">160</span><a id="line.160"></a>
<span class="sourceLineNo">161</span><a id="line.161"> public AuthenticatingRealm(CacheManager cacheManager, CredentialsMatcher matcher) {</a>
<span class="sourceLineNo">162</span><a id="line.162"> authenticationTokenClass = UsernamePasswordToken.class;</a>
<span class="sourceLineNo">163</span><a id="line.163"></a>
<span class="sourceLineNo">164</span><a id="line.164"> //retain backwards compatibility for Shiro 1.1 and earlier. Setting to true by default will probably cause</a>
<span class="sourceLineNo">165</span><a id="line.165"> //unexpected results for existing applications:</a>
<span class="sourceLineNo">166</span><a id="line.166"> this.authenticationCachingEnabled = false;</a>
<span class="sourceLineNo">167</span><a id="line.167"></a>
<span class="sourceLineNo">168</span><a id="line.168"> int instanceNumber = INSTANCE_COUNT.getAndIncrement();</a>
<span class="sourceLineNo">169</span><a id="line.169"> this.authenticationCacheName = getClass().getName() + DEFAULT_AUTHENTICATION_CACHE_SUFFIX;</a>
<span class="sourceLineNo">170</span><a id="line.170"> if (instanceNumber &gt; 0) {</a>
<span class="sourceLineNo">171</span><a id="line.171"> this.authenticationCacheName = this.authenticationCacheName + "." + instanceNumber;</a>
<span class="sourceLineNo">172</span><a id="line.172"> }</a>
<span class="sourceLineNo">173</span><a id="line.173"></a>
<span class="sourceLineNo">174</span><a id="line.174"> if (cacheManager != null) {</a>
<span class="sourceLineNo">175</span><a id="line.175"> setCacheManager(cacheManager);</a>
<span class="sourceLineNo">176</span><a id="line.176"> }</a>
<span class="sourceLineNo">177</span><a id="line.177"> if (matcher != null) {</a>
<span class="sourceLineNo">178</span><a id="line.178"> setCredentialsMatcher(matcher);</a>
<span class="sourceLineNo">179</span><a id="line.179"> }</a>
<span class="sourceLineNo">180</span><a id="line.180"> }</a>
<span class="sourceLineNo">181</span><a id="line.181"></a>
<span class="sourceLineNo">182</span><a id="line.182"> /*--------------------------------------------</a>
<span class="sourceLineNo">183</span><a id="line.183"> | A C C E S S O R S / M O D I F I E R S |</a>
<span class="sourceLineNo">184</span><a id="line.184"> ============================================*/</a>
<span class="sourceLineNo">185</span><a id="line.185"></a>
<span class="sourceLineNo">186</span><a id="line.186"> /**</a>
<span class="sourceLineNo">187</span><a id="line.187"> * Returns the &lt;code&gt;CredentialsMatcher&lt;/code&gt; used during an authentication attempt to verify submitted</a>
<span class="sourceLineNo">188</span><a id="line.188"> * credentials with those stored in the system.</a>
<span class="sourceLineNo">189</span><a id="line.189"> * &lt;p/&gt;</a>
<span class="sourceLineNo">190</span><a id="line.190"> * &lt;p&gt;Unless overridden by the {@link #setCredentialsMatcher setCredentialsMatcher} method, the default</a>
<span class="sourceLineNo">191</span><a id="line.191"> * value is a {@link org.apache.shiro.authc.credential.SimpleCredentialsMatcher SimpleCredentialsMatcher} instance.</a>
<span class="sourceLineNo">192</span><a id="line.192"> *</a>
<span class="sourceLineNo">193</span><a id="line.193"> * @return the &lt;code&gt;CredentialsMatcher&lt;/code&gt; used during an authentication attempt to verify submitted</a>
<span class="sourceLineNo">194</span><a id="line.194"> * credentials with those stored in the system.</a>
<span class="sourceLineNo">195</span><a id="line.195"> */</a>
<span class="sourceLineNo">196</span><a id="line.196"> public CredentialsMatcher getCredentialsMatcher() {</a>
<span class="sourceLineNo">197</span><a id="line.197"> return credentialsMatcher;</a>
<span class="sourceLineNo">198</span><a id="line.198"> }</a>
<span class="sourceLineNo">199</span><a id="line.199"></a>
<span class="sourceLineNo">200</span><a id="line.200"> /**</a>
<span class="sourceLineNo">201</span><a id="line.201"> * Sets the CrendialsMatcher used during an authentication attempt to verify submitted credentials with those</a>
<span class="sourceLineNo">202</span><a id="line.202"> * stored in the system. The implementation of this matcher can be switched via configuration to</a>
<span class="sourceLineNo">203</span><a id="line.203"> * support any number of schemes, including plain text comparisons, hashing comparisons, and others.</a>
<span class="sourceLineNo">204</span><a id="line.204"> * &lt;p/&gt;</a>
<span class="sourceLineNo">205</span><a id="line.205"> * &lt;p&gt;Unless overridden by this method, the default value is a</a>
<span class="sourceLineNo">206</span><a id="line.206"> * {@link org.apache.shiro.authc.credential.SimpleCredentialsMatcher} instance.</a>
<span class="sourceLineNo">207</span><a id="line.207"> *</a>
<span class="sourceLineNo">208</span><a id="line.208"> * @param credentialsMatcher the matcher to use.</a>
<span class="sourceLineNo">209</span><a id="line.209"> */</a>
<span class="sourceLineNo">210</span><a id="line.210"> public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {</a>
<span class="sourceLineNo">211</span><a id="line.211"> this.credentialsMatcher = credentialsMatcher;</a>
<span class="sourceLineNo">212</span><a id="line.212"> }</a>
<span class="sourceLineNo">213</span><a id="line.213"></a>
<span class="sourceLineNo">214</span><a id="line.214"> /**</a>
<span class="sourceLineNo">215</span><a id="line.215"> * Returns the authenticationToken class supported by this realm.</a>
<span class="sourceLineNo">216</span><a id="line.216"> * &lt;p/&gt;</a>
<span class="sourceLineNo">217</span><a id="line.217"> * &lt;p&gt;The default value is &lt;tt&gt;{@link org.apache.shiro.authc.UsernamePasswordToken UsernamePasswordToken.class}&lt;/tt&gt;, since</a>
<span class="sourceLineNo">218</span><a id="line.218"> * about 90% of realms use username/password authentication, regardless of their protocol (e.g. over jdbc, ldap,</a>
<span class="sourceLineNo">219</span><a id="line.219"> * kerberos, http, etc).</a>
<span class="sourceLineNo">220</span><a id="line.220"> * &lt;p/&gt;</a>
<span class="sourceLineNo">221</span><a id="line.221"> * &lt;p&gt;If subclasses haven't already overridden the {@link Realm#supports Realm.supports(AuthenticationToken)} method,</a>
<span class="sourceLineNo">222</span><a id="line.222"> * they must {@link #setAuthenticationTokenClass(Class) set a new class} if they won't support</a>
<span class="sourceLineNo">223</span><a id="line.223"> * &lt;tt&gt;UsernamePasswordToken&lt;/tt&gt; authentication token submissions.</a>
<span class="sourceLineNo">224</span><a id="line.224"> *</a>
<span class="sourceLineNo">225</span><a id="line.225"> * @return the authenticationToken class supported by this realm.</a>
<span class="sourceLineNo">226</span><a id="line.226"> * @see #setAuthenticationTokenClass</a>
<span class="sourceLineNo">227</span><a id="line.227"> */</a>
<span class="sourceLineNo">228</span><a id="line.228"> public Class getAuthenticationTokenClass() {</a>
<span class="sourceLineNo">229</span><a id="line.229"> return authenticationTokenClass;</a>
<span class="sourceLineNo">230</span><a id="line.230"> }</a>
<span class="sourceLineNo">231</span><a id="line.231"></a>
