Examples with AuthenticationFailureHandler org.springframework.security.web.authentication.AuthenticationFailureHandler used on opensource projects

Search in sources :

Example 1 with AuthenticationFailureHandler

use of org.springframework.security.web.authentication.AuthenticationFailureHandler in project judge by zjnu-acm.

the class SecurityConfiguration method failureHandler.

private AuthenticationFailureHandler failureHandler() {
    final String defaultFailureUrl = "/login?error";
    RedirectStrategy redirectStrategy = new FailureRedirectStrategy();
    return (request, response, exception) -> redirectStrategy.sendRedirect(request, response, defaultFailureUrl);
}
Also used : Primary(org.springframework.context.annotation.Primary) SimpleUrlAuthenticationSuccessHandler(org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler) UserDetailsService(org.springframework.security.core.userdetails.UserDetailsService) DefaultRedirectStrategy(org.springframework.security.web.DefaultRedirectStrategy) Autowired(org.springframework.beans.factory.annotation.Autowired) HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity) RedirectStrategy(org.springframework.security.web.RedirectStrategy) WebSecurityConfigurerAdapter(org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter) HttpServletRequest(javax.servlet.http.HttpServletRequest) AuthenticationManagerBuilder(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder) AuthenticationManager(org.springframework.security.authentication.AuthenticationManager) HttpServletResponse(javax.servlet.http.HttpServletResponse) AuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint) IOException(java.io.IOException) SimpleUrlLogoutSuccessHandler(org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler) PersistentTokenRepository(org.springframework.security.web.authentication.rememberme.PersistentTokenRepository) EnableGlobalMethodSecurity(org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity) Configuration(org.springframework.context.annotation.Configuration) URLEncoder(java.net.URLEncoder) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) EnableWebSecurity(org.springframework.security.config.annotation.web.configuration.EnableWebSecurity) AuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler) NullRequestCache(org.springframework.security.web.savedrequest.NullRequestCache) CKFinderProperties(com.github.zhanhb.ckfinder.connector.autoconfigure.CKFinderProperties) Bean(org.springframework.context.annotation.Bean) StringUtils(org.springframework.util.StringUtils) DefaultRedirectStrategy(org.springframework.security.web.DefaultRedirectStrategy) RedirectStrategy(org.springframework.security.web.RedirectStrategy)

Example 2 with AuthenticationFailureHandler

use of org.springframework.security.web.authentication.AuthenticationFailureHandler in project spring-security by spring-projects.

the class SessionManagementFilterTests method strategyFailureInvokesFailureHandler.

@Test
public void strategyFailureInvokesFailureHandler() throws Exception {
    SecurityContextRepository repo = mock(SecurityContextRepository.class);
    // repo will return false to containsContext()
    SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class);
    AuthenticationFailureHandler failureHandler = mock(AuthenticationFailureHandler.class);
    SessionManagementFilter filter = new SessionManagementFilter(repo, strategy);
    filter.setAuthenticationFailureHandler(failureHandler);
    HttpServletRequest request = new MockHttpServletRequest();
    HttpServletResponse response = new MockHttpServletResponse();
    FilterChain fc = mock(FilterChain.class);
    authenticateUser();
    SessionAuthenticationException exception = new SessionAuthenticationException("Failure");
    willThrow(exception).given(strategy).onAuthentication(SecurityContextHolder.getContext().getAuthentication(), request, response);
    filter.doFilter(request, response, fc);
    verifyZeroInteractions(fc);
    verify(failureHandler).onAuthenticationFailure(request, response, exception);
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) SessionAuthenticationException(org.springframework.security.web.authentication.session.SessionAuthenticationException) SessionAuthenticationStrategy(org.springframework.security.web.authentication.session.SessionAuthenticationStrategy) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockFilterChain(org.springframework.mock.web.MockFilterChain) FilterChain(jakarta.servlet.FilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) SecurityContextRepository(org.springframework.security.web.context.SecurityContextRepository) AuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 3 with AuthenticationFailureHandler

use of org.springframework.security.web.authentication.AuthenticationFailureHandler in project spring-security-oauth by spring-projects.

the class AuthorizationServerBeanDefinitionParserTests method filterUsesConfiguredFailureHandler.

@Test
public void filterUsesConfiguredFailureHandler() throws Exception {
    final Field failureHandlerField = AbstractAuthenticationProcessingFilter.class.getDeclaredField("failureHandler");
    ReflectionUtils.makeAccessible(failureHandlerField);
    AuthenticationFailureHandler failureHandler = (AuthenticationFailureHandler) ReflectionUtils.getField(failureHandlerField, filter);
    assertTrue("failure handler should be a simpleUrlFailureHandler", failureHandler instanceof SimpleUrlAuthenticationFailureHandler);
    final Field failureUrlField = SimpleUrlAuthenticationFailureHandler.class.getDeclaredField("defaultFailureUrl");
    ReflectionUtils.makeAccessible(failureUrlField);
    String failureUrl = (String) ReflectionUtils.getField(failureUrlField, failureHandler);
    assertEquals("failure URL should be the configured url", "/oauth/confirm_access", failureUrl);
}
Also used : Field(java.lang.reflect.Field) SimpleUrlAuthenticationFailureHandler(org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler) AuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler) SimpleUrlAuthenticationFailureHandler(org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler) Test(org.junit.Test)

Example 4 with AuthenticationFailureHandler

use of org.springframework.security.web.authentication.AuthenticationFailureHandler in project spring-security-oauth by spring-projects.

the class ClientCredentialsTokenEndpointFilter method afterPropertiesSet.

