List of usage examples for org.springframework.security.authentication CredentialsExpiredException CredentialsExpiredException
public CredentialsExpiredException(String msg)
CredentialsExpiredException with the specified message. From source file:grails.plugin.springsecurity.userdetails.DefaultPostAuthenticationChecks.java
public void check(UserDetails user) { if (!user.isCredentialsNonExpired()) { log.debug("User account credentials have expired"); throw new CredentialsExpiredException( messages.getMessage("AbstractUserDetailsAuthenticationProvider.credentialsExpired", "User credentials have expired")); }/*from ww w . j a va2 s .c o m*/ }
From source file:org.xaloon.wicket.security.spring.SpringUserDetailsService.java
private UserDetails createAdaptor(org.xaloon.core.api.security.model.UserDetails userDetails) { if (!userDetails.isEnabled()) { throw new DisabledException(SecurityFacade.ACCOUNT_DISABLED); }//from w w w .j ava2 s . co m if (!userDetails.isAccountNonExpired()) { throw new AccountExpiredException(SecurityFacade.ACCOUNT_EXPIRED); } if (!userDetails.isAccountNonLocked()) { throw new LockedException(SecurityFacade.ACCOUNT_LOCKED); } if (!userDetails.isCredentialsNonExpired()) { throw new CredentialsExpiredException(SecurityFacade.CREDENTIALS_EXPIRED); } DefaultUserDetails details = new DefaultUserDetails(); details.setAccountNonExpired(userDetails.isAccountNonExpired()); details.setAccountNonLocked(userDetails.isAccountNonLocked()); details.setCredentialsNonExpired(userDetails.isCredentialsNonExpired()); details.setEnabled(userDetails.isEnabled()); details.setPassword(userDetails.getPassword()); details.setUsername(userDetails.getUsername()); List<Authority> authorities = loginService.getIndirectAuthoritiesForUsername(userDetails.getUsername()); if (!authorities.isEmpty()) { createAdaptorForAuthorities(details, authorities); } if (!userDetails.getAliases().isEmpty()) { details.getAliases().addAll(userDetails.getAliases()); } return details; }
From source file:br.com.joaops.smt.security.SmtAuthenticationProvider.java
@Override public Authentication authenticate(Authentication a) throws AuthenticationException { String username = a.getName(); String password = a.getCredentials().toString(); UserDetails user = this.userDetails.loadUserByUsername(username); if (user == null) { String message = this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "AbstractUserDetailsAuthenticationProvider.badCredentials"); throw new BadCredentialsException(message); }/*from ww w. ja va 2s. c om*/ if (!user.getUsername().equals(username)) { String message = this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "AbstractUserDetailsAuthenticationProvider.badCredentials"); throw new BadCredentialsException(message); } if (!passwordEncoder.matches(password, user.getPassword())) { String message = this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "AbstractUserDetailsAuthenticationProvider.badCredentials"); throw new BadCredentialsException(message); } if (user.isEnabled() == false) { String message = this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.disabled", "AbstractUserDetailsAuthenticationProvider.disabled"); throw new DisabledException(message); } if (user.isAccountNonLocked() == false) { String message = this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.locked", "AbstractUserDetailsAuthenticationProvider.locked"); throw new LockedException(message); } if (user.isAccountNonExpired() == false) { String message = this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.expired", "AbstractUserDetailsAuthenticationProvider.expired"); throw new AccountExpiredException(message); } if (user.isCredentialsNonExpired() == false) { String message = this.messages.getMessage( "AbstractUserDetailsAuthenticationProvider.credentialsExpired", "AbstractUserDetailsAuthenticationProvider.credentialsExpired"); throw new CredentialsExpiredException(message); } return new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities()); }
From source file:org.brekka.pegasus.core.services.impl.CertificateAuthenticationServiceImpl.java
