Java Code Examples for org.springframework.security.web.WebAttributes

The following examples show how to use org.springframework.security.web.WebAttributes. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: MaxKey   Source File: SocialSignOnEndpoint.java    License: Apache License 2.0 6 votes vote down vote up
public boolean socialSignOn(SocialsAssociate socialSignOnUserToken){
	
	socialSignOnUserToken=this.socialsAssociateService.get(socialSignOnUserToken);
	
	_logger.debug("callback SocialSignOn User Token : "+socialSignOnUserToken);
	if(null !=socialSignOnUserToken){

		_logger.debug("Social Sign On from "+socialSignOnUserToken.getProvider()+" mapping to user "+socialSignOnUserToken.getUsername());
		
		if(WebContext.setAuthentication(socialSignOnUserToken.getUsername(), ConstantsLoginType.SOCIALSIGNON,this.socialSignOnProvider.getProviderName(),"xe00000004","success")){
			//socialSignOnUserToken.setAccessToken(JsonUtils.object2Json(this.accessToken));
			socialSignOnUserToken.setSocialUserInfo(accountJsonString);
			//socialSignOnUserToken.setExAttribute(JsonUtils.object2Json(accessToken.getResponseObject()));
			
			this.socialsAssociateService.update(socialSignOnUserToken);
		}
		
	}else{
		WebContext.getRequest().getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, new BadCredentialsException(WebContext.getI18nValue("login.error.social")));
	}
	return true;
}
 
Example 2
@GetMapping(params = "error")
public String getLoginErrorPage(Model model, HttpServletRequest request) {
  String errorMessage;
  Object attribute = request.getSession().getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
  if (attribute != null) {
    if (attribute instanceof BadCredentialsException) {
      errorMessage = ERROR_MESSAGE_BAD_CREDENTIALS;
    } else if (attribute instanceof SessionAuthenticationException) {
      errorMessage = ERROR_MESSAGE_SESSION_AUTHENTICATION;
    } else {
      if (!determineErrorMessagesFromInternalAuthenticationExceptions(attribute).isEmpty()) {
        errorMessage = determineErrorMessagesFromInternalAuthenticationExceptions(attribute);
      } else {
        errorMessage = ERROR_MESSAGE_UNKNOWN;
      }
    }
  } else {
    errorMessage = ERROR_MESSAGE_UNKNOWN;
  }

  model.addAttribute(ERROR_MESSAGE_ATTRIBUTE, errorMessage);
  return VIEW_LOGIN;
}
 
Example 3
@Override
public void handle(HttpServletRequest request, HttpServletResponse response,
                   AccessDeniedException accessDeniedException) throws IOException,
    ServletException {
    if (!response.isCommitted()) {
        String errorPage = getErrorPage();
        if (StringUtils.isNotEmpty(errorPage)) {
            // Put exception into request scope (perhaps of use to a view)
            request.setAttribute(WebAttributes.ACCESS_DENIED_403,
                accessDeniedException);

            // Set the 403 status code.
            response.setStatus(HttpServletResponse.SC_FORBIDDEN);

            // forward to error page.
            RequestDispatcher dispatcher = request.getRequestDispatcher(errorPage);
            dispatcher.forward(request, response);
        }
        else {
            response.sendError(HttpServletResponse.SC_FORBIDDEN,
                accessDeniedException.getMessage());
        }
    }
}
 
Example 4
@Override
protected void onInitialize() {
	super.onInitialize();
	
	// Vérification des retours d'auth pac4J
	HttpServletRequest request = ((ServletWebRequest) RequestCycle.get().getRequest()).getContainerRequest();
	Exception exception = (Exception) request.getSession().getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
	if (exception != null) {
		if (exception instanceof DisabledException) {
			getSession().error(getString("home.identification.classic.error.userDisabled"));
		} else if (exception instanceof AuthenticationServiceException) {
			LOGGER.error("Authentication failed", exception);
			getSession().error(getString("home.identification.error.badCredentials") + exception.getMessage());
		} else {
			LOGGER.error("An unknown error occurred during the authentication process", exception);
			getSession().error(getString("home.identification.error.unknown"));
		}
		request.getSession().removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
	}
}
 
Example 5
@Override
protected void onInitialize() {
	super.onInitialize();
	
