1 /*
2  * Licensed to the Apache Software Foundation (ASF) under one
3  * or more contributor license agreements.  See the NOTICE file
4  * distributed with this work for additional information
5  * regarding copyright ownership.  The ASF licenses this file
6  * to you under the Apache License, Version 2.0 (the
7  * "License"); you may not use this file except in compliance
8  * with the License.  You may obtain a copy of the License at
9  *
10  *     http://www.apache.org/licenses/LICENSE-2.0
11  *
12  * Unless required by applicable law or agreed to in writing,
13  * software distributed under the License is distributed on an
14  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15  * KIND, either express or implied.  See the License for the
16  * specific language governing permissions and limitations
17  * under the License.
18  */
19 module hunt.shiro.authc.pam.AtLeastOneSuccessfulStrategy;
20 
21 import hunt.shiro.authc.pam.AbstractAuthenticationStrategy;
22 
23 import hunt.shiro.Exceptions;
24 import hunt.shiro.authc.AuthenticationInfo;
25 import hunt.shiro.authc.AuthenticationToken;
26 import hunt.shiro.subject.PrincipalCollection;
27 
28 /**
29  * <tt>AuthenticationStrategy</tt> implementation that requires <em>at least one</em> configured realm to
30  * successfully process the submitted <tt>AuthenticationToken</tt> during the log-in attempt.
31  * <p/>
32  * <p>This means any number of configured realms do not have to support the submitted log-in token, or they may
33  * be unable to acquire <tt>AuthenticationInfo</tt> for the token, but as long as at least one can do both, this
34  * Strategy implementation will allow the log-in process to be successful.
35  * <p/>
36  * <p>Note that this implementation will aggregate the account data from <em>all</em> successfully consulted
37  * realms during the authentication attempt. If you want only the account data from the first successfully
38  * consulted realm and want to ignore all subsequent realms, use the
39  * {@link FirstSuccessfulStrategy FirstSuccessfulAuthenticationStrategy} instead.
40  *
41  * @see FirstSuccessfulStrategy FirstSuccessfulAuthenticationStrategy
42  */
43 class AtLeastOneSuccessfulStrategy : AbstractAuthenticationStrategy {
44 
45     private static bool isEmpty(PrincipalCollection pc) {
46         return pc  is null || pc.isEmpty();
47     }
48 
49     /**
50      * Ensures that the <code>aggregate</code> method argument is not <code>null</code> and
51      * <code>aggregate.{@link hunt.shiro.authc.AuthenticationInfo#getPrincipals() getPrincipals()}</code>
52      * is not <code>null</code>, and if either is <code>null</code>,
53      * that none of the realms authenticated successfully.
54      */
55     override AuthenticationInfo afterAllAttempts(AuthenticationToken token, AuthenticationInfo aggregate){
56         //we know if one or more were able to successfully authenticate if the aggregated account object does not
57         //contain null or empty data:
58         if (aggregate  is null || isEmpty(aggregate.getPrincipals())) {
59             throw new AuthenticationException("Authentication token of type [" ~ 
60                     typeid(cast(Object)token).name ~ "] " ~
61                     "could not be authenticated by any configured realms.  " ~ 
62                     "Please ensure that at least one realm can " ~
63                     "authenticate these tokens.");
64         }
65 
66         return aggregate;
67     }
68 }