@Override @Transactional()/* ww w . j a v a 2 s . c o m*/ public DigitalCertificate authenticate(X509Certificate certificate) throws BadCredentialsException, DisabledException { byte[] signature = certificate.getSignature(); String subjectDN = certificate.getSubjectDN().getName(); String commonName = null; Matcher matcher = matchAllowedSubjectDN(subjectDN, allowedSubjectDistinguishedNamePatterns); if (matcher.groupCount() > 0) { commonName = matcher.group(1); } byte[] subjectDNBytes = subjectDN.getBytes(Charset.forName("UTF-8")); SystemDerivedKeySpecType spec = config.getSubjectDerivedKeySpec(); DerivedKey derivedKey = derivedKeyCryptoService.apply(subjectDNBytes, spec.getSalt(), null, CryptoProfile.Static.of(spec.getCryptoProfile())); byte[] distinguishedNameDigest = derivedKey.getDerivedKey(); CertificateSubject certificateSubject = certificateSubjectDAO .retrieveByDistinguishedNameDigest(distinguishedNameDigest); if (certificateSubject == null) { // Create it certificateSubject = new CertificateSubject(); certificateSubject.setDistinguishedNameDigest(distinguishedNameDigest); certificateSubjectDAO.create(certificateSubject); } DigitalCertificate digitalCertificate = digitalCertificateDAO .retrieveBySubjectAndSignature(certificateSubject, signature); if (digitalCertificate == null) { digitalCertificate = new DigitalCertificate(); digitalCertificate.setActive(Boolean.TRUE); digitalCertificate.setCertificateSubject(certificateSubject); digitalCertificate.setCreated(certificate.getNotBefore()); digitalCertificate.setExpires(certificate.getNotAfter()); digitalCertificate.setSignature(signature); digitalCertificateDAO.create(digitalCertificate); } // Perform some checks if (BooleanUtils.isNotTrue(digitalCertificate.getActive())) { throw new DisabledException( String.format("The certficate with id '%s' has been disabled", digitalCertificate.getId())); } if (digitalCertificate.getExpires().before(new Date())) { throw new CredentialsExpiredException(String.format("The certficate with id '%s' expired %tF", digitalCertificate.getId(), digitalCertificate.getExpires())); } // Both of these are transient certificateSubject.setCommonName(commonName); certificateSubject.setDistinguishedName(subjectDN); return digitalCertificate; }
From source file:org.taverna.server.master.identity.StrippedDownAuthProvider.java
@PerfLogged @Override/*from w w w . j av a 2 s .com*/ public Authentication authenticate(Authentication authentication) throws AuthenticationException { if (!(authentication instanceof UsernamePasswordAuthenticationToken)) throw new IllegalArgumentException("can only authenticate against username+password"); UsernamePasswordAuthenticationToken auth = (UsernamePasswordAuthenticationToken) authentication; // Determine username String username = (auth.getPrincipal() == null) ? "NONE_PROVIDED" : auth.getName(); UserDetails user; try { user = retrieveUser(username, auth); if (user == null) throw new IllegalStateException( "retrieveUser returned null - a violation of the interface contract"); } catch (UsernameNotFoundException notFound) { if (logger.isDebugEnabled()) logger.debug("User '" + username + "' not found", notFound); throw new BadCredentialsException("Bad credentials"); } // Pre-auth if (!user.isAccountNonLocked()) throw new LockedException("User account is locked"); if (!user.isEnabled()) throw new DisabledException("User account is disabled"); if (!user.isAccountNonExpired()) throw new AccountExpiredException("User account has expired"); Object credentials = auth.getCredentials(); if (credentials == null) { logger.debug("Authentication failed: no credentials provided"); throw new BadCredentialsException("Bad credentials"); } String providedPassword = credentials.toString(); boolean matched = false; synchronized (authCache) { AuthCacheEntry pw = authCache.get(username); if (pw != null && providedPassword != null) { if (pw.valid(providedPassword)) matched = true; else authCache.remove(username); } } // Auth if (!matched) { if (!passwordEncoder.matches(providedPassword, user.getPassword())) { logger.debug("Authentication failed: password does not match stored value"); throw new BadCredentialsException("Bad credentials"); } if (providedPassword != null) synchronized (authCache) { authCache.put(username, new AuthCacheEntry(providedPassword)); } } // Post-auth if (!user.isCredentialsNonExpired()) throw new CredentialsExpiredException("User credentials have expired"); return createSuccessAuthentication(user, auth, user); }
From source file:fr.insalyon.creatis.vip.api.rest.security.apikey.ApikeyAuthenticationProvider.java
private void checkUserInfo(UserDetails user) { if (!user.isAccountNonLocked()) { logger.info("User account is locked"); throw new LockedException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.locked", "User account is locked")); }/* w ww . j a va 2 s . c o m*/ if (!user.isEnabled()) { logger.info("User account is disabled"); throw new DisabledException( messages.getMessage("AbstractUserDetailsAuthenticationProvider.disabled", "User is disabled")); } if (!user.isAccountNonExpired()) { logger.info("User account is expired"); throw new AccountExpiredException(messages .getMessage("AbstractUserDetailsAuthenticationProvider.expired", "User account has expired")); } if (!user.isCredentialsNonExpired()) { logger.info("User account credentials have expired"); throw new CredentialsExpiredException( messages.getMessage("AbstractUserDetailsAuthenticationProvider.credentialsExpired", "User credentials have expired")); } }
