Search in sources :

Example 6 with AuthenticationCredentialsNotFoundException

use of org.springframework.security.authentication.AuthenticationCredentialsNotFoundException in project spring-security by spring-projects.

the class AbstractSecurityInterceptor method credentialsNotFound.

/**
	 * Helper method which generates an exception containing the passed reason, and
	 * publishes an event to the application context.
	 * <p>
	 * Always throws an exception.
	 *
	 * @param reason to be provided in the exception detail
	 * @param secureObject that was being called
	 * @param configAttribs that were defined for the secureObject
	 */
private void credentialsNotFound(String reason, Object secureObject, Collection<ConfigAttribute> configAttribs) {
    AuthenticationCredentialsNotFoundException exception = new AuthenticationCredentialsNotFoundException(reason);
    AuthenticationCredentialsNotFoundEvent event = new AuthenticationCredentialsNotFoundEvent(secureObject, configAttribs, exception);
    publishEvent(event);
    throw exception;
}
Also used : AuthenticationCredentialsNotFoundException(org.springframework.security.authentication.AuthenticationCredentialsNotFoundException) AuthenticationCredentialsNotFoundEvent(org.springframework.security.access.event.AuthenticationCredentialsNotFoundEvent)

Example 7 with AuthenticationCredentialsNotFoundException

use of org.springframework.security.authentication.AuthenticationCredentialsNotFoundException in project spring-security by spring-projects.

the class GlobalMethodSecurityBeanDefinitionParserTests method supportsBooleanPointcutExpressions.

@Test
public void supportsBooleanPointcutExpressions() {
    setContext("<b:bean id='target' class='org.springframework.security.access.annotation.BusinessServiceImpl'/>" + "<global-method-security>" + "   <protect-pointcut expression=" + "     'execution(* org.springframework.security.access.annotation.BusinessService.*(..)) " + "       and not execution(* org.springframework.security.access.annotation.BusinessService.someOther(String)))' " + "               access='ROLE_USER'/>" + "</global-method-security>" + AUTH_PROVIDER_XML);
    target = (BusinessService) appContext.getBean("target");
    // String method should not be protected
    target.someOther("somestring");
    // All others should require ROLE_USER
    try {
        target.someOther(0);
        fail("Expected AuthenticationCredentialsNotFoundException");
    } catch (AuthenticationCredentialsNotFoundException expected) {
    }
    SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("user", "password"));
    target.someOther(0);
}
Also used : AuthenticationCredentialsNotFoundException(org.springframework.security.authentication.AuthenticationCredentialsNotFoundException) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) Test(org.junit.Test)

Example 8 with AuthenticationCredentialsNotFoundException

use of org.springframework.security.authentication.AuthenticationCredentialsNotFoundException in project spring-security by spring-projects.

the class ProtectPointcutPerformanceTests method usingPrototypeDoesNotParsePointcutOnEachCall.

// Method for use with profiler
@Test
public void usingPrototypeDoesNotParsePointcutOnEachCall() {
    StopWatch sw = new StopWatch();
    sw.start();
    for (int i = 0; i < 1000; i++) {
        try {
            SessionRegistry reg = (SessionRegistry) ctx.getBean("sessionRegistryPrototype");
            reg.getAllPrincipals();
            fail("Expected AuthenticationCredentialsNotFoundException");
        } catch (AuthenticationCredentialsNotFoundException expected) {
        }
    }
    sw.stop();
// assertThat(sw.getTotalTimeMillis() < 1000).isTrue();
}
Also used : SessionRegistry(org.springframework.security.core.session.SessionRegistry) AuthenticationCredentialsNotFoundException(org.springframework.security.authentication.AuthenticationCredentialsNotFoundException) StopWatch(org.springframework.util.StopWatch) Test(org.junit.Test)

Example 9 with AuthenticationCredentialsNotFoundException

use of org.springframework.security.authentication.AuthenticationCredentialsNotFoundException in project spring-security by spring-projects.

the class SwitchUserFilter method createSwitchUserToken.

