i'm developing for the first time using AWS Cognito in Java.
I created a code for an Admin to create a User. The user will be automatically created with the status FORCE_CHANGE_PASSWORD. What i was going to do now is a simple login, but if the system return a CHANGE_PASSWORD challenge, then it will open another window where the user should input old password and new password, then submit them to cognito.
The code i used to create a user through AdminCreateUser is the following:
// Creating instance of client CognitoIdentityProvider
CognitoIdentityProviderClient cognitoClient = CognitoIdentityProviderClient.builder().region(Region.EU_CENTRAL_1).build();
AdminCreateUserRequest requestUserCreation = AdminCreateUserRequest.builder()
.username(usernameTextField.getText())
.desiredDeliveryMediums(DeliveryMediumType.EMAIL)
.userAttributes(AttributeType.builder()
.name("email")
.value(emailTextField.getText())
.build())
.userPoolId("xxxxx")
.build();
// Sending sign up request
AdminCreateUserResponse responseUserCreation = cognitoClient.adminCreateUser(requestUserCreation);
// Saving the group we want to put the user in through a combobox
String groupname = (String) groupComboBox.getValue();
UserType newUser = responseUserCreation.user();
GroupType group = GroupType.builder().groupName(groupname).build();
AdminAddUserToGroupRequest addUserToGroupRequest = AdminAddUserToGroupRequest.builder()
.userPoolId("xxxxx")
.username(newUser.username())
.groupName(groupname)
.build();
AdminAddUserToGroupResponse addUserToGroupResult = cognitoClient.adminAddUserToGroup(addUserToGroupRequest);
This code works. When i submit this through a button, an email arrives to the user i created, and it also shows in my Amazon Cognito console.
Now the login part is giving me trouble.
As i said, i want to open another windows which has the right form for resetting the password. I still haven't thought about the implementation for resetting the password because my login doesnt' work, so i will implement this later.
This is my login code:
public void Login(ActionEvent event) {
final String CLIENT_ID = cs.getAppClientId();
final String USER_NAME = userNameTextField.getText();
final String PASSWORD = passwordTextField.getText();
final Region region = cs.getRegion();
CognitoIdentityProviderClient cognitoClient = CognitoIdentityProviderClient.builder()
.credentialsProvider(DefaultCredentialsProvider.create())
.region(region)
.build();
InitiateAuthRequest authRequest = InitiateAuthRequest.builder()
.clientId(CLIENT_ID)
.authFlow("USER_PASSWORD_AUTH")
.authParameters(createAuthParameters(USER_NAME, PASSWORD))
.build();
try {
InitiateAuthResponse authResult = cognitoClient.initiateAuth(authRequest);
if (authResult.challengeName() != null) {
if (authResult.challengeName().equals(ChallengeNameType.NEW_PASSWORD_REQUIRED.toString())) {
try {
reimpostaPassword.apriSchermataReimpostaPassword(event);
} catch (IOException e) {
throw new RuntimeException(e);
}
} else {
// The authentication was successful
AuthenticationResultType authenticationResult = authResult.authenticationResult();
System.out.println("Access token: " + authenticationResult.accessToken());
}
}
} catch (NotAuthorizedException e) {
System.out.println("Incorrect username or password");
} catch (PasswordResetRequiredException e) {
System.out.println("Password reset is required for the user");
}
When i fill my form with the right username and password, it gives me this error:
Caused by: java.lang.NullPointerException: Cannot invoke "software.amazon.awssdk.services.cognitoidentityprovider.model.AuthenticationResultType.accessToken()" because "authenticationResult" is null
at com.example.ratatouille23/com.example.ratatouille23.Login.LoginController.Login(LoginController.java:101)
at com.example.ratatouille23/com.example.ratatouille23.Login.LoginController.clickPulsanteLogin(LoginController.java:66)
at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
... 51 more
The line that gives me error is this:
System.out.println("Access token: " + authenticationResult.accessToken());
This is an odd behaviour, because this means that the 'if the challenge is new password required' control fails, so i'm a little stuck here.
Any help?
I am working on this use case now. To get a very similiar example working, I created a user pool with an App that lets me use these Authentication flows.
When I execute my AWS SDK for Java V2 code that uses identityProviderClient.adminInitiateAuth() - I successfully get an Access Token - as shown here.