From source file:com.evolveum.midpoint.model.impl.security.AuthenticationEvaluatorImpl.java
private <P extends CredentialPolicyType> void checkPasswordValidityAndAge(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, C credentials, P passwordCredentialsPolicy) { if (credentials == null) { recordAuthenticationFailure(principal, connEnv, "no stored credential value"); throw new AuthenticationCredentialsNotFoundException("web.security.provider.credential.bad"); }// w w w . ja v a 2 s.c o m validateCredentialNotNull(connEnv, principal, credentials); if (passwordCredentialsPolicy == null) { return; } Duration maxAge = passwordCredentialsPolicy.getMaxAge(); if (maxAge != null) { MetadataType credentialMetedata = credentials.getMetadata(); XMLGregorianCalendar changeTimestamp = MiscSchemaUtil.getChangeTimestamp(credentialMetedata); if (changeTimestamp != null) { XMLGregorianCalendar passwordValidUntil = XmlTypeConverter.addDuration(changeTimestamp, maxAge); if (clock.isPast(passwordValidUntil)) { recordAuthenticationFailure(principal, connEnv, "password expired"); throw new CredentialsExpiredException("web.security.provider.credential.expired"); } } } }
From source file:com.evolveum.midpoint.model.impl.security.AuthenticationEvaluatorImpl.java
private void checkPasswordValidityAndAge(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, ProtectedStringType protectedString, MetadataType passwordMetadata, CredentialPolicyType passwordCredentialsPolicy) { if (protectedString == null) { recordAuthenticationFailure(principal, connEnv, "no stored password value"); throw new AuthenticationCredentialsNotFoundException("web.security.provider.password.bad"); }//from w w w . ja v a 2s .co m if (passwordCredentialsPolicy == null) { return; } Duration maxAge = passwordCredentialsPolicy.getMaxAge(); if (maxAge != null) { XMLGregorianCalendar changeTimestamp = MiscSchemaUtil.getChangeTimestamp(passwordMetadata); if (changeTimestamp != null) { XMLGregorianCalendar passwordValidUntil = XmlTypeConverter.addDuration(changeTimestamp, maxAge); if (clock.isPast(passwordValidUntil)) { recordAuthenticationFailure(principal, connEnv, "password expired"); throw new CredentialsExpiredException("web.security.provider.credential.expired"); } } } }
From source file:org.apache.syncope.core.spring.security.JWTAuthenticationProvider.java
@Override public Authentication authenticate(final Authentication authentication) throws AuthenticationException { final JWTAuthentication jwtAuthentication = (JWTAuthentication) authentication; AuthContextUtils.execWithAuthContext(jwtAuthentication.getDetails().getDomain(), () -> { Pair<String, Set<SyncopeGrantedAuthority>> authenticated = dataAccessor.authenticate(jwtAuthentication); jwtAuthentication.setUsername(authenticated.getLeft()); jwtAuthentication.getAuthorities().addAll(authenticated.getRight()); return null; });//from ww w . ja va2 s . c o m JwtClaims claims = jwtAuthentication.getClaims(); Long referenceTime = new Date().getTime(); Long expiryTime = claims.getExpiryTime(); if (expiryTime == null || (expiryTime * 1000L) < referenceTime) { dataAccessor.removeExpired(claims.getTokenId()); throw new CredentialsExpiredException("JWT is expired"); } Long notBefore = claims.getNotBefore(); if (notBefore == null || (notBefore * 1000L) > referenceTime) { throw new CredentialsExpiredException("JWT not valid yet"); } jwtAuthentication.setAuthenticated(true); return jwtAuthentication; }
From source file:org.cloudifysource.security.CloudifyDaoAuthenticationProvider.java
private void runAuthenticationChecks(final CloudifyUserDetails user) { if (!user.isAccountNonLocked()) { logger.warning("User account is locked"); throw new LockedException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.locked", "User account is locked")); }//from w w w .j a va2 s.co m if (!user.isEnabled()) { logger.warning("User account is disabled"); throw new DisabledException( messages.getMessage("AbstractUserDetailsAuthenticationProvider.disabled", "User is disabled")); } if (!user.isAccountNonExpired()) { logger.warning("User account is expired"); throw new AccountExpiredException(messages .getMessage("AbstractUserDetailsAuthenticationProvider.expired", "User account has expired")); } if (!user.isCredentialsNonExpired()) { logger.warning("User account credentials have expired"); throw new CredentialsExpiredException( messages.getMessage("AbstractUserDetailsAuthenticationProvider.credentialsExpired", "User credentials have expired")); } }