Examples with CredentialsExpiredException org.springframework.security.authentication.CredentialsExpiredException used on opensource projects

Search in sources :

Example 1 with CredentialsExpiredException

use of org.springframework.security.authentication.CredentialsExpiredException in project spring-security by spring-projects.

the class DaoAuthenticationProviderTests method testAuthenticateFailsIfCredentialsExpired.

@Test
public void testAuthenticateFailsIfCredentialsExpired() {
    UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("peter", "opal");
    DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
    provider.setUserDetailsService(new MockAuthenticationDaoUserPeterCredentialsExpired());
    provider.setUserCache(new MockUserCache());
    try {
        provider.authenticate(token);
        fail("Should have thrown CredentialsExpiredException");
    } catch (CredentialsExpiredException expected) {
    }
    // Check that wrong password causes BadCredentialsException, rather than
    // CredentialsExpiredException
    token = new UsernamePasswordAuthenticationToken("peter", "wrong_password");
    try {
        provider.authenticate(token);
        fail("Should have thrown BadCredentialsException");
    } catch (BadCredentialsException expected) {
    }
}
Also used : CredentialsExpiredException(org.springframework.security.authentication.CredentialsExpiredException) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) Test(org.junit.Test)

Example 2 with CredentialsExpiredException

use of org.springframework.security.authentication.CredentialsExpiredException in project spring-security by spring-projects.

the class DelegatingAuthenticationFailureHandlerTests method handleByMappedHandlerWithSuperType.

@Test
public void handleByMappedHandlerWithSuperType() throws Exception {
    handlers.put(BadCredentialsException.class, handler1);
    // super type of
    handlers.put(AccountStatusException.class, handler2);
    // CredentialsExpiredException
    handler = new DelegatingAuthenticationFailureHandler(handlers, defaultHandler);
    AuthenticationException exception = new CredentialsExpiredException("");
    handler.onAuthenticationFailure(request, response, exception);
    verifyZeroInteractions(handler1, defaultHandler);
    verify(handler2).onAuthenticationFailure(request, response, exception);
}
Also used : CredentialsExpiredException(org.springframework.security.authentication.CredentialsExpiredException) AuthenticationException(org.springframework.security.core.AuthenticationException) Test(org.junit.Test)

Example 3 with CredentialsExpiredException

use of org.springframework.security.authentication.CredentialsExpiredException in project midpoint by Evolveum.

the class TestAbstractAuthenticationEvaluator method test210UserGuybrushPasswordLoginGoodPasswordExpired.

@Test
public void test210UserGuybrushPasswordLoginGoodPasswordExpired() throws Exception {
    final String TEST_NAME = "test210UserGuybrushPasswordLoginGoodPasswordExpired";
    TestUtil.displayTestTile(TEST_NAME);
    // GIVEN
    clock.overrideDuration("P2D");
    ConnectionEnvironment connEnv = createConnectionEnvironment();
    XMLGregorianCalendar startTs = clock.currentTimeXMLGregorianCalendar();
    try {
        // WHEN
        TestUtil.displayWhen(TEST_NAME);
        getAuthenticationEvaluator().authenticate(connEnv, getAuthenticationContext(USER_GUYBRUSH_USERNAME, getGoodPasswordGuybrush()));
        AssertJUnit.fail("Unexpected success");
    } catch (CredentialsExpiredException e) {
        // This is expected
        // THEN
        TestUtil.displayThen(TEST_NAME);
        display("expected exception", e);
        assertExpiredException(e, USER_GUYBRUSH_USERNAME);
    }
    XMLGregorianCalendar endTs = clock.currentTimeXMLGregorianCalendar();
    PrismObject<UserType> userAfter = getUser(USER_GUYBRUSH_OID);
    display("user after", userAfter);
    assertFailedLogins(userAfter, 0);
}
Also used : XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar) CredentialsExpiredException(org.springframework.security.authentication.CredentialsExpiredException) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) Test(org.testng.annotations.Test) AbstractInternalModelIntegrationTest(com.evolveum.midpoint.model.impl.AbstractInternalModelIntegrationTest)

