Package org.apache.shiro.authc.pam

Class FirstSuccessfulStrategy

java.lang.Object

org.apache.shiro.authc.pam.AbstractAuthenticationStrategy

org.apache.shiro.authc.pam.FirstSuccessfulStrategy

All Implemented Interfaces:

AuthenticationStrategy

public class FirstSuccessfulStrategy
extends AbstractAuthenticationStrategy

AuthenticationStrategy implementation that only accepts the account data from the first successfully consulted Realm and ignores all subsequent realms. This is slightly different behavior than AtLeastOneSuccessfulStrategy, so please review both to see which one meets your needs better.

Since:

0.9

See Also:

AtLeastOneSuccessfulAuthenticationStrategy

Constructor Summary

Constructors

Constructor	Description
FirstSuccessfulStrategy()

Method Summary

Modifier and Type	Method	Description
AuthenticationInfo	beforeAllAttempts(Collection<? extends Realm> realms, AuthenticationToken token)	Returns null immediately, relying on this class's merge implementation to return only the first info object it encounters, ignoring all subsequent ones.
AuthenticationInfo	beforeAttempt(Realm realm, AuthenticationToken token, AuthenticationInfo aggregate)	Throws ShortCircuitIterationException if stopAfterFirstSuccess is set and authentication is successful with a previously consulted realm.
boolean	getStopAfterFirstSuccess()
protected AuthenticationInfo	merge(AuthenticationInfo info, AuthenticationInfo aggregate)	Returns the specified aggregate instance if is non null and valid (that is, has principals and they are not empty) immediately, or, if it is null or not valid, the info argument is returned instead.
void	setStopAfterFirstSuccess(boolean stopAfterFirstSuccess)

Methods inherited from class org.apache.shiro.authc.pam.AbstractAuthenticationStrategy

afterAllAttempts, afterAttempt

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

FirstSuccessfulStrategy

public FirstSuccessfulStrategy()

Method Detail

setStopAfterFirstSuccess

public void setStopAfterFirstSuccess(boolean stopAfterFirstSuccess)

getStopAfterFirstSuccess

public boolean getStopAfterFirstSuccess()

beforeAllAttempts

public AuthenticationInfo beforeAllAttempts(Collection<? extends Realm> realms,
                                            AuthenticationToken token)
                                     throws AuthenticationException

Returns null immediately, relying on this class's merge implementation to return only the first info object it encounters, ignoring all subsequent ones.

Specified by:

beforeAllAttempts in interface AuthenticationStrategy

Overrides:

beforeAllAttempts in class AbstractAuthenticationStrategy

Parameters:

realms - the Realms that will be consulted during the authentication process for the specified token.

token - the Principal/Credential representation to be used during authentication for a corresponding subject.

Returns:

an empty AuthenticationInfo object that will populated with data from multiple realms.

Throws:

AuthenticationException - if the strategy implementation does not wish the Authentication attempt to execute.

beforeAttempt

public AuthenticationInfo beforeAttempt(Realm realm,
                                        AuthenticationToken token,
                                        AuthenticationInfo aggregate)
                                 throws AuthenticationException

Throws ShortCircuitIterationException if stopAfterFirstSuccess is set and authentication is successful with a previously consulted realm. Returns the aggregate method argument, without modification otherwise.

Specified by:

beforeAttempt in interface AuthenticationStrategy

Overrides:

beforeAttempt in class AbstractAuthenticationStrategy

Parameters:

realm - the realm that will be consulted for AuthenticationInfo for the specified token.

token - the AuthenticationToken submitted for the subject attempting system log-in.

aggregate - the aggregated AuthenticationInfo object being used across the multi-realm authentication attempt

Returns:

the AuthenticationInfo object that will be presented to further realms in the authentication process - returning the aggregate method argument is the normal case if no special action needs to be taken.

Throws:

AuthenticationException - an exception thrown by the Strategy implementation if it wishes the login process for the associated subject (user) to stop immediately.

merge

protected AuthenticationInfo merge(AuthenticationInfo info,
                                   AuthenticationInfo aggregate)

Returns the specified aggregate instance if is non null and valid (that is, has principals and they are not empty) immediately, or, if it is null or not valid, the info argument is returned instead.

This logic ensures that the first valid info encountered is the one retained and all subsequent ones are ignored, since this strategy mandates that only the info from the first successfully authenticated realm be used.

Overrides:

merge in class AbstractAuthenticationStrategy