Examples with DisabledException org.springframework.security.authentication.DisabledException used on opensource projects

Example 6 with DisabledException

use of org.springframework.security.authentication.DisabledException in project spring-security by spring-projects.

the class GoogleAccountsAuthenticationProvider method authenticate.

public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    User googleUser = (User) authentication.getPrincipal();
    GaeUser user = userRegistry.findUser(googleUser.getUserId());
    if (user == null) {
        // User not in registry. Needs to register
        user = new GaeUser(googleUser.getUserId(), googleUser.getNickname(), googleUser.getEmail());
    }
    if (!user.isEnabled()) {
        throw new DisabledException("Account is disabled");
    }
    return new GaeUserAuthentication(user, authentication.getDetails());
}

Example 7 with DisabledException

use of org.springframework.security.authentication.DisabledException in project spring-security by spring-projects.

the class BasicAuthenticationEntryPointTests method testNormalOperation.

@Test
public void testNormalOperation() throws Exception {
    BasicAuthenticationEntryPoint ep = new BasicAuthenticationEntryPoint();
    ep.setRealmName("hello");
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setRequestURI("/some_path");
    MockHttpServletResponse response = new MockHttpServletResponse();
    // ep.afterPropertiesSet();
    String msg = "These are the jokes kid";
    ep.commence(request, response, new DisabledException(msg));
    assertThat(response.getStatus()).isEqualTo(401);
    assertThat(response.getErrorMessage()).isEqualTo(msg);
    assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Basic realm=\"hello\"");
}

Example 8 with DisabledException

use of org.springframework.security.authentication.DisabledException in project ORCID-Source by ORCID.

the class OrcidUserDetailsService method loadUserByUsername.

/**
     * Locates the user based on the username. In the actual implementation, the
     * search may possibly be case insensitive, or case insensitive depending on
     * how the implementation instance is configured. In this case, the
     * <code>UserDetails</code> object that comes back may have a username that
     * is of a different case than what was actually requested..
     * 
     * @param username
     *            the username identifying the user whose data is required.
     * @return a fully populated user record (never <code>null</code>)
     * @throws org.springframework.security.core.userdetails.UsernameNotFoundException
     *             if the user could not be found or the user has no
     *             GrantedAuthority
     */
@Override
@Transactional(propagation = Propagation.REQUIRED)
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
    LOGGER.info("About to load user by username = {}", username);
    ProfileEntity profile = obtainEntity(username);
    if (profile == null) {
        throw new UsernameNotFoundException("Bad username or password");
    }
    if (profile.getPrimaryRecord() != null) {
        throw new DeprecatedProfileException("orcid.frontend.security.deprecated_with_primary", profile.getPrimaryRecord().getId(), profile.getId());
    }
    if (profile.getDeactivationDate() != null && !securityMgr.isAdmin()) {
        throw new DisabledException("Account not active, please call helpdesk");
    }
    if (!profile.getClaimed() && !securityMgr.isAdmin()) {
        throw new UnclaimedProfileExistsException("orcid.frontend.security.unclaimed_exists");
    }
    String primaryEmail = null;
    // Clients doesnt have primary email, so, we need to cover that case.
    if (profile.getPrimaryEmail() != null)
        primaryEmail = profile.getPrimaryEmail().getId();
    OrcidProfileUserDetails userDetails = null;
    if (profile.getOrcidType() != null) {
        OrcidType orcidType = OrcidType.fromValue(profile.getOrcidType().value());
        userDetails = new OrcidProfileUserDetails(profile.getId(), primaryEmail, profile.getEncryptedPassword(), orcidType, profile.getGroupType());
    } else {
        userDetails = new OrcidProfileUserDetails(profile.getId(), primaryEmail, profile.getEncryptedPassword());
    }
    return userDetails;
}

Example 9 with DisabledException

use of org.springframework.security.authentication.DisabledException in project ORCID-Source by ORCID.

the class AjaxAuthenticationFailureHandler method onAuthenticationFailure.

