core/src/main/java/org/apache/shiro/authc/AbstractAuthenticator.java - shiro - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.shiro.authc;

 import org.apache.shiro.subject.PrincipalCollection;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 import java.util.ArrayList;
 import java.util.Collection;


 /**
  * Superclass for almost all {@link Authenticator} implementations that performs the common work around authentication
  * attempts.
  * <p/>
  * This class delegates the actual authentication attempt to subclasses but supports notification for
  * successful and failed logins as well as logouts. Notification is sent to one or more registered
  * {@link AuthenticationListener AuthenticationListener}s to allow for custom processing logic
  * when these conditions occur.
  * <p/>
  * In most cases, the only thing a subclass needs to do (via its {@link #doAuthenticate} implementation)
  * is perform the actual principal/credential verification process for the submitted {@code AuthenticationToken}.
  *
  * @since 0.1
  */
 public abstract class AbstractAuthenticator implements Authenticator, LogoutAware {

     /*-------------------------------------------
     |             C O N S T A N T S             |
     ============================================*/
     /**
      * Private class log instance.
      */
     private static final Logger log = LoggerFactory.getLogger(AbstractAuthenticator.class);

     /*-------------------------------------------
     |    I N S T A N C E   V A R I A B L E S    |
     ============================================*/
     /**
      * Any registered listeners that wish to know about things during the authentication process.
      */
     private Collection<AuthenticationListener> listeners;

     /*-------------------------------------------
     |         C O N S T R U C T O R S           |
     ============================================*/

     /**
      * Default no-argument constructor. Ensures the internal
      * {@link AuthenticationListener AuthenticationListener} collection is a non-null {@code ArrayList}.
      */
     public AbstractAuthenticator() {
         listeners = new ArrayList<AuthenticationListener>();
     }

     /*--------------------------------------------
     |  A C C E S S O R S / M O D I F I E R S    |
     ============================================*/

     /**
      * Sets the {@link AuthenticationListener AuthenticationListener}s that should be notified during authentication
      * attempts.
      *
      * @param listeners one or more {@code AuthenticationListener}s that should be notified due to an
      *                  authentication attempt.
      */
     @SuppressWarnings({"UnusedDeclaration"})
     public void setAuthenticationListeners(Collection<AuthenticationListener> listeners) {
         if (listeners == null) {
             this.listeners = new ArrayList<AuthenticationListener>();
         } else {
             this.listeners = listeners;
         }
     }

     /**
      * Returns the {@link AuthenticationListener AuthenticationListener}s that should be notified during authentication
      * attempts.
      *
      * @return the {@link AuthenticationListener AuthenticationListener}s that should be notified during authentication
      *         attempts.
      */
     @SuppressWarnings({"UnusedDeclaration"})
     public Collection<AuthenticationListener> getAuthenticationListeners() {
         return this.listeners;
     }

     /*-------------------------------------------
     |               M E T H O D S               |
     ============================================*/

     /**
      * Notifies any registered {@link AuthenticationListener AuthenticationListener}s that
      * authentication was successful for the specified {@code token} which resulted in the specified
      * {@code info}.  This implementation merely iterates over the internal {@code listeners} collection and
      * calls {@link AuthenticationListener#onSuccess(AuthenticationToken, AuthenticationInfo) onSuccess}
      * for each.
      *
      * @param token the submitted {@code AuthenticationToken} that resulted in a successful authentication.
      * @param info  the returned {@code AuthenticationInfo} resulting from the successful authentication.
      */
     protected void notifySuccess(AuthenticationToken token, AuthenticationInfo info) {
         for (AuthenticationListener listener : this.listeners) {
             listener.onSuccess(token, info);
         }
     }

     /**
      * Notifies any registered {@link AuthenticationListener AuthenticationListener}s that
      * authentication failed for the
      * specified {@code token} which resulted in the specified {@code ae} exception.  This implementation merely
      * iterates over the internal {@code listeners} collection and calls
      * {@link AuthenticationListener#onFailure(AuthenticationToken, AuthenticationException) onFailure}
      * for each.
      *
      * @param token the submitted {@code AuthenticationToken} that resulted in a failed authentication.
      * @param ae    the resulting {@code AuthenticationException} that caused the authentication to fail.
      */
     protected void notifyFailure(AuthenticationToken token, AuthenticationException ae) {
         for (AuthenticationListener listener : this.listeners) {
             listener.onFailure(token, ae);
         }
     }