	// Vérification des retours d'auth pac4J
	HttpServletRequest request = ((ServletWebRequest) RequestCycle.get().getRequest()).getContainerRequest();
	Exception exception = (Exception) request.getSession().getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
	if (exception != null) {
		if (exception instanceof DisabledException) {
			getSession().error(getString("home.identification.classic.error.userDisabled"));
		} else if (exception instanceof AuthenticationServiceException) {
			LOGGER.error("Authentication failed", exception);
			getSession().error(getString("home.identification.error.badCredentials") + exception.getMessage());
		} else {
			LOGGER.error("An unknown error occurred during the authentication process", exception);
			getSession().error(getString("home.identification.error.unknown"));
		}
		request.getSession().removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
	}
}
 
Example 6
/**
 * Removes temporary authentication-related dao which may have been stored
 * in the session during the authentication process..
 *
 */
protected final void clearAuthenticationAttributes(HttpServletRequest request) {
    HttpSession session = request.getSession(false);

    if (session == null) {
        return;
    }

    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example 7
Source Project: messaging-app   Source File: DefaultController.java    License: Apache License 2.0 5 votes vote down vote up
@GetMapping(path = "/login", params = "error")
public String loginError(@SessionAttribute(WebAttributes.AUTHENTICATION_EXCEPTION) AuthenticationException authEx,
											Map<String, Object> model) {
	String errorMessage = authEx != null ? authEx.getMessage() : "[unknown error]";
	model.put("errorMessage", errorMessage);
	return "error";
}
 
Example 8
@GetMapping(path = "/login", params = "error")
public String loginError(@SessionAttribute(WebAttributes.AUTHENTICATION_EXCEPTION) AuthenticationException authEx,
											Map<String, Object> model) {
	String errorMessage = authEx != null ? authEx.getMessage() : "[unknown error]";
	model.put("errorMessage", errorMessage);
	return "error";
}
 
Example 9
private void clearAuthenticationAttributes(HttpServletRequest request) {
    HttpSession session = request.getSession(false);
    if (session == null) {
        return;
    }
    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example 10
/**
 * Removes temporary authentication-related data which may have been stored
 * in the session during the authentication process..
 *
 * @param request the request
 */
protected final void clearAuthenticationAttributes(HttpServletRequest request) {

    HttpSession session = request.getSession(false);
    if (session == null) {
        return;
    }
    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example 11
/**
 * Removes temporary authentication-related data which may have been stored
 * in the session during the authentication process..
 *
 */
protected final void clearAuthenticationAttributes(HttpServletRequest request) {
    HttpSession session = request.getSession(false);

    if (session == null) {
        return;
    }

    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example 12
Source Project: zhcet-web   Source File: LoginAttemptService.java    License: Apache License 2.0 5 votes vote down vote up
public void addErrors(Model model, HttpServletRequest request) {
    String message = "Username or Password is incorrect!";

    Object exception = request.getSession().getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
    Object rawUsername = request.getSession().getAttribute(UsernameAuthenticationFailureHandler.USERNAME);

    // If exception is null, show default message
    if (exception != null && rawUsername instanceof String) {
        String coolDownPeriod = getBlockDuration() + " " + LoginAttemptService.TIME_UNIT;

        String username = (String) rawUsername;
        if (exception instanceof LockedException || isBlocked(username)) {
            message = "User blocked for <strong>" + coolDownPeriod + "</strong> since last wrong login attempt";
        } else if (exception instanceof BadCredentialsException) {
            String tries = String.format("%d out of %d tries left!", triesLeft(username), getMaxRetries());
            String coolDown = "User will be blocked for " + coolDownPeriod + " after all tries are exhausted";

            String errorMessage = extractMessage((BadCredentialsException) exception, message);

            // If the error is about OTP, tell frontend that OTP is required
            if (errorMessage.toLowerCase().contains("otp")) {
                model.addAttribute("otp_required", true);
            }

            message = errorMessage + "<br><strong>" + tries + "</strong> " + coolDown;
        } else if (exception instanceof DisabledException) {
            message = "User is disabled from site";
        }
    }

    model.addAttribute("login_error", message);
}
 
Example 13
/**
 * Removes temporary authentication-related data which may have been stored
 * in the session during the authentication process..
 * 
 */
protected final void clearAuthenticationAttributes(HttpServletRequest request) {
    HttpSession session = request.getSession(false);

    if (session == null) {
        return;
    }

    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example 14
Source Project: secrets-proxy   Source File: LoginSuccessHandler.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Removes any temporary authentication-related data which may have been stored in the session
 * during the authentication process.
 *
 * @param request http request.
 */
private void clearAuthenticationAttributes(HttpServletRequest request) {
  // Don't create new session.
  HttpSession session = request.getSession(false);
  if (session == null) {
    return;
  }
  session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example 15
/**
 * Removes temporary authentication-related data which may have been stored in
 * the session during the authentication process..
 *
 */
protected final void clearAuthenticationAttributes(HttpServletRequest request) {
  HttpSession session = request.getSession(false);

