Search in sources :

Example 36 with AuthenticationException

use of org.springframework.security.core.AuthenticationException in project tutorials by eugenp.

the class UserJWTController method authorize.

@PostMapping("/authenticate")
@Timed
public ResponseEntity authorize(@Valid @RequestBody LoginVM loginVM, HttpServletResponse response) {
    UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(loginVM.getUsername(), loginVM.getPassword());
    try {
        Authentication authentication = this.authenticationManager.authenticate(authenticationToken);
        SecurityContextHolder.getContext().setAuthentication(authentication);
        boolean rememberMe = (loginVM.isRememberMe() == null) ? false : loginVM.isRememberMe();
        String jwt = tokenProvider.createToken(authentication, rememberMe);
        response.addHeader(JWTConfigurer.AUTHORIZATION_HEADER, "Bearer " + jwt);
        return ResponseEntity.ok(new JWTToken(jwt));
    } catch (AuthenticationException ae) {
        log.trace("Authentication exception trace: {}", ae);
        return new ResponseEntity<>(Collections.singletonMap("AuthenticationException", ae.getLocalizedMessage()), HttpStatus.UNAUTHORIZED);
    }
}
Also used : AuthenticationException(org.springframework.security.core.AuthenticationException) Authentication(org.springframework.security.core.Authentication) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) Timed(com.codahale.metrics.annotation.Timed)

Example 37 with AuthenticationException

use of org.springframework.security.core.AuthenticationException in project tutorials by eugenp.

the class UserJWTController method authorize.

@PostMapping("/authenticate")
@Timed
public ResponseEntity authorize(@Valid @RequestBody LoginVM loginVM, HttpServletResponse response) {
    UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(loginVM.getUsername(), loginVM.getPassword());
    try {
        Authentication authentication = this.authenticationManager.authenticate(authenticationToken);
        SecurityContextHolder.getContext().setAuthentication(authentication);
        boolean rememberMe = (loginVM.isRememberMe() == null) ? false : loginVM.isRememberMe();
        String jwt = tokenProvider.createToken(authentication, rememberMe);
        response.addHeader(JWTConfigurer.AUTHORIZATION_HEADER, "Bearer " + jwt);
        return ResponseEntity.ok(new JWTToken(jwt));
    } catch (AuthenticationException ae) {
        log.trace("Authentication exception trace: {}", ae);
        return new ResponseEntity<>(Collections.singletonMap("AuthenticationException", ae.getLocalizedMessage()), HttpStatus.UNAUTHORIZED);
    }
}
Also used : AuthenticationException(org.springframework.security.core.AuthenticationException) Authentication(org.springframework.security.core.Authentication) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) Timed(com.codahale.metrics.annotation.Timed)

Example 38 with AuthenticationException

use of org.springframework.security.core.AuthenticationException in project tutorials by eugenp.

the class CustomDaoAuthenticationProvider method authenticate.

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    String name = authentication.getName();
    String password = authentication.getCredentials().toString();
    UserDetails u = null;
    try {
        u = getUserDetailsService().loadUserByUsername(name);
    } catch (UsernameNotFoundException ex) {
        log.error("User '" + name + "' not found");
    } catch (Exception e) {
        log.error("Exception in CustomDaoAuthenticationProvider: " + e);
    }
    if (u != null) {
        if (u.getPassword().equals(password)) {
            return new UsernamePasswordAuthenticationToken(u, password, u.getAuthorities());
        }
    }
    throw new BadCredentialsException(messages.getMessage("CustomDaoAuthenticationProvider.badCredentials", "Bad credentials"));
}
Also used : UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException) UserDetails(org.springframework.security.core.userdetails.UserDetails) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException) AuthenticationException(org.springframework.security.core.AuthenticationException)

Example 39 with AuthenticationException

use of org.springframework.security.core.AuthenticationException in project motech by motech.

the class MotechLoginErrorHandlerTest method shouldNotBlockUser.

@Test
public void shouldNotBlockUser() throws ServletException, IOException {
    AuthenticationException exception = new BadCredentialsException("Wrong Password");
    exception.setAuthentication(authentication);
    MotechUser user = createUser(UserStatus.ACTIVE, 2);
    when(authentication.getName()).thenReturn("testUser");
    when(motechUsersDao.findByUserName("testUser")).thenReturn(user);
    when(settingService.getFailureLoginLimit()).thenReturn(3);
    motechLoginErrorHandler.onAuthenticationFailure(request, response, exception);
    verify(response).sendRedirect(LOGIN_ERROR);
    verify(motechUsersDao).update(userCaptor.capture());
    MotechUser capturedUser = userCaptor.getValue();
    assertEquals((Integer) 3, capturedUser.getFailureLoginCounter());
    assertEquals(UserStatus.ACTIVE, capturedUser.getUserStatus());
}
Also used : MotechUser(org.motechproject.security.domain.MotechUser) AuthenticationException(org.springframework.security.core.AuthenticationException) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) Test(org.junit.Test)

Example 40 with AuthenticationException

use of org.springframework.security.core.AuthenticationException in project motech by motech.

the class MotechLoginErrorHandlerTest method shouldRedirectUserWithExpiredPassword.

@Test
public void shouldRedirectUserWithExpiredPassword() throws ServletException, IOException {
    AuthenticationException exception = new CredentialsExpiredException("Credentials expired");
    exception.setAuthentication(authentication);
    MotechUser user = createUser(UserStatus.MUST_CHANGE_PASSWORD, 0);
    when(authentication.getName()).thenReturn("testUser");
    when(motechUsersDao.findByUserName("testUser")).thenReturn(user);
    when(settingService.getFailureLoginLimit()).thenReturn(3);
    motechLoginErrorHandler.onAuthenticationFailure(request, response, exception);
    verify(response).sendRedirect(CHANGE_PASSWORD);
}
Also used : MotechUser(org.motechproject.security.domain.MotechUser) CredentialsExpiredException(org.springframework.security.authentication.CredentialsExpiredException) AuthenticationException(org.springframework.security.core.AuthenticationException) Test(org.junit.Test)

Aggregations

AuthenticationException (org.springframework.security.core.AuthenticationException)152 Authentication (org.springframework.security.core.Authentication)79 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)42 HttpServletRequest (javax.servlet.http.HttpServletRequest)26 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)24 HttpServletResponse (javax.servlet.http.HttpServletResponse)23 Test (org.junit.Test)20 Test (org.junit.jupiter.api.Test)19 AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)14 IOException (java.io.IOException)13 ServletException (javax.servlet.ServletException)12 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)10 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)9 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)9 AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)8 GrantedAuthority (org.springframework.security.core.GrantedAuthority)8 Map (java.util.Map)7 UserDetails (org.springframework.security.core.userdetails.UserDetails)7 MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)6 HashMap (java.util.HashMap)6