View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.shiro.authc.pam;
20  
21  import org.apache.shiro.authc.AuthenticationException;
22  import org.apache.shiro.authc.AuthenticationInfo;
23  import org.apache.shiro.authc.AuthenticationToken;
24  import org.apache.shiro.subject.PrincipalCollection;
25  
26  /**
27   * <tt>AuthenticationStrategy</tt> implementation that requires <em>at least one</em> configured realm to
28   * successfully process the submitted <tt>AuthenticationToken</tt> during the log-in attempt.
29   * <p/>
30   * <p>This means any number of configured realms do not have to support the submitted log-in token, or they may
31   * be unable to acquire <tt>AuthenticationInfo</tt> for the token, but as long as at least one can do both, this
32   * Strategy implementation will allow the log-in process to be successful.
33   * <p/>
34   * <p>Note that this implementation will aggregate the account data from <em>all</em> successfully consulted
35   * realms during the authentication attempt. If you want only the account data from the first successfully
36   * consulted realm and want to ignore all subsequent realms, use the
37   * {@link FirstSuccessfulStrategy FirstSuccessfulAuthenticationStrategy} instead.
38   *
39   * @see FirstSuccessfulStrategy FirstSuccessfulAuthenticationStrategy
40   * @since 0.2
41   */
42  public class AtLeastOneSuccessfulStrategy extends AbstractAuthenticationStrategy {
43  
44      private static boolean isEmpty(PrincipalCollection pc) {
45          return pc == null || pc.isEmpty();
46      }
47  
48      /**
49       * Ensures that the <code>aggregate</code> method argument is not <code>null</code> and
50       * <code>aggregate.{@link org.apache.shiro.authc.AuthenticationInfo#getPrincipals() getPrincipals()}</code>
51       * is not <code>null</code>, and if either is <code>null</code>, throws an AuthenticationException to indicate
52       * that none of the realms authenticated successfully.
53       */
54      public AuthenticationInfo afterAllAttempts(AuthenticationToken token, AuthenticationInfo aggregate)
55              throws AuthenticationException {
56          //we know if one or more were able to successfully authenticate if the aggregated account object does not
57          //contain null or empty data:
58          if (aggregate == null || isEmpty(aggregate.getPrincipals())) {
59              throw new AuthenticationException("Authentication token of type [" + token.getClass() + "] "
60                      + "could not be authenticated by any configured realms.  Please ensure that at least one realm can "
61                      + "authenticate these tokens.");
62          }
63  
64          return aggregate;
65      }
66  }