     /**
      * Notifies any registered {@link AuthenticationListener AuthenticationListener}s that a
      * {@code Subject} has logged-out.  This implementation merely
      * iterates over the internal {@code listeners} collection and calls
      * {@link AuthenticationListener#onLogout(org.apache.shiro.subject.PrincipalCollection) onLogout}
      * for each.
      *
      * @param principals the identifying principals of the {@code Subject}/account logging out.
      */
     protected void notifyLogout(PrincipalCollection principals) {
         for (AuthenticationListener listener : this.listeners) {
             listener.onLogout(principals);
         }
     }

     /**
      * This implementation merely calls
      * {@link #notifyLogout(org.apache.shiro.subject.PrincipalCollection) notifyLogout} to allow any registered listeners
      * to react to the logout.
      *
      * @param principals the identifying principals of the {@code Subject}/account logging out.
      */
     public void onLogout(PrincipalCollection principals) {
         notifyLogout(principals);
     }

     /**
      * Implementation of the {@link Authenticator} interface that functions in the following manner:
      * <ol>
      * <li>Calls template {@link #doAuthenticate doAuthenticate} method for subclass execution of the actual
      * authentication behavior.</li>
      * <li>If an {@code AuthenticationException} is thrown during {@code doAuthenticate},
      * {@link #notifyFailure(AuthenticationToken, AuthenticationException) notify} any registered
      * {@link AuthenticationListener AuthenticationListener}s of the exception and then propagate the exception
      * for the caller to handle.</li>
      * <li>If no exception is thrown (indicating a successful login),
      * {@link #notifySuccess(AuthenticationToken, AuthenticationInfo) notify} any registered
      * {@link AuthenticationListener AuthenticationListener}s of the successful attempt.</li>
      * <li>Return the {@code AuthenticationInfo}</li>
      * </ol>
      *
      * @param token the submitted token representing the subject's (user's) login principals and credentials.
      * @return the AuthenticationInfo referencing the authenticated user's account data.
      * @throws AuthenticationException if there is any problem during the authentication process - see the
      *                                 interface's JavaDoc for a more detailed explanation.
      */
     public final AuthenticationInfo authenticate(AuthenticationToken token) throws AuthenticationException {

         if (token == null) {
             throw new IllegalArgumentException("Method argument (authentication token) cannot be null.");
         }

         log.trace("Authentication attempt received for token [{}]", token);

         AuthenticationInfo info;
         try {
             info = doAuthenticate(token);
             if (info == null) {
                 String msg = "No account information found for authentication token [" + token + "] by this " +
                         "Authenticator instance.  Please check that it is configured correctly.";
                 throw new AuthenticationException(msg);
             }
         } catch (Throwable t) {
             AuthenticationException ae = null;
             if (t instanceof AuthenticationException) {
                 ae = (AuthenticationException) t;
             }
             if (ae == null) {
                 //Exception thrown was not an expected AuthenticationException.  Therefore it is probably a little more
                 //severe or unexpected.  So, wrap in an AuthenticationException, log to warn, and propagate:
                 String msg = "Authentication failed for token submission [" + token + "].  Possible unexpected " +
                         "error? (Typical or expected login exceptions should extend from AuthenticationException).";
                 ae = new AuthenticationException(msg, t);
                 if (log.isWarnEnabled())
                     log.warn(msg, t);
             }
             try {
                 notifyFailure(token, ae);
             } catch (Throwable t2) {
                 if (log.isWarnEnabled()) {
                     String msg = "Unable to send notification for failed authentication attempt - listener error?.  " +
                             "Please check your AuthenticationListener implementation(s).  Logging sending exception " +
                             "and propagating original AuthenticationException instead...";
                     log.warn(msg, t2);
                 }
             }


             throw ae;
         }

         log.debug("Authentication successful for token [{}].  Returned account [{}]", token, info);

         notifySuccess(token, info);

         return info;
     }

     /**
      * Template design pattern hook for subclasses to implement specific authentication behavior.
      * <p/>
      * Common behavior for most authentication attempts is encapsulated in the
      * {@link #authenticate} method and that method invokes this one for custom behavior.
      * <p/>
      * <b>N.B.</b> Subclasses <em>should</em> throw some kind of
      * {@code AuthenticationException} if there is a problem during
      * authentication instead of returning {@code null}.  A {@code null} return value indicates
      * a configuration or programming error, since {@code AuthenticationException}s should
      * indicate any expected problem (such as an unknown account or username, or invalid password, etc.).
      *
      * @param token the authentication token encapsulating the user's login information.
      * @return an {@code AuthenticationInfo} object encapsulating the user's account information
      *         important to Shiro.
      * @throws AuthenticationException if there is a problem logging in the user.
      */
     protected abstract AuthenticationInfo doAuthenticate(AuthenticationToken token)
             throws AuthenticationException;


