Example 1 with AuthenticationServiceException
use of org.springframework.security.authentication.AuthenticationServiceException in project head by mifos.
the class MifosLegacyUsernamePasswordAuthenticationFilter method doFilter.
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
//LocaleContextHolder.setLocale(Localization.getInstance().getConfiguredLocale());
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
AuthenticationException denied = null;
boolean allowAuthenticationToContinue = true;
if (MifosBatchJob.isBatchJobRunningThatRequiresExclusiveAccess()) {
allowAuthenticationToContinue = false;
HttpSession session = request.getSession(false);
if (session != null) {
session.invalidate();
}
denied = new AuthenticationServiceException(messages.getMessage(LoginConstants.BATCH_JOB_RUNNING, "You have been logged out of the system because batch jobs are running."));
}
ShutdownManager shutdownManager = (ShutdownManager) ServletUtils.getGlobal(request, ShutdownManager.class.getName());
if (shutdownManager.isShutdownDone()) {
allowAuthenticationToContinue = false;
request.getSession(false).invalidate();
denied = new AuthenticationServiceException(messages.getMessage(LoginConstants.SHUTDOWN, "You have been logged out of the system because Mifos is shutting down."));
}
if (shutdownManager.isInShutdownCountdownNotificationThreshold()) {
request.setAttribute("shutdownIsImminent", true);
}
if (allowAuthenticationToContinue) {
super.doFilter(request, response, chain);
} else {
unsuccessfulAuthentication(request, response, denied);
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
AuthenticationException(org.springframework.security.core.AuthenticationException)
HttpSession(javax.servlet.http.HttpSession)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ShutdownManager(org.mifos.application.admin.system.ShutdownManager)
AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)
Example 2 with AuthenticationServiceException
use of org.springframework.security.authentication.AuthenticationServiceException in project spring-security by spring-projects.
the class OpenIDAuthenticationFilter method attemptAuthentication.
/**
* Authentication has two phases.
* <ol>
* <li>The initial submission of the claimed OpenID. A redirect to the URL returned
* from the consumer will be performed and null will be returned.</li>
* <li>The redirection from the OpenID server to the return_to URL, once it has
* authenticated the user</li>
* </ol>
*/
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException {
OpenIDAuthenticationToken token;
String identity = request.getParameter("openid.identity");
if (!StringUtils.hasText(identity)) {
String claimedIdentity = obtainUsername(request);
try {
String returnToUrl = buildReturnToUrl(request);
String realm = lookupRealm(returnToUrl);
String openIdUrl = consumer.beginConsumption(request, claimedIdentity, returnToUrl, realm);
if (logger.isDebugEnabled()) {
logger.debug("return_to is '" + returnToUrl + "', realm is '" + realm + "'");
logger.debug("Redirecting to " + openIdUrl);
}
response.sendRedirect(openIdUrl);
// Indicate to parent class that authentication is continuing.
return null;
} catch (OpenIDConsumerException e) {
logger.debug("Failed to consume claimedIdentity: " + claimedIdentity, e);
throw new AuthenticationServiceException("Unable to process claimed identity '" + claimedIdentity + "'");
}
}
if (logger.isDebugEnabled()) {
logger.debug("Supplied OpenID identity is " + identity);
}
try {
token = consumer.endConsumption(request);
} catch (OpenIDConsumerException oice) {
throw new AuthenticationServiceException("Consumer error", oice);
}
token.setDetails(authenticationDetailsSource.buildDetails(request));
// delegate to the authentication provider
Authentication authentication = this.getAuthenticationManager().authenticate(token);
return authentication;
}
Also used :
Authentication(org.springframework.security.core.Authentication)
AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)
Example 3 with AuthenticationServiceException
use of org.springframework.security.authentication.AuthenticationServiceException in project spring-security by spring-projects.
the class OpenIDAuthenticationProvider method authenticate.
