org.acegisecurity.AuthenticationException Java Examples

@Override
protected void additionalAuthenticationChecks(UserDetails userDetails,
        UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
    Object salt = null;

    System.out.println("User pwd: "+userDetails.getPassword());
    System.out.println("Auth pwd raw: "+authentication.getCredentials().toString());
    
    if (getSaltSource() != null) {
        salt = getSaltSource().getSalt(userDetails);
    }
    
    System.out.println("Auth pwd: "+getPasswordEncoder().encodePassword(authentication.getCredentials().toString().trim(), salt));
    
    System.out.println("Salt: "+salt);
    System.out.println("Encoder: "+getPasswordEncoder());

    if (!getPasswordEncoder().isPasswordValid(userDetails.getPassword(),
            authentication.getCredentials().toString(), salt)) {
        throw new BadCredentialsException(messages.getMessage(
                "AbstractUserDetailsAuthenticationProvider.badCredentials",
                "Bad credentials"), userDetails);
    }
}
 

/**
 * This overridden method is differs from the super method by 
 * populating the user details by passing the full response
 * 
 * @see org.acegisecurity.providers.cas.CasAuthenticationProvider#authenticateNow(Authentication authentication)
 */
private CasAuthenticationToken authenticateNow(Authentication authentication) throws AuthenticationException {
    // Validate
    KualiTicketResponse response = (KualiTicketResponse)this.getTicketValidator().confirmTicketValid(authentication.getCredentials().toString());

    // Check proxy list is trusted
    this.getCasProxyDecider().confirmProxyListTrusted(response.getProxyList());
    if (logger.isDebugEnabled()) {
        logger.debug("authenticationNOW:" + response);
    }
    // Lookup user details      
    logger.debug("\n\npopulating authorities\n\n");
    UserDetails userDetails = ((KualiCasAuthoritiesPopulator)this.getCasAuthoritiesPopulator()).getUserDetails(response);        

    // Construct CasAuthenticationToken
    return new CasAuthenticationToken(this.getKey(), userDetails, authentication.getCredentials(),
        userDetails.getAuthorities(), userDetails, response.getProxyList(), response.getProxyGrantingTicketIou());
}
 

@Override
public SecurityComponents createSecurityComponents() {
    return new SecurityComponents(new AuthenticationManager() {

        @Override
        public Authentication authenticate(Authentication authentication) throws AuthenticationException {
            if (authentication instanceof GitLabAuthenticationToken) {
                return authentication;
            }
            if (authentication instanceof UsernamePasswordAuthenticationToken) {
                try {
                    UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication;
                    GitLabAuthenticationToken gitlab = new GitLabAuthenticationToken(token.getCredentials().toString(), getGitlabApiUri(), TokenType.PRIVATE_TOKEN);
                    SecurityContextHolder.getContext().setAuthentication(gitlab);
                    return gitlab;
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            }
            throw new BadCredentialsException("Unexpected authentication type: " + authentication);
        }
    }, new UserDetailsService() {
        @Override
        public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
            return GitLabSecurityRealm.this.loadUserByUsername(username);
        }
    });
}
 

private RESTController.ErrorCode authenticate(String username, String password, String salt, String token, Authentication previousAuth) {

        // Previously authenticated and username not overridden?
        if (username == null && previousAuth != null) {
            return null;
        }

        if (salt != null && token != null) {
            User user = securityService.getUserByName(username);
            if (user == null) {
                return RESTController.ErrorCode.NOT_AUTHENTICATED;
            }
            String expectedToken = DigestUtils.md5Hex(user.getPassword() + salt);
            if (!expectedToken.equals(token)) {
                return RESTController.ErrorCode.NOT_AUTHENTICATED;
            }

            password = user.getPassword();
        }

        if (password != null) {
            try {
                UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
                Authentication authResult = authenticationManager.authenticate(authRequest);
                SecurityContextHolder.getContext().setAuthentication(authResult);
                return null;
            } catch (AuthenticationException x) {
                return RESTController.ErrorCode.NOT_AUTHENTICATED;
            }
        }

        return RESTController.ErrorCode.MISSING_PARAMETER;
    }
 

/** @see org.acegisecurity.ui.AbstractProcessingFilter#onUnsuccessfulAuthentication(HttpServletRequest,HttpServletResponse, AuthenticationException) . */
@Override
protected void onUnsuccessfulAuthentication(HttpServletRequest aReq, HttpServletResponse aRes, AuthenticationException e) throws IOException {
    super.onUnsuccessfulAuthentication(aReq, aRes, e);
    
    String username = aReq.getParameter("j_username");
    
    //audit failed login event
    auditor.audit(User.class.getName(), Auditor.ACTION_LOGIN_FAILURE, "Failed Login for username: "+username);
}
 

/**
 * This overridden method should never be used but is required by the 
 * UserDetails interface
 * 
 * @see org.acegisecurity.providers.cas.CasAuthoritiesPopulator#getUserDetails(java.lang.String)
 */
public UserDetails getUserDetails(String casUserId)
    throws AuthenticationException {
    if (logger.isDebugEnabled()) {
        logger.debug("getUserDetails(userID)");
    }
    return this.userDetailsService.loadUserByUsername(casUserId);
}
 

