Example 1 with BadCredentialsException
use of org.craftercms.security.exception.BadCredentialsException in project profile by craftercms.
the class LoginProcessor method saveException.
protected void saveException(HttpServletRequest request, AuthenticationException e) {
logger.debug("Saving authentication exception in session for later use");
HttpSession session = request.getSession(true);
if (e instanceof BadCredentialsException) {
session.setAttribute(SecurityUtils.BAD_CREDENTIALS_EXCEPTION_SESSION_ATTRIBUTE, e);
} else {
session.setAttribute(SecurityUtils.AUTHENTICATION_EXCEPTION_SESSION_ATTRIBUTE, e);
}
}
Also used :
HttpSession(javax.servlet.http.HttpSession)
BadCredentialsException(org.craftercms.security.exception.BadCredentialsException)
Example 2 with BadCredentialsException
use of org.craftercms.security.exception.BadCredentialsException in project profile by craftercms.
the class AuthenticationManagerImpl method authenticateUser.
@Override
public Authentication authenticateUser(String tenant, String username, String password) {
try {
Ticket ticket = authenticationService.authenticate(tenant, username, password);
Profile profile = profileService.getProfile(ticket.getProfileId());
if (profile == null) {
throw new AuthenticationSystemException("No profile found for ID '" + ticket.getProfileId() + "'");
}
String ticketId = ticket.getId();
DefaultAuthentication auth = new DefaultAuthentication(ticketId, profile);
authenticationCache.putAuthentication(auth);
logger.debug("Authentication successful for user '{}' (ticket ID = '{}')", ticket.getProfileId(), ticketId);
return auth;
} catch (ProfileRestServiceException e) {
switch(e.getErrorCode()) {
case DISABLED_PROFILE:
throw new DisabledUserException("User is disabled", e);
case BAD_CREDENTIALS:
throw new BadCredentialsException("Invalid username and/or password", e);
default:
throw new AuthenticationSystemException("An unexpected error occurred while authenticating", e);
}
} catch (ProfileException e) {
throw new AuthenticationSystemException("An unexpected error occurred while authenticating", e);
}
}
Also used :
Ticket(org.craftercms.profile.api.Ticket)
ProfileRestServiceException(org.craftercms.profile.exceptions.ProfileRestServiceException)
AuthenticationSystemException(org.craftercms.security.exception.AuthenticationSystemException)
ProfileException(org.craftercms.profile.api.exceptions.ProfileException)
BadCredentialsException(org.craftercms.security.exception.BadCredentialsException)
Profile(org.craftercms.profile.api.Profile)
DisabledUserException(org.craftercms.security.exception.DisabledUserException)
Example 3 with BadCredentialsException
use of org.craftercms.security.exception.BadCredentialsException in project profile by craftercms.
the class RestLoginFailureHandlerTest method testHandle.
@Test
public void testHandle() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/login.json");
MockHttpServletResponse response = new MockHttpServletResponse();
RequestContext context = new RequestContext(request, response, null);
handler.handle(context, new BadCredentialsException(ERROR_MESSAGE));
assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getStatus());
assertEquals(EXPECTED_RESPONSE_CONTENT, response.getContentAsString());
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
RequestContext(org.craftercms.commons.http.RequestContext)
BadCredentialsException(org.craftercms.security.exception.BadCredentialsException)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.Test)
Example 4 with BadCredentialsException
use of org.craftercms.security.exception.BadCredentialsException in project profile by craftercms.
the class LoginProcessorTest method testLoginSuccess.
@Test
public void testLoginSuccess() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest(LoginProcessor.DEFAULT_LOGIN_METHOD, LoginProcessor.DEFAULT_LOGIN_URL);
MockHttpServletResponse response = new MockHttpServletResponse();
HttpSession session = request.getSession(true);
RequestContext context = new RequestContext(request, response, null);
RequestSecurityProcessorChain chain = mock(RequestSecurityProcessorChain.class);
request.setParameter(LoginProcessor.DEFAULT_USERNAME_PARAM, USERNAME);
request.setParameter(LoginProcessor.DEFAULT_PASSWORD_PARAM, VALID_PASSWORD);
session.setAttribute(SecurityUtils.BAD_CREDENTIALS_EXCEPTION_SESSION_ATTRIBUTE, new BadCredentialsException());
session.setAttribute(SecurityUtils.AUTHENTICATION_EXCEPTION_SESSION_ATTRIBUTE, new AuthenticationSystemException());
processor.processRequest(context, chain);
verify(chain, never()).processRequest(context);
/**
* Removed Session are invalidated after login is ok.
* assertNull(session.getAttribute(SecurityUtils.BAD_CREDENTIALS_EXCEPTION_SESSION_ATTRIBUTE));
* assertNull(session.getAttribute(SecurityUtils.AUTHENTICATION_EXCEPTION_SESSION_ATTRIBUTE));
*/
Authentication auth = SecurityUtils.getAuthentication(request);
assertNotNull(auth);
assertEquals(TICKET, auth.getTicket());
assertNotNull(auth.getProfile());
assertEquals(USERNAME, auth.getProfile().getUsername());
verify(authenticationManager).authenticateUser(TENANTS, USERNAME, VALID_PASSWORD);
verify(rememberMeManager).disableRememberMe(context);
verify(loginSuccessHandler).handle(context, auth);
request.setParameter(LoginProcessor.DEFAULT_REMEMBER_ME_PARAM, "true");
processor.processRequest(context, chain);
auth = SecurityUtils.getAuthentication(request);
assertNotNull(auth);
verify(rememberMeManager).enableRememberMe(auth, context);
}
Also used :
RequestSecurityProcessorChain(org.craftercms.security.processors.RequestSecurityProcessorChain)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
HttpSession(javax.servlet.http.HttpSession)
Authentication(org.craftercms.security.authentication.Authentication)
DefaultAuthentication(org.craftercms.security.authentication.impl.DefaultAuthentication)
AuthenticationSystemException(org.craftercms.security.exception.AuthenticationSystemException)
RequestContext(org.craftercms.commons.http.RequestContext)
BadCredentialsException(org.craftercms.security.exception.BadCredentialsException)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.Test)
Aggregations
BadCredentialsException (org.craftercms.security.exception.BadCredentialsException)4
HttpSession (javax.servlet.http.HttpSession)2
RequestContext (org.craftercms.commons.http.RequestContext)2
AuthenticationSystemException (org.craftercms.security.exception.AuthenticationSystemException)2
Test (org.junit.Test)2
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2
Profile (org.craftercms.profile.api.Profile)1
Ticket (org.craftercms.profile.api.Ticket)1
ProfileException (org.craftercms.profile.api.exceptions.ProfileException)1
ProfileRestServiceException (org.craftercms.profile.exceptions.ProfileRestServiceException)1
Authentication (org.craftercms.security.authentication.Authentication)1
DefaultAuthentication (org.craftercms.security.authentication.impl.DefaultAuthentication)1
DisabledUserException (org.craftercms.security.exception.DisabledUserException)1
RequestSecurityProcessorChain (org.craftercms.security.processors.RequestSecurityProcessorChain)1