<span class="sourceLineNo">232</span><a id="line.232"> /**</a>
<span class="sourceLineNo">233</span><a id="line.233"> * Sets the authenticationToken class supported by this realm.</a>
<span class="sourceLineNo">234</span><a id="line.234"> * &lt;p/&gt;</a>
<span class="sourceLineNo">235</span><a id="line.235"> * &lt;p&gt;Unless overridden by this method, the default value is</a>
<span class="sourceLineNo">236</span><a id="line.236"> * {@link org.apache.shiro.authc.UsernamePasswordToken UsernamePasswordToken.class} to support the majority of applications.</a>
<span class="sourceLineNo">237</span><a id="line.237"> *</a>
<span class="sourceLineNo">238</span><a id="line.238"> * @param authenticationTokenClass the class of authentication token instances supported by this realm.</a>
<span class="sourceLineNo">239</span><a id="line.239"> * @see #getAuthenticationTokenClass getAuthenticationTokenClass() for more explanation.</a>
<span class="sourceLineNo">240</span><a id="line.240"> */</a>
<span class="sourceLineNo">241</span><a id="line.241"> public void setAuthenticationTokenClass(Class&lt;? extends AuthenticationToken&gt; authenticationTokenClass) {</a>
<span class="sourceLineNo">242</span><a id="line.242"> this.authenticationTokenClass = authenticationTokenClass;</a>
<span class="sourceLineNo">243</span><a id="line.243"> }</a>
<span class="sourceLineNo">244</span><a id="line.244"></a>
<span class="sourceLineNo">245</span><a id="line.245"> /**</a>
<span class="sourceLineNo">246</span><a id="line.246"> * Sets an explicit {@link Cache} instance to use for authentication caching. If not set and authentication</a>
<span class="sourceLineNo">247</span><a id="line.247"> * caching is {@link #isAuthenticationCachingEnabled() enabled}, any available</a>
<span class="sourceLineNo">248</span><a id="line.248"> * {@link #getCacheManager() cacheManager} will be used to acquire the cache instance if available.</a>
<span class="sourceLineNo">249</span><a id="line.249"> * &lt;p/&gt;</a>
<span class="sourceLineNo">250</span><a id="line.250"> * &lt;b&gt;WARNING:&lt;/b&gt; Only set this property if safe caching conditions apply, as documented at the top</a>
<span class="sourceLineNo">251</span><a id="line.251"> * of this page in the class-level JavaDoc.</a>
<span class="sourceLineNo">252</span><a id="line.252"> *</a>
<span class="sourceLineNo">253</span><a id="line.253"> * @param authenticationCache an explicit {@link Cache} instance to use for authentication caching or</a>
<span class="sourceLineNo">254</span><a id="line.254"> * {@code null} if the cache should possibly be obtained another way.</a>
<span class="sourceLineNo">255</span><a id="line.255"> * @see #isAuthenticationCachingEnabled()</a>
<span class="sourceLineNo">256</span><a id="line.256"> * @since 1.2</a>
<span class="sourceLineNo">257</span><a id="line.257"> */</a>
<span class="sourceLineNo">258</span><a id="line.258"> public void setAuthenticationCache(Cache&lt;Object, AuthenticationInfo&gt; authenticationCache) {</a>
<span class="sourceLineNo">259</span><a id="line.259"> this.authenticationCache = authenticationCache;</a>
<span class="sourceLineNo">260</span><a id="line.260"> }</a>
<span class="sourceLineNo">261</span><a id="line.261"></a>
<span class="sourceLineNo">262</span><a id="line.262"> /**</a>
<span class="sourceLineNo">263</span><a id="line.263"> * Returns a {@link Cache} instance to use for authentication caching, or {@code null} if no cache has been</a>
<span class="sourceLineNo">264</span><a id="line.264"> * set.</a>
<span class="sourceLineNo">265</span><a id="line.265"> *</a>
<span class="sourceLineNo">266</span><a id="line.266"> * @return a {@link Cache} instance to use for authentication caching, or {@code null} if no cache has been</a>
<span class="sourceLineNo">267</span><a id="line.267"> * set.</a>
<span class="sourceLineNo">268</span><a id="line.268"> * @see #setAuthenticationCache(org.apache.shiro.cache.Cache)</a>
<span class="sourceLineNo">269</span><a id="line.269"> * @see #isAuthenticationCachingEnabled()</a>
<span class="sourceLineNo">270</span><a id="line.270"> * @since 1.2</a>
<span class="sourceLineNo">271</span><a id="line.271"> */</a>
<span class="sourceLineNo">272</span><a id="line.272"> public Cache&lt;Object, AuthenticationInfo&gt; getAuthenticationCache() {</a>
<span class="sourceLineNo">273</span><a id="line.273"> return this.authenticationCache;</a>
<span class="sourceLineNo">274</span><a id="line.274"> }</a>
<span class="sourceLineNo">275</span><a id="line.275"></a>
<span class="sourceLineNo">276</span><a id="line.276"> /**</a>
<span class="sourceLineNo">277</span><a id="line.277"> * Returns the name of a {@link Cache} to lookup from any available {@link #getCacheManager() cacheManager} if</a>
<span class="sourceLineNo">278</span><a id="line.278"> * a cache is not explicitly configured via {@link #setAuthenticationCache(org.apache.shiro.cache.Cache)}.</a>
<span class="sourceLineNo">279</span><a id="line.279"> * &lt;p/&gt;</a>
<span class="sourceLineNo">280</span><a id="line.280"> * This name will only be used to look up a cache if authentication caching is</a>
<span class="sourceLineNo">281</span><a id="line.281"> * {@link #isAuthenticationCachingEnabled() enabled}.</a>
<span class="sourceLineNo">282</span><a id="line.282"> * &lt;p/&gt;</a>
<span class="sourceLineNo">283</span><a id="line.283"> * &lt;b&gt;WARNING:&lt;/b&gt; Only set this property if safe caching conditions apply, as documented at the top</a>
<span class="sourceLineNo">284</span><a id="line.284"> * of this page in the class-level JavaDoc.</a>
<span class="sourceLineNo">285</span><a id="line.285"> *</a>
<span class="sourceLineNo">286</span><a id="line.286"> * @return the name of a {@link Cache} to lookup from any available {@link #getCacheManager() cacheManager} if</a>
<span class="sourceLineNo">287</span><a id="line.287"> * a cache is not explicitly configured via {@link #setAuthenticationCache(org.apache.shiro.cache.Cache)}.</a>
<span class="sourceLineNo">288</span><a id="line.288"> * @see #isAuthenticationCachingEnabled()</a>
<span class="sourceLineNo">289</span><a id="line.289"> * @since 1.2</a>
<span class="sourceLineNo">290</span><a id="line.290"> */</a>
<span class="sourceLineNo">291</span><a id="line.291"> public String getAuthenticationCacheName() {</a>
<span class="sourceLineNo">292</span><a id="line.292"> return this.authenticationCacheName;</a>
<span class="sourceLineNo">293</span><a id="line.293"> }</a>
<span class="sourceLineNo">294</span><a id="line.294"></a>
<span class="sourceLineNo">295</span><a id="line.295"> /**</a>
<span class="sourceLineNo">296</span><a id="line.296"> * Sets the name of a {@link Cache} to lookup from any available {@link #getCacheManager() cacheManager} if</a>
<span class="sourceLineNo">297</span><a id="line.297"> * a cache is not explicitly configured via {@link #setAuthenticationCache(org.apache.shiro.cache.Cache)}.</a>
<span class="sourceLineNo">298</span><a id="line.298"> * &lt;p/&gt;</a>
<span class="sourceLineNo">299</span><a id="line.299"> * This name will only be used to look up a cache if authentication caching is</a>
<span class="sourceLineNo">300</span><a id="line.300"> * {@link #isAuthenticationCachingEnabled() enabled}.</a>