/**
 * This overridden method is used to pass the Distributed Session 
 * Ticket around via the {@link KualiTicketResponse}
 * 
 * @see org.kuali.rice.kim.client.acegi.KualiCasAuthoritiesPopulator#getUserDetails(org.kuali.rice.kim.client.acegi.KualiTicketResponse)
 */
public UserDetails getUserDetails(KualiTicketResponse response) 
    throws AuthenticationException {
    if (logger.isDebugEnabled()) {
        logger.debug("getUserDetails(response)");
    }
    return this.userDetailsService.loadUserByTicketResponse(response);
}
 

public Authentication authenticate(Authentication authentication)
    throws AuthenticationException {

    if (authentication.getPrincipal().equals(authentication.getCredentials())) {
    	Authentication auth = authenticateNow(authentication);
    	return auth;
    } else {
    	return authentication;
    }
}
 

/**
 * This overridden method gets called if requiresAuthentication is true.  
 * If Session is Invalid, throw a {@link KualiDistribtedSessionExpiredException}.  
 * The session is determined invalid if the authentication is of type 
 * {@link KualiDistribtedSessionExpiredAuthentication}.  Otherwise it 
 * would have to verify if the DST is valid twice. 
 *
 * @return the authentication result of the super method
 * @see org.acegisecurity.ui.cas.CasProcessingFilter#attemptAuthentication(javax.servlet.http.HttpServletRequest)
 */
public Authentication attemptAuthentication(final HttpServletRequest request)
    throws AuthenticationException { 
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    
    if (authentication instanceof KualiDistributedSessionExpiredAuthentication) {
        logger.debug("Authentication is dead in attemptAuthentication, setting authentication to null and throwing KualiDistributedSessionExpiredException");
        SecurityContextHolder.getContext().setAuthentication(null);

        throw new KualiDistributedSessionExpiredException("Session Expired");
    }
   
    return super.attemptAuthentication(request);
}
 

@Override
protected UserDetails authenticate(String username, String password) throws AuthenticationException {
    if (username.equals(password))
        return loadUserByUsername(username);
    throw new BadCredentialsException(username);
}
 

@Override
protected UserDetails authenticate(String username, String password) throws AuthenticationException {
    if (username.equals(password))
        return loadUserByUsername(username);
    throw new BadCredentialsException(username);
}
 

/**
 * This overridden method is copied from CAS verbatim.  For some reason 
 * {@link authenticateNow} would not override and the super method 
 * would get called until did this method was also overridden.
 * 
 * @see org.acegisecurity.providers.cas.CasAuthenticationProvider#authenticate(org.acegisecurity.Authentication)
 */
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    StatelessTicketCache statelessTicketCache = this.getStatelessTicketCache();
    String key = this.getKey();
    if (!supports(authentication.getClass())) {
        return null;
    }

    if (authentication instanceof UsernamePasswordAuthenticationToken
        && (!CasProcessingFilter.CAS_STATEFUL_IDENTIFIER.equals(authentication.getPrincipal().toString())
        && !CasProcessingFilter.CAS_STATELESS_IDENTIFIER.equals(authentication.getPrincipal().toString()))) {
        // UsernamePasswordAuthenticationToken not CAS related
        return null;
    }

    // If an existing CasAuthenticationToken, just check we created it
    if (authentication instanceof CasAuthenticationToken) {
        if (key.hashCode() == ((CasAuthenticationToken) authentication).getKeyHash()) {
            return authentication;
        } else {
            throw new BadCredentialsException(messages.getMessage("CasAuthenticationProvider.incorrectKey",
                    "The presented CasAuthenticationToken does not contain the expected key"));
        }
    }

    // Ensure credentials are presented
    if ((authentication.getCredentials() == null) || "".equals(authentication.getCredentials())) {
        throw new BadCredentialsException(messages.getMessage("CasAuthenticationProvider.noServiceTicket",
                "Failed to provide a CAS service ticket to validate"));
    }

    boolean stateless = false;

    if (authentication instanceof UsernamePasswordAuthenticationToken
        && CasProcessingFilter.CAS_STATELESS_IDENTIFIER.equals(authentication.getPrincipal())) {
        stateless = true;
    }

    CasAuthenticationToken result = null;

    if (stateless) {
        // Try to obtain from cache
        result = statelessTicketCache.getByTicketId(authentication.getCredentials().toString());
    }

    if (result == null) {
        result = this.authenticateNow(authentication);
        result.setDetails(authentication.getDetails());
    }

    if (stateless) {
        // Add to cache
        statelessTicketCache.putTicketInCache(result);
    }

    return result;
}
 

private UsernamePasswordAuthenticationToken authenticateNow(Authentication authentication) throws AuthenticationException {
	return new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_KUALI_USER")});
}
 

/**
 * Obtains the granted authorities for the specified user.<P>May throw any
 * <code>AuthenticationException</code> or return <code>null</code> if the authorities are unavailable.</p>
 *
 * @param casUserId as obtained from the CAS validation service
 *
 * @return the details of the indicated user (at minimum the granted authorities and the username)
 *
 * @throws AuthenticationException DOCUMENT ME!
 */
UserDetails getUserDetails(KualiTicketResponse response)
    throws AuthenticationException;