Package org.apache.shiro.authc
Core interfaces and exceptions concerning Authentication (the act of logging-in).
Shiro abbreviates the word 'AuthentiCation' as authc to distinguish it separately from
'AuthoriZation', abbreviated as authz.
The primary item of interest in this package is the Authenticator interface, which acts as the
entry point (facade) to all other other authentication components. Other components, interfaces and
exceptions are here to support Authenticator implementations.
-
Interface Summary Interface Description Account An Account is a convenience interface that extends bothAuthenticationInfo
andAuthorizationInfo
and represents authentication and authorization for a single account in a single Realm.AuthenticationInfo AuthenticationInfo
represents a Subject's (aka user's) stored account information relevant to the authentication/log-in process only.AuthenticationListener AnAuthenticationListener
listens for notifications whileSubject
s authenticate with the system.AuthenticationToken An AuthenticationToken is a consolidation of an account's principals and supporting credentials submitted by a user during an authentication attempt.Authenticator An Authenticator is responsible for authenticating accounts in an application.HostAuthenticationToken AHostAuthenticationToken
retains the host information from where an authentication attempt originates.LogoutAware An SPI interface allowing cleanup logic to be executed during logout of a previously authenticated Subject/user.MergableAuthenticationInfo An extension of theAuthenticationInfo
interface to be implemented by classes that support merging with otherAuthenticationInfo
instances.RememberMeAuthenticationToken AnAuthenticationToken
that indicates if the user wishes their identity to be remembered across sessions.SaltedAuthenticationInfo Interface representing account information that may use a salt when hashing credentials. -
Class Summary Class Description AbstractAuthenticator Superclass for almost allAuthenticator
implementations that performs the common work around authentication attempts.BearerToken AAuthenticationToken
that contains an a Bearer token or API key, typically received via an HTTPAuthorization
header.SimpleAccount Simple implementation of theAccount
interface that contains principal and credential and authorization information (roles and permissions) as instance variables and exposes them via getters and setters using standard JavaBean notation.SimpleAuthenticationInfo Simple implementation of theMergableAuthenticationInfo
interface that holds the principals and credentials.UsernamePasswordToken A simple username/password authentication token to support the most widely-used authentication mechanism. -
Exception Summary Exception Description AccountException Exception thrown due to a problem with the account under which an authentication attempt is being executed.AuthenticationException General exception thrown due to an error during the Authentication process.ConcurrentAccessException Thrown when an authentication attempt has been received for an account that has already been authenticated (i.e.CredentialsException Exception thrown due to a problem with the credential(s) submitted for an account during the authentication process.DisabledAccountException Thrown when attempting to authenticate and the corresponding account has been disabled for some reason.ExcessiveAttemptsException Thrown when a system is configured to only allow a certain number of authentication attempts over a period of time and the current session has failed to authenticate successfully within that number.ExpiredCredentialsException Thrown during the authentication process when the system determines the submitted credential(s) has expired and will not allow login.IncorrectCredentialsException Thrown when attempting to authenticate with credential(s) that do not match the actual credentials associated with the account principal.LockedAccountException A special kind of DisabledAccountException, this exception is thrown when attempting to authenticate and the corresponding account has been disabled explicitly due to being locked.UnknownAccountException Thrown when attempting to authenticate with a principal that doesn't exist in the system (e.g.