<span class="sourceLineNo">301</span><a id="line.301"> *</a>
<span class="sourceLineNo">302</span><a id="line.302"> * @param authenticationCacheName the name of a {@link Cache} to lookup from any available</a>
<span class="sourceLineNo">303</span><a id="line.303"> * {@link #getCacheManager() cacheManager} if a cache is not explicitly configured</a>
<span class="sourceLineNo">304</span><a id="line.304"> * via {@link #setAuthenticationCache(org.apache.shiro.cache.Cache)}.</a>
<span class="sourceLineNo">305</span><a id="line.305"> * @see #isAuthenticationCachingEnabled()</a>
<span class="sourceLineNo">306</span><a id="line.306"> * @since 1.2</a>
<span class="sourceLineNo">307</span><a id="line.307"> */</a>
<span class="sourceLineNo">308</span><a id="line.308"> public void setAuthenticationCacheName(String authenticationCacheName) {</a>
<span class="sourceLineNo">309</span><a id="line.309"> this.authenticationCacheName = authenticationCacheName;</a>
<span class="sourceLineNo">310</span><a id="line.310"> }</a>
<span class="sourceLineNo">311</span><a id="line.311"></a>
<span class="sourceLineNo">312</span><a id="line.312"> /**</a>
<span class="sourceLineNo">313</span><a id="line.313"> * Returns {@code true} if authentication caching should be utilized if a {@link CacheManager} has been</a>
<span class="sourceLineNo">314</span><a id="line.314"> * {@link #setCacheManager(org.apache.shiro.cache.CacheManager) configured}, {@code false} otherwise.</a>
<span class="sourceLineNo">315</span><a id="line.315"> * &lt;p/&gt;</a>
<span class="sourceLineNo">316</span><a id="line.316"> * The default value is {@code true}.</a>
<span class="sourceLineNo">317</span><a id="line.317"> *</a>
<span class="sourceLineNo">318</span><a id="line.318"> * @return {@code true} if authentication caching should be utilized, {@code false} otherwise.</a>
<span class="sourceLineNo">319</span><a id="line.319"> */</a>
<span class="sourceLineNo">320</span><a id="line.320"> public boolean isAuthenticationCachingEnabled() {</a>
<span class="sourceLineNo">321</span><a id="line.321"> return this.authenticationCachingEnabled &amp;&amp; isCachingEnabled();</a>
<span class="sourceLineNo">322</span><a id="line.322"> }</a>
<span class="sourceLineNo">323</span><a id="line.323"></a>
<span class="sourceLineNo">324</span><a id="line.324"> /**</a>
<span class="sourceLineNo">325</span><a id="line.325"> * Sets whether or not authentication caching should be utilized if a {@link CacheManager} has been</a>
<span class="sourceLineNo">326</span><a id="line.326"> * {@link #setCacheManager(org.apache.shiro.cache.CacheManager) configured}, {@code false} otherwise.</a>
<span class="sourceLineNo">327</span><a id="line.327"> * &lt;p/&gt;</a>
<span class="sourceLineNo">328</span><a id="line.328"> * The default value is {@code false} to retain backwards compatibility with Shiro 1.1 and earlier.</a>
<span class="sourceLineNo">329</span><a id="line.329"> * &lt;p/&gt;</a>
<span class="sourceLineNo">330</span><a id="line.330"> * &lt;b&gt;WARNING:&lt;/b&gt; Only set this property to {@code true} if safe caching conditions apply, as documented at the top</a>
<span class="sourceLineNo">331</span><a id="line.331"> * of this page in the class-level JavaDoc.</a>
<span class="sourceLineNo">332</span><a id="line.332"> *</a>
<span class="sourceLineNo">333</span><a id="line.333"> * @param authenticationCachingEnabled the value to set</a>
<span class="sourceLineNo">334</span><a id="line.334"> */</a>
<span class="sourceLineNo">335</span><a id="line.335"> @SuppressWarnings({"UnusedDeclaration"})</a>
<span class="sourceLineNo">336</span><a id="line.336"> public void setAuthenticationCachingEnabled(boolean authenticationCachingEnabled) {</a>
<span class="sourceLineNo">337</span><a id="line.337"> this.authenticationCachingEnabled = authenticationCachingEnabled;</a>
<span class="sourceLineNo">338</span><a id="line.338"> if (authenticationCachingEnabled) {</a>
<span class="sourceLineNo">339</span><a id="line.339"> setCachingEnabled(true);</a>
<span class="sourceLineNo">340</span><a id="line.340"> }</a>
<span class="sourceLineNo">341</span><a id="line.341"> }</a>
<span class="sourceLineNo">342</span><a id="line.342"></a>
<span class="sourceLineNo">343</span><a id="line.343"> public void setName(String name) {</a>
<span class="sourceLineNo">344</span><a id="line.344"> super.setName(name);</a>
<span class="sourceLineNo">345</span><a id="line.345"> String authcCacheName = this.authenticationCacheName;</a>
<span class="sourceLineNo">346</span><a id="line.346"> if (authcCacheName != null &amp;&amp; authcCacheName.startsWith(getClass().getName())) {</a>
<span class="sourceLineNo">347</span><a id="line.347"> //get rid of the default heuristically-created cache name. Create a more meaningful one</a>
<span class="sourceLineNo">348</span><a id="line.348"> //based on the application-unique Realm name:</a>
<span class="sourceLineNo">349</span><a id="line.349"> this.authenticationCacheName = name + DEFAULT_AUTHENTICATION_CACHE_SUFFIX;</a>
<span class="sourceLineNo">350</span><a id="line.350"> }</a>
<span class="sourceLineNo">351</span><a id="line.351"> }</a>
<span class="sourceLineNo">352</span><a id="line.352"></a>
<span class="sourceLineNo">353</span><a id="line.353"></a>
<span class="sourceLineNo">354</span><a id="line.354"> /*--------------------------------------------</a>
<span class="sourceLineNo">355</span><a id="line.355"> | M E T H O D S |</a>
<span class="sourceLineNo">356</span><a id="line.356"> ============================================*/</a>
<span class="sourceLineNo">357</span><a id="line.357"></a>
<span class="sourceLineNo">358</span><a id="line.358"> /**</a>
<span class="sourceLineNo">359</span><a id="line.359"> * Convenience implementation that returns</a>
<span class="sourceLineNo">360</span><a id="line.360"> * &lt;tt&gt;getAuthenticationTokenClass().isAssignableFrom( token.getClass() );&lt;/tt&gt;. Can be overridden</a>
<span class="sourceLineNo">361</span><a id="line.361"> * by subclasses for more complex token checking.</a>
<span class="sourceLineNo">362</span><a id="line.362"> * &lt;p&gt;Most configurations will only need to set a different class via</a>
<span class="sourceLineNo">363</span><a id="line.363"> * {@link #setAuthenticationTokenClass}, as opposed to overriding this method.</a>
<span class="sourceLineNo">364</span><a id="line.364"> *</a>
<span class="sourceLineNo">365</span><a id="line.365"> * @param token the token being submitted for authentication.</a>
<span class="sourceLineNo">366</span><a id="line.366"> * @return true if this authentication realm can process the submitted token instance of the class, false otherwise.</a>
<span class="sourceLineNo">367</span><a id="line.367"> */</a>
<span class="sourceLineNo">368</span><a id="line.368"> public boolean supports(AuthenticationToken token) {</a>
<span class="sourceLineNo">369</span><a id="line.369"> return token != null &amp;&amp; getAuthenticationTokenClass().isAssignableFrom(token.getClass());</a>
<span class="sourceLineNo">370</span><a id="line.370"> }</a>
<span class="sourceLineNo">371</span><a id="line.371"></a>
<span class="sourceLineNo">372</span><a id="line.372"> /**</a>