Example 4 with CredentialsExpiredException

use of org.springframework.security.authentication.CredentialsExpiredException in project midpoint by Evolveum.

the class AuthenticationEvaluatorImpl method checkPasswordValidityAndAge.

private <P extends CredentialPolicyType> void checkPasswordValidityAndAge(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, C credentials, P passwordCredentialsPolicy) {
    if (credentials == null) {
        recordAuthenticationFailure(principal, connEnv, "no stored credential value");
        throw new AuthenticationCredentialsNotFoundException("web.security.provider.credential.bad");
    }
    validateCredentialNotNull(connEnv, principal, credentials);
    if (passwordCredentialsPolicy == null) {
        return;
    }
    Duration maxAge = passwordCredentialsPolicy.getMaxAge();
    if (maxAge != null) {
        MetadataType credentialMetedata = credentials.getMetadata();
        XMLGregorianCalendar changeTimestamp = MiscSchemaUtil.getChangeTimestamp(credentialMetedata);
        if (changeTimestamp != null) {
            XMLGregorianCalendar passwordValidUntil = XmlTypeConverter.addDuration(changeTimestamp, maxAge);
            if (clock.isPast(passwordValidUntil)) {
                recordAuthenticationFailure(principal, connEnv, "password expired");
                throw new CredentialsExpiredException("web.security.provider.password.bad");
            }
        }
    }
}
Also used : XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar) AuthenticationCredentialsNotFoundException(org.springframework.security.authentication.AuthenticationCredentialsNotFoundException) CredentialsExpiredException(org.springframework.security.authentication.CredentialsExpiredException) Duration(javax.xml.datatype.Duration)

Example 5 with CredentialsExpiredException

use of org.springframework.security.authentication.CredentialsExpiredException in project midpoint by Evolveum.

the class MidpointRestAuthenticator method handleRequest.

