use of org.springframework.security.authentication.AuthenticationCredentialsNotFoundException in project spring-security by spring-projects.
the class AbstractSecurityInterceptor method credentialsNotFound.
/**
* Helper method which generates an exception containing the passed reason, and
* publishes an event to the application context.
* <p>
* Always throws an exception.
*
* @param reason to be provided in the exception detail
* @param secureObject that was being called
* @param configAttribs that were defined for the secureObject
*/
private void credentialsNotFound(String reason, Object secureObject, Collection<ConfigAttribute> configAttribs) {
AuthenticationCredentialsNotFoundException exception = new AuthenticationCredentialsNotFoundException(reason);
AuthenticationCredentialsNotFoundEvent event = new AuthenticationCredentialsNotFoundEvent(secureObject, configAttribs, exception);
publishEvent(event);
throw exception;
}
use of org.springframework.security.authentication.AuthenticationCredentialsNotFoundException in project spring-security by spring-projects.
the class GlobalMethodSecurityBeanDefinitionParserTests method supportsBooleanPointcutExpressions.
@Test
public void supportsBooleanPointcutExpressions() {
setContext("<b:bean id='target' class='org.springframework.security.access.annotation.BusinessServiceImpl'/>" + "<global-method-security>" + " <protect-pointcut expression=" + " 'execution(* org.springframework.security.access.annotation.BusinessService.*(..)) " + " and not execution(* org.springframework.security.access.annotation.BusinessService.someOther(String)))' " + " access='ROLE_USER'/>" + "</global-method-security>" + AUTH_PROVIDER_XML);
target = (BusinessService) appContext.getBean("target");
// String method should not be protected
target.someOther("somestring");
// All others should require ROLE_USER
try {
target.someOther(0);
fail("Expected AuthenticationCredentialsNotFoundException");
} catch (AuthenticationCredentialsNotFoundException expected) {
}
SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("user", "password"));
target.someOther(0);
}
use of org.springframework.security.authentication.AuthenticationCredentialsNotFoundException in project spring-security by spring-projects.
the class ProtectPointcutPerformanceTests method usingPrototypeDoesNotParsePointcutOnEachCall.
// Method for use with profiler
@Test
public void usingPrototypeDoesNotParsePointcutOnEachCall() {
StopWatch sw = new StopWatch();
sw.start();
for (int i = 0; i < 1000; i++) {
try {
SessionRegistry reg = (SessionRegistry) ctx.getBean("sessionRegistryPrototype");
reg.getAllPrincipals();
fail("Expected AuthenticationCredentialsNotFoundException");
} catch (AuthenticationCredentialsNotFoundException expected) {
}
}
sw.stop();
// assertThat(sw.getTotalTimeMillis() < 1000).isTrue();
}
use of org.springframework.security.authentication.AuthenticationCredentialsNotFoundException in project spring-security by spring-projects.
the class SwitchUserFilter method createSwitchUserToken.
/**
* Create a switch user token that contains an additional <tt>GrantedAuthority</tt>
* that contains the original <code>Authentication</code> object.
*
* @param request The http servlet request.
* @param targetUser The target user
*
* @return The authentication token
*
* @see SwitchUserGrantedAuthority
*/
private UsernamePasswordAuthenticationToken createSwitchUserToken(HttpServletRequest request, UserDetails targetUser) {
UsernamePasswordAuthenticationToken targetUserRequest;
// grant an additional authority that contains the original Authentication object
// which will be used to 'exit' from the current switched user.
Authentication currentAuth;
try {
// SEC-1763. Check first if we are already switched.
currentAuth = attemptExitUser(request);
} catch (AuthenticationCredentialsNotFoundException e) {
currentAuth = SecurityContextHolder.getContext().getAuthentication();
}
GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(this.switchAuthorityRole, currentAuth);
// get the original authorities
Collection<? extends GrantedAuthority> orig = targetUser.getAuthorities();
// Allow subclasses to change the authorities to be granted
if (this.switchUserAuthorityChanger != null) {
orig = this.switchUserAuthorityChanger.modifyGrantedAuthorities(targetUser, currentAuth, orig);
}
// add the new switch user authority
List<GrantedAuthority> newAuths = new ArrayList<GrantedAuthority>(orig);
newAuths.add(switchAuthority);
// create the new authentication token
targetUserRequest = new UsernamePasswordAuthenticationToken(targetUser, targetUser.getPassword(), newAuths);
// set details
targetUserRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
return targetUserRequest;
}
use of org.springframework.security.authentication.AuthenticationCredentialsNotFoundException in project spring-security by spring-projects.
the class Http403ForbiddenEntryPointTests method testCommence.
public void testCommence() {
MockHttpServletRequest req = new MockHttpServletRequest();
MockHttpServletResponse resp = new MockHttpServletResponse();
Http403ForbiddenEntryPoint fep = new Http403ForbiddenEntryPoint();
try {
fep.commence(req, resp, new AuthenticationCredentialsNotFoundException("test"));
assertThat(resp.getStatus()).withFailMessage("Incorrect status").isEqualTo(HttpServletResponse.SC_FORBIDDEN);
} catch (IOException e) {
fail("Unexpected exception thrown: " + e);
} catch (ServletException e) {
fail("Unexpected exception thrown: " + e);
}
}
Aggregations