<span class="sourceLineNo">373</span><a id="line.373"> * Initializes this realm and potentially enables an authentication cache, depending on configuration. Based on</a>
<span class="sourceLineNo">374</span><a id="line.374"> * the availability of an authentication cache, this class functions as follows:</a>
<span class="sourceLineNo">375</span><a id="line.375"> * &lt;ol&gt;</a>
<span class="sourceLineNo">376</span><a id="line.376"> * &lt;li&gt;If the {@link #setAuthenticationCache cache} property has been set, it will be</a>
<span class="sourceLineNo">377</span><a id="line.377"> * used to cache the AuthenticationInfo objects returned from {@link #getAuthenticationInfo}</a>
<span class="sourceLineNo">378</span><a id="line.378"> * method invocations.</a>
<span class="sourceLineNo">379</span><a id="line.379"> * All future calls to {@link #getAuthenticationInfo} will attempt to use this cache first</a>
<span class="sourceLineNo">380</span><a id="line.380"> * to alleviate any potentially unnecessary calls to an underlying data store.&lt;/li&gt;</a>
<span class="sourceLineNo">381</span><a id="line.381"> * &lt;li&gt;If the {@link #setAuthenticationCache cache} property has &lt;b&gt;not&lt;/b&gt; been set,</a>
<span class="sourceLineNo">382</span><a id="line.382"> * the {@link #setCacheManager cacheManager} property will be checked.</a>
<span class="sourceLineNo">383</span><a id="line.383"> * If a {@code cacheManager} has been set, it will be used to eagerly acquire an authentication</a>
<span class="sourceLineNo">384</span><a id="line.384"> * {@code cache}, and this cache which will be used as specified in #1.&lt;/li&gt;</a>
<span class="sourceLineNo">385</span><a id="line.385"> * &lt;li&gt;If neither the {@link #setAuthenticationCache (org.apache.shiro.cache.Cache) authenticationCache}</a>
<span class="sourceLineNo">386</span><a id="line.386"> * or {@link #setCacheManager(org.apache.shiro.cache.CacheManager) cacheManager}</a>
<span class="sourceLineNo">387</span><a id="line.387"> * properties are set, caching will not be utilized and authentication look-ups will be delegated to</a>
<span class="sourceLineNo">388</span><a id="line.388"> * subclass implementations for each authentication attempt.&lt;/li&gt;</a>
<span class="sourceLineNo">389</span><a id="line.389"> * &lt;/ol&gt;</a>
<span class="sourceLineNo">390</span><a id="line.390"> * &lt;p/&gt;</a>
<span class="sourceLineNo">391</span><a id="line.391"> * This method finishes by calling {@link #onInit()} is to allow subclasses to perform any init behavior desired.</a>
<span class="sourceLineNo">392</span><a id="line.392"> *</a>
<span class="sourceLineNo">393</span><a id="line.393"> * @since 1.2</a>
<span class="sourceLineNo">394</span><a id="line.394"> */</a>
<span class="sourceLineNo">395</span><a id="line.395"> public final void init() {</a>
<span class="sourceLineNo">396</span><a id="line.396"> //trigger obtaining the authorization cache if possible</a>
<span class="sourceLineNo">397</span><a id="line.397"> getAvailableAuthenticationCache();</a>
<span class="sourceLineNo">398</span><a id="line.398"> onInit();</a>
<span class="sourceLineNo">399</span><a id="line.399"> }</a>
<span class="sourceLineNo">400</span><a id="line.400"></a>
<span class="sourceLineNo">401</span><a id="line.401"> /**</a>
<span class="sourceLineNo">402</span><a id="line.402"> * Template method for subclasses to implement any initialization logic. Called from</a>
<span class="sourceLineNo">403</span><a id="line.403"> * {@link #init()}.</a>
<span class="sourceLineNo">404</span><a id="line.404"> *</a>
<span class="sourceLineNo">405</span><a id="line.405"> * @since 1.2</a>
<span class="sourceLineNo">406</span><a id="line.406"> */</a>
<span class="sourceLineNo">407</span><a id="line.407"> protected void onInit() {</a>
<span class="sourceLineNo">408</span><a id="line.408"> }</a>
<span class="sourceLineNo">409</span><a id="line.409"></a>
<span class="sourceLineNo">410</span><a id="line.410"> /**</a>
<span class="sourceLineNo">411</span><a id="line.411"> * This implementation attempts to acquire an authentication cache if one is not already configured.</a>
<span class="sourceLineNo">412</span><a id="line.412"> *</a>
<span class="sourceLineNo">413</span><a id="line.413"> * @since 1.2</a>
<span class="sourceLineNo">414</span><a id="line.414"> */</a>
<span class="sourceLineNo">415</span><a id="line.415"> protected void afterCacheManagerSet() {</a>
<span class="sourceLineNo">416</span><a id="line.416"> //trigger obtaining the authorization cache if possible</a>
<span class="sourceLineNo">417</span><a id="line.417"> getAvailableAuthenticationCache();</a>
<span class="sourceLineNo">418</span><a id="line.418"> }</a>
<span class="sourceLineNo">419</span><a id="line.419"></a>
<span class="sourceLineNo">420</span><a id="line.420"> /**</a>
<span class="sourceLineNo">421</span><a id="line.421"> * Returns any available {@link Cache} instance to use for authentication caching. This functions as follows:</a>
<span class="sourceLineNo">422</span><a id="line.422"> * &lt;ol&gt;</a>
<span class="sourceLineNo">423</span><a id="line.423"> * &lt;li&gt;If an {@link #setAuthenticationCache(org.apache.shiro.cache.Cache) authenticationCache} has been explicitly</a>
<span class="sourceLineNo">424</span><a id="line.424"> * configured (it is not null), it is returned.&lt;/li&gt;</a>
<span class="sourceLineNo">425</span><a id="line.425"> * &lt;li&gt;If there is no {@link #getAuthenticationCache() authenticationCache} configured:</a>
<span class="sourceLineNo">426</span><a id="line.426"> * &lt;ol&gt;</a>
<span class="sourceLineNo">427</span><a id="line.427"> * &lt;li&gt;If authentication caching is {@link #isAuthenticationCachingEnabled() enabled}, any available</a>
<span class="sourceLineNo">428</span><a id="line.428"> * {@link #getCacheManager() cacheManager} will be consulted to obtain an available authentication cache.</a>
<span class="sourceLineNo">429</span><a id="line.429"> * &lt;/li&gt;</a>
<span class="sourceLineNo">430</span><a id="line.430"> * &lt;li&gt;If authentication caching is disabled, this implementation does nothing.&lt;/li&gt;</a>
<span class="sourceLineNo">431</span><a id="line.431"> * &lt;/ol&gt;</a>
<span class="sourceLineNo">432</span><a id="line.432"> * &lt;/li&gt;</a>
<span class="sourceLineNo">433</span><a id="line.433"> * &lt;/ol&gt;</a>
<span class="sourceLineNo">434</span><a id="line.434"> *</a>
<span class="sourceLineNo">435</span><a id="line.435"> * @return any available {@link Cache} instance to use for authentication caching.</a>
<span class="sourceLineNo">436</span><a id="line.436"> */</a>
<span class="sourceLineNo">437</span><a id="line.437"> private Cache&lt;Object, AuthenticationInfo&gt; getAvailableAuthenticationCache() {</a>
<span class="sourceLineNo">438</span><a id="line.438"> Cache&lt;Object, AuthenticationInfo&gt; cache = getAuthenticationCache();</a>
<span class="sourceLineNo">439</span><a id="line.439"> boolean authcCachingEnabled = isAuthenticationCachingEnabled();</a>
<span class="sourceLineNo">440</span><a id="line.440"> if (cache == null &amp;&amp; authcCachingEnabled) {</a>
<span class="sourceLineNo">441</span><a id="line.441"> cache = getAuthenticationCacheLazy();</a>
<span class="sourceLineNo">442</span><a id="line.442"> }</a>
<span class="sourceLineNo">443</span><a id="line.443"> return cache;</a>
<span class="sourceLineNo">444</span><a id="line.444"> }</a>
<span class="sourceLineNo">445</span><a id="line.445"></a>
<span class="sourceLineNo">446</span><a id="line.446"> /**</a>
<span class="sourceLineNo">447</span><a id="line.447"> * Checks to see if the authenticationCache class attribute is null, and if so, attempts to acquire one from</a>
<span class="sourceLineNo">448</span><a id="line.448"> * any configured {@link #getCacheManager() cacheManager}. If one is acquired, it is set as the class attribute.</a>
<span class="sourceLineNo">449</span><a id="line.449"> * The class attribute is then returned.</a>
<span class="sourceLineNo">450</span><a id="line.450"> *</a>
<span class="sourceLineNo">451</span><a id="line.451"> * @return an available cache instance to be used for authentication caching or {@code null} if one is not available.</a>
<span class="sourceLineNo">452</span><a id="line.452"> * @since 1.2</a>
<span class="sourceLineNo">453</span><a id="line.453"> */</a>
<span class="sourceLineNo">454</span><a id="line.454"> private Cache&lt;Object, AuthenticationInfo&gt; getAuthenticationCacheLazy() {</a>
<span class="sourceLineNo">455</span><a id="line.455"></a>
<span class="sourceLineNo">456</span><a id="line.456"> if (this.authenticationCache == null) {</a>
<span class="sourceLineNo">457</span><a id="line.457"></a>
<span class="sourceLineNo">458</span><a id="line.458"> log.trace("No authenticationCache instance set. Checking for a cacheManager...");</a>
<span class="sourceLineNo">459</span><a id="line.459"></a>
<span class="sourceLineNo">460</span><a id="line.460"> CacheManager cacheManager = getCacheManager();</a>
<span class="sourceLineNo">461</span><a id="line.461"></a>
<span class="sourceLineNo">462</span><a id="line.462"> if (cacheManager != null) {</a>
<span class="sourceLineNo">463</span><a id="line.463"> String cacheName = getAuthenticationCacheName();</a>
<span class="sourceLineNo">464</span><a id="line.464"> log.debug("CacheManager [{}] configured. Building authentication cache '{}'", cacheManager, cacheName);</a>
<span class="sourceLineNo">465</span><a id="line.465"> this.authenticationCache = cacheManager.getCache(cacheName);</a>
<span class="sourceLineNo">466</span><a id="line.466"> }</a>
<span class="sourceLineNo">467</span><a id="line.467"> }</a>
<span class="sourceLineNo">468</span><a id="line.468"></a>
<span class="sourceLineNo">469</span><a id="line.469"> return this.authenticationCache;</a>
<span class="sourceLineNo">470</span><a id="line.470"> }</a>
<span class="sourceLineNo">471</span><a id="line.471"></a>
<span class="sourceLineNo">472</span><a id="line.472"> /**</a>
<span class="sourceLineNo">473</span><a id="line.473"> * Returns any cached AuthenticationInfo corresponding to the specified token or {@code null} if there currently</a>
<span class="sourceLineNo">474</span><a id="line.474"> * isn't any cached data.</a>
<span class="sourceLineNo">475</span><a id="line.475"> *</a>
<span class="sourceLineNo">476</span><a id="line.476"> * @param token the token submitted during the authentication attempt.</a>
<span class="sourceLineNo">477</span><a id="line.477"> * @return any cached AuthenticationInfo corresponding to the specified token or {@code null} if there currently</a>
<span class="sourceLineNo">478</span><a id="line.478"> * isn't any cached data.</a>
<span class="sourceLineNo">479</span><a id="line.479"> * @since 1.2</a>
<span class="sourceLineNo">480</span><a id="line.480"> */</a>
<span class="sourceLineNo">481</span><a id="line.481"> private AuthenticationInfo getCachedAuthenticationInfo(AuthenticationToken token) {</a>
<span class="sourceLineNo">482</span><a id="line.482"> AuthenticationInfo info = null;</a>
<span class="sourceLineNo">483</span><a id="line.483"></a>
<span class="sourceLineNo">484</span><a id="line.484"> Cache&lt;Object, AuthenticationInfo&gt; cache = getAvailableAuthenticationCache();</a>
<span class="sourceLineNo">485</span><a id="line.485"> if (cache != null &amp;&amp; token != null) {</a>
<span class="sourceLineNo">486</span><a id="line.486"> log.trace("Attempting to retrieve the AuthenticationInfo from cache.");</a>
<span class="sourceLineNo">487</span><a id="line.487"> Object key = getAuthenticationCacheKey(token);</a>
<span class="sourceLineNo">488</span><a id="line.488"> info = cache.get(key);</a>
<span class="sourceLineNo">489</span><a id="line.489"> if (info == null) {</a>
<span class="sourceLineNo">490</span><a id="line.490"> log.trace("No AuthorizationInfo found in cache for key [{}]", key);</a>
<span class="sourceLineNo">491</span><a id="line.491"> } else {</a>
<span class="sourceLineNo">492</span><a id="line.492"> log.trace("Found cached AuthorizationInfo for key [{}]", key);</a>
<span class="sourceLineNo">493</span><a id="line.493"> }</a>
<span class="sourceLineNo">494</span><a id="line.494"> }</a>
<span class="sourceLineNo">495</span><a id="line.495"></a>
<span class="sourceLineNo">496</span><a id="line.496"> return info;</a>
<span class="sourceLineNo">497</span><a id="line.497"> }</a>
<span class="sourceLineNo">498</span><a id="line.498"></a>
<span class="sourceLineNo">499</span><a id="line.499"> /**</a>
<span class="sourceLineNo">500</span><a id="line.500"> * Caches the specified info if authentication caching</a>
<span class="sourceLineNo">501</span><a id="line.501"> * {@link #isAuthenticationCachingEnabled(org.apache.shiro.authc.AuthenticationToken, org.apache.shiro.authc.AuthenticationInfo) isEnabled}</a>
<span class="sourceLineNo">502</span><a id="line.502"> * for the specific token/info pair and a cache instance is available to be used.</a>
<span class="sourceLineNo">503</span><a id="line.503"> *</a>
<span class="sourceLineNo">504</span><a id="line.504"> * @param token the authentication token submitted which resulted in a successful authentication attempt.</a>
<span class="sourceLineNo">505</span><a id="line.505"> * @param info the AuthenticationInfo to cache as a result of the successful authentication attempt.</a>
<span class="sourceLineNo">506</span><a id="line.506"> * @since 1.2</a>
<span class="sourceLineNo">507</span><a id="line.507"> */</a>
<span class="sourceLineNo">508</span><a id="line.508"> private void cacheAuthenticationInfoIfPossible(AuthenticationToken token, AuthenticationInfo info) {</a>
<span class="sourceLineNo">509</span><a id="line.509"> if (!isAuthenticationCachingEnabled(token, info)) {</a>
<span class="sourceLineNo">510</span><a id="line.510"> log.debug("AuthenticationInfo caching is disabled for info [{}]. Submitted token: [{}].", info, token);</a>
<span class="sourceLineNo">511</span><a id="line.511"> //return quietly, caching is disabled for this token/info pair:</a>
<span class="sourceLineNo">512</span><a id="line.512"> return;</a>
<span class="sourceLineNo">513</span><a id="line.513"> }</a>
<span class="sourceLineNo">514</span><a id="line.514"></a>
<span class="sourceLineNo">515</span><a id="line.515"> Cache&lt;Object, AuthenticationInfo&gt; cache = getAvailableAuthenticationCache();</a>
<span class="sourceLineNo">516</span><a id="line.516"> if (cache != null) {</a>
