Example 1 with AuthenticationSystemException
use of org.craftercms.security.exception.AuthenticationSystemException in project profile by craftercms.
the class AuthenticationManagerImpl method authenticateUser.
@Override
public Authentication authenticateUser(String tenant, String username, String password) {
try {
Ticket ticket = authenticationService.authenticate(tenant, username, password);
Profile profile = profileService.getProfile(ticket.getProfileId());
if (profile == null) {
throw new AuthenticationSystemException("No profile found for ID '" + ticket.getProfileId() + "'");
}
String ticketId = ticket.getId();
DefaultAuthentication auth = new DefaultAuthentication(ticketId, profile);
authenticationCache.putAuthentication(auth);
logger.debug("Authentication successful for user '{}' (ticket ID = '{}')", ticket.getProfileId(), ticketId);
return auth;
} catch (ProfileRestServiceException e) {
switch(e.getErrorCode()) {
case DISABLED_PROFILE:
throw new DisabledUserException("User is disabled", e);
case BAD_CREDENTIALS:
throw new BadCredentialsException("Invalid username and/or password", e);
default:
throw new AuthenticationSystemException("An unexpected error occurred while authenticating", e);
}
} catch (ProfileException e) {
throw new AuthenticationSystemException("An unexpected error occurred while authenticating", e);
}
}
Also used :
Ticket(org.craftercms.profile.api.Ticket)
ProfileRestServiceException(org.craftercms.profile.exceptions.ProfileRestServiceException)
AuthenticationSystemException(org.craftercms.security.exception.AuthenticationSystemException)
ProfileException(org.craftercms.profile.api.exceptions.ProfileException)
BadCredentialsException(org.craftercms.security.exception.BadCredentialsException)
Profile(org.craftercms.profile.api.Profile)
DisabledUserException(org.craftercms.security.exception.DisabledUserException)
Example 2 with AuthenticationSystemException
use of org.craftercms.security.exception.AuthenticationSystemException in project profile by craftercms.
the class AuthenticationManagerImpl method invalidateAuthentication.
@Override
public void invalidateAuthentication(Authentication authentication) {
try {
authenticationCache.removeAuthentication(authentication.getTicket());
authenticationService.invalidateTicket(authentication.getTicket());
logger.debug("Ticket '{}' successfully invalidated");
} catch (ProfileException e) {
throw new AuthenticationSystemException("An unexpected error occurred while attempting to invalidate " + "ticket '" + authentication.getTicket() + "'", e);
}
}
Also used :
AuthenticationSystemException(org.craftercms.security.exception.AuthenticationSystemException)
ProfileException(org.craftercms.profile.api.exceptions.ProfileException)
Example 3 with AuthenticationSystemException
use of org.craftercms.security.exception.AuthenticationSystemException in project profile by craftercms.
the class AuthenticationManagerImpl method authenticateUser.
@Override
public Authentication authenticateUser(Profile profile, boolean remembered) throws AuthenticationException {
try {
Ticket ticket = authenticationService.createTicket(profile.getId().toString());
String ticketId = ticket.getId();
DefaultAuthentication auth = new DefaultAuthentication(ticketId, profile, remembered);
authenticationCache.putAuthentication(auth);
logger.debug("Authentication successful for user '{}' (ticket ID = '{}')", ticket.getProfileId(), ticketId);
return auth;
} catch (ProfileRestServiceException e) {
if (e.getErrorCode() == ErrorCode.DISABLED_PROFILE) {
throw new DisabledUserException("User is disabled", e);
} else {
throw new AuthenticationSystemException("An unexpected error occurred while authenticating", e);
}
} catch (ProfileException e) {
throw new AuthenticationSystemException("An unexpected error occurred while authenticating", e);
}
}
Also used :
Ticket(org.craftercms.profile.api.Ticket)
ProfileRestServiceException(org.craftercms.profile.exceptions.ProfileRestServiceException)
AuthenticationSystemException(org.craftercms.security.exception.AuthenticationSystemException)
ProfileException(org.craftercms.profile.api.exceptions.ProfileException)
DisabledUserException(org.craftercms.security.exception.DisabledUserException)
Example 4 with AuthenticationSystemException
use of org.craftercms.security.exception.AuthenticationSystemException in project profile by craftercms.
the class LoginProcessorTest method testLoginSuccess.
