Examples with AuthenticationException org.sonar.server.authentication.event.AuthenticationException used on opensource projects

Search in sources :

Example 1 with AuthenticationException

use of org.sonar.server.authentication.event.AuthenticationException in project sonarqube by SonarSource.

the class UserSessionInitializerTest method return_401_and_stop_on_ws.

@Test
public void return_401_and_stop_on_ws() throws Exception {
    when(request.getRequestURI()).thenReturn("/api/issues");
    when(ssoAuthenticator.authenticate(request, response)).thenReturn(Optional.empty());
    AuthenticationException authenticationException = AuthenticationException.newBuilder().setSource(Source.jwt()).setMessage("Token id hasn't been found").build();
    doThrow(authenticationException).when(jwtHttpHandler).validateToken(request, response);
    assertThat(underTest.initUserSession(request, response)).isFalse();
    verify(response).setStatus(401);
    verify(authenticationEvent).loginFailure(request, authenticationException);
    verifyZeroInteractions(userSession);
}
Also used : AuthenticationException(org.sonar.server.authentication.event.AuthenticationException) Test(org.junit.Test)

Example 2 with AuthenticationException

use of org.sonar.server.authentication.event.AuthenticationException in project sonarqube by SonarSource.

the class UserSessionInitializerTest method return_code_401_when_not_authenticated_and_with_force_authentication.

@Test
public void return_code_401_when_not_authenticated_and_with_force_authentication() throws Exception {
    ArgumentCaptor<AuthenticationException> exceptionArgumentCaptor = ArgumentCaptor.forClass(AuthenticationException.class);
    when(userSession.isLoggedIn()).thenReturn(false);
    when(basicAuthenticator.authenticate(request)).thenReturn(Optional.empty());
    when(ssoAuthenticator.authenticate(request, response)).thenReturn(Optional.empty());
    when(jwtHttpHandler.validateToken(request, response)).thenReturn(Optional.empty());
    settings.setProperty("sonar.forceAuthentication", true);
    assertThat(underTest.initUserSession(request, response)).isTrue();
    verifyZeroInteractions(response);
    verify(authenticationEvent).loginFailure(eq(request), exceptionArgumentCaptor.capture());
    verifyZeroInteractions(userSession);
    AuthenticationException authenticationException = exceptionArgumentCaptor.getValue();
    assertThat(authenticationException.getSource()).isEqualTo(Source.local(Method.BASIC));
    assertThat(authenticationException.getLogin()).isNull();
    assertThat(authenticationException.getMessage()).isEqualTo("User must be authenticated");
    assertThat(authenticationException.getPublicMessage()).isNull();
}
Also used : AuthenticationException(org.sonar.server.authentication.event.AuthenticationException) Test(org.junit.Test)

Example 3 with AuthenticationException

use of org.sonar.server.authentication.event.AuthenticationException in project sonarqube by SonarSource.

the class RealmAuthenticator method doAuthenticate.

private UserDto doAuthenticate(String userLogin, String userPassword, HttpServletRequest request, AuthenticationEvent.Method method) {
    try {
        ExternalUsersProvider.Context externalUsersProviderContext = new ExternalUsersProvider.Context(userLogin, request);
        UserDetails details = externalUsersProvider.doGetUserDetails(externalUsersProviderContext);
        if (details == null) {
            throw AuthenticationException.newBuilder().setSource(realmEventSource(method)).setLogin(userLogin).setMessage("No user details").build();
        }
        Authenticator.Context authenticatorContext = new Authenticator.Context(userLogin, userPassword, request);
        boolean status = authenticator.doAuthenticate(authenticatorContext);
        if (!status) {
            throw AuthenticationException.newBuilder().setSource(realmEventSource(method)).setLogin(userLogin).setMessage("Realm returned authenticate=false").build();
        }
        UserDto userDto = synchronize(userLogin, details, request, method);
        authenticationEvent.loginSuccess(request, userLogin, realmEventSource(method));
        return userDto;
    } catch (AuthenticationException e) {
        throw e;
    } catch (Exception e) {
        // It seems that with Realm API it's expected to log the error and to not authenticate the user
        LOG.error("Error during authentication", e);
        throw AuthenticationException.newBuilder().setSource(realmEventSource(method)).setLogin(userLogin).setMessage(e.getMessage()).build();
    }
}
Also used : UserDetails(org.sonar.api.security.UserDetails) AuthenticationException(org.sonar.server.authentication.event.AuthenticationException) ExternalUsersProvider(org.sonar.api.security.ExternalUsersProvider) UserDto(org.sonar.db.user.UserDto) Authenticator(org.sonar.api.security.Authenticator) AuthenticationException(org.sonar.server.authentication.event.AuthenticationException)