 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.apache.shiro.authc;

	import org.apache.shiro.subject.PrincipalCollection;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;

	import java.util.ArrayList;
	import java.util.Collection;


	/**
	* Superclass for almost all {@link Authenticator} implementations that performs the common work around authentication
	* attempts.
	* <p/>
	* This class delegates the actual authentication attempt to subclasses but supports notification for
	* successful and failed logins as well as logouts. Notification is sent to one or more registered
	* {@link AuthenticationListener AuthenticationListener}s to allow for custom processing logic
	* when these conditions occur.
	* <p/>
	* In most cases, the only thing a subclass needs to do (via its {@link #doAuthenticate} implementation)
	* is perform the actual principal/credential verification process for the submitted {@code AuthenticationToken}.
	*
	* @since 0.1
	*/
	public abstract class AbstractAuthenticator implements Authenticator, LogoutAware {

	/*-------------------------------------------
	\| C O N S T A N T S \|
	============================================*/
	/**
	* Private class log instance.
	*/
	private static final Logger log = LoggerFactory.getLogger(AbstractAuthenticator.class);

	/*-------------------------------------------
	\| I N S T A N C E V A R I A B L E S \|
	============================================*/
	/**
	* Any registered listeners that wish to know about things during the authentication process.
	*/
	private Collection<AuthenticationListener> listeners;

	/*-------------------------------------------
	\| C O N S T R U C T O R S \|
	============================================*/

	/**
	* Default no-argument constructor. Ensures the internal
	* {@link AuthenticationListener AuthenticationListener} collection is a non-null {@code ArrayList}.
	*/
	public AbstractAuthenticator() {
	listeners = new ArrayList<AuthenticationListener>();
	}

	/*--------------------------------------------
	\| A C C E S S O R S / M O D I F I E R S \|
	============================================*/

	/**
	* Sets the {@link AuthenticationListener AuthenticationListener}s that should be notified during authentication
	* attempts.
	*
	* @param listeners one or more {@code AuthenticationListener}s that should be notified due to an
	* authentication attempt.
	*/
	@SuppressWarnings({"UnusedDeclaration"})
	public void setAuthenticationListeners(Collection<AuthenticationListener> listeners) {
	if (listeners == null) {
	this.listeners = new ArrayList<AuthenticationListener>();
	} else {
	this.listeners = listeners;
	}
	}

	/**
	* Returns the {@link AuthenticationListener AuthenticationListener}s that should be notified during authentication
	* attempts.
	*
	* @return the {@link AuthenticationListener AuthenticationListener}s that should be notified during authentication
	* attempts.
	*/
	@SuppressWarnings({"UnusedDeclaration"})
	public Collection<AuthenticationListener> getAuthenticationListeners() {
	return this.listeners;
	}

	/*-------------------------------------------
	\| M E T H O D S \|
	============================================*/

	/**
	* Notifies any registered {@link AuthenticationListener AuthenticationListener}s that
	* authentication was successful for the specified {@code token} which resulted in the specified
	* {@code info}. This implementation merely iterates over the internal {@code listeners} collection and
	* calls {@link AuthenticationListener#onSuccess(AuthenticationToken, AuthenticationInfo) onSuccess}
	* for each.
	*
	* @param token the submitted {@code AuthenticationToken} that resulted in a successful authentication.
	* @param info the returned {@code AuthenticationInfo} resulting from the successful authentication.
	*/
	protected void notifySuccess(AuthenticationToken token, AuthenticationInfo info) {
	for (AuthenticationListener listener : this.listeners) {
	listener.onSuccess(token, info);
	}
	}

	/**
	* Notifies any registered {@link AuthenticationListener AuthenticationListener}s that
	* authentication failed for the
	* specified {@code token} which resulted in the specified {@code ae} exception. This implementation merely
	* iterates over the internal {@code listeners} collection and calls
	* {@link AuthenticationListener#onFailure(AuthenticationToken, AuthenticationException) onFailure}
	* for each.
	*
	* @param token the submitted {@code AuthenticationToken} that resulted in a failed authentication.
	* @param ae the resulting {@code AuthenticationException} that caused the authentication to fail.
	*/
	protected void notifyFailure(AuthenticationToken token, AuthenticationException ae) {
	for (AuthenticationListener listener : this.listeners) {
	listener.onFailure(token, ae);
	}
	}

