Examples with AuthenticationException org.craftercms.security.exception.AuthenticationException used on opensource projects

Example 1 with AuthenticationException

use of org.craftercms.security.exception.AuthenticationException in project engine by craftercms.

the class ConfigAwareAuthenticationRequiredHandlerTest method testProcessRequest.

@Test
public void testProcessRequest() throws Exception {
    handler.handle(RequestContext.getCurrent(), new AuthenticationException());
    assertEquals(config.getString(LOGIN_FORM_URL_KEY), ((MockHttpServletResponse) RequestContext.getCurrent().getResponse()).getRedirectedUrl());
}

Example 2 with AuthenticationException

use of org.craftercms.security.exception.AuthenticationException in project profile by craftercms.

the class LoginProcessor method processRequest.

/**
 * Checks if the request URL matches the {@code loginUrl} and the HTTP method matches the {@code loginMethod}. If
 * it does, it proceeds to login the user using the username/password specified in the parameters.
 *
 * @param context        the context which holds the current request and response
 * @param processorChain the processor chain, used to call the next processor
 */
public void processRequest(RequestContext context, RequestSecurityProcessorChain processorChain) throws Exception {
    HttpServletRequest request = context.getRequest();
    if (isLoginRequest(request)) {
        logger.debug("Processing login request");
        String[] tenants = tenantsResolver.getTenants();
        if (ArrayUtils.isEmpty(tenants)) {
            throw new IllegalArgumentException("No tenants resolved for authentication");
        }
        String username = getUsername(request);
        String password = getPassword(request);
        if (username == null) {
            username = "";
        }
        if (password == null) {
            password = "";
        }
        try {
            logger.debug("Attempting authentication of user '{}' with tenants {}", username, tenants);
            Authentication auth = authenticationManager.authenticateUser(tenants, username, password);
            if (getRememberMe(request)) {
                rememberMeManager.enableRememberMe(auth, context);
            } else {
                rememberMeManager.disableRememberMe(context);
            }
            onLoginSuccess(context, auth);
        } catch (AuthenticationException e) {
            onLoginFailure(context, e);
        }
    } else {
        processorChain.processRequest(context);
    }
}

Example 3 with AuthenticationException

use of org.craftercms.security.exception.AuthenticationException in project profile by craftercms.

the class LoginFailureHandlerImplTest method testRedirectToTargetUrl.

@Test
public void testRedirectToTargetUrl() throws Exception {
    handler.setTargetUrl(TARGET_URL);
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    RequestContext context = new RequestContext(request, response, null);
    handler.handle(context, new AuthenticationException());
    assertEquals(TARGET_URL, response.getRedirectedUrl());
    assertEquals(HttpServletResponse.SC_MOVED_TEMPORARILY, response.getStatus());
    assertTrue(response.isCommitted());
}

Example 4 with AuthenticationException

use of org.craftercms.security.exception.AuthenticationException in project profile by craftercms.

the class RememberMeManagerImpl method autoLogin.

@Override
public Authentication autoLogin(RequestContext context) throws RememberMeException {
    PersistentLogin login = getPersistentLoginFromCookie(context.getRequest());
    if (login != null) {
        PersistentLogin actualLogin;
        try {
            actualLogin = authenticationService.getPersistentLogin(login.getId());
        } catch (ProfileException e) {
            throw new RememberMeException("Error retrieving persistent login '" + login.getProfileId() + "'");
        }
        if (actualLogin != null) {
            if (!login.getProfileId().equals(actualLogin.getProfileId())) {
                throw new InvalidCookieException("Profile ID mismatch");
            } else if (!login.getToken().equals(actualLogin.getToken())) {
                throw new CookieTheftException("Token mismatch. Implies a cookie theft");
            } else {
                String loginId = actualLogin.getId();
                String profileId = actualLogin.getProfileId();
                logger.debug("Remember me cookie match for {}. Starting auto-login", actualLogin);
                Authentication auth;
                try {
                    auth = authenticate(profileId);
                } catch (AuthenticationException e) {
                    // Delete remember me cookie so that we don't retry auto login in next request
                    disableRememberMe(loginId, context);
                    throw new RememberMeException("Unable to auto-login user '" + profileId + "'", e);
                }
                updateRememberMe(loginId, context);
                return auth;
            }
        } else {
            logger.debug("No persistent login found for ID '{}' (has possibly expired)", login.getId());
            deleteRememberMeCookie(context.getResponse());
            return null;
        }
    } else {
        return null;
    }
}

Example 5 with AuthenticationException

use of org.craftercms.security.exception.AuthenticationException in project engine by craftercms.

the class ConfigAwareLoginFailureHandlerTest method testProcessRequest.

@Test
public void testProcessRequest() throws Exception {
    handler.handle(RequestContext.getCurrent(), new AuthenticationException());
    assertEquals(config.getString(LOGIN_FAILURE_URL_KEY), ((MockHttpServletResponse) RequestContext.getCurrent().getResponse()).getRedirectedUrl());
}