/*
* (non-Javadoc)
*
* @see
* org.springframework.security.authentication.AuthenticationProvider#authenticate
* (org.springframework.security.Authentication)
*/
public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
if (!supports(authentication.getClass())) {
return null;
}
if (authentication instanceof OpenIDAuthenticationToken) {
OpenIDAuthenticationToken response = (OpenIDAuthenticationToken) authentication;
OpenIDAuthenticationStatus status = response.getStatus();
// handle the various possibilities
if (status == OpenIDAuthenticationStatus.SUCCESS) {
// Lookup user details
UserDetails userDetails = this.userDetailsService.loadUserDetails(response);
return createSuccessfulAuthentication(userDetails, response);
} else if (status == OpenIDAuthenticationStatus.CANCELLED) {
throw new AuthenticationCancelledException("Log in cancelled");
} else if (status == OpenIDAuthenticationStatus.ERROR) {
throw new AuthenticationServiceException("Error message from server: " + response.getMessage());
} else if (status == OpenIDAuthenticationStatus.FAILURE) {
throw new BadCredentialsException("Log in failed - identity could not be verified");
} else if (status == OpenIDAuthenticationStatus.SETUP_NEEDED) {
throw new AuthenticationServiceException("The server responded setup was needed, which shouldn't happen");
} else {
throw new AuthenticationServiceException("Unrecognized return value " + status.toString());
}
}
return null;
}
Also used :
UserDetails(org.springframework.security.core.userdetails.UserDetails)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)
Example 4 with AuthenticationServiceException
use of org.springframework.security.authentication.AuthenticationServiceException in project spring-security by spring-projects.
the class OpenIDAuthenticationProviderTests method testAuthenticateError.
/*
* Test method for
* 'org.springframework.security.authentication.openid.OpenIDAuthenticationProvider.
* authenticate(Authentication)'
*/
@Test
public void testAuthenticateError() {
OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
provider.setUserDetailsService(new MockUserDetailsService());
Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.ERROR, USERNAME, "", null);
assertThat(preAuth.isAuthenticated()).isFalse();
try {
provider.authenticate(preAuth);
fail("Should throw an AuthenticationException");
} catch (AuthenticationServiceException expected) {
assertThat(expected.getMessage()).isEqualTo("Error message from server: ");
}
}
Also used :
Authentication(org.springframework.security.core.Authentication)
AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)
Test(org.junit.Test)
Example 5 with AuthenticationServiceException
use of org.springframework.security.authentication.AuthenticationServiceException in project spring-security by spring-projects.
the class OpenIDAuthenticationProviderTests method testAuthenticateSetupNeeded.
/*
* Test method for
* 'org.springframework.security.authentication.openid.OpenIDAuthenticationProvider.
* authenticate(Authentication)'
*/
@Test
public void testAuthenticateSetupNeeded() {
OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
provider.setUserDetailsService(new MockUserDetailsService());
Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SETUP_NEEDED, USERNAME, "", null);
assertThat(preAuth.isAuthenticated()).isFalse();
try {
provider.authenticate(preAuth);
fail("Should throw an AuthenticationException");
} catch (AuthenticationServiceException expected) {
assertThat("The server responded setup was needed, which shouldn't happen").isEqualTo(expected.getMessage());
}
}
Also used :
Authentication(org.springframework.security.core.Authentication)
AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)
Test(org.junit.Test)
Aggregations
AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)17
BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)6
Authentication (org.springframework.security.core.Authentication)6
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)5
EncryptionException (com.evolveum.midpoint.prism.crypto.EncryptionException)3
SchemaException (com.evolveum.midpoint.util.exception.SchemaException)3
Test (org.junit.Test)3
ConnectionEnvironment (com.evolveum.midpoint.security.api.ConnectionEnvironment)2
MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)2
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
HttpSession (javax.servlet.http.HttpSession)2
LockedException (org.springframework.security.authentication.LockedException)2
UsernameNotFoundException (org.springframework.security.core.userdetails.UsernameNotFoundException)2
PasswordAuthenticationContext (com.evolveum.midpoint.model.api.context.PasswordAuthenticationContext)1
OperationResult (com.evolveum.midpoint.schema.result.OperationResult)1
Task (com.evolveum.midpoint.task.api.Task)1
CommunicationException (com.evolveum.midpoint.util.exception.CommunicationException)1
ConfigurationException (com.evolveum.midpoint.util.exception.ConfigurationException)1
ExpressionEvaluationException (com.evolveum.midpoint.util.exception.ExpressionEvaluationException)1
