Example 41 with AuthenticationManager
use of org.springframework.security.authentication.AuthenticationManager in project spring-security-oauth by spring-projects.
the class ResourceServerSecurityConfigurer method configure.
@Override
public void configure(HttpSecurity http) throws Exception {
AuthenticationManager oauthAuthenticationManager = oauthAuthenticationManager(http);
resourcesServerFilter = new OAuth2AuthenticationProcessingFilter();
resourcesServerFilter.setAuthenticationEntryPoint(authenticationEntryPoint);
resourcesServerFilter.setAuthenticationManager(oauthAuthenticationManager);
if (eventPublisher != null) {
resourcesServerFilter.setAuthenticationEventPublisher(eventPublisher);
}
if (tokenExtractor != null) {
resourcesServerFilter.setTokenExtractor(tokenExtractor);
}
resourcesServerFilter = postProcess(resourcesServerFilter);
resourcesServerFilter.setStateless(stateless);
// @formatter:off
http.authorizeRequests().expressionHandler(expressionHandler).and().addFilterBefore(resourcesServerFilter, AbstractPreAuthenticatedProcessingFilter.class).exceptionHandling().accessDeniedHandler(accessDeniedHandler).authenticationEntryPoint(authenticationEntryPoint);
// @formatter:on
}
Also used :
AuthenticationManager(org.springframework.security.authentication.AuthenticationManager)
OAuth2AuthenticationManager(org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationManager)
AbstractPreAuthenticatedProcessingFilter(org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter)
OAuth2AuthenticationProcessingFilter(org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter)
Example 42 with AuthenticationManager
use of org.springframework.security.authentication.AuthenticationManager in project spring-security-oauth by spring-projects.
the class ResourceOwnerPasswordTokenGranterTests method testAccountLocked.
@Test(expected = InvalidGrantException.class)
public void testAccountLocked() {
ResourceOwnerPasswordTokenGranter granter = new ResourceOwnerPasswordTokenGranter(new AuthenticationManager() {
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
throw new LockedException("test");
}
}, providerTokenServices, clientDetailsService, requestFactory);
granter.grant("password", tokenRequest);
}
Also used :
AuthenticationManager(org.springframework.security.authentication.AuthenticationManager)
LockedException(org.springframework.security.authentication.LockedException)
AuthenticationException(org.springframework.security.core.AuthenticationException)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
Test(org.junit.Test)
Example 43 with AuthenticationManager
use of org.springframework.security.authentication.AuthenticationManager in project spring-security-oauth by spring-projects.
the class ResourceOwnerPasswordTokenGranterTests method testExtraParameters.
@Test
public void testExtraParameters() {
authenticationManager = new AuthenticationManager() {
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
if (authentication instanceof UsernamePasswordAuthenticationToken) {
UsernamePasswordAuthenticationToken user = (UsernamePasswordAuthenticationToken) authentication;
user = new UsernamePasswordAuthenticationToken(user.getPrincipal(), "N/A", AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER"));
@SuppressWarnings("unchecked") Map<String, String> details = (Map<String, String>) authentication.getDetails();
assertNull(details.get("password"));
return user;
}
return authentication;
}
};
ResourceOwnerPasswordTokenGranter granter = new ResourceOwnerPasswordTokenGranter(authenticationManager, providerTokenServices, clientDetailsService, requestFactory);
OAuth2AccessToken token = granter.grant("password", tokenRequest);
OAuth2Authentication authentication = providerTokenServices.loadAuthentication(token.getValue());
assertTrue(authentication.isAuthenticated());
assertNull(authentication.getUserAuthentication().getDetails());
}
Also used :
AuthenticationManager(org.springframework.security.authentication.AuthenticationManager)
AuthenticationException(org.springframework.security.core.AuthenticationException)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
HashMap(java.util.HashMap)
Map(java.util.Map)
Test(org.junit.Test)
Example 44 with AuthenticationManager
use of org.springframework.security.authentication.AuthenticationManager in project spring-boot by spring-projects.
the class SecurityAutoConfigurationTests method pingAuthenticationListener.
private void pingAuthenticationListener() {
AuthenticationListener listener = new AuthenticationListener();
this.context.addApplicationListener(listener);
AuthenticationManager manager = this.context.getBean(AuthenticationManager.class);
try {
manager.authenticate(new UsernamePasswordAuthenticationToken("foo", "wrong"));
fail("Expected BadCredentialsException");
} catch (BadCredentialsException e) {
// expected
}
assertThat(listener.event).isInstanceOf(AuthenticationFailureBadCredentialsEvent.class);
}
Also used :
AuthenticationManager(org.springframework.security.authentication.AuthenticationManager)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
Aggregations
AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)44
Test (org.junit.Test)29
Authentication (org.springframework.security.core.Authentication)24
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)19
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)19
MockFilterChain (org.springframework.mock.web.MockFilterChain)11
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)11
BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)10
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)8
FilterChain (javax.servlet.FilterChain)7
AuthenticationException (org.springframework.security.core.AuthenticationException)7
InvocationOnMock (org.mockito.invocation.InvocationOnMock)5
HttpServletRequest (javax.servlet.http.HttpServletRequest)4
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)4
Before (org.junit.Before)3
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
MockServletContext (org.springframework.mock.web.MockServletContext)2
User (org.springframework.security.core.userdetails.User)2
UserDetails (org.springframework.security.core.userdetails.UserDetails)2
OAuth2AuthenticationProcessingFilter (org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter)2
