Search in sources :

Example 86 with UsernamePasswordAuthenticationToken

use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security by spring-projects.

the class PasswordComparisonAuthenticatorTests method testLdapCompareWithDifferentPasswordAttributeSucceeds.

@Test
public void testLdapCompareWithDifferentPasswordAttributeSucceeds() {
    authenticator.setUserAttributes(new String[] { "uid" });
    authenticator.setPasswordAttributeName("cn");
    authenticator.authenticate(new UsernamePasswordAuthenticationToken("ben", "Ben Alex"));
}
Also used : UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)

Example 87 with UsernamePasswordAuthenticationToken

use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security-oauth by spring-projects.

the class TokenEndpointAuthenticationFilter method extractCredentials.

/**
	 * If the incoming request contains user credentials in headers or parameters then extract them here into an
	 * Authentication token that can be validated later. This implementation only recognises password grant requests and
	 * extracts the username and password.
	 * 
	 * @param request the incoming request, possibly with user credentials
	 * @return an authentication for validation (or null if there is no further authentication)
	 */
protected Authentication extractCredentials(HttpServletRequest request) {
    String grantType = request.getParameter("grant_type");
    if (grantType != null && grantType.equals("password")) {
        UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(request.getParameter("username"), request.getParameter("password"));
        result.setDetails(authenticationDetailsSource.buildDetails(request));
        return result;
    }
    return null;
}
Also used : UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)

Example 88 with UsernamePasswordAuthenticationToken

use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security-oauth by spring-projects.

the class ResourceOwnerPasswordTokenGranter method getOAuth2Authentication.

@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
    Map<String, String> parameters = new LinkedHashMap<String, String>(tokenRequest.getRequestParameters());
    String username = parameters.get("username");
    String password = parameters.get("password");
    // Protect from downstream leaks of password
    parameters.remove("password");
    Authentication userAuth = new UsernamePasswordAuthenticationToken(username, password);
    ((AbstractAuthenticationToken) userAuth).setDetails(parameters);
    try {
        userAuth = authenticationManager.authenticate(userAuth);
    } catch (AccountStatusException ase) {
        //covers expired, locked, disabled cases (mentioned in section 5.2, draft 31)
        throw new InvalidGrantException(ase.getMessage());
    } catch (BadCredentialsException e) {
        // If the username/password are wrong the spec says we should send 400/invalid grant
        throw new InvalidGrantException(e.getMessage());
    }
    if (userAuth == null || !userAuth.isAuthenticated()) {
        throw new InvalidGrantException("Could not authenticate user: " + username);
    }
    OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest);
    return new OAuth2Authentication(storedOAuth2Request, userAuth);
}
Also used : AccountStatusException(org.springframework.security.authentication.AccountStatusException) AbstractAuthenticationToken(org.springframework.security.authentication.AbstractAuthenticationToken) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) InvalidGrantException(org.springframework.security.oauth2.common.exceptions.InvalidGrantException) LinkedHashMap(java.util.LinkedHashMap)

Example 89 with UsernamePasswordAuthenticationToken

use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project opennms by OpenNMS.

the class RadiusAuthenticationProviderTest method testRetrieveUserChap.

@Test
@Ignore("Need to have a RADIUS server running on localhost")
public void testRetrieveUserChap() throws IOException {
    RadiusAuthenticationProvider provider = new RadiusAuthenticationProvider(m_radiusServer, m_sharedSecret);
    RadiusAuthenticator authTypeClass = new CHAPAuthenticator();
    provider.setAuthTypeClass(authTypeClass);
    provider.setRolesAttribute("Unknown-VSAttribute(5813:1)");
    UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(m_principal, m_credentials);
    provider.retrieveUser(m_username, token);
}
Also used : CHAPAuthenticator(net.jradius.client.auth.CHAPAuthenticator) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) RadiusAuthenticator(net.jradius.client.auth.RadiusAuthenticator) Ignore(org.junit.Ignore) Test(org.junit.Test)

Example 90 with UsernamePasswordAuthenticationToken

use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project opennms by OpenNMS.

the class RadiusAuthenticationProviderTest method testRetrieveUserPap.

@Test
@Ignore("Need to have a RADIUS server running on localhost")
public void testRetrieveUserPap() throws IOException {
    RadiusAuthenticationProvider provider = new RadiusAuthenticationProvider(m_radiusServer, m_sharedSecret);
    RadiusAuthenticator authTypeClass = new PAPAuthenticator();
    provider.setAuthTypeClass(authTypeClass);
    provider.setRolesAttribute("Unknown-VSAttribute(5813:1)");
    UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(m_principal, m_credentials);
    provider.retrieveUser(m_username, token);
}
Also used : UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) PAPAuthenticator(net.jradius.client.auth.PAPAuthenticator) RadiusAuthenticator(net.jradius.client.auth.RadiusAuthenticator) Ignore(org.junit.Ignore) Test(org.junit.Test)

Aggregations

UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)309 Test (org.junit.Test)156 Authentication (org.springframework.security.core.Authentication)114 GrantedAuthority (org.springframework.security.core.GrantedAuthority)37 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)34 UserDetails (org.springframework.security.core.userdetails.UserDetails)33 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)29 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)27 SecurityContext (org.springframework.security.core.context.SecurityContext)21 AuthenticationException (org.springframework.security.core.AuthenticationException)20 User (org.springframework.security.core.userdetails.User)17 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)15 ArrayList (java.util.ArrayList)14 OrcidProfileUserDetails (org.orcid.core.oauth.OrcidProfileUserDetails)13 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)13 AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)13 UsernameNotFoundException (org.springframework.security.core.userdetails.UsernameNotFoundException)12 SecurityContextImpl (org.springframework.security.core.context.SecurityContextImpl)11 Before (org.junit.Before)8 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)8