use of org.craftercms.security.exception.BadCredentialsException in project profile by craftercms.
the class LoginProcessor method saveException.
protected void saveException(HttpServletRequest request, AuthenticationException e) {
logger.debug("Saving authentication exception in session for later use");
HttpSession session = request.getSession(true);
if (e instanceof BadCredentialsException) {
session.setAttribute(SecurityUtils.BAD_CREDENTIALS_EXCEPTION_SESSION_ATTRIBUTE, e);
} else {
session.setAttribute(SecurityUtils.AUTHENTICATION_EXCEPTION_SESSION_ATTRIBUTE, e);
}
}
use of org.craftercms.security.exception.BadCredentialsException in project profile by craftercms.
the class AuthenticationManagerImpl method authenticateUser.
@Override
public Authentication authenticateUser(String tenant, String username, String password) {
try {
Ticket ticket = authenticationService.authenticate(tenant, username, password);
Profile profile = profileService.getProfile(ticket.getProfileId());
if (profile == null) {
throw new AuthenticationSystemException("No profile found for ID '" + ticket.getProfileId() + "'");
}
String ticketId = ticket.getId();
DefaultAuthentication auth = new DefaultAuthentication(ticketId, profile);
authenticationCache.putAuthentication(auth);
logger.debug("Authentication successful for user '{}' (ticket ID = '{}')", ticket.getProfileId(), ticketId);
return auth;
} catch (ProfileRestServiceException e) {
switch(e.getErrorCode()) {
case DISABLED_PROFILE:
throw new DisabledUserException("User is disabled", e);
case BAD_CREDENTIALS:
throw new BadCredentialsException("Invalid username and/or password", e);
default:
throw new AuthenticationSystemException("An unexpected error occurred while authenticating", e);
}
} catch (ProfileException e) {
throw new AuthenticationSystemException("An unexpected error occurred while authenticating", e);
}
}
use of org.craftercms.security.exception.BadCredentialsException in project profile by craftercms.
the class RestLoginFailureHandlerTest method testHandle.
@Test
public void testHandle() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/login.json");
MockHttpServletResponse response = new MockHttpServletResponse();
RequestContext context = new RequestContext(request, response, null);
handler.handle(context, new BadCredentialsException(ERROR_MESSAGE));
assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getStatus());
assertEquals(EXPECTED_RESPONSE_CONTENT, response.getContentAsString());
}
use of org.craftercms.security.exception.BadCredentialsException in project profile by craftercms.
the class LoginProcessorTest method testLoginSuccess.
@Test
public void testLoginSuccess() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest(LoginProcessor.DEFAULT_LOGIN_METHOD, LoginProcessor.DEFAULT_LOGIN_URL);
MockHttpServletResponse response = new MockHttpServletResponse();
HttpSession session = request.getSession(true);
RequestContext context = new RequestContext(request, response, null);
RequestSecurityProcessorChain chain = mock(RequestSecurityProcessorChain.class);
request.setParameter(LoginProcessor.DEFAULT_USERNAME_PARAM, USERNAME);
request.setParameter(LoginProcessor.DEFAULT_PASSWORD_PARAM, VALID_PASSWORD);
session.setAttribute(SecurityUtils.BAD_CREDENTIALS_EXCEPTION_SESSION_ATTRIBUTE, new BadCredentialsException());
session.setAttribute(SecurityUtils.AUTHENTICATION_EXCEPTION_SESSION_ATTRIBUTE, new AuthenticationSystemException());
processor.processRequest(context, chain);
verify(chain, never()).processRequest(context);
/**
* Removed Session are invalidated after login is ok.
* assertNull(session.getAttribute(SecurityUtils.BAD_CREDENTIALS_EXCEPTION_SESSION_ATTRIBUTE));
* assertNull(session.getAttribute(SecurityUtils.AUTHENTICATION_EXCEPTION_SESSION_ATTRIBUTE));
*/
Authentication auth = SecurityUtils.getAuthentication(request);
assertNotNull(auth);
assertEquals(TICKET, auth.getTicket());
assertNotNull(auth.getProfile());
assertEquals(USERNAME, auth.getProfile().getUsername());
verify(authenticationManager).authenticateUser(TENANTS, USERNAME, VALID_PASSWORD);
verify(rememberMeManager).disableRememberMe(context);
verify(loginSuccessHandler).handle(context, auth);
request.setParameter(LoginProcessor.DEFAULT_REMEMBER_ME_PARAM, "true");
processor.processRequest(context, chain);
auth = SecurityUtils.getAuthentication(request);
assertNotNull(auth);
verify(rememberMeManager).enableRememberMe(auth, context);
}
Aggregations