List of usage examples for org.springframework.security.authentication BadCredentialsException BadCredentialsException
public BadCredentialsException(String msg)
BadCredentialsException with the specified message. From source file:com.epam.trade.storefront.security.AcceleratorAuthenticationProvider.java
@Override public Authentication authenticate(final Authentication authentication) throws AuthenticationException { final String username = (authentication.getPrincipal() == null) ? "NONE_PROVIDED" : authentication.getName();/*from ww w. ja v a2 s . co m*/ if (getBruteForceAttackCounter().isAttack(username)) { try { final UserModel userModel = getUserService().getUserForUID(StringUtils.lowerCase(username)); userModel.setLoginDisabled(true); getModelService().save(userModel); bruteForceAttackCounter.resetUserCounter(userModel.getUid()); } catch (final UnknownIdentifierException e) { LOG.warn("Brute force attack attempt for non existing user name " + username); } finally { throw new BadCredentialsException( messages.getMessage("CoreAuthenticationProvider.badCredentials", "Bad credentials")); } } return super.authenticate(authentication); }
From source file:com.erudika.para.security.OpenIDAuthFilter.java
/** * Handles an authentication request.// w ww . j a v a 2s .c om * @param request HTTP request * @param response HTTP response * @return an authentication object that contains the principal object if successful. * @throws IOException ex */ @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws IOException { final String requestURI = request.getRequestURI(); Authentication userAuth = null; User user = null; if (requestURI.endsWith(OPENID_ACTION)) { Authentication oidAuth = super.attemptAuthentication(request, response); if (oidAuth == null) { // hang on... redirecting to openid provider return null; } else { //success! user = (User) oidAuth.getPrincipal(); userAuth = new UserAuthentication(user); } } if (userAuth == null || user == null || user.getIdentifier() == null) { throw new BadCredentialsException("Bad credentials."); } else if (!user.isEnabled()) { throw new LockedException("Account is locked."); } return userAuth; }
From source file:org.joyrest.oauth2.BasicAuthenticator.java
/** * Decodes the header into a username and password. * * @throws BadCredentialsException if the Basic header is not present or is not valid Base64 *//*w ww . ja v a 2 s. c o m*/ private String[] extractAndDecodeHeader(String header) throws IOException { byte[] base64Token = header.substring(6).getBytes(CREDENTIALS_CHARSET); byte[] decoded; try { decoded = Base64.decode(base64Token); } catch (IllegalArgumentException e) { throw new BadCredentialsException("Failed to decode basic authentication token"); } String token = new String(decoded, CREDENTIALS_CHARSET); int delim = token.indexOf(":"); if (delim == -1) { throw new BadCredentialsException("Invalid basic authentication token"); } return new String[] { token.substring(0, delim), token.substring(delim + 1) }; }
From source file:com.acc.storefront.security.AcceleratorAuthenticationProvider.java
@Override public Authentication authenticate(final Authentication authentication) throws AuthenticationException { final String username = (authentication.getPrincipal() == null) ? "NONE_PROVIDED" : authentication.getName();//from w ww.ja v a 2 s .co m if (getBruteForceAttackCounter().isAttack(username)) { try { final UserModel userModel = getUserService().getUserForUID(StringUtils.lowerCase(username)); userModel.setLoginDisabled(true); getModelService().save(userModel); bruteForceAttackCounter.resetUserCounter(userModel.getUid()); } catch (final UnknownIdentifierException e) { LOG.warn("Brute force attack attempt for non existing user name " + username); } finally { throw new BadCredentialsException( messages.getMessage("CoreAuthenticationProvider.badCredentials", "Bad credentials")); } } checkCartForUser(username); return super.authenticate(authentication); }
From source file:com.epam.cme.storefront.security.AcceleratorAuthenticationProvider.java
@Override public Authentication authenticate(final Authentication authentication) throws AuthenticationException { final String username = (authentication.getPrincipal() == null) ? "NONE_PROVIDED" : authentication.getName();//from w w w .jav a 2s . c om if (getBruteForceAttackCounter().isAttack(username)) { try { final UserModel userModel = getUserService().getUserForUID(StringUtils.lowerCase(username)); userModel.setLoginDisabled(true); getModelService().save(userModel); bruteForceAttackCounter.resetUserCounter(userModel.getUid()); } catch (final UnknownIdentifierException e) { LOG.warn("Brute force attack attempt for non existing user name " + username); } finally { throw new BadCredentialsException( messages.getMessage("CoreAuthenticationProvider.badCredentials", "Bad credentials")); } } checkUserCart(username); return super.authenticate(authentication); }
From source file:org.cloudfoundry.tools.security.CloudFoundryAuthenticationProvider.java
private String login(String username, String password) { String controllerUrl = cloudEnvironment().getControllerUrl(); try {//from w w w . j a v a 2s . c om return getCloudFoundryClient(username, password, controllerUrl).login(); } catch (Exception e) { logger.debug("Unable to login " + username + " to " + controllerUrl, e); throw new BadCredentialsException("Bad credentials"); } }
From source file:de.hybris.telcotrail.storefront.security.AcceleratorAuthenticationProvider.java
@Override public Authentication authenticate(final Authentication authentication) throws AuthenticationException { final String username = (authentication.getPrincipal() == null) ? "NONE_PROVIDED" : authentication.getName();// www. java 2 s . co m if (getBruteForceAttackCounter().isAttack(username)) { try { final UserModel userModel = getUserService().getUserForUID(StringUtils.lowerCase(username)); userModel.setLoginDisabled(true); getModelService().save(userModel); bruteForceAttackCounter.resetUserCounter(userModel.getUid()); } catch (final UnknownIdentifierException e) { LOG.warn("Brute force attack attempt for non existing user name " + username); } finally { throw new BadCredentialsException( messages.getMessage("CoreAuthenticationProvider.badCredentials", "Bad credentials")); } } // check if the user of the cart matches the current user and if the // user is not anonymous. If otherwise, remove delete the session cart as it might // be stolen / from another user final String sessionCartUserId = getCartService().getSessionCart().getUser().getUid(); if (!username.equals(sessionCartUserId) && !sessionCartUserId.equals(userService.getAnonymousUser().getUid())) { getCartService().setSessionCart(null); } return super.authenticate(authentication); }
From source file:de.thm.arsnova.security.CustomBindAuthenticator.java
public DirContextOperations authenticate(Authentication authentication) { DirContextOperations user = null;/*from w ww . j a v a 2 s .c o m*/ Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication, "Can only process UsernamePasswordAuthenticationToken objects"); String username = authentication.getName(); String password = (String) authentication.getCredentials(); if (!StringUtils.hasLength(password)) { logger.debug("Rejecting empty password for user " + username); throw new BadCredentialsException( messages.getMessage("BindAuthenticator.emptyPassword", "Empty Password")); } // If DN patterns are configured, try authenticating with them directly for (String dn : getUserDns(username)) { user = bindWithDn(dn, username, password); if (user != null) { break; } } // Otherwise use the configured search object to find the user and authenticate // with the returned DN. if (user == null && getUserSearch() != null) { DirContextOperations userFromSearch = getUserSearch().searchForUser(username); user = bindWithDn(userFromSearch.getDn().toString(), username, password); } if (user == null) { throw new BadCredentialsException( messages.getMessage("BindAuthenticator.badCredentials", "Bad credentials")); } return user; }