WHen i speicfy an incorrect password, I get exception as expected.
Here is a Java code example. To run this Java code example, create a new user in the specified user pool with a temporary password. You will get back a challenge type value of NEW_PASSWORD_REQUIRED in the response.
You cannot read the access token. This code then changes the temporary password to a permanent password. Now the user can log in with the permanent password and you can read the access token.
public class GetAccessToken {
public static void main(String[]args) {
final String usage = "\n" +
"Usage:\n" +
" <clientId> <poolId> <username> <tempPassword> <permanentPassword>\n\n" +
"Where:\n" +
" clientId - The app client Id value that you can get from the AWS CDK script.\n\n" +
" poolId - The pool Id that has the user. \n\n" +
" username - The new user name with a temp password. \n\n" +
" tempPassword - The temp password. \n\n" +
" permanentPassword - The permanent password. \n\n" ;
if (args.length != 5) {
System.out.println(usage);
System.exit(1);
}
String clientId = args[0];
String poolId = args[1];
String username = args[2];
String tempPassword = args[3];
String permanentPassword = args[4];
CognitoIdentityProviderClient identityProviderClient = CognitoIdentityProviderClient.builder()
.region(Region.US_EAST_1)
.credentialsProvider(ProfileCredentialsProvider.create())
.build();
boolean wasLoggedIn = getToken(identityProviderClient, clientId, username, tempPassword, poolId);
if (wasLoggedIn)
System.out.println(username +" successfully authenticated");
else {
// Change the temp password to a permanent one and then call getToken() again. Now you will
// get access tokens.
changeTempPassword(identityProviderClient, username, permanentPassword, poolId);
getToken(identityProviderClient, clientId, username, permanentPassword, poolId);
System.out.println(username +" successfully authenticated");
}
}
public static boolean getToken(CognitoIdentityProviderClient identityProviderClient, String clientId, String username, String password, String poolId) {
final Map<String, String> authParams = new HashMap<>();
authParams.put("USERNAME", username);
authParams.put("PASSWORD", password);
AdminInitiateAuthRequest authRequest = AdminInitiateAuthRequest.builder()
.clientId(clientId)
.userPoolId(poolId)
.authParameters(authParams)
.authFlow(AuthFlowType.ADMIN_USER_PASSWORD_AUTH)
.build();
try {
// If you specify an incorrect username/password, an exception is thrown.
AdminInitiateAuthResponse response = identityProviderClient.adminInitiateAuth(authRequest);
// Get the Challenge type
if (response.challengeNameAsString() == null) {
System.out.println("Access Token Type : " + response.authenticationResult().tokenType());
System.out.println("Access Token : " + response.authenticationResult().accessToken());
return true;
} else if (response.challengeNameAsString().compareTo("NEW_PASSWORD_REQUIRED") == 0) {
System.out.println("The User must change their password. ");
}
} catch(CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
return false;
}
public static void changeTempPassword(CognitoIdentityProviderClient identityProviderClient, String username, String newPassword, String poolId){
try {
AdminSetUserPasswordRequest passwordRequest = AdminSetUserPasswordRequest.builder()
.username(username)
.userPoolId(poolId)
.password(newPassword)
.permanent(true)
.build();
identityProviderClient.adminSetUserPassword(passwordRequest);
System.out.println("The password was successfully changed");
} catch(CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
SO the reason why you get this NULL Exception is because you need to set the permanent password for the user. If the challengeName=NEW_PASSWORD_REQUIRED, you cannot read the access token.
Related
When I edit a user's roles through a page in my application it somehow modifies the user's password. I cant for the life of me figure out where I am changing the user's password in my code. I even went so far as to print out the hashed password after I call Save in the user service and they still match! But when I log out and try to log back in with the user's same credentials Spring says the credentials are invalid. Oddly enough, this only happens when I change the roles, if I change just the name or email address the issue doesn't present.
This is my save method in userServiceImpl
#Override
public void save(User user) {
System.out.println("User trying to save");
user.setPassword(bCryptPasswordEncoder.encode(user.getPassword()));
userRepository.save(user);
}
And this is the controller for editing (I know it's a mess and needs to be cleaned up A LOT!)