public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
    response.setContentType("application/json");
    PrintWriter writer = response.getWriter();
    writer.println("{");
    writer.println("\"success\": false");
    if (exception.getCause() instanceof UnclaimedProfileExistsException) {
        writer.println(",");
        writer.println("\"unclaimed\": true");
    } else if (exception.getCause() instanceof DeprecatedProfileException) {
        writer.println(",");
        writer.println("\"deprecated\": true");
        DeprecatedProfileException exc = (DeprecatedProfileException) exception.getCause();
        if (exc != null && exc.getPrimary() != null) {
            writer.println(",");
            writer.println("\"primary\":\"" + exc.getPrimary() + "\"");
        }
    } else if (exception.getCause() instanceof DisabledException) {
        writer.println(",");
        writer.println("\"disabled\": true");
    }
    writer.println("}");
}

Example 10 with DisabledException

use of org.springframework.security.authentication.DisabledException in project midpoint by Evolveum.

the class MidpointRestAuthenticator method handleRequest.

public void handleRequest(AuthorizationPolicy policy, Message m, ContainerRequestContext requestCtx) {
    if (policy == null) {
        RestServiceUtil.createAbortMessage(requestCtx);
        return;
    }
    T authenticationContext = createAuthenticationContext(policy, requestCtx);
    if (authenticationContext == null) {
        return;
    }
    String enteredUsername = authenticationContext.getUsername();
    if (enteredUsername == null) {
        RestServiceUtil.createAbortMessage(requestCtx);
        return;
    }
    LOGGER.trace("Authenticating username '{}' to REST service", enteredUsername);
    // We need to create task before attempting authentication. Task ID is also a session ID.
    Task task = taskManager.createTaskInstance(ModelRestService.OPERATION_REST_SERVICE);
    task.setChannel(SchemaConstants.CHANNEL_REST_URI);
    ConnectionEnvironment connEnv = ConnectionEnvironment.create(SchemaConstants.CHANNEL_REST_URI);
    connEnv.setSessionIdOverride(task.getTaskIdentifier());
    UsernamePasswordAuthenticationToken token;
    try {
        token = getAuthenticationEvaluator().authenticate(connEnv, authenticationContext);
    } catch (UsernameNotFoundException | BadCredentialsException e) {
        LOGGER.trace("Exception while authenticating username '{}' to REST service: {}", enteredUsername, e.getMessage(), e);
        requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic authentication failed. Cannot authenticate user.").build());
        return;
    } catch (DisabledException | LockedException | CredentialsExpiredException | AccessDeniedException | AuthenticationCredentialsNotFoundException | AuthenticationServiceException e) {
        LOGGER.trace("Exception while authenticating username '{}' to REST service: {}", enteredUsername, e.getMessage(), e);
        requestCtx.abortWith(Response.status(Status.FORBIDDEN).build());
        return;
    }
    UserType user = ((MidPointPrincipal) token.getPrincipal()).getUser();
    task.setOwner(user.asPrismObject());
    //  m.put(RestServiceUtil.MESSAGE_PROPERTY_TASK_NAME, task);
    if (!authorizeUser(user, null, enteredUsername, connEnv, requestCtx)) {
        return;
    }
    String oid = requestCtx.getHeaderString("Switch-To-Principal");
    OperationResult result = task.getResult();
    if (StringUtils.isNotBlank(oid)) {
        try {
            PrismObject<UserType> authorizedUser = model.getObject(UserType.class, oid, null, task, result);
            task.setOwner(authorizedUser);
            if (!authorizeUser(AuthorizationConstants.AUTZ_REST_PROXY_URL, user, authorizedUser, enteredUsername, connEnv, requestCtx)) {
                return;
            }
            if (!authorizeUser(authorizedUser.asObjectable(), null, authorizedUser.getName().getOrig(), connEnv, requestCtx)) {
                return;
            }
        } catch (ObjectNotFoundException | SchemaException | SecurityViolationException | CommunicationException | ConfigurationException | ExpressionEvaluationException e) {
            LOGGER.trace("Exception while authenticating user identified with '{}' to REST service: {}", oid, e.getMessage(), e);
            requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).header("WWW-Authenticate", "Proxy Authentication failed. Cannot authenticate user.").build());
            return;
        }
    }
    m.put(RestServiceUtil.MESSAGE_PROPERTY_TASK_NAME, task);
    LOGGER.trace("Authorized to use REST service ({})", user);
}