use of org.springframework.security.core.AuthenticationException in project tutorials by eugenp.
the class UserJWTController method authorize.
@PostMapping("/authenticate")
@Timed
public ResponseEntity authorize(@Valid @RequestBody LoginVM loginVM, HttpServletResponse response) {
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(loginVM.getUsername(), loginVM.getPassword());
try {
Authentication authentication = this.authenticationManager.authenticate(authenticationToken);
SecurityContextHolder.getContext().setAuthentication(authentication);
boolean rememberMe = (loginVM.isRememberMe() == null) ? false : loginVM.isRememberMe();
String jwt = tokenProvider.createToken(authentication, rememberMe);
response.addHeader(JWTConfigurer.AUTHORIZATION_HEADER, "Bearer " + jwt);
return ResponseEntity.ok(new JWTToken(jwt));
} catch (AuthenticationException ae) {
log.trace("Authentication exception trace: {}", ae);
return new ResponseEntity<>(Collections.singletonMap("AuthenticationException", ae.getLocalizedMessage()), HttpStatus.UNAUTHORIZED);
}
}
use of org.springframework.security.core.AuthenticationException in project tutorials by eugenp.
the class UserJWTController method authorize.
@PostMapping("/authenticate")
@Timed
public ResponseEntity authorize(@Valid @RequestBody LoginVM loginVM, HttpServletResponse response) {
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(loginVM.getUsername(), loginVM.getPassword());
try {
Authentication authentication = this.authenticationManager.authenticate(authenticationToken);
SecurityContextHolder.getContext().setAuthentication(authentication);
boolean rememberMe = (loginVM.isRememberMe() == null) ? false : loginVM.isRememberMe();
String jwt = tokenProvider.createToken(authentication, rememberMe);
response.addHeader(JWTConfigurer.AUTHORIZATION_HEADER, "Bearer " + jwt);
return ResponseEntity.ok(new JWTToken(jwt));
} catch (AuthenticationException ae) {
log.trace("Authentication exception trace: {}", ae);
return new ResponseEntity<>(Collections.singletonMap("AuthenticationException", ae.getLocalizedMessage()), HttpStatus.UNAUTHORIZED);
}
}
use of org.springframework.security.core.AuthenticationException in project tutorials by eugenp.
the class CustomDaoAuthenticationProvider method authenticate.
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String name = authentication.getName();
String password = authentication.getCredentials().toString();
UserDetails u = null;
try {
u = getUserDetailsService().loadUserByUsername(name);
} catch (UsernameNotFoundException ex) {
log.error("User '" + name + "' not found");
} catch (Exception e) {
log.error("Exception in CustomDaoAuthenticationProvider: " + e);
}
if (u != null) {
if (u.getPassword().equals(password)) {
return new UsernamePasswordAuthenticationToken(u, password, u.getAuthorities());
}
}
throw new BadCredentialsException(messages.getMessage("CustomDaoAuthenticationProvider.badCredentials", "Bad credentials"));
}
use of org.springframework.security.core.AuthenticationException in project motech by motech.
the class MotechLoginErrorHandlerTest method shouldNotBlockUser.
@Test
public void shouldNotBlockUser() throws ServletException, IOException {
AuthenticationException exception = new BadCredentialsException("Wrong Password");
exception.setAuthentication(authentication);
MotechUser user = createUser(UserStatus.ACTIVE, 2);
when(authentication.getName()).thenReturn("testUser");
when(motechUsersDao.findByUserName("testUser")).thenReturn(user);
when(settingService.getFailureLoginLimit()).thenReturn(3);
motechLoginErrorHandler.onAuthenticationFailure(request, response, exception);
verify(response).sendRedirect(LOGIN_ERROR);
verify(motechUsersDao).update(userCaptor.capture());
MotechUser capturedUser = userCaptor.getValue();
assertEquals((Integer) 3, capturedUser.getFailureLoginCounter());
assertEquals(UserStatus.ACTIVE, capturedUser.getUserStatus());
}
use of org.springframework.security.core.AuthenticationException in project motech by motech.
the class MotechLoginErrorHandlerTest method shouldRedirectUserWithExpiredPassword.
@Test
public void shouldRedirectUserWithExpiredPassword() throws ServletException, IOException {
AuthenticationException exception = new CredentialsExpiredException("Credentials expired");
exception.setAuthentication(authentication);
MotechUser user = createUser(UserStatus.MUST_CHANGE_PASSWORD, 0);
when(authentication.getName()).thenReturn("testUser");
when(motechUsersDao.findByUserName("testUser")).thenReturn(user);
when(settingService.getFailureLoginLimit()).thenReturn(3);
motechLoginErrorHandler.onAuthenticationFailure(request, response, exception);
verify(response).sendRedirect(CHANGE_PASSWORD);
}
Aggregations