use of org.springframework.security.authentication.AuthenticationServiceException in project spring-security by spring-projects.
the class UsernamePasswordAuthenticationFilter method attemptAuthentication.
// ~ Methods
// ========================================================================================================
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
if (postOnly && !request.getMethod().equals("POST")) {
throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
}
String username = obtainUsername(request);
String password = obtainPassword(request);
if (username == null) {
username = "";
}
if (password == null) {
password = "";
}
username = username.trim();
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
// Allow subclasses to set the "details" property
setDetails(request, authRequest);
return this.getAuthenticationManager().authenticate(authRequest);
}
use of org.springframework.security.authentication.AuthenticationServiceException in project spring-security by spring-projects.
the class DaoAuthenticationProviderTests method testDetectsNullBeingReturnedFromAuthenticationDao.
@Test
public void testDetectsNullBeingReturnedFromAuthenticationDao() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala");
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setUserDetailsService(new MockAuthenticationDaoReturnsNull());
try {
provider.authenticate(token);
fail("Should have thrown AuthenticationServiceException");
} catch (AuthenticationServiceException expected) {
assertThat("UserDetailsService returned null, which is an interface contract violation").isEqualTo(expected.getMessage());
}
}
use of org.springframework.security.authentication.AuthenticationServiceException in project midpoint by Evolveum.
the class AuthenticationEvaluatorImpl method getPassword.
private String getPassword(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, ProtectedStringType protectedString) {
String decryptedPassword;
if (protectedString.getEncryptedDataType() != null) {
try {
decryptedPassword = protector.decryptString(protectedString);
} catch (EncryptionException e) {
recordAuthenticationFailure(principal, connEnv, "error decrypting password: " + e.getMessage());
throw new AuthenticationServiceException("web.security.provider.unavailable", e);
}
} else {
LOGGER.warn("Authenticating user based on clear value. Please check objects, " + "this should not happen. Protected string should be encrypted.");
decryptedPassword = protectedString.getClearValue();
}
return decryptedPassword;
}
use of org.springframework.security.authentication.AuthenticationServiceException in project midpoint by Evolveum.
the class MidPointAuthenticationProvider method authenticate.
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String enteredUsername = (String) authentication.getPrincipal();
LOGGER.trace("Authenticating username '{}'", enteredUsername);
ConnectionEnvironment connEnv = ConnectionEnvironment.create(SchemaConstants.CHANNEL_GUI_USER_URI);
Authentication token;
if (authentication instanceof UsernamePasswordAuthenticationToken) {
String enteredPassword = (String) authentication.getCredentials();
token = passwordAuthenticationEvaluator.authenticate(connEnv, new PasswordAuthenticationContext(enteredUsername, enteredPassword));
} else if (authentication instanceof PreAuthenticatedAuthenticationToken) {
token = passwordAuthenticationEvaluator.authenticateUserPreAuthenticated(connEnv, enteredUsername);
} else {
LOGGER.error("Unsupported authentication {}", authentication);
throw new AuthenticationServiceException("web.security.provider.unavailable");
}
MidPointPrincipal principal = (MidPointPrincipal) token.getPrincipal();
LOGGER.debug("User '{}' authenticated ({}), authorities: {}", authentication.getPrincipal(), authentication.getClass().getSimpleName(), principal.getAuthorities());
return token;
}
use of org.springframework.security.authentication.AuthenticationServiceException in project opennms by OpenNMS.
the class HybridOpenNMSUserAuthenticationProvider method checkUserPassword.
protected void checkUserPassword(final String authUsername, final String authPassword, final SpringSecurityUser user) throws AuthenticationException {
final String existingPassword = user.getPassword();
boolean hasUser = false;
try {
hasUser = m_userManager.hasUser(user.getUsername());
} catch (final Throwable e) {
throw new AuthenticationServiceException("An error occurred while checking for " + authUsername + " in the UserManager", e);
}
if (hasUser) {
if (!m_userManager.comparePasswords(authUsername, authPassword)) {
LOG.warn("Password auth failed for user: " + authUsername);
throw new BadCredentialsException("Bad credentials");
}
} else {
if (!m_userManager.checkSaltedPassword(authPassword, existingPassword)) {
LOG.warn("Salted password auth failed for user: " + authUsername);
throw new BadCredentialsException("Bad credentials");
}
}
}
Aggregations