Example 1 with MethodNotAllowedException
use of org.orcid.core.security.MethodNotAllowedException in project ORCID-Source by ORCID.
the class OrcidOauth2TokenEndPointFilter method attemptAuthentication.
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
if (request.getMethod().equals(RequestMethod.GET.name())) {
InvalidRequestException ire = new InvalidRequestException(localeManager.resolveMessage("apiError.token_request_callmethod.exception"));
throw new MethodNotAllowedException(localeManager.resolveMessage("apiError.token_request_callmethod.exception"), ire);
}
String clientId = request.getParameter("client_id");
String clientSecret = request.getParameter("client_secret");
// If the request is already authenticated we can assume that this
// filter is not needed
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null && authentication.isAuthenticated()) {
return authentication;
}
if (clientId == null) {
throw new BadCredentialsException(localeManager.resolveMessage("apiError.client_credentials.exception"));
}
if (clientSecret == null) {
clientSecret = "";
}
clientId = clientId.trim();
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(clientId, clientSecret);
authentication = this.getAuthenticationManager().authenticate(authRequest);
if (authentication != null) {
for (GrantedAuthority auth : authentication.getAuthorities()) {
if (PUBLIC_ROLE.equals(auth.getAuthority())) {
InvalidRequestException ire = new InvalidRequestException(localeManager.resolveMessage("apiError.memberapi_access.exception"));
throw new MethodNotAllowedException(localeManager.resolveMessage("apiError.memberapi_access.exception"), ire);
}
}
}
return authentication;
}
Also used :
MethodNotAllowedException(org.orcid.core.security.MethodNotAllowedException)
Authentication(org.springframework.security.core.Authentication)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
InvalidRequestException(org.springframework.security.oauth2.common.exceptions.InvalidRequestException)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
Example 2 with MethodNotAllowedException
use of org.orcid.core.security.MethodNotAllowedException in project ORCID-Source by ORCID.
the class OrcidWebOauth2TokenEndPointFilter method attemptAuthentication.
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
if (request.getMethod().equals(RequestMethod.GET.name())) {
InvalidRequestException ire = new InvalidRequestException(localeManager.resolveMessage("apiError.token_request_callmethod.exception"));
throw new MethodNotAllowedException(localeManager.resolveMessage("apiError.token_request_callmethod.exception"), ire);
}
String clientId = request.getParameter("client_id");
String clientSecret = request.getParameter("client_secret");
// If the request is already authenticated we can assume that this
// filter is not needed
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null && authentication.isAuthenticated()) {
return authentication;
}
if (clientId == null) {
throw new BadCredentialsException(localeManager.resolveMessage("apiError.client_credentials.exception"));
}
if (clientSecret == null) {
clientSecret = "";
}
clientId = clientId.trim();
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(clientId, clientSecret);
return this.getAuthenticationManager().authenticate(authRequest);
}
Also used :
MethodNotAllowedException(org.orcid.core.security.MethodNotAllowedException)
Authentication(org.springframework.security.core.Authentication)
InvalidRequestException(org.springframework.security.oauth2.common.exceptions.InvalidRequestException)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
Example 3 with MethodNotAllowedException
use of org.orcid.core.security.MethodNotAllowedException in project ORCID-Source by ORCID.
the class OrcidT1Oauth2TokenEndPointFilter method attemptAuthentication.
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
if (request.getMethod().equals(RequestMethod.GET.name())) {
InvalidRequestException ire = new InvalidRequestException(localeManager.resolveMessage("apiError.token_request_callmethod.exception"));
throw new MethodNotAllowedException(localeManager.resolveMessage("apiError.token_request_callmethod.exception"), ire);
}
String clientId = request.getParameter("client_id");
String clientSecret = request.getParameter("client_secret");
LOGGER.info("About to attempt authentication: clientId={}", clientId);
// If the request is already authenticated we can assume that this
// filter is not needed
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null && authentication.isAuthenticated()) {
LOGGER.info("Already got authentication in security context holder: principal={}, name={}", authentication.getPrincipal(), authentication.getName());
return authentication;
}
if (clientId == null) {
throw new BadCredentialsException(localeManager.resolveMessage("apiError.client_credentials.exception"));
}
if (clientSecret == null) {
clientSecret = "";
}
clientId = clientId.trim();
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(clientId, clientSecret);
Authentication authenticationResult = this.getAuthenticationManager().authenticate(authRequest);
if (authenticationResult != null) {
LOGGER.info("Got authentication result: principal={}, name={}", authenticationResult.getPrincipal(), authenticationResult.getName());
}
return authenticationResult;
}
Also used :
MethodNotAllowedException(org.orcid.core.security.MethodNotAllowedException)
Authentication(org.springframework.security.core.Authentication)
InvalidRequestException(org.springframework.security.oauth2.common.exceptions.InvalidRequestException)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
Aggregations
MethodNotAllowedException (org.orcid.core.security.MethodNotAllowedException)3
BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)3
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)3
Authentication (org.springframework.security.core.Authentication)3
InvalidRequestException (org.springframework.security.oauth2.common.exceptions.InvalidRequestException)3
GrantedAuthority (org.springframework.security.core.GrantedAuthority)1