#PostMapping("/users/edit")
public String editUser(#ModelAttribute("userForm") User user, BindingResult bindingResult, Model model) {
model.addAttribute("highestRole", getHighestRole(user.getUserName(), userService));
model.addAttribute("pageTitle", "AIM - Edit User Id:" + user.getId());
model.addAllAttributes(getUserAttributes());
model.addAttribute("roles", roleRepository.findAll());
userValidator.validate(user, bindingResult);
if (bindingResult.hasErrors()) {
return "user_edit";
}
User userFromDB = userService.findById(user.getId());
if (!user.getFirstName().equals(userFromDB.getFirstName())) {
userFromDB.setFirstName(user.getFirstName());
}
if (!user.getLastName().equals(userFromDB.getLastName())) {
userFromDB.setLastName(user.getLastName());
}
if (!user.getEmail().equals(userFromDB.getEmail())) {
userFromDB.setEmail(user.getEmail());
}
System.out.println("form password length: " + user.getPassword().length());
if (user.getPassword().length() != 0 && !bCryptPasswordEncoder.matches(user.getPassword(), userFromDB.getPassword())) {
userFromDB.setPassword(user.getPassword());
System.out.println("Changed password");
}
String currentHighestRole = getHighestRole(userFromDB.getUserName(), userService);
String newHighestRole = getHighestRoleFromUser(user);
System.out.println("Role set for current user = " + userFromDB.getRoles().toString());
System.out.println("Role set for new user = " + user.getRoles().toString());
if (!currentHighestRole.equals(newHighestRole)) {
// Ensure that at least one Super User remains
if (currentHighestRole == "SUPER_USER") {
List<User> userList = userService.getAllUsers();
int countOfSuperUsers = 0;
for (User u : userList) {
if (getHighestRoleFromUser(u).equals("SUPER_USER")) countOfSuperUsers++;
}
if (countOfSuperUsers <= 1)
return "redirect:/users/viewAll?alert=error&message=Cannot reduce Super User's role. At a minimum, there must be at least one Super User within the application.";
}
// Create new set of roles for user
Set<Role> newRoleSet = new HashSet<>();
for (Role role : roleRepository.findAll()) {
if (newHighestRole.equals(role.getName())) {
newRoleSet.add(role);
System.out.println("Setting highest role to: " + role.getName());
break;
}
}
System.out.println("New role set looks like this: " + newRoleSet.toString());
userFromDB.setRoles(newRoleSet);
}
userService.save(userFromDB);
System.out.println("Highest role attribute on page = " + getHighestRole(user.getUserName(), userService));
User newUser = userService.findByUsername(userFromDB.getUserName());
System.out.println("Password After Save:" + newUser.getPassword());
return "redirect:/users/view?id=" + user.getId();
}
I should also add that my intent is for a SUPER_USER to be able edit anything about a user, including the password, but if the password fields are left blank then the password would remain unaltered.
I am using the below code to log into Facebook. Once i get the code, using that i get access token and then query graph api and get some basic details.
#RequestMapping(value = "/fblogin")
public String inititateFBlogin(ModelMap model) {
System.out.println("in FB login ");
String fbAuthURL = fbConnectionService.getFBAuthUrl();
return "redirect:"+fbAuthURL;
}
public String getFBAuthUrl() {
String fbLoginUrl = "";
try {
fbLoginUrl = "http://www.facebook.com/dialog/oauth?" + "client_id="
+ FBConnection.FB_APP_ID + "&redirect_uri="
+ URLEncoder.encode(FBConnection.REDIRECT_URI, "UTF-8")
+ "&scope=email";
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return fbLoginUrl;
}
But to logout , i am hitting the URL in below format.
//https://www.facebook.com/logout.php?next=[YourAppURL]&access_token=[ValidAccessToken]
#RequestMapping(value = "/fblogout", method=GET)
public String fbLogOut(ModelMap model) {
String fbLogoutURL = "https://www.facebook.com/logout.php?confirm=1&next=";
String appURL = "http://localhost:15005/abc";
String accessToken = accessTokenFB ;
String logOutURL = fbLogoutURL+appURL+"&access_token="+accessToken;
return "redirect:"+logOutURL;
}
But looks like the above FB url always redirects to the FB homepage.
Is there any way that i can log out by simply calling any FB service through java, I would rather avoid going down to the javascript SDK.