/**
	 * Create a switch user token that contains an additional <tt>GrantedAuthority</tt>
	 * that contains the original <code>Authentication</code> object.
	 *
	 * @param request The http servlet request.
	 * @param targetUser The target user
	 *
	 * @return The authentication token
	 *
	 * @see SwitchUserGrantedAuthority
	 */
private UsernamePasswordAuthenticationToken createSwitchUserToken(HttpServletRequest request, UserDetails targetUser) {
    UsernamePasswordAuthenticationToken targetUserRequest;
    // grant an additional authority that contains the original Authentication object
    // which will be used to 'exit' from the current switched user.
    Authentication currentAuth;
    try {
        // SEC-1763. Check first if we are already switched.
        currentAuth = attemptExitUser(request);
    } catch (AuthenticationCredentialsNotFoundException e) {
        currentAuth = SecurityContextHolder.getContext().getAuthentication();
    }
    GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(this.switchAuthorityRole, currentAuth);
    // get the original authorities
    Collection<? extends GrantedAuthority> orig = targetUser.getAuthorities();
    // Allow subclasses to change the authorities to be granted
    if (this.switchUserAuthorityChanger != null) {
        orig = this.switchUserAuthorityChanger.modifyGrantedAuthorities(targetUser, currentAuth, orig);
    }
    // add the new switch user authority
    List<GrantedAuthority> newAuths = new ArrayList<GrantedAuthority>(orig);
    newAuths.add(switchAuthority);
    // create the new authentication token
    targetUserRequest = new UsernamePasswordAuthenticationToken(targetUser, targetUser.getPassword(), newAuths);
    // set details
    targetUserRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
    return targetUserRequest;
}
Also used : AuthenticationCredentialsNotFoundException(org.springframework.security.authentication.AuthenticationCredentialsNotFoundException) Authentication(org.springframework.security.core.Authentication) GrantedAuthority(org.springframework.security.core.GrantedAuthority) ArrayList(java.util.ArrayList) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)

Example 10 with AuthenticationCredentialsNotFoundException

use of org.springframework.security.authentication.AuthenticationCredentialsNotFoundException in project spring-security by spring-projects.

the class Http403ForbiddenEntryPointTests method testCommence.

public void testCommence() {
    MockHttpServletRequest req = new MockHttpServletRequest();
    MockHttpServletResponse resp = new MockHttpServletResponse();
    Http403ForbiddenEntryPoint fep = new Http403ForbiddenEntryPoint();
    try {
        fep.commence(req, resp, new AuthenticationCredentialsNotFoundException("test"));
        assertThat(resp.getStatus()).withFailMessage("Incorrect status").isEqualTo(HttpServletResponse.SC_FORBIDDEN);
    } catch (IOException e) {
        fail("Unexpected exception thrown: " + e);
    } catch (ServletException e) {
        fail("Unexpected exception thrown: " + e);
    }
}
Also used : ServletException(javax.servlet.ServletException) AuthenticationCredentialsNotFoundException(org.springframework.security.authentication.AuthenticationCredentialsNotFoundException) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) IOException(java.io.IOException) Http403ForbiddenEntryPoint(org.springframework.security.web.authentication.Http403ForbiddenEntryPoint) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)

Aggregations

AuthenticationCredentialsNotFoundException (org.springframework.security.authentication.AuthenticationCredentialsNotFoundException)12 Test (org.junit.Test)6 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)3 ITargetObject (org.springframework.security.ITargetObject)2 AuthenticationCredentialsNotFoundEvent (org.springframework.security.access.event.AuthenticationCredentialsNotFoundEvent)2 CredentialsExpiredException (org.springframework.security.authentication.CredentialsExpiredException)2 Authentication (org.springframework.security.core.Authentication)2 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)1 ConnectionEnvironment (com.evolveum.midpoint.security.api.ConnectionEnvironment)1 MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)1 Task (com.evolveum.midpoint.task.api.Task)1 CommunicationException (com.evolveum.midpoint.util.exception.CommunicationException)1 ConfigurationException (com.evolveum.midpoint.util.exception.ConfigurationException)1 ExpressionEvaluationException (com.evolveum.midpoint.util.exception.ExpressionEvaluationException)1 ObjectNotFoundException (com.evolveum.midpoint.util.exception.ObjectNotFoundException)1 SchemaException (com.evolveum.midpoint.util.exception.SchemaException)1 SecurityViolationException (com.evolveum.midpoint.util.exception.SecurityViolationException)1 UserType (com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)1 IOException (java.io.IOException)1 ArrayList (java.util.ArrayList)1