1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 */ 19 module hunt.shiro.authc.pam.AtLeastOneSuccessfulStrategy; 20 21 import hunt.shiro.authc.pam.AbstractAuthenticationStrategy; 22 23 import hunt.shiro.Exceptions; 24 import hunt.shiro.authc.AuthenticationInfo; 25 import hunt.shiro.authc.AuthenticationToken; 26 import hunt.shiro.subject.PrincipalCollection; 27 28 /** 29 * <tt>AuthenticationStrategy</tt> implementation that requires <em>at least one</em> configured realm to 30 * successfully process the submitted <tt>AuthenticationToken</tt> during the log-in attempt. 31 * <p/> 32 * <p>This means any number of configured realms do not have to support the submitted log-in token, or they may 33 * be unable to acquire <tt>AuthenticationInfo</tt> for the token, but as long as at least one can do both, this 34 * Strategy implementation will allow the log-in process to be successful. 35 * <p/> 36 * <p>Note that this implementation will aggregate the account data from <em>all</em> successfully consulted 37 * realms during the authentication attempt. If you want only the account data from the first successfully 38 * consulted realm and want to ignore all subsequent realms, use the 39 * {@link FirstSuccessfulStrategy FirstSuccessfulAuthenticationStrategy} instead. 40 * 41 * @see FirstSuccessfulStrategy FirstSuccessfulAuthenticationStrategy 42 */ 43 class AtLeastOneSuccessfulStrategy : AbstractAuthenticationStrategy { 44 45 private static bool isEmpty(PrincipalCollection pc) { 46 return pc is null || pc.isEmpty(); 47 } 48 49 /** 50 * Ensures that the <code>aggregate</code> method argument is not <code>null</code> and 51 * <code>aggregate.{@link hunt.shiro.authc.AuthenticationInfo#getPrincipals() getPrincipals()}</code> 52 * is not <code>null</code>, and if either is <code>null</code>, 53 * that none of the realms authenticated successfully. 54 */ 55 override AuthenticationInfo afterAllAttempts(AuthenticationToken token, AuthenticationInfo aggregate){ 56 //we know if one or more were able to successfully authenticate if the aggregated account object does not 57 //contain null or empty data: 58 if (aggregate is null || isEmpty(aggregate.getPrincipals())) { 59 throw new AuthenticationException("Authentication token of type [" ~ 60 typeid(cast(Object)token).name ~ "] " ~ 61 "could not be authenticated by any configured realms. " ~ 62 "Please ensure that at least one realm can " ~ 63 "authenticate these tokens."); 64 } 65 66 return aggregate; 67 } 68 }