@Test
public void testLoginSuccess() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest(LoginProcessor.DEFAULT_LOGIN_METHOD, LoginProcessor.DEFAULT_LOGIN_URL);
MockHttpServletResponse response = new MockHttpServletResponse();
HttpSession session = request.getSession(true);
RequestContext context = new RequestContext(request, response, null);
RequestSecurityProcessorChain chain = mock(RequestSecurityProcessorChain.class);
request.setParameter(LoginProcessor.DEFAULT_USERNAME_PARAM, USERNAME);
request.setParameter(LoginProcessor.DEFAULT_PASSWORD_PARAM, VALID_PASSWORD);
session.setAttribute(SecurityUtils.BAD_CREDENTIALS_EXCEPTION_SESSION_ATTRIBUTE, new BadCredentialsException());
session.setAttribute(SecurityUtils.AUTHENTICATION_EXCEPTION_SESSION_ATTRIBUTE, new AuthenticationSystemException());
processor.processRequest(context, chain);
verify(chain, never()).processRequest(context);
/**
* Removed Session are invalidated after login is ok.
* assertNull(session.getAttribute(SecurityUtils.BAD_CREDENTIALS_EXCEPTION_SESSION_ATTRIBUTE));
* assertNull(session.getAttribute(SecurityUtils.AUTHENTICATION_EXCEPTION_SESSION_ATTRIBUTE));
*/
Authentication auth = SecurityUtils.getAuthentication(request);
assertNotNull(auth);
assertEquals(TICKET, auth.getTicket());
assertNotNull(auth.getProfile());
assertEquals(USERNAME, auth.getProfile().getUsername());
verify(authenticationManager).authenticateUser(TENANTS, USERNAME, VALID_PASSWORD);
verify(rememberMeManager).disableRememberMe(context);
verify(loginSuccessHandler).handle(context, auth);
request.setParameter(LoginProcessor.DEFAULT_REMEMBER_ME_PARAM, "true");
processor.processRequest(context, chain);
auth = SecurityUtils.getAuthentication(request);
assertNotNull(auth);
verify(rememberMeManager).enableRememberMe(auth, context);
}
Also used :
RequestSecurityProcessorChain(org.craftercms.security.processors.RequestSecurityProcessorChain)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
HttpSession(javax.servlet.http.HttpSession)
Authentication(org.craftercms.security.authentication.Authentication)
DefaultAuthentication(org.craftercms.security.authentication.impl.DefaultAuthentication)
AuthenticationSystemException(org.craftercms.security.exception.AuthenticationSystemException)
RequestContext(org.craftercms.commons.http.RequestContext)
BadCredentialsException(org.craftercms.security.exception.BadCredentialsException)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.Test)
Aggregations
AuthenticationSystemException (org.craftercms.security.exception.AuthenticationSystemException)4
ProfileException (org.craftercms.profile.api.exceptions.ProfileException)3
Ticket (org.craftercms.profile.api.Ticket)2
ProfileRestServiceException (org.craftercms.profile.exceptions.ProfileRestServiceException)2
BadCredentialsException (org.craftercms.security.exception.BadCredentialsException)2
DisabledUserException (org.craftercms.security.exception.DisabledUserException)2
HttpSession (javax.servlet.http.HttpSession)1
RequestContext (org.craftercms.commons.http.RequestContext)1
Profile (org.craftercms.profile.api.Profile)1
Authentication (org.craftercms.security.authentication.Authentication)1
DefaultAuthentication (org.craftercms.security.authentication.impl.DefaultAuthentication)1
RequestSecurityProcessorChain (org.craftercms.security.processors.RequestSecurityProcessorChain)1
Test (org.junit.Test)1
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)1
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)1
