Example 86 with UsernamePasswordAuthenticationToken
use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security by spring-projects.
the class PasswordComparisonAuthenticatorTests method testLdapCompareWithDifferentPasswordAttributeSucceeds.
@Test
public void testLdapCompareWithDifferentPasswordAttributeSucceeds() {
authenticator.setUserAttributes(new String[] { "uid" });
authenticator.setPasswordAttributeName("cn");
authenticator.authenticate(new UsernamePasswordAuthenticationToken("ben", "Ben Alex"));
}
Also used :
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
Example 87 with UsernamePasswordAuthenticationToken
use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security-oauth by spring-projects.
the class TokenEndpointAuthenticationFilter method extractCredentials.
/**
* If the incoming request contains user credentials in headers or parameters then extract them here into an
* Authentication token that can be validated later. This implementation only recognises password grant requests and
* extracts the username and password.
*
* @param request the incoming request, possibly with user credentials
* @return an authentication for validation (or null if there is no further authentication)
*/
protected Authentication extractCredentials(HttpServletRequest request) {
String grantType = request.getParameter("grant_type");
if (grantType != null && grantType.equals("password")) {
UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(request.getParameter("username"), request.getParameter("password"));
result.setDetails(authenticationDetailsSource.buildDetails(request));
return result;
}
return null;
}
Also used :
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
Example 88 with UsernamePasswordAuthenticationToken
use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security-oauth by spring-projects.
the class ResourceOwnerPasswordTokenGranter method getOAuth2Authentication.
@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
Map<String, String> parameters = new LinkedHashMap<String, String>(tokenRequest.getRequestParameters());
String username = parameters.get("username");
String password = parameters.get("password");
// Protect from downstream leaks of password
parameters.remove("password");
Authentication userAuth = new UsernamePasswordAuthenticationToken(username, password);
((AbstractAuthenticationToken) userAuth).setDetails(parameters);
try {
userAuth = authenticationManager.authenticate(userAuth);
} catch (AccountStatusException ase) {
//covers expired, locked, disabled cases (mentioned in section 5.2, draft 31)
throw new InvalidGrantException(ase.getMessage());
} catch (BadCredentialsException e) {
// If the username/password are wrong the spec says we should send 400/invalid grant
throw new InvalidGrantException(e.getMessage());
}
if (userAuth == null || !userAuth.isAuthenticated()) {
throw new InvalidGrantException("Could not authenticate user: " + username);
}
OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest);
return new OAuth2Authentication(storedOAuth2Request, userAuth);
}
Also used :
AccountStatusException(org.springframework.security.authentication.AccountStatusException)
AbstractAuthenticationToken(org.springframework.security.authentication.AbstractAuthenticationToken)
OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
InvalidGrantException(org.springframework.security.oauth2.common.exceptions.InvalidGrantException)
LinkedHashMap(java.util.LinkedHashMap)
Example 89 with UsernamePasswordAuthenticationToken
use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project opennms by OpenNMS.
the class RadiusAuthenticationProviderTest method testRetrieveUserChap.
@Test
@Ignore("Need to have a RADIUS server running on localhost")
public void testRetrieveUserChap() throws IOException {
RadiusAuthenticationProvider provider = new RadiusAuthenticationProvider(m_radiusServer, m_sharedSecret);
RadiusAuthenticator authTypeClass = new CHAPAuthenticator();
provider.setAuthTypeClass(authTypeClass);
provider.setRolesAttribute("Unknown-VSAttribute(5813:1)");
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(m_principal, m_credentials);
provider.retrieveUser(m_username, token);
}
Also used :
CHAPAuthenticator(net.jradius.client.auth.CHAPAuthenticator)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
RadiusAuthenticator(net.jradius.client.auth.RadiusAuthenticator)
Ignore(org.junit.Ignore)
Test(org.junit.Test)
Example 90 with UsernamePasswordAuthenticationToken
use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project opennms by OpenNMS.
the class RadiusAuthenticationProviderTest method testRetrieveUserPap.
@Test
@Ignore("Need to have a RADIUS server running on localhost")
public void testRetrieveUserPap() throws IOException {
RadiusAuthenticationProvider provider = new RadiusAuthenticationProvider(m_radiusServer, m_sharedSecret);
RadiusAuthenticator authTypeClass = new PAPAuthenticator();
provider.setAuthTypeClass(authTypeClass);
provider.setRolesAttribute("Unknown-VSAttribute(5813:1)");
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(m_principal, m_credentials);
provider.retrieveUser(m_username, token);
}
Also used :
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
PAPAuthenticator(net.jradius.client.auth.PAPAuthenticator)
RadiusAuthenticator(net.jradius.client.auth.RadiusAuthenticator)
Ignore(org.junit.Ignore)
Test(org.junit.Test)
Aggregations
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)309
Test (org.junit.Test)156
Authentication (org.springframework.security.core.Authentication)114
GrantedAuthority (org.springframework.security.core.GrantedAuthority)37
BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)34
UserDetails (org.springframework.security.core.userdetails.UserDetails)33
SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)29
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)27
SecurityContext (org.springframework.security.core.context.SecurityContext)21
AuthenticationException (org.springframework.security.core.AuthenticationException)20
User (org.springframework.security.core.userdetails.User)17
OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)15
ArrayList (java.util.ArrayList)14
OrcidProfileUserDetails (org.orcid.core.oauth.OrcidProfileUserDetails)13
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)13
AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)13
UsernameNotFoundException (org.springframework.security.core.userdetails.UsernameNotFoundException)12
SecurityContextImpl (org.springframework.security.core.context.SecurityContextImpl)11
Before (org.junit.Before)8
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)8