	/**
	* Notifies any registered {@link AuthenticationListener AuthenticationListener}s that a
	* {@code Subject} has logged-out. This implementation merely
	* iterates over the internal {@code listeners} collection and calls
	* {@link AuthenticationListener#onLogout(org.apache.shiro.subject.PrincipalCollection) onLogout}
	* for each.
	*
	* @param principals the identifying principals of the {@code Subject}/account logging out.
	*/
	protected void notifyLogout(PrincipalCollection principals) {
	for (AuthenticationListener listener : this.listeners) {
	listener.onLogout(principals);
	}
	}

	/**
	* This implementation merely calls
	* {@link #notifyLogout(org.apache.shiro.subject.PrincipalCollection) notifyLogout} to allow any registered listeners
	* to react to the logout.
	*
	* @param principals the identifying principals of the {@code Subject}/account logging out.
	*/
	public void onLogout(PrincipalCollection principals) {
	notifyLogout(principals);
	}

	/**
	* Implementation of the {@link Authenticator} interface that functions in the following manner:
	* <ol>
	* <li>Calls template {@link #doAuthenticate doAuthenticate} method for subclass execution of the actual
	* authentication behavior.</li>
	* <li>If an {@code AuthenticationException} is thrown during {@code doAuthenticate},
	* {@link #notifyFailure(AuthenticationToken, AuthenticationException) notify} any registered
	* {@link AuthenticationListener AuthenticationListener}s of the exception and then propagate the exception
	* for the caller to handle.</li>
	* <li>If no exception is thrown (indicating a successful login),
	* {@link #notifySuccess(AuthenticationToken, AuthenticationInfo) notify} any registered
	* {@link AuthenticationListener AuthenticationListener}s of the successful attempt.</li>
	* <li>Return the {@code AuthenticationInfo}</li>
	* </ol>
	*
	* @param token the submitted token representing the subject's (user's) login principals and credentials.
	* @return the AuthenticationInfo referencing the authenticated user's account data.
	* @throws AuthenticationException if there is any problem during the authentication process - see the
	* interface's JavaDoc for a more detailed explanation.
	*/
	public final AuthenticationInfo authenticate(AuthenticationToken token) throws AuthenticationException {

	if (token == null) {
	throw new IllegalArgumentException("Method argument (authentication token) cannot be null.");
	}

	log.trace("Authentication attempt received for token [{}]", token);

	AuthenticationInfo info;
	try {
	info = doAuthenticate(token);
	if (info == null) {
	String msg = "No account information found for authentication token [" + token + "] by this " +
	"Authenticator instance. Please check that it is configured correctly.";
	throw new AuthenticationException(msg);
	}
	} catch (Throwable t) {
	AuthenticationException ae = null;
	if (t instanceof AuthenticationException) {
	ae = (AuthenticationException) t;
	}
	if (ae == null) {
	//Exception thrown was not an expected AuthenticationException. Therefore it is probably a little more
	//severe or unexpected. So, wrap in an AuthenticationException, log to warn, and propagate:
	String msg = "Authentication failed for token submission [" + token + "]. Possible unexpected " +
	"error? (Typical or expected login exceptions should extend from AuthenticationException).";
	ae = new AuthenticationException(msg, t);
	if (log.isWarnEnabled())
	log.warn(msg, t);
	}
	try {
	notifyFailure(token, ae);
	} catch (Throwable t2) {
	if (log.isWarnEnabled()) {
	String msg = "Unable to send notification for failed authentication attempt - listener error?. " +
	"Please check your AuthenticationListener implementation(s). Logging sending exception " +
	"and propagating original AuthenticationException instead...";
	log.warn(msg, t2);
	}
	}


	throw ae;
	}

	log.debug("Authentication successful for token [{}]. Returned account [{}]", token, info);

	notifySuccess(token, info);

	return info;
	}

	/**
	* Template design pattern hook for subclasses to implement specific authentication behavior.
	* <p/>
	* Common behavior for most authentication attempts is encapsulated in the
	* {@link #authenticate} method and that method invokes this one for custom behavior.
	* <p/>
	* <b>N.B.</b> Subclasses <em>should</em> throw some kind of
	* {@code AuthenticationException} if there is a problem during
	* authentication instead of returning {@code null}. A {@code null} return value indicates
	* a configuration or programming error, since {@code AuthenticationException}s should
	* indicate any expected problem (such as an unknown account or username, or invalid password, etc.).
	*
	* @param token the authentication token encapsulating the user's login information.
	* @return an {@code AuthenticationInfo} object encapsulating the user's account information
	* important to Shiro.
	* @throws AuthenticationException if there is a problem logging in the user.
	*/
	protected abstract AuthenticationInfo doAuthenticate(AuthenticationToken token)
	throws AuthenticationException;


	}