Example 6 with AuthenticationException
use of org.sonar.server.authentication.event.AuthenticationException in project sonarqube by SonarSource.
the class LogoutActionTest method generate_auth_event_on_failure.
@Test
public void generate_auth_event_on_failure() throws Exception {
setUser(USER);
AuthenticationException exception = AuthenticationException.newBuilder().setMessage("error!").setSource(sso()).build();
doThrow(exception).when(jwtHttpHandler).getToken(any(HttpServletRequest.class), any(HttpServletResponse.class));
executeRequest();
verify(authenticationEvent).logoutFailure(request, "error!");
verify(jwtHttpHandler).removeToken(any(HttpServletRequest.class), any(HttpServletResponse.class));
verifyZeroInteractions(chain);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
AuthenticationException(org.sonar.server.authentication.event.AuthenticationException)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Test(org.junit.Test)
Example 7 with AuthenticationException
use of org.sonar.server.authentication.event.AuthenticationException in project sonarqube by SonarSource.
the class UserSessionInitializerTest method return_code_401_when_invalid_token_exception.
@Test
public void return_code_401_when_invalid_token_exception() throws Exception {
when(ssoAuthenticator.authenticate(request, response)).thenReturn(Optional.empty());
AuthenticationException authenticationException = AuthenticationException.newBuilder().setSource(Source.jwt()).setMessage("Token id hasn't been found").build();
doThrow(authenticationException).when(jwtHttpHandler).validateToken(request, response);
assertThat(underTest.initUserSession(request, response)).isTrue();
verify(authenticationEvent).loginFailure(request, authenticationException);
verifyZeroInteractions(response, userSession);
}
Also used :
AuthenticationException(org.sonar.server.authentication.event.AuthenticationException)
Test(org.junit.Test)
Example 8 with AuthenticationException
use of org.sonar.server.authentication.event.AuthenticationException in project sonarqube by SonarSource.
the class RealmAuthenticator method doAuthenticate.
private UserDto doAuthenticate(String userLogin, String userPassword, HttpServletRequest request, AuthenticationEvent.Method method) {
try {
ExternalUsersProvider.Context externalUsersProviderContext = new ExternalUsersProvider.Context(userLogin, request);
UserDetails details = externalUsersProvider.doGetUserDetails(externalUsersProviderContext);
if (details == null) {
throw AuthenticationException.newBuilder().setSource(realmEventSource(method)).setLogin(userLogin).setMessage("No user details").build();
}
Authenticator.Context authenticatorContext = new Authenticator.Context(userLogin, userPassword, request);
boolean status = authenticator.doAuthenticate(authenticatorContext);
if (!status) {
throw AuthenticationException.newBuilder().setSource(realmEventSource(method)).setLogin(userLogin).setMessage("Realm returned authenticate=false").build();
}
UserDto userDto = synchronize(userLogin, details, request, method);
authenticationEvent.loginSuccess(request, userLogin, realmEventSource(method));
return userDto;
} catch (AuthenticationException e) {
throw e;
} catch (Exception e) {
// It seems that with Realm API it's expected to log the error and to not authenticate the user
LOG.error("Error during authentication", e);
throw AuthenticationException.newBuilder().setSource(realmEventSource(method)).setLogin(userLogin).setMessage(e.getMessage()).build();
}
}
Also used :
UserDetails(org.sonar.api.security.UserDetails)
AuthenticationException(org.sonar.server.authentication.event.AuthenticationException)
ExternalUsersProvider(org.sonar.api.security.ExternalUsersProvider)
UserDto(org.sonar.db.user.UserDto)
Authenticator(org.sonar.api.security.Authenticator)
AuthenticationException(org.sonar.server.authentication.event.AuthenticationException)
Example 9 with AuthenticationException
use of org.sonar.server.authentication.event.AuthenticationException in project sonarqube by SonarSource.
the class LoginAction method doFilter.
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
if (!request.getMethod().equals(POST.name())) {
response.setStatus(HTTP_BAD_REQUEST);
return;
}
String login = request.getParameter("login");
String password = request.getParameter("password");
try {
UserDto userDto = authenticate(request, login, password);
jwtHttpHandler.generateToken(userDto, request, response);
threadLocalUserSession.set(userSessionFactory.create(userDto));
} catch (AuthenticationException e) {
authenticationEvent.loginFailure(request, e);
response.setStatus(HTTP_UNAUTHORIZED);
} catch (UnauthorizedException e) {
response.setStatus(e.httpCode());
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
AuthenticationException(org.sonar.server.authentication.event.AuthenticationException)
UserDto(org.sonar.db.user.UserDto)
UnauthorizedException(org.sonar.server.exceptions.UnauthorizedException)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Aggregations
AuthenticationException (org.sonar.server.authentication.event.AuthenticationException)9
Test (org.junit.Test)7
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
UserDto (org.sonar.db.user.UserDto)2
Authenticator (org.sonar.api.security.Authenticator)1
ExternalUsersProvider (org.sonar.api.security.ExternalUsersProvider)1
UserDetails (org.sonar.api.security.UserDetails)1
BaseIdentityProvider (org.sonar.api.server.authentication.BaseIdentityProvider)1
IdentityProvider (org.sonar.api.server.authentication.IdentityProvider)1
OAuth2IdentityProvider (org.sonar.api.server.authentication.OAuth2IdentityProvider)1
UnauthorizedException (org.sonar.server.exceptions.UnauthorizedException)1
