Examples with AuthenticationCredentialsNotFoundException org.springframework.security.authentication.AuthenticationCredentialsNotFoundException used on opensource projects

Example 6 with AuthenticationCredentialsNotFoundException

use of org.springframework.security.authentication.AuthenticationCredentialsNotFoundException in project spring-security by spring-projects.

the class AbstractSecurityInterceptor method credentialsNotFound.

/**
	 * Helper method which generates an exception containing the passed reason, and
	 * publishes an event to the application context.
	 * <p>
	 * Always throws an exception.
	 *
	 * @param reason to be provided in the exception detail
	 * @param secureObject that was being called
	 * @param configAttribs that were defined for the secureObject
	 */
private void credentialsNotFound(String reason, Object secureObject, Collection<ConfigAttribute> configAttribs) {
    AuthenticationCredentialsNotFoundException exception = new AuthenticationCredentialsNotFoundException(reason);
    AuthenticationCredentialsNotFoundEvent event = new AuthenticationCredentialsNotFoundEvent(secureObject, configAttribs, exception);
    publishEvent(event);
    throw exception;
}

Example 7 with AuthenticationCredentialsNotFoundException

use of org.springframework.security.authentication.AuthenticationCredentialsNotFoundException in project spring-security by spring-projects.

the class GlobalMethodSecurityBeanDefinitionParserTests method supportsBooleanPointcutExpressions.

@Test
public void supportsBooleanPointcutExpressions() {
    setContext("<b:bean id='target' class='org.springframework.security.access.annotation.BusinessServiceImpl'/>" + "<global-method-security>" + "   <protect-pointcut expression=" + "     'execution(* org.springframework.security.access.annotation.BusinessService.*(..)) " + "       and not execution(* org.springframework.security.access.annotation.BusinessService.someOther(String)))' " + "               access='ROLE_USER'/>" + "</global-method-security>" + AUTH_PROVIDER_XML);
    target = (BusinessService) appContext.getBean("target");
    // String method should not be protected
    target.someOther("somestring");
    // All others should require ROLE_USER
    try {
        target.someOther(0);
        fail("Expected AuthenticationCredentialsNotFoundException");
    } catch (AuthenticationCredentialsNotFoundException expected) {
    }
    SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("user", "password"));
    target.someOther(0);
}

Example 8 with AuthenticationCredentialsNotFoundException

use of org.springframework.security.authentication.AuthenticationCredentialsNotFoundException in project spring-security by spring-projects.

the class ProtectPointcutPerformanceTests method usingPrototypeDoesNotParsePointcutOnEachCall.

// Method for use with profiler
@Test
public void usingPrototypeDoesNotParsePointcutOnEachCall() {
    StopWatch sw = new StopWatch();
    sw.start();
    for (int i = 0; i < 1000; i++) {
        try {
            SessionRegistry reg = (SessionRegistry) ctx.getBean("sessionRegistryPrototype");
            reg.getAllPrincipals();
            fail("Expected AuthenticationCredentialsNotFoundException");
        } catch (AuthenticationCredentialsNotFoundException expected) {
        }
    }
    sw.stop();
// assertThat(sw.getTotalTimeMillis() < 1000).isTrue();
}

Example 9 with AuthenticationCredentialsNotFoundException

use of org.springframework.security.authentication.AuthenticationCredentialsNotFoundException in project spring-security by spring-projects.

the class SwitchUserFilter method createSwitchUserToken.

/**
	 * Create a switch user token that contains an additional <tt>GrantedAuthority</tt>
	 * that contains the original <code>Authentication</code> object.
	 *
	 * @param request The http servlet request.
	 * @param targetUser The target user
	 *
	 * @return The authentication token
	 *
	 * @see SwitchUserGrantedAuthority
	 */
private UsernamePasswordAuthenticationToken createSwitchUserToken(HttpServletRequest request, UserDetails targetUser) {
    UsernamePasswordAuthenticationToken targetUserRequest;
    // grant an additional authority that contains the original Authentication object
    // which will be used to 'exit' from the current switched user.
    Authentication currentAuth;
    try {
        // SEC-1763. Check first if we are already switched.
        currentAuth = attemptExitUser(request);
    } catch (AuthenticationCredentialsNotFoundException e) {
        currentAuth = SecurityContextHolder.getContext().getAuthentication();
    }
    GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(this.switchAuthorityRole, currentAuth);
    // get the original authorities
    Collection<? extends GrantedAuthority> orig = targetUser.getAuthorities();
    // Allow subclasses to change the authorities to be granted
    if (this.switchUserAuthorityChanger != null) {
        orig = this.switchUserAuthorityChanger.modifyGrantedAuthorities(targetUser, currentAuth, orig);
    }
    // add the new switch user authority
    List<GrantedAuthority> newAuths = new ArrayList<GrantedAuthority>(orig);
    newAuths.add(switchAuthority);
    // create the new authentication token
    targetUserRequest = new UsernamePasswordAuthenticationToken(targetUser, targetUser.getPassword(), newAuths);
    // set details
    targetUserRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
    return targetUserRequest;
}

Example 10 with AuthenticationCredentialsNotFoundException

use of org.springframework.security.authentication.AuthenticationCredentialsNotFoundException in project spring-security by spring-projects.

the class Http403ForbiddenEntryPointTests method testCommence.

public void testCommence() {
    MockHttpServletRequest req = new MockHttpServletRequest();
    MockHttpServletResponse resp = new MockHttpServletResponse();
    Http403ForbiddenEntryPoint fep = new Http403ForbiddenEntryPoint();
    try {
        fep.commence(req, resp, new AuthenticationCredentialsNotFoundException("test"));
        assertThat(resp.getStatus()).withFailMessage("Incorrect status").isEqualTo(HttpServletResponse.SC_FORBIDDEN);
    } catch (IOException e) {
        fail("Unexpected exception thrown: " + e);
    } catch (ServletException e) {
        fail("Unexpected exception thrown: " + e);
    }
}