in core/src/main/java/org/apache/shiro/authc/AbstractAuthenticator.java [188:239]
public final AuthenticationInfo authenticate(AuthenticationToken token) throws AuthenticationException {
if (token == null) {
throw new IllegalArgumentException("Method argument (authentication token) cannot be null.");
}
LOGGER.trace("Authentication attempt received for token [{}]", token);
AuthenticationInfo info;
try {
info = doAuthenticate(token);
if (info == null) {
String msg = "No account information found for authentication token [" + token + "] by this "
+ "Authenticator instance. Please check that it is configured correctly.";
throw new AuthenticationException(msg);
}
} catch (Throwable t) {
AuthenticationException ae = null;
if (t instanceof AuthenticationException) {
ae = (AuthenticationException) t;
}
if (ae == null) {
//Exception thrown was not an expected AuthenticationException. Therefore it is probably a little more
//severe or unexpected. So, wrap in an AuthenticationException, log to warn, and propagate:
String msg = "Authentication failed for token submission [" + token + "]. Possible unexpected "
+ "error? (Typical or expected login exceptions should extend from AuthenticationException).";
ae = new AuthenticationException(msg, t);
if (LOGGER.isWarnEnabled()) {
LOGGER.warn(msg, t);
}
}
try {
notifyFailure(token, ae);
} catch (Throwable t2) {
if (LOGGER.isWarnEnabled()) {
String msg = "Unable to send notification for failed authentication attempt - listener error?. "
+ "Please check your AuthenticationListener implementation(s). Logging sending exception "
+ "and propagating original AuthenticationException instead...";
LOGGER.warn(msg, t2);
}
}
throw ae;
}
LOGGER.debug("Authentication successful for token [{}]. Returned account [{}]", token, info);
notifySuccess(token, info);
return info;
}