Search in sources :

Example 1 with PasswordInvalidValidationError

use of org.summerb.webappboilerplate.security.ve.PasswordInvalidValidationError in project summerb by skarpushin.

the class AuthenticationProviderImpl method authenticate.

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    // Ensure that all conditions apply
    Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication, getMessage("AbstractUserDetailsAuthenticationProvider.onlySupports", "Only UsernamePasswordAuthenticationToken is supported"));
    // check we have credentials specified
    if (authentication.getCredentials() == null) {
        logger.debug("Authentication failed: no credentials provided");
        throw new BadCredentialsException(getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
    }
    // Determine user-name
    String username = (authentication.getPrincipal() == null) ? "" : authentication.getName();
    // Encode password
    String presentedPlainPassword = authentication.getCredentials().toString();
    try {
        if (loginEligibilityVerifier != null) {
            loginEligibilityVerifier.validateUserAllowedToLogin(username);
        }
        // Proceed with authentication
        // get user
        User user = userService.getUserByEmail(username);
        // check password
        if (!passwordService.isUserPasswordValid(user.getUuid(), presentedPlainPassword)) {
            throw new InvalidPasswordException();
        }
        // get user permission
        List<String> permissions = permissionService.findUserPermissionsForSubject(SecurityConstants.DOMAIN, user.getUuid(), null);
        UserDetailsImpl userDetails = new UserDetailsImpl(user, "[PASSWORD REMOVED]", permissions, null);
        UsernamePasswordAuthenticationToken ret = new UsernamePasswordAuthenticationToken(userDetails, authentication.getCredentials(), userDetails.getAuthorities());
        ret.setDetails(authentication.getDetails());
        return ret;
    } catch (FieldValidationException e) {
        throw buildBadCredentialsExc(e);
    } catch (UserNotFoundException e) {
        throw buildBadCredentialsExc(new FieldValidationException(new UserNotFoundValidationError()));
    } catch (InvalidPasswordException e) {
        throw buildBadCredentialsExc(new FieldValidationException(new PasswordInvalidValidationError()));
    } catch (Throwable t) {
        throw new AuthenticationServiceException(getMessage(SecurityMessageCodes.AUTH_FATAL, "Fatal authentication exception"), t);
    }
}
Also used : FieldValidationException(org.summerb.validation.FieldValidationException) UserNotFoundException(org.summerb.users.api.exceptions.UserNotFoundException) User(org.summerb.users.api.dto.User) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) PasswordInvalidValidationError(org.summerb.webappboilerplate.security.ve.PasswordInvalidValidationError) AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException) InvalidPasswordException(org.summerb.users.api.exceptions.InvalidPasswordException) UserNotFoundValidationError(org.summerb.webappboilerplate.security.ve.UserNotFoundValidationError)

Aggregations

AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)1 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)1 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)1 User (org.summerb.users.api.dto.User)1 InvalidPasswordException (org.summerb.users.api.exceptions.InvalidPasswordException)1 UserNotFoundException (org.summerb.users.api.exceptions.UserNotFoundException)1 FieldValidationException (org.summerb.validation.FieldValidationException)1 PasswordInvalidValidationError (org.summerb.webappboilerplate.security.ve.PasswordInvalidValidationError)1 UserNotFoundValidationError (org.summerb.webappboilerplate.security.ve.UserNotFoundValidationError)1