List of usage examples for org.springframework.security.authentication BadCredentialsException BadCredentialsException
public BadCredentialsException(String msg)
BadCredentialsException with the specified message. From source file:net.thewaffleshop.passwd.service.AccountService.java
@Transactional(readOnly = true) public Account authenticateUser(String userName, String password) throws AuthenticationException { Account account = accountRepository.findByUserName(userName); if (account == null) { // checking password takes a significant amount of time, so perform the check anyways to make this request about as // long as if an account did exist; this prevents timing attacks Account tmp = new Account(); tmp.setPasswordHash(FOO_BCRYPT); accountAPI.checkPassword(tmp, "BAR"); throw new UsernameNotFoundException("Authentication failed; check your username and password"); }/*from w w w . j ava 2s. c o m*/ if (!accountAPI.checkPassword(account, password)) { throw new BadCredentialsException("Authentication failed; check your username and password"); } return account; }
From source file:eu.trentorise.smartcampus.ac.provider.filters.SpringAcProvider.java
/** * Checks if the authentication token is yet valid * /*from ww w .ja va 2s .c o m*/ * @param authentication * spring authentication object * @return the authentication object with authenticated flag setted true if * authentication token is yet valid * @throws AuthenticationException */ @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { String token = authentication.getPrincipal().toString(); try { boolean valid = WebClient.create(endpointUrl).path("/users/me/validity").header("AUTH_TOKEN", token) .accept("application/json").get(Boolean.class); if (!valid) { throw new BadCredentialsException("Authentication token is absent or expired"); } authentication.setAuthenticated(true); return authentication; } catch (WebApplicationException e) { throw new AuthenticationServiceException("Problem accessing AC provider service: " + e.getMessage()); } }
From source file:com.seyren.core.security.mongo.MongoAuthenticationProvider.java
@Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { User user = userStore.getUser(authentication.getName()); if (user == null) { throw new AuthenticationCredentialsNotFoundException("User does not exist"); }/* w w w .j a va 2 s . c o m*/ String password = authentication.getCredentials().toString(); if (passwordEncoder.matches(password, user.getPassword())) { return new UsernamePasswordAuthenticationToken(user.getUsername(), user.getPassword(), user.getAuthorities()); } else { throw new BadCredentialsException("Bad Credentials"); } }
From source file:com.company.project.web.controller.service.CustomAuthenticationProvider.java
@Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { String name = authentication.getName(); String password = authentication.getCredentials().toString(); // CustomUserDetailsService will take care of password comparison // return null if username is not existing or password comparison fails UserDetails userDetails = customUserDetailsService.loadUserByUsername(name); if (userDetails == null) { throw new BadCredentialsException("Username not found or password incorrect."); }// w w w. j a va2 s . co m if (userDetails != null) { // 3. Preferably clear the password in the user object before storing in authentication object //return new UsernamePasswordAuthenticationToken(name, null, userDetails.getAuthorities()); // OR return new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities()); // use authentication.getPrincipal() to get the "userDetails" object } return null; }
From source file:com.ushahidi.swiftriver.core.api.auth.crowdmapid.CrowdmapIDAuthenticationProvider.java
@Transactional(readOnly = true) @Override/*ww w . ja v a 2 s . c om*/ public Authentication authenticate(Authentication authentication) throws AuthenticationException { String username = authentication.getName(); String password = authentication.getCredentials().toString(); User user = userDao.findByUsernameOrEmail(username); if (user == null || !crowdmapIDClient.signIn(username, password)) { throw new BadCredentialsException(String.format("Invalid username/password pair for %s", username)); } Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>(); for (Role role : user.getRoles()) { authorities.add(new SimpleGrantedAuthority("ROLE_" + role.getName().toUpperCase())); } UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(username, authentication.getCredentials(), authorities); result.setDetails(authentication.getDetails()); return result; }
From source file:org.web4thejob.security.ADAuthenticationProvider.java
@Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { if (authentication.getName() == null || (String) authentication.getCredentials() == null) { throw new BadCredentialsException(""); }// w ww .j a v a2 s . c om String principal = getPrincipal(authentication.getName()); String passwd = (String) authentication.getCredentials(); LdapContext ctx = null; try { Hashtable<String, Object> env = new Hashtable<String, Object>(); env.put(Context.INITIAL_CONTEXT_FACTORY, LdapCtxFactory.class.getCanonicalName()); env.put(Context.SECURITY_AUTHENTICATION, "Simple"); env.put(Context.SECURITY_PRINCIPAL, principal); env.put(Context.SECURITY_CREDENTIALS, passwd); env.put(Context.PROVIDER_URL, url); ctx = new InitialLdapContext(env, null); //LDAP Connection Successful UserDetails userDetails = userDetailsService.loadUserByUsername(principal); return new UsernamePasswordAuthenticationToken(userDetails, "", userDetails.getAuthorities()); } catch (NamingException nex) { throw new BadCredentialsException("LDAP authentication failed.", nex); } catch (UsernameNotFoundException e) { throw new BadCredentialsException("UserDetails did not find a valid user for name: " + principal, e); } finally { if (ctx != null) { try { ctx.close(); } catch (Exception ignore) { } } } }
From source file:fr.mycellar.interfaces.web.security.MyCellarAuthenticationProvider.java
@Override protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException { fr.mycellar.domain.user.User user = userServiceFacade.authenticateUser(userDetails.getUsername(), (String) authentication.getCredentials()); if (user == null) { throw new BadCredentialsException("Bad credentials for username '" + userDetails.getUsername() + "'."); }/*from ww w.ja va 2 s . co m*/ }
From source file:org.cloudfoundry.tools.security.CloudFoundryAuthenticationProvider.java
@Override protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException { logger.debug("Attempting login of " + username + " via cloudfoundry"); Object credentials = authentication.getCredentials(); if (credentials == null) { logger.debug("Empty credentials provided for " + username); throw new BadCredentialsException("Bad credentials"); }/*from w w w. ja v a 2 s . c om*/ List<String> activeUsers = cloudEnvironment().getUsers(); if (!activeUsers.contains(username)) { logger.debug("User " + username + " not found in active users " + activeUsers); throw new UsernameNotFoundException(username); } String token = login(username, credentials.toString()); logger.debug("User " + username + " logged in via cloudfoundry"); return new User(username, token, this.authorities); }
From source file:com.hp.autonomy.frontend.configuration.authentication.SingleUserAuthenticationProvider.java
@Override public Authentication authenticate(final Authentication authentication) throws AuthenticationException { final com.hp.autonomy.frontend.configuration.authentication.Authentication<?> configAuthentication = configService .getConfig().getAuthentication(); if (!(configAuthentication instanceof SingleUserAuthentication) || LoginTypes.DEFAULT.equalsIgnoreCase(configAuthentication.getMethod())) { return null; }/*from w w w .j a v a 2 s.c om*/ final SingleUserAuthentication singleUserAuthentication = (SingleUserAuthentication) configAuthentication; final BCryptUsernameAndPassword singleUser = singleUserAuthentication.getSingleUser(); final String username = singleUser.getUsername(); final String hashedPassword = singleUser.getHashedPassword(); final String providedPassword = authentication.getCredentials().toString(); if (authentication.getName().equals(username) && BCrypt.checkpw(providedPassword, hashedPassword)) { return new UsernamePasswordAuthenticationToken(username, providedPassword, Arrays.asList(new SimpleGrantedAuthority(roleAdmin))); } else { throw new BadCredentialsException("Bad credentials"); } }
From source file:com.climate.oada.security.oauth.CustomUserAuthenticationProvider.java
@Override public Authentication authenticate(Authentication authentication) { LOG.info("Going to process authentication: " + authentication); if (authentication != null && authentication.getPrincipal() != null && authentication.getCredentials() != null) { LOG.info("authentication principal: " + authentication.getPrincipal()); LOG.info("authentication credentials: " + authentication.getCredentials()); /*/*from w w w . j a v a 2 s.c o m*/ * authentication.getPrincipal() <=> userName * authentication.getCredentials() <=> password */ List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>(); CustomUserPasswordAuthenticationToken auth = new CustomUserPasswordAuthenticationToken( authentication.getPrincipal(), authentication.getCredentials(), grantedAuthorities); return auth; } throw new BadCredentialsException("Invalid User Credentials"); }