<span class="sourceLineNo">517</span><a id="line.517"> Object key = getAuthenticationCacheKey(token);</a>
<span class="sourceLineNo">518</span><a id="line.518"> cache.put(key, info);</a>
<span class="sourceLineNo">519</span><a id="line.519"> log.trace("Cached AuthenticationInfo for continued authentication. key=[{}], value=[{}].", key, info);</a>
<span class="sourceLineNo">520</span><a id="line.520"> }</a>
<span class="sourceLineNo">521</span><a id="line.521"> }</a>
<span class="sourceLineNo">522</span><a id="line.522"></a>
<span class="sourceLineNo">523</span><a id="line.523"> /**</a>
<span class="sourceLineNo">524</span><a id="line.524"> * Returns {@code true} if authentication caching should be utilized based on the specified</a>
<span class="sourceLineNo">525</span><a id="line.525"> * {@link AuthenticationToken} and/or {@link AuthenticationInfo}, {@code false} otherwise.</a>
<span class="sourceLineNo">526</span><a id="line.526"> * &lt;p/&gt;</a>
<span class="sourceLineNo">527</span><a id="line.527"> * The default implementation simply delegates to {@link #isAuthenticationCachingEnabled()}, the general-case</a>
<span class="sourceLineNo">528</span><a id="line.528"> * authentication caching setting. Subclasses can override this to turn on or off caching at runtime</a>
<span class="sourceLineNo">529</span><a id="line.529"> * based on the specific submitted runtime values.</a>
<span class="sourceLineNo">530</span><a id="line.530"> *</a>
<span class="sourceLineNo">531</span><a id="line.531"> * @param token the submitted authentication token</a>
<span class="sourceLineNo">532</span><a id="line.532"> * @param info the {@code AuthenticationInfo} acquired from data source lookup via</a>
<span class="sourceLineNo">533</span><a id="line.533"> * {@link #doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)}</a>
<span class="sourceLineNo">534</span><a id="line.534"> * @return {@code true} if authentication caching should be utilized based on the specified</a>
<span class="sourceLineNo">535</span><a id="line.535"> * {@link AuthenticationToken} and/or {@link AuthenticationInfo}, {@code false} otherwise.</a>
<span class="sourceLineNo">536</span><a id="line.536"> * @since 1.2</a>
<span class="sourceLineNo">537</span><a id="line.537"> */</a>
<span class="sourceLineNo">538</span><a id="line.538"> protected boolean isAuthenticationCachingEnabled(AuthenticationToken token, AuthenticationInfo info) {</a>
<span class="sourceLineNo">539</span><a id="line.539"> return isAuthenticationCachingEnabled();</a>
<span class="sourceLineNo">540</span><a id="line.540"> }</a>
<span class="sourceLineNo">541</span><a id="line.541"></a>
<span class="sourceLineNo">542</span><a id="line.542"> /**</a>
<span class="sourceLineNo">543</span><a id="line.543"> * This implementation functions as follows:</a>
<span class="sourceLineNo">544</span><a id="line.544"> * &lt;ol&gt;</a>
<span class="sourceLineNo">545</span><a id="line.545"> * &lt;li&gt;It attempts to acquire any cached {@link AuthenticationInfo} corresponding to the specified</a>
<span class="sourceLineNo">546</span><a id="line.546"> * {@link AuthenticationToken} argument. If a cached value is found, it will be used for credentials matching,</a>
<span class="sourceLineNo">547</span><a id="line.547"> * alleviating the need to perform any lookups with a data source.&lt;/li&gt;</a>
<span class="sourceLineNo">548</span><a id="line.548"> * &lt;li&gt;If there is no cached {@link AuthenticationInfo} found, delegate to the</a>
<span class="sourceLineNo">549</span><a id="line.549"> * {@link #doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)} method to perform the actual</a>
<span class="sourceLineNo">550</span><a id="line.550"> * lookup. If authentication caching is enabled and possible, any returned info object will be</a>
<span class="sourceLineNo">551</span><a id="line.551"> * {@link #cacheAuthenticationInfoIfPossible(org.apache.shiro.authc.AuthenticationToken, org.apache.shiro.authc.AuthenticationInfo) cached}</a>
<span class="sourceLineNo">552</span><a id="line.552"> * to be used in future authentication attempts.&lt;/li&gt;</a>
<span class="sourceLineNo">553</span><a id="line.553"> * &lt;li&gt;If an AuthenticationInfo instance is not found in the cache or by lookup, {@code null} is returned to</a>
<span class="sourceLineNo">554</span><a id="line.554"> * indicate an account cannot be found.&lt;/li&gt;</a>
<span class="sourceLineNo">555</span><a id="line.555"> * &lt;li&gt;If an AuthenticationInfo instance is found (either cached or via lookup), ensure the submitted</a>
<span class="sourceLineNo">556</span><a id="line.556"> * AuthenticationToken's credentials match the expected {@code AuthenticationInfo}'s credentials using the</a>
<span class="sourceLineNo">557</span><a id="line.557"> * {@link #getCredentialsMatcher() credentialsMatcher}. This means that credentials are always verified</a>
<span class="sourceLineNo">558</span><a id="line.558"> * for an authentication attempt.&lt;/li&gt;</a>
<span class="sourceLineNo">559</span><a id="line.559"> * &lt;/ol&gt;</a>
<span class="sourceLineNo">560</span><a id="line.560"> *</a>
<span class="sourceLineNo">561</span><a id="line.561"> * @param token the submitted account principal and credentials.</a>
<span class="sourceLineNo">562</span><a id="line.562"> * @return the AuthenticationInfo corresponding to the given {@code token}, or {@code null} if no</a>
<span class="sourceLineNo">563</span><a id="line.563"> * AuthenticationInfo could be found.</a>
<span class="sourceLineNo">564</span><a id="line.564"> * @throws AuthenticationException if authentication failed.</a>
<span class="sourceLineNo">565</span><a id="line.565"> */</a>
<span class="sourceLineNo">566</span><a id="line.566"> public final AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {</a>
<span class="sourceLineNo">567</span><a id="line.567"></a>
<span class="sourceLineNo">568</span><a id="line.568"> AuthenticationInfo info = getCachedAuthenticationInfo(token);</a>
<span class="sourceLineNo">569</span><a id="line.569"> if (info == null) {</a>
<span class="sourceLineNo">570</span><a id="line.570"> //otherwise not cached, perform the lookup:</a>
<span class="sourceLineNo">571</span><a id="line.571"> info = doGetAuthenticationInfo(token);</a>
<span class="sourceLineNo">572</span><a id="line.572"> log.debug("Looked up AuthenticationInfo [{}] from doGetAuthenticationInfo", info);</a>
<span class="sourceLineNo">573</span><a id="line.573"> if (token != null &amp;&amp; info != null) {</a>
<span class="sourceLineNo">574</span><a id="line.574"> cacheAuthenticationInfoIfPossible(token, info);</a>
<span class="sourceLineNo">575</span><a id="line.575"> }</a>
<span class="sourceLineNo">576</span><a id="line.576"> } else {</a>
<span class="sourceLineNo">577</span><a id="line.577"> log.debug("Using cached authentication info [{}] to perform credentials matching.", info);</a>
<span class="sourceLineNo">578</span><a id="line.578"> }</a>
<span class="sourceLineNo">579</span><a id="line.579"></a>
<span class="sourceLineNo">580</span><a id="line.580"> if (info != null) {</a>
<span class="sourceLineNo">581</span><a id="line.581"> assertCredentialsMatch(token, info);</a>
<span class="sourceLineNo">582</span><a id="line.582"> } else {</a>