@Override
public void afterPropertiesSet() {
    super.afterPropertiesSet();
    setAuthenticationFailureHandler(new AuthenticationFailureHandler() {

        public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
            if (exception instanceof BadCredentialsException) {
                exception = new BadCredentialsException(exception.getMessage(), new BadClientCredentialsException());
            }
            authenticationEntryPoint.commence(request, response, exception);
        }
    });
    setAuthenticationSuccessHandler(new AuthenticationSuccessHandler() {

        public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
        // no-op - just allow filter chain to continue to token endpoint
        }
    });
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletException(javax.servlet.ServletException) BadClientCredentialsException(org.springframework.security.oauth2.common.exceptions.BadClientCredentialsException) AuthenticationSuccessHandler(org.springframework.security.web.authentication.AuthenticationSuccessHandler) AuthenticationException(org.springframework.security.core.AuthenticationException) Authentication(org.springframework.security.core.Authentication) HttpServletResponse(javax.servlet.http.HttpServletResponse) IOException(java.io.IOException) AuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)

Example 5 with AuthenticationFailureHandler

use of org.springframework.security.web.authentication.AuthenticationFailureHandler in project spring-security by spring-projects.

the class SessionManagementConfigurer method configure.

@Override
public void configure(H http) {
    SecurityContextRepository securityContextRepository = http.getSharedObject(SecurityContextRepository.class);
    SessionManagementFilter sessionManagementFilter = new SessionManagementFilter(securityContextRepository, getSessionAuthenticationStrategy(http));
    if (this.sessionAuthenticationErrorUrl != null) {
        sessionManagementFilter.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler(this.sessionAuthenticationErrorUrl));
    }
    InvalidSessionStrategy strategy = getInvalidSessionStrategy();
    if (strategy != null) {
        sessionManagementFilter.setInvalidSessionStrategy(strategy);
    }
    AuthenticationFailureHandler failureHandler = getSessionAuthenticationFailureHandler();
    if (failureHandler != null) {
        sessionManagementFilter.setAuthenticationFailureHandler(failureHandler);
    }
    AuthenticationTrustResolver trustResolver = http.getSharedObject(AuthenticationTrustResolver.class);
    if (trustResolver != null) {
        sessionManagementFilter.setTrustResolver(trustResolver);
    }
    sessionManagementFilter = postProcess(sessionManagementFilter);
    http.addFilter(sessionManagementFilter);
    if (isConcurrentSessionControlEnabled()) {
        ConcurrentSessionFilter concurrentSessionFilter = createConcurrencyFilter(http);
        concurrentSessionFilter = postProcess(concurrentSessionFilter);
        http.addFilter(concurrentSessionFilter);
    }
}
Also used : SessionManagementFilter(org.springframework.security.web.session.SessionManagementFilter) ConcurrentSessionFilter(org.springframework.security.web.session.ConcurrentSessionFilter) SimpleRedirectInvalidSessionStrategy(org.springframework.security.web.session.SimpleRedirectInvalidSessionStrategy) InvalidSessionStrategy(org.springframework.security.web.session.InvalidSessionStrategy) AuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver) NullSecurityContextRepository(org.springframework.security.web.context.NullSecurityContextRepository) HttpSessionSecurityContextRepository(org.springframework.security.web.context.HttpSessionSecurityContextRepository) SecurityContextRepository(org.springframework.security.web.context.SecurityContextRepository) SimpleUrlAuthenticationFailureHandler(org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler) AuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler) SimpleUrlAuthenticationFailureHandler(org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler)

Aggregations

AuthenticationFailureHandler (org.springframework.security.web.authentication.AuthenticationFailureHandler)5 IOException (java.io.IOException)2 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 HttpServletResponse (javax.servlet.http.HttpServletResponse)2 SimpleUrlAuthenticationFailureHandler (org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler)2 SecurityContextRepository (org.springframework.security.web.context.SecurityContextRepository)2 CKFinderProperties (com.github.zhanhb.ckfinder.connector.autoconfigure.CKFinderProperties)1 FilterChain (jakarta.servlet.FilterChain)1 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)1 HttpServletResponse (jakarta.servlet.http.HttpServletResponse)1 Field (java.lang.reflect.Field)1 URLEncoder (java.net.URLEncoder)1 ServletException (javax.servlet.ServletException)1 Test (org.junit.Test)1 Test (org.junit.jupiter.api.Test)1 Autowired (org.springframework.beans.factory.annotation.Autowired)1 Bean (org.springframework.context.annotation.Bean)1 Configuration (org.springframework.context.annotation.Configuration)1 Primary (org.springframework.context.annotation.Primary)1 MockFilterChain (org.springframework.mock.web.MockFilterChain)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial