Search in sources :

Example 1 with BadCredentialsException

use of org.craftercms.security.exception.BadCredentialsException in project profile by craftercms.

the class LoginProcessor method saveException.

protected void saveException(HttpServletRequest request, AuthenticationException e) {
    logger.debug("Saving authentication exception in session for later use");
    HttpSession session = request.getSession(true);
    if (e instanceof BadCredentialsException) {
        session.setAttribute(SecurityUtils.BAD_CREDENTIALS_EXCEPTION_SESSION_ATTRIBUTE, e);
    } else {
        session.setAttribute(SecurityUtils.AUTHENTICATION_EXCEPTION_SESSION_ATTRIBUTE, e);
    }
}
Also used : HttpSession(javax.servlet.http.HttpSession) BadCredentialsException(org.craftercms.security.exception.BadCredentialsException)

Example 2 with BadCredentialsException

use of org.craftercms.security.exception.BadCredentialsException in project profile by craftercms.

the class AuthenticationManagerImpl method authenticateUser.

@Override
public Authentication authenticateUser(String tenant, String username, String password) {
    try {
        Ticket ticket = authenticationService.authenticate(tenant, username, password);
        Profile profile = profileService.getProfile(ticket.getProfileId());
        if (profile == null) {
            throw new AuthenticationSystemException("No profile found for ID '" + ticket.getProfileId() + "'");
        }
        String ticketId = ticket.getId();
        DefaultAuthentication auth = new DefaultAuthentication(ticketId, profile);
        authenticationCache.putAuthentication(auth);
        logger.debug("Authentication successful for user '{}' (ticket ID = '{}')", ticket.getProfileId(), ticketId);
        return auth;
    } catch (ProfileRestServiceException e) {
        switch(e.getErrorCode()) {
            case DISABLED_PROFILE:
                throw new DisabledUserException("User is disabled", e);
            case BAD_CREDENTIALS:
                throw new BadCredentialsException("Invalid username and/or password", e);
            default:
                throw new AuthenticationSystemException("An unexpected error occurred while authenticating", e);
        }
    } catch (ProfileException e) {
        throw new AuthenticationSystemException("An unexpected error occurred while authenticating", e);
    }
}
Also used : Ticket(org.craftercms.profile.api.Ticket) ProfileRestServiceException(org.craftercms.profile.exceptions.ProfileRestServiceException) AuthenticationSystemException(org.craftercms.security.exception.AuthenticationSystemException) ProfileException(org.craftercms.profile.api.exceptions.ProfileException) BadCredentialsException(org.craftercms.security.exception.BadCredentialsException) Profile(org.craftercms.profile.api.Profile) DisabledUserException(org.craftercms.security.exception.DisabledUserException)

Example 3 with BadCredentialsException

use of org.craftercms.security.exception.BadCredentialsException in project profile by craftercms.

the class RestLoginFailureHandlerTest method testHandle.

@Test
public void testHandle() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest("GET", "/login.json");
    MockHttpServletResponse response = new MockHttpServletResponse();
    RequestContext context = new RequestContext(request, response, null);
    handler.handle(context, new BadCredentialsException(ERROR_MESSAGE));
    assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getStatus());
    assertEquals(EXPECTED_RESPONSE_CONTENT, response.getContentAsString());
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) RequestContext(org.craftercms.commons.http.RequestContext) BadCredentialsException(org.craftercms.security.exception.BadCredentialsException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 4 with BadCredentialsException

use of org.craftercms.security.exception.BadCredentialsException in project profile by craftercms.

the class LoginProcessorTest method testLoginSuccess.

@Test
public void testLoginSuccess() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest(LoginProcessor.DEFAULT_LOGIN_METHOD, LoginProcessor.DEFAULT_LOGIN_URL);
    MockHttpServletResponse response = new MockHttpServletResponse();
    HttpSession session = request.getSession(true);
    RequestContext context = new RequestContext(request, response, null);
    RequestSecurityProcessorChain chain = mock(RequestSecurityProcessorChain.class);
    request.setParameter(LoginProcessor.DEFAULT_USERNAME_PARAM, USERNAME);
    request.setParameter(LoginProcessor.DEFAULT_PASSWORD_PARAM, VALID_PASSWORD);
    session.setAttribute(SecurityUtils.BAD_CREDENTIALS_EXCEPTION_SESSION_ATTRIBUTE, new BadCredentialsException());
    session.setAttribute(SecurityUtils.AUTHENTICATION_EXCEPTION_SESSION_ATTRIBUTE, new AuthenticationSystemException());
    processor.processRequest(context, chain);
    verify(chain, never()).processRequest(context);
    /**
     * Removed Session are invalidated after login is ok.
     *         assertNull(session.getAttribute(SecurityUtils.BAD_CREDENTIALS_EXCEPTION_SESSION_ATTRIBUTE));
     *         assertNull(session.getAttribute(SecurityUtils.AUTHENTICATION_EXCEPTION_SESSION_ATTRIBUTE));
     */
    Authentication auth = SecurityUtils.getAuthentication(request);
    assertNotNull(auth);
    assertEquals(TICKET, auth.getTicket());
    assertNotNull(auth.getProfile());
    assertEquals(USERNAME, auth.getProfile().getUsername());
    verify(authenticationManager).authenticateUser(TENANTS, USERNAME, VALID_PASSWORD);
    verify(rememberMeManager).disableRememberMe(context);
    verify(loginSuccessHandler).handle(context, auth);
    request.setParameter(LoginProcessor.DEFAULT_REMEMBER_ME_PARAM, "true");
    processor.processRequest(context, chain);
    auth = SecurityUtils.getAuthentication(request);
    assertNotNull(auth);
    verify(rememberMeManager).enableRememberMe(auth, context);
}
Also used : RequestSecurityProcessorChain(org.craftercms.security.processors.RequestSecurityProcessorChain) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpSession(javax.servlet.http.HttpSession) Authentication(org.craftercms.security.authentication.Authentication) DefaultAuthentication(org.craftercms.security.authentication.impl.DefaultAuthentication) AuthenticationSystemException(org.craftercms.security.exception.AuthenticationSystemException) RequestContext(org.craftercms.commons.http.RequestContext) BadCredentialsException(org.craftercms.security.exception.BadCredentialsException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Aggregations

BadCredentialsException (org.craftercms.security.exception.BadCredentialsException)4 HttpSession (javax.servlet.http.HttpSession)2 RequestContext (org.craftercms.commons.http.RequestContext)2 AuthenticationSystemException (org.craftercms.security.exception.AuthenticationSystemException)2 Test (org.junit.Test)2 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2 Profile (org.craftercms.profile.api.Profile)1 Ticket (org.craftercms.profile.api.Ticket)1 ProfileException (org.craftercms.profile.api.exceptions.ProfileException)1 ProfileRestServiceException (org.craftercms.profile.exceptions.ProfileRestServiceException)1 Authentication (org.craftercms.security.authentication.Authentication)1 DefaultAuthentication (org.craftercms.security.authentication.impl.DefaultAuthentication)1 DisabledUserException (org.craftercms.security.exception.DisabledUserException)1 RequestSecurityProcessorChain (org.craftercms.security.processors.RequestSecurityProcessorChain)1