Many thanks.
You can logout an access token by sending a DELETE (instead of GET/POST) request to /me/permissions
https://developers.facebook.com/docs/facebook-login/permissions/requesting-and-revoking
https://developers.facebook.com/docs/graph-api/reference/user/permissions/
curl -X DELETE https://graph.facebook.com/me/permissions?access_token=ABC
As per the java SDK provided here , I created a new project and tried to integrate the codes to make paypal api calls. But when I run the application, it gives me error as :-
Error code : 401 with response : Server returned HTTP response code: 401 for URL: https://api.sandbox.paypal.com/v1/payments/payment
Here is my controller class
package com.main.controller;
public class PaymentController{
#RequestMapping(method = RequestMethod.POST, produces = "application/JSON")
public Payment getString(){
InputStream is = PaymentController.class
.getResourceAsStream("/sdk_config.properties");
try {
PayPalResource.initConfig(is);
System.out.println("initiialization done");
} catch (PayPalRESTException e) {
System.out.println("Paypal Rest Exception : " + e.getMessage());
}
Map<String, String > map = new HashMap<String, String>();
map.put("mode", "sandbox");
String clientID = "AYDNebhrsuqiUKPU_ab-tCvGGVkzaxw2y4bIJFIl4rMuCW..........................";
String clientSecret="ENgjkFRgy1yGhal0aobwdF8kLNglkDaDeDItLN-lgQJZV4W1FpNQ27g3FC...............";
try {
accessToken = new OAuthTokenCredential(clientID, clientSecret,map).getAccessToken();
} catch (PayPalRESTException e) {
// TODO Auto-generated catch block
System.out.println("Cannot make the OAuthentication :" + e.getMessage());
}
Payment payment = createPayment();
return payment;
}
public Payment createPayment(){
Address billingAddress = new Address();
billingAddress.setCity("Johnstown");
billingAddress.setCountryCode("US");
billingAddress.setLine1("52 N Main ST");
billingAddress.setPostalCode("43210");
billingAddress.setState("OH");
CreditCard creditCard = new CreditCard();
creditCard.setBillingAddress(billingAddress);
creditCard.setCvv2(111);
creditCard.setExpireMonth(11);
creditCard.setExpireYear(2018);
creditCard.setFirstName("Joe");
creditCard.setLastName("Shopper");
creditCard.setNumber("5500005555555559");
creditCard.setType("mastercard");
Details details = new Details();
details.setShipping("1");
details.setSubtotal("5");
details.setTax("1");
Amount amount = new Amount();
amount.setCurrency("USD");
amount.setTotal("7");
amount.setDetails(details);
Transaction transaction = new Transaction();
transaction.setAmount(amount);
transaction
.setDescription("This is the payment transaction description.");
List<Transaction> transactions = new ArrayList<Transaction>();
transactions.add(transaction);
FundingInstrument fundingInstrument = new FundingInstrument();
fundingInstrument.setCreditCard(creditCard);
List<FundingInstrument> fundingInstrumentList = new ArrayList<FundingInstrument>();
fundingInstrumentList.add(fundingInstrument);
Payer payer = new Payer();
payer.setFundingInstruments(fundingInstrumentList);
payer.setPaymentMethod("credit_card");
Payment payment = new Payment();
payment.setIntent("sale");
payment.setPayer(payer);
payment.setTransactions(transactions);
Payment createdPayment = null;
try {
String accessToken = GenerateAccessToken.getAccessToken();
String realAccessToken = "A101.kPIsO7eGXhg420XIjnZmPboCS27CeDF6TZjVfGR31f6ja1IotK3e6U-E_k9MwOO5.....";
/*
* String requestId = Long.toString(System.nanoTime(); APIContext
* apiContext = new APIContext(accessToken, requestId ));
*/
createdPayment = payment.create(apiContext);
System.out.println("Created payment with id = " + createdPayment.getId()
+ " and status = " + createdPayment.getState());
} catch (PayPalRESTException e) {
System.out.println("Cannot make the payment from here: " + e.getMessage());
}
return createdPayment;
}
}
UPDATE :- I have added client_id and secret authentication credentials and now I get is 400 error which is Validation Error
401 is Unauthorized. So, at first you have to authorized and create authorized token. Here is example how to create you first call.
