Example 1 with AuthenticationException
use of org.springframework.security.AuthenticationException in project gocd by gocd.
the class OauthAuthenticationFilter method doFilterHttp.
protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
//Token token="ACCESS_TOKEN"
String header = request.getHeader(AUTHORIZATION);
if (header != null) {
if (logger.isDebugEnabled()) {
logger.debug("Oauth authorization header: " + header);
}
Matcher matcher = OAUTH_TOKEN_PATTERN.matcher(header);
if (matcher.matches()) {
String token = matcher.group(1);
OauthAuthenticationToken authenticationToken = new OauthAuthenticationToken(token);
try {
Authentication authResult = authenticationManager.authenticate(authenticationToken);
SecurityContextHolder.getContext().setAuthentication(authResult);
} catch (AuthenticationException e) {
if (logger.isDebugEnabled()) {
logger.debug("Oauth authentication request for token: " + token, e);
}
SecurityContextHolder.getContext().setAuthentication(null);
}
}
}
chain.doFilter(request, response);
}
Also used :
Matcher(java.util.regex.Matcher)
AuthenticationException(org.springframework.security.AuthenticationException)
Authentication(org.springframework.security.Authentication)
Example 2 with AuthenticationException
use of org.springframework.security.AuthenticationException in project gocd by gocd.
the class GoExceptionTranslationFilterTest method setUp.
@Before
public void setUp() {
request = new MockHttpServletRequest();
response = new MockHttpServletResponse();
filterChain = mock(FilterChain.class);
authenticationException = mock(AuthenticationException.class);
basicAuth = mock(BasicProcessingFilterEntryPoint.class);
cruiseLoginFormAuth = mock(AuthenticationEntryPoint.class);
securityService = mock(SecurityService.class);
filter = new GoExceptionTranslationFilter();
filter.setUrlPatternsThatShouldNotBeRedirectedToAfterLogin("(\\.json)|(/images/)");
filter.setAuthenticationEntryPoint(cruiseLoginFormAuth);
filter.setBasicAuthenticationEntryPoint(basicAuth);
filter.setSecurityService(securityService);
}
Also used :
AuthenticationException(org.springframework.security.AuthenticationException)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
SecurityService(com.thoughtworks.go.server.service.SecurityService)
FilterChain(javax.servlet.FilterChain)
AuthenticationEntryPoint(org.springframework.security.ui.AuthenticationEntryPoint)
BasicProcessingFilterEntryPoint(org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Before(org.junit.Before)
Example 3 with AuthenticationException
use of org.springframework.security.AuthenticationException in project gocd by gocd.
the class BasicAuthenticationFilterTest method shouldConvey_itsBasicProcessingFilter.
@Test
public void shouldConvey_itsBasicProcessingFilter() throws IOException, ServletException {
BasicAuthenticationFilter filter = new BasicAuthenticationFilter(localizer);
final Boolean[] hadBasicMarkOnInsideAuthenticationManager = new Boolean[] { false };
filter.setAuthenticationManager(new AuthenticationManager() {
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
hadBasicMarkOnInsideAuthenticationManager[0] = BasicAuthenticationFilter.isProcessingBasicAuth();
return new UsernamePasswordAuthenticationToken("school-principal", "u can be principal if you know this!");
}
});
assertThat(BasicAuthenticationFilter.isProcessingBasicAuth(), is(false));
MockHttpServletRequest httpRequest = new MockHttpServletRequest();
httpRequest.addHeader("Authorization", "Basic " + java.util.Base64.getEncoder().encodeToString("loser:boozer".getBytes()));
filter.doFilterHttp(httpRequest, new MockHttpServletResponse(), new FilterChain() {
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
}
});
assertThat(BasicAuthenticationFilter.isProcessingBasicAuth(), is(false));
assertThat(hadBasicMarkOnInsideAuthenticationManager[0], is(true));
}
Also used :
ServletRequest(javax.servlet.ServletRequest)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
ServletResponse(javax.servlet.ServletResponse)
AuthenticationException(org.springframework.security.AuthenticationException)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
FilterChain(javax.servlet.FilterChain)
UsernamePasswordAuthenticationToken(org.springframework.security.providers.UsernamePasswordAuthenticationToken)
IOException(java.io.IOException)
AuthenticationManager(org.springframework.security.AuthenticationManager)
ServletException(javax.servlet.ServletException)
Authentication(org.springframework.security.Authentication)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.Test)
Example 4 with AuthenticationException
use of org.springframework.security.AuthenticationException in project gocd by gocd.
the class AuthenticationProcessingFilter method onUnsuccessfulAuthentication.
@Override
protected void onUnsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException {
super.onUnsuccessfulAuthentication(request, response, failed);
if (failed.getClass() == AuthenticationServiceException.class) {
request.getSession().setAttribute(SPRING_SECURITY_LAST_EXCEPTION_KEY, new Exception(localizer.localize("AUTHENTICATION_SERVICE_EXCEPTION")));
LOGGER.error(failed.getMessage());
LOGGER.trace(failed.getMessage(), failed);
}
}
Also used :
AuthenticationServiceException(org.springframework.security.AuthenticationServiceException)
IOException(java.io.IOException)
AuthenticationException(org.springframework.security.AuthenticationException)
Example 5 with AuthenticationException
use of org.springframework.security.AuthenticationException in project gocd by gocd.
the class OauthAuthenticationProviderTest method shouldRaiseAuthenticationExceptionWhenNoMatchForTokenExists.
@Test
public void shouldRaiseAuthenticationExceptionWhenNoMatchForTokenExists() {
when(dataSource.findOauthTokenByAccessToken("token-string")).thenReturn(null);
try {
provider.authenticate(new OauthAuthenticationToken("token-string"));
fail("should have thrown an AuthenticationException");
} catch (AuthenticationException e) {
assertThat(e.getMessage(), is("No match for OAuth token: token-string"));
}
}
Also used :
AuthenticationException(org.springframework.security.AuthenticationException)
OauthAuthenticationToken(com.thoughtworks.go.server.security.OauthAuthenticationToken)
Test(org.junit.Test)
Aggregations
AuthenticationException (org.springframework.security.AuthenticationException)5
IOException (java.io.IOException)2
FilterChain (javax.servlet.FilterChain)2
Test (org.junit.Test)2
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2
Authentication (org.springframework.security.Authentication)2
OauthAuthenticationToken (com.thoughtworks.go.server.security.OauthAuthenticationToken)1
SecurityService (com.thoughtworks.go.server.service.SecurityService)1
Matcher (java.util.regex.Matcher)1
ServletException (javax.servlet.ServletException)1
ServletRequest (javax.servlet.ServletRequest)1
ServletResponse (javax.servlet.ServletResponse)1
Before (org.junit.Before)1
AuthenticationManager (org.springframework.security.AuthenticationManager)1
AuthenticationServiceException (org.springframework.security.AuthenticationServiceException)1
UsernamePasswordAuthenticationToken (org.springframework.security.providers.UsernamePasswordAuthenticationToken)1
AuthenticationEntryPoint (org.springframework.security.ui.AuthenticationEntryPoint)1
BasicProcessingFilterEntryPoint (org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint)1