<span class="sourceLineNo">583</span><a id="line.583"> log.debug("No AuthenticationInfo found for submitted AuthenticationToken [{}]. Returning null.", token);</a>
<span class="sourceLineNo">584</span><a id="line.584"> }</a>
<span class="sourceLineNo">585</span><a id="line.585"></a>
<span class="sourceLineNo">586</span><a id="line.586"> return info;</a>
<span class="sourceLineNo">587</span><a id="line.587"> }</a>
<span class="sourceLineNo">588</span><a id="line.588"></a>
<span class="sourceLineNo">589</span><a id="line.589"> /**</a>
<span class="sourceLineNo">590</span><a id="line.590"> * Asserts that the submitted {@code AuthenticationToken}'s credentials match the stored account</a>
<span class="sourceLineNo">591</span><a id="line.591"> * {@code AuthenticationInfo}'s credentials, and if not, throws an {@link AuthenticationException}.</a>
<span class="sourceLineNo">592</span><a id="line.592"> *</a>
<span class="sourceLineNo">593</span><a id="line.593"> * @param token the submitted authentication token</a>
<span class="sourceLineNo">594</span><a id="line.594"> * @param info the AuthenticationInfo corresponding to the given {@code token}</a>
<span class="sourceLineNo">595</span><a id="line.595"> * @throws AuthenticationException if the token's credentials do not match the stored account credentials.</a>
<span class="sourceLineNo">596</span><a id="line.596"> */</a>
<span class="sourceLineNo">597</span><a id="line.597"> protected void assertCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) throws AuthenticationException {</a>
<span class="sourceLineNo">598</span><a id="line.598"> CredentialsMatcher cm = getCredentialsMatcher();</a>
<span class="sourceLineNo">599</span><a id="line.599"> if (cm != null) {</a>
<span class="sourceLineNo">600</span><a id="line.600"> if (!cm.doCredentialsMatch(token, info)) {</a>
<span class="sourceLineNo">601</span><a id="line.601"> //not successful - throw an exception to indicate this:</a>
<span class="sourceLineNo">602</span><a id="line.602"> String msg = "Submitted credentials for token [" + token + "] did not match the expected credentials.";</a>
<span class="sourceLineNo">603</span><a id="line.603"> throw new IncorrectCredentialsException(msg);</a>
<span class="sourceLineNo">604</span><a id="line.604"> }</a>
<span class="sourceLineNo">605</span><a id="line.605"> } else {</a>
<span class="sourceLineNo">606</span><a id="line.606"> throw new AuthenticationException("A CredentialsMatcher must be configured in order to verify " +</a>
<span class="sourceLineNo">607</span><a id="line.607"> "credentials during authentication. If you do not wish for credentials to be examined, you " +</a>
<span class="sourceLineNo">608</span><a id="line.608"> "can configure an " + AllowAllCredentialsMatcher.class.getName() + " instance.");</a>
<span class="sourceLineNo">609</span><a id="line.609"> }</a>
<span class="sourceLineNo">610</span><a id="line.610"> }</a>
<span class="sourceLineNo">611</span><a id="line.611"></a>
<span class="sourceLineNo">612</span><a id="line.612"> /**</a>
<span class="sourceLineNo">613</span><a id="line.613"> * Returns the key under which {@link AuthenticationInfo} instances are cached if authentication caching is enabled.</a>
<span class="sourceLineNo">614</span><a id="line.614"> * This implementation defaults to returning the token's</a>
<span class="sourceLineNo">615</span><a id="line.615"> * {@link org.apache.shiro.authc.AuthenticationToken#getPrincipal() principal}, which is usually a username in</a>
<span class="sourceLineNo">616</span><a id="line.616"> * most applications.</a>
<span class="sourceLineNo">617</span><a id="line.617"> * &lt;h3&gt;Cache Invalidation on Logout&lt;/h3&gt;</a>
<span class="sourceLineNo">618</span><a id="line.618"> * &lt;b&gt;NOTE:&lt;/b&gt; If you want to be able to invalidate an account's cached {@code AuthenticationInfo} on logout, you</a>
<span class="sourceLineNo">619</span><a id="line.619"> * must ensure the {@link #getAuthenticationCacheKey(org.apache.shiro.subject.PrincipalCollection)} method returns</a>
<span class="sourceLineNo">620</span><a id="line.620"> * the same value as this method.</a>
<span class="sourceLineNo">621</span><a id="line.621"> *</a>
<span class="sourceLineNo">622</span><a id="line.622"> * @param token the authentication token for which any successful authentication will be cached.</a>
<span class="sourceLineNo">623</span><a id="line.623"> * @return the cache key to use to cache the associated {@link AuthenticationInfo} after a successful authentication.</a>
<span class="sourceLineNo">624</span><a id="line.624"> * @since 1.2</a>
<span class="sourceLineNo">625</span><a id="line.625"> */</a>
<span class="sourceLineNo">626</span><a id="line.626"> protected Object getAuthenticationCacheKey(AuthenticationToken token) {</a>
<span class="sourceLineNo">627</span><a id="line.627"> return token != null ? token.getPrincipal() : null;</a>
<span class="sourceLineNo">628</span><a id="line.628"> }</a>
<span class="sourceLineNo">629</span><a id="line.629"></a>
<span class="sourceLineNo">630</span><a id="line.630"> /**</a>
<span class="sourceLineNo">631</span><a id="line.631"> * Returns the key under which {@link AuthenticationInfo} instances are cached if authentication caching is enabled.</a>
<span class="sourceLineNo">632</span><a id="line.632"> * This implementation delegates to</a>
<span class="sourceLineNo">633</span><a id="line.633"> * {@link #getAvailablePrincipal(org.apache.shiro.subject.PrincipalCollection)}, which returns the primary principal</a>
<span class="sourceLineNo">634</span><a id="line.634"> * associated with this particular Realm.</a>
<span class="sourceLineNo">635</span><a id="line.635"> * &lt;h3&gt;Cache Invalidation on Logout&lt;/h3&gt;</a>
<span class="sourceLineNo">636</span><a id="line.636"> * &lt;b&gt;NOTE:&lt;/b&gt; If you want to be able to invalidate an account's cached {@code AuthenticationInfo} on logout, you</a>
<span class="sourceLineNo">637</span><a id="line.637"> * must ensure that this method returns the same value as the</a>
<span class="sourceLineNo">638</span><a id="line.638"> * {@link #getAuthenticationCacheKey(org.apache.shiro.authc.AuthenticationToken)} method!</a>
<span class="sourceLineNo">639</span><a id="line.639"> *</a>
<span class="sourceLineNo">640</span><a id="line.640"> * @param principals the principals of the account for which to set or remove cached {@code AuthenticationInfo}.</a>
<span class="sourceLineNo">641</span><a id="line.641"> * @return the cache key to use when looking up cached {@link AuthenticationInfo} instances.</a>
<span class="sourceLineNo">642</span><a id="line.642"> * @since 1.2</a>
<span class="sourceLineNo">643</span><a id="line.643"> */</a>
<span class="sourceLineNo">644</span><a id="line.644"> protected Object getAuthenticationCacheKey(PrincipalCollection principals) {</a>
<span class="sourceLineNo">645</span><a id="line.645"> return getAvailablePrincipal(principals);</a>
<span class="sourceLineNo">646</span><a id="line.646"> }</a>
<span class="sourceLineNo">647</span><a id="line.647"></a>
<span class="sourceLineNo">648</span><a id="line.648"> /**</a>
<span class="sourceLineNo">649</span><a id="line.649"> * This implementation clears out any cached authentication data by calling</a>