public void handleRequest(AuthorizationPolicy policy, Message m, ContainerRequestContext requestCtx) {
    if (policy == null) {
        RestServiceUtil.createAbortMessage(requestCtx);
        return;
    }
    T authenticationContext = createAuthenticationContext(policy, requestCtx);
    if (authenticationContext == null) {
        return;
    }
    String enteredUsername = authenticationContext.getUsername();
    if (enteredUsername == null) {
        RestServiceUtil.createAbortMessage(requestCtx);
        return;
    }
    LOGGER.trace("Authenticating username '{}' to REST service", enteredUsername);
    // We need to create task before attempting authentication. Task ID is also a session ID.
    Task task = taskManager.createTaskInstance(ModelRestService.OPERATION_REST_SERVICE);
    task.setChannel(SchemaConstants.CHANNEL_REST_URI);
    ConnectionEnvironment connEnv = ConnectionEnvironment.create(SchemaConstants.CHANNEL_REST_URI);
    connEnv.setSessionIdOverride(task.getTaskIdentifier());
    UsernamePasswordAuthenticationToken token;
    try {
        token = getAuthenticationEvaluator().authenticate(connEnv, authenticationContext);
    } catch (UsernameNotFoundException | BadCredentialsException e) {
        LOGGER.trace("Exception while authenticating username '{}' to REST service: {}", enteredUsername, e.getMessage(), e);
        requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic authentication failed. Cannot authenticate user.").build());
        return;
    } catch (DisabledException | LockedException | CredentialsExpiredException | AccessDeniedException | AuthenticationCredentialsNotFoundException | AuthenticationServiceException e) {
        LOGGER.trace("Exception while authenticating username '{}' to REST service: {}", enteredUsername, e.getMessage(), e);
        requestCtx.abortWith(Response.status(Status.FORBIDDEN).build());
        return;
    }
    UserType user = ((MidPointPrincipal) token.getPrincipal()).getUser();
    task.setOwner(user.asPrismObject());
    //  m.put(RestServiceUtil.MESSAGE_PROPERTY_TASK_NAME, task);
    if (!authorizeUser(user, null, enteredUsername, connEnv, requestCtx)) {
        return;
    }
    String oid = requestCtx.getHeaderString("Switch-To-Principal");
    OperationResult result = task.getResult();
    if (StringUtils.isNotBlank(oid)) {
        try {
            PrismObject<UserType> authorizedUser = model.getObject(UserType.class, oid, null, task, result);
            task.setOwner(authorizedUser);
            if (!authorizeUser(AuthorizationConstants.AUTZ_REST_PROXY_URL, user, authorizedUser, enteredUsername, connEnv, requestCtx)) {
                return;
            }
            if (!authorizeUser(authorizedUser.asObjectable(), null, authorizedUser.getName().getOrig(), connEnv, requestCtx)) {
                return;
            }
        } catch (ObjectNotFoundException | SchemaException | SecurityViolationException | CommunicationException | ConfigurationException | ExpressionEvaluationException e) {
            LOGGER.trace("Exception while authenticating user identified with '{}' to REST service: {}", oid, e.getMessage(), e);
            requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).header("WWW-Authenticate", "Proxy Authentication failed. Cannot authenticate user.").build());
            return;
        }
    }
    m.put(RestServiceUtil.MESSAGE_PROPERTY_TASK_NAME, task);
    LOGGER.trace("Authorized to use REST service ({})", user);
}
Also used : UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException) Task(com.evolveum.midpoint.task.api.Task) AccessDeniedException(org.springframework.security.access.AccessDeniedException) ExpressionEvaluationException(com.evolveum.midpoint.util.exception.ExpressionEvaluationException) SecurityViolationException(com.evolveum.midpoint.util.exception.SecurityViolationException) DisabledException(org.springframework.security.authentication.DisabledException) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) ConfigurationException(com.evolveum.midpoint.util.exception.ConfigurationException) MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal) SchemaException(com.evolveum.midpoint.util.exception.SchemaException) LockedException(org.springframework.security.authentication.LockedException) AuthenticationCredentialsNotFoundException(org.springframework.security.authentication.AuthenticationCredentialsNotFoundException) CredentialsExpiredException(org.springframework.security.authentication.CredentialsExpiredException) CommunicationException(com.evolveum.midpoint.util.exception.CommunicationException) AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException) ConnectionEnvironment(com.evolveum.midpoint.security.api.ConnectionEnvironment) ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)

Aggregations

CredentialsExpiredException (org.springframework.security.authentication.CredentialsExpiredException)5 UserType (com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)2 XMLGregorianCalendar (javax.xml.datatype.XMLGregorianCalendar)2 Test (org.junit.Test)2 AuthenticationCredentialsNotFoundException (org.springframework.security.authentication.AuthenticationCredentialsNotFoundException)2 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)2 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)2 AbstractInternalModelIntegrationTest (com.evolveum.midpoint.model.impl.AbstractInternalModelIntegrationTest)1 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)1 ConnectionEnvironment (com.evolveum.midpoint.security.api.ConnectionEnvironment)1 MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)1 Task (com.evolveum.midpoint.task.api.Task)1 CommunicationException (com.evolveum.midpoint.util.exception.CommunicationException)1 ConfigurationException (com.evolveum.midpoint.util.exception.ConfigurationException)1 ExpressionEvaluationException (com.evolveum.midpoint.util.exception.ExpressionEvaluationException)1 ObjectNotFoundException (com.evolveum.midpoint.util.exception.ObjectNotFoundException)1 SchemaException (com.evolveum.midpoint.util.exception.SchemaException)1 SecurityViolationException (com.evolveum.midpoint.util.exception.SecurityViolationException)1 Duration (javax.xml.datatype.Duration)1 AccessDeniedException (org.springframework.security.access.AccessDeniedException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial