Example 1 with BadCredentialsException
use of org.springframework.security.authentication.BadCredentialsException in project head by mifos.
the class MifosDaoAuthenticationProvider method additionalAuthenticationChecks.
@Override
protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
MifosUser user = (MifosUser) userDetails;
if (authentication.getCredentials() == null) {
throw new BadCredentialsException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
}
String presentedPassword = authentication.getCredentials().toString();
boolean isPasswordValid = passwordHashing.verifyPassword(presentedPassword, user.getPasswordAsBytes());
if (!isPasswordValid) {
throw new BadCredentialsException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
}
}
Also used :
MifosUser(org.mifos.security.MifosUser)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
Example 2 with BadCredentialsException
use of org.springframework.security.authentication.BadCredentialsException in project opennms by OpenNMS.
the class HybridOpenNMSUserAuthenticationProvider method checkUserPassword.
protected void checkUserPassword(final String authUsername, final String authPassword, final SpringSecurityUser user) throws AuthenticationException {
final String existingPassword = user.getPassword();
boolean hasUser = false;
try {
hasUser = m_userManager.hasUser(user.getUsername());
} catch (final Throwable e) {
throw new AuthenticationServiceException("An error occurred while checking for " + authUsername + " in the UserManager", e);
}
if (hasUser) {
if (!m_userManager.comparePasswords(authUsername, authPassword)) {
LOG.warn("Password auth failed for user: " + authUsername);
throw new BadCredentialsException("Bad credentials");
}
} else {
if (!m_userManager.checkSaltedPassword(authPassword, existingPassword)) {
LOG.warn("Salted password auth failed for user: " + authUsername);
throw new BadCredentialsException("Bad credentials");
}
}
}
Also used :
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)
Example 3 with BadCredentialsException
use of org.springframework.security.authentication.BadCredentialsException in project Activiti by Activiti.
the class BasicAuthenticationProvider method authenticate.
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String name = authentication.getName();
String password = authentication.getCredentials().toString();
boolean authenticated = identityService.checkPassword(name, password);
if (authenticated) {
List<Group> groups = identityService.createGroupQuery().groupMember(name).list();
Collection<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
for (Group group : groups) {
grantedAuthorities.add(new SimpleGrantedAuthority(group.getId()));
}
identityService.setAuthenticatedUserId(name);
return new UsernamePasswordAuthenticationToken(name, password, grantedAuthorities);
} else {
throw new BadCredentialsException("Authentication failed for this username and password");
}
}
Also used :
Group(org.activiti.engine.identity.Group)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
ArrayList(java.util.ArrayList)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
Example 4 with BadCredentialsException
use of org.springframework.security.authentication.BadCredentialsException in project ORCID-Source by ORCID.
the class OrcidMultiSecretAuthenticationProvider method additionalAuthenticationChecks.
@SuppressWarnings("deprecation")
@Override
protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
if (authentication.getCredentials() == null) {
logger.debug("Authentication failed: no credentials provided");
throw new BadCredentialsException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
}
String presentedPassword = authentication.getCredentials().toString();
ClientDetailsEntity clientDetailsEntity = clientDetailsManager.findByClientId(userDetails.getUsername());
for (ClientSecretEntity clientSecretEntity : clientDetailsEntity.getClientSecrets()) {
if (getPasswordEncoder().isPasswordValid(encryptionManager.decryptForInternalUse(clientSecretEntity.getClientSecret()), presentedPassword, null)) {
return;
}
}
logger.debug("Authentication failed: password does not match any value");
throw new BadCredentialsException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
}
Also used :
ClientDetailsEntity(org.orcid.persistence.jpa.entities.ClientDetailsEntity)
ClientSecretEntity(org.orcid.persistence.jpa.entities.ClientSecretEntity)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
Example 5 with BadCredentialsException
use of org.springframework.security.authentication.BadCredentialsException in project ORCID-Source by ORCID.
the class OrcidOauth2TokenEndPointFilter method attemptAuthentication.
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
if (request.getMethod().equals(RequestMethod.GET.name())) {
InvalidRequestException ire = new InvalidRequestException(localeManager.resolveMessage("apiError.token_request_callmethod.exception"));
throw new MethodNotAllowedException(localeManager.resolveMessage("apiError.token_request_callmethod.exception"), ire);
}
String clientId = request.getParameter("client_id");
String clientSecret = request.getParameter("client_secret");
// If the request is already authenticated we can assume that this
// filter is not needed
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null && authentication.isAuthenticated()) {
return authentication;
}
if (clientId == null) {
throw new BadCredentialsException(localeManager.resolveMessage("apiError.client_credentials.exception"));
}
if (clientSecret == null) {
clientSecret = "";
}
clientId = clientId.trim();
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(clientId, clientSecret);
authentication = this.getAuthenticationManager().authenticate(authRequest);
if (authentication != null) {
for (GrantedAuthority auth : authentication.getAuthorities()) {
if (PUBLIC_ROLE.equals(auth.getAuthority())) {
InvalidRequestException ire = new InvalidRequestException(localeManager.resolveMessage("apiError.memberapi_access.exception"));
throw new MethodNotAllowedException(localeManager.resolveMessage("apiError.memberapi_access.exception"), ire);
}
}
}
return authentication;
}
Also used :
MethodNotAllowedException(org.orcid.core.security.MethodNotAllowedException)
Authentication(org.springframework.security.core.Authentication)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
InvalidRequestException(org.springframework.security.oauth2.common.exceptions.InvalidRequestException)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
Aggregations
BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)180
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)65
Authentication (org.springframework.security.core.Authentication)59
Test (org.junit.jupiter.api.Test)32
Test (org.junit.Test)26
AuthenticationException (org.springframework.security.core.AuthenticationException)23
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)22
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)21
UserDetails (org.springframework.security.core.userdetails.UserDetails)21
GrantedAuthority (org.springframework.security.core.GrantedAuthority)15
AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)14
HttpServletRequest (javax.servlet.http.HttpServletRequest)13
UsernameNotFoundException (org.springframework.security.core.userdetails.UsernameNotFoundException)13
AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)12
SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)11
FilterChain (jakarta.servlet.FilterChain)10
IOException (java.io.IOException)10
ArrayList (java.util.ArrayList)10
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)9
DirContextOperations (org.springframework.ldap.core.DirContextOperations)7