Make a /token call using your application's OAuth keys for the basic authentication values (the keys are the values of your client_id and secret). In the request body, set grant_type to client_credentials. When you run the command, PayPal generates and returns a new access token.
Add your token to your payment which you want to create.
Look at this line in this Sample: https://github.com/paypal/PayPal-Java-SDK/blob/master/rest-api-sample/src/main/java/com/paypal/api/sample/FuturePaymentSample.java#L62
So use Sandbox and something like that:
Map<String, String> configurationMap = new HashMap<String, String>();
configurationMap.put("mode", "sandbox");
APIContext apiContext = new APIContext();
apiContext.setConfigurationMap(configurationMap);
tokeninfo = Tokeninfo.createFromAuthorizationCodeForFpp(apiContext, params);
tokeninfo.setAccessToken(tokeninfo.getTokenType() + " " + tokeninfo.getAccessToken());
After that you should be able to call tokeninfo.getAccessToken() for creating payment.
We're using stormpath with Java & also trying to combine form Login with REST API authentication on the same application.
I've setup stormpath servlet plugin as described here https://docs.stormpath.com/java/servlet-plugin/quickstart.html... This works very fine.
Now, on the same application, we have APIs where I've implemented oAuth authentication with stormpath see here http://docs.stormpath.com/guides/api-key-management/
The first request for an access-token works fine by sending Basic Base64(keyId:keySecret) in the request header and grant_type = client_credentials in the body. Access tokens are being returned nicely. However trying to authenticate subsequent requests with the header Bearer <the-obtained-access-token> does not even hit the application before
returning the following json error message...
{
"error": "invalid_client",
"error_description": "access_token is invalid."
}
This is confusing because I've set breakpoints all over the application and I'm pretty sure that the API request doesn't hit the anywhere within the application before stormpath kicks in and returns this error. And even if stormpath somehow intercepts the request before getting to the REST interface, this message doesn't make any sense to me because i'm certainly making the subsequent API calls with a valid access-token obtained from the first call to get access-token.
I have run out of ideas why this could be happening but i'm suspecting that it may have something to do with stormpath config especially with a combination
of form Login/Authentication for web views and oAuth Athentication for REST endpoints. With that said, here's what my stormpath.properties looks like. Hope this could help point at anything I may be doing wrong.
stormpath.application.href=https://api.stormpath.com/v1/applications/[app-id]
stormpath.web.filters.authr=com.app.security.AuthorizationFilter
stormpath.web.request.event.listener = com.app.security.AuthenticationListener
stormpath.web.uris./resources/**=anon
stormpath.web.uris./assets/**=anon
stormpath.web.uris./v1.0/**=anon
stormpath.web.uris./** = authc,authr
stormpath.web.uris./**/**=authc,authr
Help with this would be highly appreciated.
The problem might be related to an incorrect request.
Is it possible for you to try this code in your app?:
private boolean verify(String accessToken) throws OauthAuthenticationException {
HttpRequest request = createRequestForOauth2AuthenticatedOperation(accessToken);
AccessTokenResult result = Applications.oauthRequestAuthenticator(application)
.authenticate(request);
System.out.println(result.getAccount().getEmail() + " was successfully verified, you can allow your protect operation to continue");
return true;
}
private HttpRequest createRequestForOauth2AuthenticatedOperation(String token) {
try {
Map<String, String[]> headers = new LinkedHashMap<String, String[]>();
headers.put("Accept", new String[]{"application/json"});
headers.put("Authorization", new String[]{"Bearer " + token});
HttpRequest request = HttpRequests.method(HttpMethod.GET)
.headers(headers)
.build();
return request;
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
I've prepared an example that demonstrates oauth token creation as well as authorized access to protected pages using access tokens.
It builds off of the servlet example in the Stormpath SDK. The repo can be found here: https://github.com/stormpath/stormpath-java-oauth-servlet-sample
It demonstrates running a servlet application and having an out-of-band program get and use oauth tokens to access protected resources.