  if (session == null) {
    return;
  }

  session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example 16
Source Project: bdf3   Source File: SecurityContextVarsInitializer.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public void initializeContext(Map<String, Object> vars) throws Exception {
	vars.put("loginUsername", ContextUtils.getLoginUsername());
	vars.put("loginUser", ContextUtils.getLoginUser());
	AuthenticationException ex = (AuthenticationException) DoradoContext.getAttachedRequest().getSession()
			.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
	String errorMsg = ex != null ? ex.getMessage() : "none";
	vars.put("authenticationErrorMsg", errorMsg);

}
 
Example 17
protected void clearAuthenticationAttributes(final HttpServletRequest request) {
    final HttpSession session = request.getSession(false);
    if (session == null) {
        return;
    }
    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example 18
/**
 * Removes temporary authentication-related data which may have been stored
 * in the session during the authentication process..
 * 
 */
protected final void clearAuthenticationAttributes(HttpServletRequest request) {
    HttpSession session = request.getSession(false);

    if (session == null) {
        return;
    }

    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example 19
/**
 * Removes temporary authentication-related data which may have been stored in the session
 * during the authentication process.
 */
protected final void clearAuthenticationAttributes(HttpServletRequest request) {
    HttpSession session = request.getSession(false);

    if (session == null) {
        return;
    }

    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example 20
/**
 * Removes temporary authentication-related data which may have been stored in the session
 * during the authentication process.
 */
protected final void clearAuthenticationAttributes(HttpServletRequest request) {
    HttpSession session = request.getSession(false);

    if (session == null) {
        return;
    }

    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example 21
protected void clearAuthenticationAttributes(HttpServletRequest request) {
    HttpSession session = request.getSession(false);
    if (session == null) {
        return;
    }
    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example 22
Source Project: quartz-manager   Source File: AjaxAuthenticationFilter.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Removes temporary authentication-related data which may have been stored
 * in the session during the authentication process.
 */
protected final void clearAuthenticationAttributes(HttpServletRequest request) {
	HttpSession session = request.getSession(false);

	if (session == null)
		return;

	session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example 23
Source Project: herd   Source File: HttpHeaderAuthenticationFilter.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Ensures the authentication object in the secure context is set to null when authentication fails.
 *
 * @param servletRequest the servlet request.
 * @param authenticationException the authentication exception.
 */
protected void unsuccessfulAuthentication(HttpServletRequest servletRequest, AuthenticationException authenticationException)
{
    LOGGER.debug("Authentication failure: ", authenticationException);
    invalidateUser(servletRequest, false);
    servletRequest.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, authenticationException);
}
 
Example 24
/**
 * Removes temporary authentication-related data which may have been stored in the session
 * during the authentication process.
 */
protected final void clearAuthenticationAttributes(HttpServletRequest request) {
    HttpSession session = request.getSession(false);

    if (session == null) {
        return;
    }

    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example 25
/**
 * Removes temporary authentication-related data which may have been stored in the session
 * during the authentication process.
 */
protected final void clearAuthenticationAttributes(HttpServletRequest request) {
    HttpSession session = request.getSession(false);

    if (session == null) {
        return;
    }

    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example 26
private String getAuthenticationExceptionMessage(HttpSession session) {
  if (session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION) instanceof Exception) {
    Exception ex = (Exception) session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
    return ex.getMessage();
  }
  return "Unknown login issue.";
}
 
Example 27
/**
 * Removes temporary authentication-related data which may have been stored in the session
 * during the authentication process.
 */
protected final void clearAuthenticationAttributes(final HttpServletRequest request) {
    final HttpSession session = request.getSession(false);

    if (session == null) {
        return;
    }

    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example 28
/**
 * Removes temporary authentication-related data which may have been stored in the session
 * during the authentication process.
 */
protected final void clearAuthenticationAttributes(final HttpServletRequest request) {
    final HttpSession session = request.getSession(false);

    if (session == null) {
        return;
    }

    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example 29
/**
 * Removes temporary authentication-related data which may have been stored in the session
 * during the authentication process.
 */
protected final void clearAuthenticationAttributes(final HttpServletRequest request) {
    final HttpSession session = request.getSession(false);

    if (session == null) {
        return;
    }

    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example 30
protected void clearAuthenticationAttributes(HttpServletRequest request) {
    HttpSession session = request.getSession(false);
    if (session == null) {
        return;
    }
    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}