<span class="sourceLineNo">650</span><a id="line.650"> * {@link #clearCachedAuthenticationInfo(org.apache.shiro.subject.PrincipalCollection)}.</a>
<span class="sourceLineNo">651</span><a id="line.651"> * If overriding in a subclass, be sure to call {@code super.doClearCache} to ensure this behavior is maintained.</a>
<span class="sourceLineNo">652</span><a id="line.652"> *</a>
<span class="sourceLineNo">653</span><a id="line.653"> * @param principals principals the principals of the account for which to clear any cached data.</a>
<span class="sourceLineNo">654</span><a id="line.654"> * @since 1.2</a>
<span class="sourceLineNo">655</span><a id="line.655"> */</a>
<span class="sourceLineNo">656</span><a id="line.656"> @Override</a>
<span class="sourceLineNo">657</span><a id="line.657"> protected void doClearCache(PrincipalCollection principals) {</a>
<span class="sourceLineNo">658</span><a id="line.658"> super.doClearCache(principals);</a>
<span class="sourceLineNo">659</span><a id="line.659"> clearCachedAuthenticationInfo(principals);</a>
<span class="sourceLineNo">660</span><a id="line.660"> }</a>
<span class="sourceLineNo">661</span><a id="line.661"></a>
<span class="sourceLineNo">662</span><a id="line.662"> private static boolean isEmpty(PrincipalCollection pc) {</a>
<span class="sourceLineNo">663</span><a id="line.663"> return pc == null || pc.isEmpty();</a>
<span class="sourceLineNo">664</span><a id="line.664"> }</a>
<span class="sourceLineNo">665</span><a id="line.665"></a>
<span class="sourceLineNo">666</span><a id="line.666"> /**</a>
<span class="sourceLineNo">667</span><a id="line.667"> * Clears out the AuthenticationInfo cache entry for the specified account.</a>
<span class="sourceLineNo">668</span><a id="line.668"> * &lt;p/&gt;</a>
<span class="sourceLineNo">669</span><a id="line.669"> * This method is provided as a convenience to subclasses so they can invalidate a cache entry when they</a>
<span class="sourceLineNo">670</span><a id="line.670"> * change an account's authentication data (e.g. reset password) during runtime. Because an account's</a>
<span class="sourceLineNo">671</span><a id="line.671"> * AuthenticationInfo can be cached, there needs to be a way to invalidate the cache for only that account so that</a>
<span class="sourceLineNo">672</span><a id="line.672"> * subsequent authentication operations don't used the (old) cached value if account data changes.</a>
<span class="sourceLineNo">673</span><a id="line.673"> * &lt;p/&gt;</a>
<span class="sourceLineNo">674</span><a id="line.674"> * After this method is called, the next authentication for that same account will result in a call to</a>
<span class="sourceLineNo">675</span><a id="line.675"> * {@link #doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken) doGetAuthenticationInfo}, and the</a>
<span class="sourceLineNo">676</span><a id="line.676"> * resulting return value will be cached before being returned so it can be reused for later authentications.</a>
<span class="sourceLineNo">677</span><a id="line.677"> * &lt;p/&gt;</a>
<span class="sourceLineNo">678</span><a id="line.678"> * If you wish to clear out all associated cached data (and not just authentication data), use the</a>
<span class="sourceLineNo">679</span><a id="line.679"> * {@link #clearCache(org.apache.shiro.subject.PrincipalCollection)} method instead (which will in turn call this</a>
<span class="sourceLineNo">680</span><a id="line.680"> * method by default).</a>
<span class="sourceLineNo">681</span><a id="line.681"> *</a>
<span class="sourceLineNo">682</span><a id="line.682"> * @param principals the principals of the account for which to clear the cached AuthorizationInfo.</a>
<span class="sourceLineNo">683</span><a id="line.683"> * @see #clearCache(org.apache.shiro.subject.PrincipalCollection)</a>
<span class="sourceLineNo">684</span><a id="line.684"> * @since 1.2</a>
<span class="sourceLineNo">685</span><a id="line.685"> */</a>
<span class="sourceLineNo">686</span><a id="line.686"> protected void clearCachedAuthenticationInfo(PrincipalCollection principals) {</a>
<span class="sourceLineNo">687</span><a id="line.687"> if (!isEmpty(principals)) {</a>
<span class="sourceLineNo">688</span><a id="line.688"> Cache&lt;Object, AuthenticationInfo&gt; cache = getAvailableAuthenticationCache();</a>
<span class="sourceLineNo">689</span><a id="line.689"> //cache instance will be non-null if caching is enabled:</a>
<span class="sourceLineNo">690</span><a id="line.690"> if (cache != null) {</a>
<span class="sourceLineNo">691</span><a id="line.691"> Object key = getAuthenticationCacheKey(principals);</a>
<span class="sourceLineNo">692</span><a id="line.692"> cache.remove(key);</a>
<span class="sourceLineNo">693</span><a id="line.693"> }</a>
<span class="sourceLineNo">694</span><a id="line.694"> }</a>
<span class="sourceLineNo">695</span><a id="line.695"> }</a>
<span class="sourceLineNo">696</span><a id="line.696"></a>
<span class="sourceLineNo">697</span><a id="line.697"> /**</a>
<span class="sourceLineNo">698</span><a id="line.698"> * Retrieves authentication data from an implementation-specific datasource (RDBMS, LDAP, etc) for the given</a>
<span class="sourceLineNo">699</span><a id="line.699"> * authentication token.</a>
<span class="sourceLineNo">700</span><a id="line.700"> * &lt;p/&gt;</a>
<span class="sourceLineNo">701</span><a id="line.701"> * For most datasources, this means just 'pulling' authentication data for an associated subject/user and nothing</a>
<span class="sourceLineNo">702</span><a id="line.702"> * more and letting Shiro do the rest. But in some systems, this method could actually perform EIS specific</a>
<span class="sourceLineNo">703</span><a id="line.703"> * log-in logic in addition to just retrieving data - it is up to the Realm implementation.</a>
<span class="sourceLineNo">704</span><a id="line.704"> * &lt;p/&gt;</a>
<span class="sourceLineNo">705</span><a id="line.705"> * A {@code null} return value means that no account could be associated with the specified token.</a>
<span class="sourceLineNo">706</span><a id="line.706"> *</a>
<span class="sourceLineNo">707</span><a id="line.707"> * @param token the authentication token containing the user's principal and credentials.</a>
<span class="sourceLineNo">708</span><a id="line.708"> * @return an {@link AuthenticationInfo} object containing account data resulting from the</a>
<span class="sourceLineNo">709</span><a id="line.709"> * authentication ONLY if the lookup is successful (i.e. account exists and is valid, etc.)</a>
<span class="sourceLineNo">710</span><a id="line.710"> * @throws AuthenticationException if there is an error acquiring data or performing</a>
<span class="sourceLineNo">711</span><a id="line.711"> * realm-specific authentication logic for the specified &lt;tt&gt;token&lt;/tt&gt;</a>
<span class="sourceLineNo">712</span><a id="line.712"> */</a>
<span class="sourceLineNo">713</span><a id="line.713"> protected abstract AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException;</a>
<span class="sourceLineNo">714</span><a id="line.714"></a>
<span class="sourceLineNo">715</span><a id="line.715">}</a>
</pre>
</div>
</main>
</body>
</html>