The core of the oauth part is in TokenAuthTest.java:
public class TokenAuthTest {
public static void main(String[] args) throws Exception {
String command = System.getProperty("command");
if (command == null || !("getToken".equals(command) || "getPage".equals(command))) {
System.err.println("Must supply a command:");
System.err.println("\t-Dcommand=getToken OR");
System.err.println("\t-Dcommand=getPage OR");
System.exit(1);
}
if ("getToken".equals(command)) {
getToken();
} else {
getPage();
}
}
private static final String APP_URL = "http://localhost:8080";
private static final String OAUTH_URI = "/oauth/token";
private static final String PROTECTED_URI = "/dashboard";
private static void getToken() throws Exception {
String username = System.getProperty("username");
String password = System.getProperty("password");
if (username == null || password == null) {
System.err.println("Must supply -Dusername=<username> -Dpassword=<password> on the command line");
System.exit(1);
}
PostMethod method = new PostMethod(APP_URL + OAUTH_URI);
method.setRequestHeader("Origin", APP_URL);
method.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
method.addParameter("grant_type", "password");
method.addParameter("username", username);
method.addParameter("password", password);
HttpClient client = new HttpClient();
client.executeMethod(method);
BufferedReader br = new BufferedReader(new InputStreamReader(method.getResponseBodyAsStream()));
String readLine;
while(((readLine = br.readLine()) != null)) {
System.out.println(readLine);
}
}
private static void getPage() throws Exception {
String token = System.getProperty("token");
if (token == null) {
System.err.println("Must supply -Dtoken=<access token> on the command line");
System.exit(1);
}
GetMethod method = new GetMethod(APP_URL + PROTECTED_URI);
HttpClient client = new HttpClient();
System.out.println("Attempting to retrieve " + PROTECTED_URI + " without token...");
int returnCode = client.executeMethod(method);
System.out.println("return code: " + returnCode);
System.out.println();
System.out.println("Attempting to retrieve " + PROTECTED_URI + " with token...");
method.addRequestHeader("Authorization", "Bearer " + token);
returnCode = client.executeMethod(method);
System.out.println("return code: " + returnCode);
}
}
i am new in apache shiro.i am getting exception when i execute this statement.
currentUser.login(token);
exception is
errororg.apache.shiro.authc.AuthenticationException: Authentication failed for token submission [org.apache.shiro.authc.UsernamePasswordToken - abc#gmail.com, rememberMe=true]. Possible unexpected error? (Typical or expected login exceptions should extend from AuthenticationException).
i am invoking this method for login.the code is.
public boolean authorize(String username,String password)
{
Boolean status=false;
log.debug("the user id "+username+"passwrodD::"+password);
Realm realm = new JdbcRealm();
DefaultSecurityManager securityManager = new DefaultSecurityManager(realm);
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
token.setRememberMe(true);
SecurityUtils.setSecurityManager(securityManager);
Subject currentUser = SecurityUtils.getSubject();
Response r = null;
log.debug("before process for login");
try
{
currentUser.login(token); //This throws an error upon form submission
r = Response.ok().entity(token).build();
}
catch (UnknownAccountException uae ) {
//username wasn't in the system, show them an error message?
System.out.println("the user name is invalid");
} catch ( IncorrectCredentialsException ice ) {
//password didn't match, try again?
System.out.println("the password name is invalid");
} catch ( LockedAccountException lae ) {
//account for that username is locked - can't login. Show them a message?
} catch ( AuthenticationException ae ) {
//unexpected condition - error?
System.out.println("unexpect error"+ae);
}
return status;
}
my shiro.ini file
[main]
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.permissionsLookupEnabled = true
jdbcRealm.authenticationQuery =select User_Password FROM user_master where User_id=?
ds = com.mysql.jdbc.jdbc2.optional.MysqlDataSource
ds.serverName = localhost
ds.user = root
ds.password = root
ds.databaseName = test
jdbcRealm.dataSource = $ds
[users]
[roles]
[urls]
i include listener and filter in my web.xml file.
i change the authenticationQuery to my query. and when i am executing i am getting this above error. and also i do know is it right way to modify or override query.
I think the problem is that you are missing securityManager.realm = $jdbcRealm in your shiro.ini
I just got this exception, and the problem was I was setting securityManager.realm incorrectly in shiro.ini. This is what I had:
[main]
fooRealm = com.company.foo.Realm
securityManager.realms = fooRealm
This is what fixed it (I was missing a $):
[main]
fooRealm = com.company.foo.Realm
securityManager.realms = $fooRealm