Example 4 with AuthenticationException

use of org.sonar.server.authentication.event.AuthenticationException in project sonarqube by SonarSource.

the class LoginAction method doFilter.

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest) servletRequest;
    HttpServletResponse response = (HttpServletResponse) servletResponse;
    if (!request.getMethod().equals(POST.name())) {
        response.setStatus(HTTP_BAD_REQUEST);
        return;
    }
    String login = request.getParameter("login");
    String password = request.getParameter("password");
    try {
        UserDto userDto = authenticate(request, login, password);
        jwtHttpHandler.generateToken(userDto, request, response);
        threadLocalUserSession.set(userSessionFactory.create(userDto));
    } catch (AuthenticationException e) {
        authenticationEvent.loginFailure(request, e);
        response.setStatus(HTTP_UNAUTHORIZED);
    } catch (UnauthorizedException e) {
        response.setStatus(e.httpCode());
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) AuthenticationException(org.sonar.server.authentication.event.AuthenticationException) UserDto(org.sonar.db.user.UserDto) UnauthorizedException(org.sonar.server.exceptions.UnauthorizedException) HttpServletResponse(javax.servlet.http.HttpServletResponse)

Example 5 with AuthenticationException

use of org.sonar.server.authentication.event.AuthenticationException in project sonarqube by SonarSource.

the class InitFilterTest method redirect_when_failing_because_of_UnauthorizedExceptionException.

@Test
public void redirect_when_failing_because_of_UnauthorizedExceptionException() throws Exception {
    IdentityProvider identityProvider = new FailWithUnauthorizedExceptionIdProvider("failing");
    when(request.getRequestURI()).thenReturn("/sessions/init/" + identityProvider.getKey());
    identityProviderRepository.addIdentityProvider(identityProvider);
    underTest.doFilter(request, response, chain);
    verify(response).sendRedirect("/sessions/unauthorized?message=Email+john%40email.com+is+already+used");
    verify(authenticationEvent).loginFailure(eq(request), authenticationExceptionCaptor.capture());
    AuthenticationException authenticationException = authenticationExceptionCaptor.getValue();
    assertThat(authenticationException).hasMessage("Email john@email.com is already used");
    assertThat(authenticationException.getSource()).isEqualTo(AuthenticationEvent.Source.external(identityProvider));
    assertThat(authenticationException.getLogin()).isNull();
    assertThat(authenticationException.getPublicMessage()).isEqualTo("Email john@email.com is already used");
}
Also used : AuthenticationException(org.sonar.server.authentication.event.AuthenticationException) OAuth2IdentityProvider(org.sonar.api.server.authentication.OAuth2IdentityProvider) IdentityProvider(org.sonar.api.server.authentication.IdentityProvider) BaseIdentityProvider(org.sonar.api.server.authentication.BaseIdentityProvider) Test(org.junit.Test)

Aggregations

AuthenticationException (org.sonar.server.authentication.event.AuthenticationException)9 Test (org.junit.Test)7 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 HttpServletResponse (javax.servlet.http.HttpServletResponse)2 UserDto (org.sonar.db.user.UserDto)2 Authenticator (org.sonar.api.security.Authenticator)1 ExternalUsersProvider (org.sonar.api.security.ExternalUsersProvider)1 UserDetails (org.sonar.api.security.UserDetails)1 BaseIdentityProvider (org.sonar.api.server.authentication.BaseIdentityProvider)1 IdentityProvider (org.sonar.api.server.authentication.IdentityProvider)1 OAuth2IdentityProvider (org.sonar.api.server.authentication.OAuth2IdentityProvider)1 UnauthorizedException (org.sonar.server.exceptions.UnauthorizedException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial